网站建设资讯

NEWS

网站建设资讯

文件共享服务---Samba

文件共享服务---Samba

创新互联建站网站建设由有经验的网站设计师、开发人员和项目经理组成的专业建站团队,负责网站视觉设计、用户体验优化、交互设计和前端开发等方面的工作,以确保网站外观精美、成都网站制作、成都网站设计易于使用并且具有良好的响应性。

=============================================================================

Samba介绍

smb:Service Message Block;服务信息块

cifs:Common Internet File System,

samba:作者:Andrew Tridgell;

  • 实事上是smb功能的实现,核心当中所实现的主要协议是cifs协议

功能

  • 文件系统共享;

  • NetBIOS协议(进行Windows网络上的主机名解析);

  • 打印服务;

Samba安装配置

1)程序环境

★samba安装

  • # yum install samba -y

★主配置文件

  • /etc/samba/smb.conf

主程序:

  • /usr/sbin/nmbd:

        Network Naming Service,主要是完成NetBIOS名称解析; 

  • /usr/sbin/smbd:

        SMB/CIFS Service;核心主程序,完成SMB/CIFS服务

★Unit File

  • /usr/lib/systemd/system/nmb.service

  • /usr/lib/systemd/system/smb.service

★监听的端口:

  • UDP:137/udp, 138/udp

  • TCP:139/tcp, 445/tcp 

客户端程序:

  • mount -t cifs = mount.cifs

  • smbclient:交互式命令行客户端工具;


2)samba的配置

   /etc/samba/smb.conf

★主配置文件:/etc/samba/smb.conf

[root@centos7 ~]# cd /etc/samba
[root@centos7 samba]# ls
lmhosts  smb.conf
[root@centos7 samba]# cp smb.conf{,.bak} # 首先备份
[root@centos7 samba]# ls
lmhosts  smb.conf  smb.conf.bak


[root@centos7 samba]# grep -i -E "^#[[:space:]]*(=|-)+" smb.conf # 过滤出配置段
#---------------
#--------------           # 全局配置段
#======================= Global Settings =====================================
# ----------------------- Network-Related Options -------------------------
# --------------------------- Logging Options -----------------------------
# ----------------------- Standalone Server Options ------------------------
# ----------------------- Domain Members Options ------------------------
# ----------------------- Domain Controller Options ------------------------
# ----------------------- Browser Control Options ----------------------------
#----------------------------- Name Resolution -------------------------------
# --------------------------- Printing Options -----------------------------
# --------------------------- File System Options ---------------------------
#============================ Share Definitions ==============================
                            # 用户自定义的共享配置段

★两类配置段:


◎全局配置

  [global]

  • workgroup = MYGROUP 工作组模型 用来定义工作组

  • server string = Samba Server Version %v  定义提示信息

  • interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24  指明要监听的地址或网络接口;

  • hosts allow = 127. 192.168.12. 192.168.13. 访问控制,相当于白名单

  • log file = /var/log/samba/log.%m 每个客户端将使用自己专用的日志文件;

  • max log size = 50 指明日志文件大小,默认为KB

  • security = user 定义安全级别,user提供账号和密码

    share (depricated) 匿名共享

    server (depricated) 实现集中式身份认证

    domain

  • passdb backend = tdbsam 账号密码的存储格式

  • load printers = yes samba 服务启动时是否装载打印机驱动

  • cups options = raw 通用的打印机的服务方式


共享文件系统:

  [shared_ID]

有三类:

  • [homes]:每个samba用户是否能够通过samba服务访问其家目录;

  • [printers]:打印服务;

  • [shared_FS]:用户自定义的共享目录;

常用指令:

  • comment:注释信息;

  • path:本地文件系统路径;

  • browseable:是否可浏览,是否为用户可见;

  • guest ok:是否允许来宾账号(匿名用户)访问;

  • public:是否公开给所有来宾;

  • writable:是否可写;

        writable=YES和read only = no是一样的

  • write list:拥有写权限的用户或组列表;

       用户名 

       @组名 = +组名 

2)samba用户管理

★命令:

  smbpasswd, pdbedit


1)smbpasswd

语法:

   smbpasswd [OPTIONS] USERNAME(系统用户)

