博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
Linux系统部署samba服务记录
阅读量:4977 次
发布时间:2019-06-12

本文共 7240 字,大约阅读时间需要 24 分钟。

Samba(Server Messages Block)是一种linux系统和windws系统之间依靠网络协议共享文件的服务程序,(Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol ),下面简单介绍在Centos 7部署记录(IP:192.168.1.19)

一、安装Samba

[root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@localhost ~]# yum install -y samba

二、配置防火墙和Selinux,否则windows无法访问,在生产环境一般防火墙都不会关闭

[root@localhost ~]# systemctl status firewalld        #一般情况下默认是开的,如果关闭,就启动一下● firewalld.service - firewalld - dynamic firewall daemon   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)   Active: active (running) since Mon 2019-04-08 09:40:24 EDT; 2h 11min ago     Docs: man:firewalld(1) Main PID: 4711 (firewalld)   CGroup: /system.slice/firewalld.service           └─4711 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopidApr 08 09:51:09 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOC...ame.Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C ...n?).Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOC...ame.Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C ...n?).Apr 08 09:57:39 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.Apr 08 11:10:18 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOC...ame.Apr 08 11:10:18 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C ...n?).Apr 08 11:10:18 localhost.localdomain firewalld[4711]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POS...ame.Hint: Some lines were ellipsized, use -l to show in full.[root@localhost ~]# firewall-cmd --add-service samba --permanentsuccess[root@localhost ~]# firewall-cmd --reload    #重启防火墙success[root@localhost ~]# firewall-cmd --list-all|grep samba    #确认是否加策略成功  services: ssh dhcpv6-client samba关闭Selinux,否则windows客户端连接不上samba[root@localhost ~]# vim /etc/selinux/configSELINUX=disabled[root@localhost ~]# setenforce 0    [root@localhost ~]# getenforce Permissive

三、Samba服务器的配置

[root@localhost samba]# cp /etc/samba/smb.conf /etc/samba/smb.conf_bak_20190426[root@localhost samba]# cat /etc/samba/smb.conf[global]                                    #全局配置        workgroup = SAMBA        security = user  #安全验证的方式 #1、share 来访主机无需验证口令,比较方便,但是安全性较差,现在新版本限制使用,如果使用无法启动服务 #2、user 需要验证来访主机提供的口令才能访问#3、使用独立的远程主机验证来验证提供的口令 #4、domain使用域控制器进行身份验证         passdb backend = tdbsam         printing = cups        printcap name = cups        load printers = yes        cups options = raw [homes]        comment = Home Directories        valid users = %S, %D%w%S        browseable = No        read only = No        inherit acls = Yes [printers]        comment = All Printers        path = /var/tmp        printable = Yes        create mask = 0600        browseable = No [print$]        comment = Printer Drivers        path = /var/lib/samba/drivers        write list = @printadmin root        force group = @printadmin        create mask = 0664        directory mask = 0775[database]  #共享名称,也是文件夹的标识,配置了多少个,登陆的时候就会显示多少文件夹        comment=do not modify it all will   #对该共享的描述,随意自己定义        path=/home/database                 #该共享的路径        public=no                           #是否对所有人共享        writeable=yes                       #允许写入操作!!!如果是拷贝配置的话,去掉汉字,否则smb服务无法启动   [root@localhost samba]# systemctl restart smb

4、访问方式一、任何人都可以匿名访问,可以增删改查

[root@localhost home]# chmod 777 database/[root@localhost database]# vim /etc/samba/smb.conf[global]        workgroup = SAMBA        security = user        map to guest = Bad User        passdb backend = tdbsam        printing = cups        printcap name = cups        load printers = yes        cups options = raw[homes]        comment = Home Directories        valid users = %S, %D%w%S        browseable = No        read only = No        inherit acls = Yes[printers]        comment = All Printers        path = /var/tmp        printable = Yes        create mask = 0600        browseable = No[print$]        comment = Printer Drivers        path = /var/lib/samba/drivers        write list = @printadmin root        force group = @printadmin        create mask = 0664        directory mask = 0775[database]        comment=do not modify it all will        path=/home/database        public = yes        writeable=yes        guest ok = yes

