全部博文(150)
分类: LINUX
2005-10-20 12:35:33
为了解决linux上的共享
samba设置 for as4
1. 启停服务
service samba start|stop|status
2. smb配置说明
2.1 samba配置文件位置
/etc/samba/smb.conf
# Global parameters 全局配置
[global]
netbios name = VSS254 定义windows系统能看到主机名字,如果显式定义,smb将使用hostname定义的主机名
server string = vss254 说明字段
guest account = pcguest guest帐号
username map = /etc/samba/smbusers 定义映射用户文件文治
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins support = Yes 定义是否支持wins
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
# Do not enable this option unless you have read those documents
encrypt passwords = yes 定义samba用户必须使用加密的密码
smb passwd file = /etc/samba/smbpasswd 定义密码文件位置
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = user 定义安全级别为用户级别,就是必须认证通过的用户才可以访问samba资源
定义为share的,不需要密码就可访问
[homes]
comment = Home Directories 定义linux系统用户相应的samba用户的主目录,默认为系统用户的home
read only = No
browseable = No
[netlogon] 如果为域登陆的话,使用这段定义
comment = Network Logon Service
path = /home/netlogon
printable = Yes
share modes = No
[tmp] 该段定义临时文件
comment = Temporary file space
path = /tmp
read only = No
guest ok = Yes
[public] 定义所有samba用户公用文件
comment = Public Stuff
path = /home/samba
write list = @staff
guest ok = Yes
2.1 samba用户映射文件
/etc/samba/smbusers
2.2 samba用户的密码文件
/etc/samba/smbpasswd
2.3 修改samba用户的密码
smbpasswd -a root
相当于修改 root用户的samba密码
注意:用mksmbpasswd.sh来转换/etc/passwd到/etc/samba/smbpasswd后,所有samba用户的密码未知,必须用该命令来修改后才能登陆。
2.4 testparm
用来测试smb.conf配置文件是否正确
3. 防火墙iptables的配置
3.1 samba使用的端口
TCP的139和445
3.2 iptables的设置
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
。。。。。。。
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT 此行定义了139端口可以通过防火墙
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