选项:

  • -a:添加;

  • -x:删除;

  • -d:禁用;

  • -e:启用

2)pdbedit:

  • -L:列出samba服务中的所有用户;

  • -a:添加用户为samba用户;

      -u USERNAME:

  • -x:删除

  • -t:从标准输出接收密码;

  

访问服务:

☉smbclient交互式客户端程序:

  • 查看目标服务上的共享

       smbclient -L SMB_SERVER [-U USERNAME]

  • 访问共享服务

       smbclient //SMB_SERVER[/SHARE_NAME] [-U USERNAME]

mount.cifs 

  • mount -t cifs //SMB_SERVER/SHARED_ID  /MOUNT_POINT  -o username=USER,password=PASS(指明用户身份和密码)

注意:

  挂载操作中的用户,与-o选项中指定的用户直接产生映射关系;访问挂载,是以-o选项指定的用户身份运行,与本地用户以ID产生映射;

自定义共享的方式:

   [shared_ID]

    comment = 

    path = 

    guest ok = 

    read only = 

    public = 

    browseable = 

    write list = 

注意:

   定义所有用户在服务级的写权限write = yes (read only = no)不建议与write list同时使用;


命令演示:

  1.添加用户

[root@centos7 ~]# pdbedit -a -u tao # 添加用户
new password:
retype new password:
Unix username:        tao
NT username:          
Account Flags:        [U          ]
User SID:             S-1-5-21-1194301372-4224252613-970535052-1000
Primary Group SID:    S-1-5-21-1194301372-4224252613-970535052-513
Full Name:            
Home Directory:       \\centos7\tao
HomeDir Drive:        
Logon Script:         
Profile Path:         \\centos7\tao\profile
Domain:               CENTOS7
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          Wed, 06 Feb 2036 23:06:39 CST
Kickoff time:         Wed, 06 Feb 2036 23:06:39 CST
Password last set:    Tue, 18 Oct 2016 23:24:50 CST
Password can change:  Tue, 18 Oct 2016 23:24:50 CST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

[root@centos7 ~]# pdbedit -L # 列出samba用户
tao:1000:

[root@centos7 ~]# pdbedit -a -u xiu # 再添加一个用户xiu

[root@centos7 ~]# pdbedit -L 
tao:1000:
xiu:1001:

   启动samba服务,并查看端口号

[root@centos7 ~]# systemctl start nmb.service smb.service
[root@centos7 ~]# ss -unl # 查看udp端口 137,138
State       Recv-Q Send-Q                                      Local Address:Port                                                     Peer Address:Port              
UNCONN      0      0                                                       *:68                                                                  *:*                  
UNCONN      0      0                                           192.168.1.255:137                                                                 *:*                  
UNCONN      0      0                                            192.168.1.15:137                                                                 *:*                  
UNCONN      0      0                                                       *:137                                                                 *:*                  
UNCONN      0      0                                           192.168.1.255:138                                                                 *:*                  
UNCONN      0      0                                            192.168.1.15:138                                                                 *:*                  
UNCONN      0      0                                                       *:138                                                                 *:*                  
UNCONN      0      0                                               127.0.0.1:323                                                                 *:*                  
UNCONN      0      0                                                       *:34320                                                               *:*                  
UNCONN      0      0                                                      :::10025                                                              :::*                  
UNCONN      0      0                                                     ::1:323                                                                :::*  