 这中方法谨慎使用,因为存在很大的安全因素,如果别人不小心删除或者修改文件,我们就无法恢复了。

有的时候通过IP访问,时间久了或者其他原因很容易忘记,这时候配一个内网的DNS能够有效的解决这个二问题,下面演示如何配置DNS访问我们的服务器

1、先给服务器配置上DNS解析,假如用开发组来命名[root@localhost ~]# vim /etc/hosts127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4::1         localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.1.19 devops~      [root@localhost ~]# ping -c 4 devopsPING devops (192.168.1.19) 56(84) bytes of data.64 bytes from devops (192.168.1.19): icmp_seq=1 ttl=64 time=0.045 ms64 bytes from devops (192.168.1.19): icmp_seq=2 ttl=64 time=0.122 ms64 bytes from devops (192.168.1.19): icmp_seq=3 ttl=64 time=0.125 ms64 bytes from devops (192.168.1.19): icmp_seq=4 ttl=64 time=0.121 ms--- devops ping statistics ---4 packets transmitted, 4 received, 0% packet loss, time 3008msrtt min/avg/max/mdev = 0.045/0.103/0.125/0.034 ms 测试内网是没有问题,然后配置windows的hostsC:\Windows\System32\drivers\etc        #我的电脑是在这个路径下127.0.0.1       localhost192.168.1.19 devops  #加上这个配置

 

测试OK,我们就可以通过 \\devops 去访问我们的服务器

 

访问方式二、通过账号密码访问,在Centos7中,Samba服务默认的用户认证模式(user)

但是只有建立信息数据库之后才能使用用户口令认证模式,

pdbedit命令用于管理SMB服务程序的账户信息数据库,语法格式为 pdbedit [选项] 账户 

-a  -u   用户名 建立samba账户
-x  -u  用户名 删除samba账户
-L 列出账户列表
-Lv 列出账户详细信息的列表 
这里我们通过root去访问,那你也可以用其他账号去访问[root@localhost ~]# id rootuid=0(root) gid=0(root) groups=0(root)[root@localhost ~]# pdbedit -a -u rootnew password:retype new password:Unix username:        rootNT username:          Account Flags:        [U          ]User SID:             S-1-5-21-683895756-2385326933-4243325015-1000Primary Group SID:    S-1-5-21-683895756-2385326933-4243325015-513Full Name:            rootHome Directory:       \\localhost\rootHomeDir Drive:        Logon Script:         Profile Path:         \\localhost\root\profileDomain:               LOCALHOSTAccount desc:         Workstations:         Munged dial:          Logon time:           0Logoff time:          Wed, 06 Feb 2036 10:06:39 ESTKickoff time:         Wed, 06 Feb 2036 10:06:39 ESTPassword last set:    Mon, 08 Apr 2019 16:51:45 EDTPassword can change:  Mon, 08 Apr 2019 16:51:45 EDTPassword must change: neverLast bad password   : 0Bad password count  : 0Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 

在使用用户名密码访问时,需将全局配置里面map to guest注释掉

# map to guest = Bad User

[root@localhost ~]# systemctl restart smb

  

  

 

转载于:https://www.cnblogs.com/liangyuntao-ts/p/10773772.html

你可能感兴趣的文章
【Linux开发】CCS远程调试ARM,AM4378
查看>>
Linux之ssh服务介绍
查看>>
排序:冒泡排序
查看>>
Java中instanceof关键字的用法总结
查看>>
引用类型-Function类型
查看>>
(转)Android 仿订单出票效果 (附DEMO)
查看>>
数据库多张表导出到excel
查看>>
微信小程序去除button默认样式
查看>>
Where does Visual Studio look for C++ Header files?
查看>>
Java打包可执行jar包 包含外部文件
查看>>
Windows Phone开发(37):动画之ColorAnimation
查看>>
js中escape,encodeURI,encodeURIComponent 区别(转)
查看>>
sass学习笔记-安装
查看>>
Flask (二) cookie 与 session 模型
查看>>
修改添加网址的教程文件名
查看>>
[BZOJ 1017][JSOI2008]魔兽地图DotR(树形Dp)
查看>>
裁剪图片
查看>>
数据结构实习 problem L 由二叉树的中序层序重建二叉树
查看>>
VS中展开和折叠代码
查看>>
如何确定VS编译器版本
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2024-11-08 16:49:15   当前IP: 18.218.62.194   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我