[root@centos7 ~]# ss -tnl # 查看tcp协议端口 139,445
State       Recv-Q Send-Q                                      Local Address:Port                                                     Peer Address:Port              
LISTEN      0      128                                             127.0.0.1:6012                                                                *:*                  
LISTEN      0      50                                                      *:445                                                                 *:*                  
LISTEN      0      50                                                      *:3306                                                                *:*                  
LISTEN      0      50                                                      *:139                                                                 *:*                  
LISTEN      0      128                                                     *:22                                                                  *:*                  
LISTEN      0      128                                             127.0.0.1:631                                                                 *:*                  
LISTEN      0      100                                             127.0.0.1:25                                                                  *:*                  
LISTEN      0      128                                             127.0.0.1:6010                                                                *:*                  
LISTEN      0      128                                             127.0.0.1:6011                                                                *:*                  
LISTEN      0      128                                                   ::1:6012                                                               :::*                  
LISTEN      0      50                                                     :::445                                                                :::*                  
LISTEN      0      50                                                     :::139                                                                :::*                  
LISTEN      0      128                                                    :::22                                                                 :::*                  
LISTEN      0      128                                                   ::1:631                                                                :::*                  
LISTEN      0      100                                                   ::1:25                                                                 :::*                  
LISTEN      0      128                                                   ::1:6010                                                               :::*                  
LISTEN      0      128                                                   ::1:6011                                                               :::*

  2.smbclient命令查看目标主机上的共享

    这里以centos 6 主机作为客户端,访问作为samba服务器的centos 7

# 匿名访问,不输入密码,如下:
[root@CentOS6 ~]# smbclient -L 192.168.1.15 
Enter root's password: 
Anonymous login successful
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]

	Sharename       Type      Comment
	---------       ----      -------
	IPC$            IPC       IPC Service (Samba Server Version 4.2.3)
Anonymous login successful
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]

	Server               Comment
	---------            -------
	CENTOS7              Samba Server Version 4.2.3

	Workgroup            Master
	---------            -------
	MYGROUP              CENTOS7
	WORKGROUP            PC-20160624QLWL
	
# 已创建的系统用户账号来访问,如下:
[root@CentOS6 ~]# smbclient -L 192.168.1.15 -U tao
Enter tao's password: 
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]

	Sharename       Type      Comment
	---------       ----      -------
	IPC$            IPC       IPC Service (Samba Server Version 4.2.3)
	tao             Disk      Home Directories
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]

	Server               Comment
	---------            -------
	CENTOS7              Samba Server Version 4.2.3

	Workgroup            Master
	---------            -------
	MYGROUP              CENTOS7
	WORKGROUP            PC-20160624QLWL

 

   3.smbclient命令访问目标主机上的共享服务

[root@CentOS6 ~]# smbclient //192.168.1.15/ -U tao 
Enter tao's password: 
[root@CentOS6 ~]# smbclient //192.168.1.15/tao  -U tao # 要添加允许访问的共享的目录文件
Enter tao's password: 
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> help # 获取帮助
?              allinfo        altname        archive        blocksize      
cancel         case_sensitive cd             chmod          chown          
close          del            dir            du             echo           
exit           get            getfacl        geteas         hardlink       
help           history        iosize         lcd            link           
lock           lowercase      ls             l              mask           
md             mget           mkdir          more           mput           
newer          open           posix          posix_encrypt  posix_open     
posix_mkdir    posix_rmdir    posix_unlink   print          prompt         
put            pwd            q              queue          quit           
readlink       rd             recurse        reget          rename         
reput          rm             rmdir          showacls       setea          
setmode        stat           symlink        tar            tarmode        
timeout        translate      unlock         volume         vuid           
wdel           logon          listconnect    showconnect    ..             
!              
smb: \> pwd # 显示的是samba服务器上系统用户tao的共享目录,配置中家目录是允许共享的
Current directory is \\192.168.1.15\tao\
smb: \> ls
  .                                   D        0  Tue Oct 18 13:09:36 2016
  ..                                  D        0  Tue Oct 18 11:38:44 2016
  .mozilla                           DH        0  Mon Jul 25 23:57:35 2016
  .bash_logout                        H       18  Fri Nov 20 13:02:30 2015
  .bash_profile                       H      193  Fri Nov 20 13:02:30 2015
  .bashrc                             H      231  Fri Nov 20 13:02:30 2015
  .zshrc                              H      658  Fri Nov 20 21:11:02 2015
  .Xauthority                         H       53  Sun Sep 11 11:11:49 2016
  .cache                             DH        0  Sun Sep 11 11:11:49 2016
  .config                            DH        0  Tue Oct 18 12:38:09 2016
  .bash_history                       H      361  Tue Oct 18 12:43:06 2016
  .MySQL_history                      H      268  Mon Oct 17 16:18:28 2016
  pub                                 D        0  Tue Oct 18 09:16:21 2016
  upload                              D        0  Tue Oct 18 09:20:53 2016
  xiu                                 D        0  Tue Oct 18 09:36:02 2016
  .local                             DH        0  Tue Oct 18 12:38:09 2016
  f1                                          13  Tue Oct 18 13:09:36 2016

		40940 blocks of size 1048576. 40072 blocks available
smb: \> put /etc/fstab # 上传Cen 6 中的文件发现不能上传,这里最要使用当前路径
NT_STATUS_OBJECT_PATH_NOT_FOUND opening remote file \/etc/fstab
smb: \> lcd /etc # 切换到要上传文件的当前目录中
smb: \> put fstab # 上传文件,发现可以上传,这是因为系统文件中定义的writable=YES,有写权限,并且tao用户对自己的家目录也有写权限
putting file fstab as \fstab (52.3 kb/s) (average 52.3 kb/s)
smb: \> ls
  .                                   D        0  Wed Oct 19 00:11:59 2016
  ..                                  D        0  Tue Oct 18 11:38:44 2016
  .mozilla                           DH        0  Mon Jul 25 23:57:35 2016
  .bash_logout                        H       18  Fri Nov 20 13:02:30 2015
  .bash_profile                       H      193  Fri Nov 20 13:02:30 2015
  .bashrc                             H      231  Fri Nov 20 13:02:30 2015
  .zshrc                              H      658  Fri Nov 20 21:11:02 2015
  .Xauthority                         H       53  Sun Sep 11 11:11:49 2016
  .cache                             DH        0  Sun Sep 11 11:11:49 2016
  .config                            DH        0  Tue Oct 18 12:38:09 2016
  .bash_history                       H      361  Tue Oct 18 12:43:06 2016
  .mysql_history                      H      268  Mon Oct 17 16:18:28 2016
  pub                                 D        0  Tue Oct 18 09:16:21 2016
  upload                              D        0  Tue Oct 18 09:20:53 2016
  xiu                                 D        0  Tue Oct 18 09:36:02 2016
  .local                             DH        0  Tue Oct 18 12:38:09 2016
  f1                                          13  Tue Oct 18 13:09:36 2016
  fstab #已上传的文件                 A     1017  Wed Oct 19 00:11:59 2016

		40940 blocks of size 1048576. 40072 blocks available
smb: \> ^C

  

  4.自定义共享服务

[root@centos7 ~]# mkdir -pv /samba/tools  # 创建共享的目录
mkdir: created directory ‘/samba’
mkdir: created directory ‘/samba/tools’

[root@centos7 ~]# vim /etc/samba/smb.conf  # 编辑主配置文件
 [apps] # 自定义一个共享名
         comment = tools       # 注释为tools工具
         path = /samba/tools   # 本地文件系统路径
         browseable = yes      # 允许非属主,数组浏览
         guest ok = yes        # 允许来宾访问,即匿名用户
         writable = yes        # 允许写操作(如:上传和删除等)
 
 # 配置好之后保存退出,并测试语法
[root@centos7 samba]# testparm # 语法测试
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[apps]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions
                       # 敲回车,打印出服务所有的生效配置
# Global parameters
[global]
	workgroup = MYGROUP
	server string = Samba Server Version %v
	security = USER
	log file = /var/log/samba/log.%m
	max log size = 50
	idmap config * : backend = tdb
	cups options = raw


[homes]
	comment = Home Directories
	read only = No
	browseable = No


[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	print ok = Yes
	browseable = No


[apps]
	comment = tools
	path = /samba/tools
	read only = No # 非只读,代表可写
	guest ok = Yes

[root@centos7 samba]# systemctl restart smb 重启服务

 查看共享服务,并访问

# 查看系统用户下的共享服务
[root@CentOS6 ~]# smbclient -L 192.168.1.15 -U tao 
Enter tao's password: 
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]

	Sharename       Type      Comment
	---------       ----      -------
	apps            Disk      tools
            
            
                        
本文题目:文件共享服务---Samba
URL网址:http://cdweb.net/article/gdceed.html