分类: LINUX
2012-06-29 09:24:21
安装 :yum -y install samba* 这样会附带安装samba客户端
其中服务端是实现共享linux里边的资源 包括打印机
.客户端是实现在linux里边访问其他机器共享的资源 如windows共享的!
samba service 配置
1、配置
文件路径:/etc/samba/smb.conf
文件开头是samba的简介,其中#号表示注释,为用户提供配置解释,不用理会
其中还有一;开头的行,这是samba的格式范例,去掉;号之后生效
在smb.conf文件中有以下几段:
1)、全局配置
#=======================
Global Settings ====================
[global]
workgroup =
WORKGROUP #设置工作组和域名名称
server string = Samba Server Version %v
#服务器描述
; netbios name = MYSERVER #netbios名称
;
interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 #监听的接口
; hosts
allow = 127. 192.168.12. 192.168.13.#允许访问的客户端网段
2)、服务日志配置
#
--------------------------- Logging Options
-----------------------------
#
# Log File let you specify where to put
logs and how to split them up.
#
# Max Log Size let you specify the max
size log files should reach
# logs split per
machine
log file = /var/log/samba/%m.log
# max 50KB per
log file, then rotate
max log size =
50
3)、独立的电脑 和域成员配置
# ----------------------- Standalone
Server Options ------------------------
#
# Security can be set to user,
share(deprecated) or server(deprecated)
#
# Backend to store user
information in. New installations should
# use either tdbsam or ldapsam.
smbpasswd is available for backwards
# compatibility. tdbsam requires no
further configuration.
security = share #samba服务器的安全模式 share
级别安全模式--不需输入用户名和密码就可以浏览服务器资源
passdb backend =
tdbsam
#samba服务器的安全模式 一共有五种:
#share
级别安全模式--不需输入用户名和密码就可以浏览服务器的资源。适合于公共的资源,安全性较差。
#user
级别的安全模式---需要提交合法的用户名和密码,经过服务器验证,才能访问共享资源。服务器默认级别就是user也是最常用的
#级别
#server
级别的安全模式--客户端需要将用户名和密码提交到一台指定的samba服务器上进行验证。如果验证错误会自动转为user级别的验#证
#domain
级别的安全模式--如果服务器加入到windows域环境中的话,验证工作由域控制来做。domain级别的samba服务器
只作为域的成员#客户端,并不具备服务器的特性,samba最早期版本使用此级别登入windows域环境。
#ads安全级别--当samba服务器使用ads安全级别加入到windows域环境中,其中包含有domain中的所有功能,并且可以具备域控制器的功能
#
#
----------------------- Domain Members Options
------------------------
#
# Security must be set to domain or
ads
#
# Use the realm option only with security = ads
# Specifies the
Active Directory realm the host is part of
#
# Backend to store user
information in. New installations should
# use either tdbsam or ldapsam.
smbpasswd is available for backwards
# compatibility. tdbsam requires no
further configuration.
#
# Use password server option only with security =
server or if you can't
# use the DNS to locate Domain Controllers
# The
argument list may include:
# password server = My_PDC_Name [My_BDC_Name]
[My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#
password server = *
; security = domain
; passdb
backend = tdbsam
; realm = MY_REALM
; password server =
4)、作为域控制器的配置
# -----------------------
Domain Controller Options ------------------------
#
# Security must be
set to user for domain controllers
#
# Backend to store user information
in. New installations should
# use either tdbsam or ldapsam. smbpasswd is
available for backwards
# compatibility. tdbsam requires no further
configuration.
#
# Domain Master specifies Samba to be the Domain Master
Browser. This
# allows Samba to collate browse lists between subnets. Don't
use this
# if you already have a Windows NT domain controller doing this
job
#
# Domain Logons let Samba be a domain logon server for Windows
workstations.
#
# Logon Scrpit let yuou specify a script to be run at
login time on the client
# You need to provide it in a share called
NETLOGON
#
# Logon Path let you specify where user profiles are stored
(UNC path)
#
# Various scripts can be used on a domain controller or
stand-alone
# machine to add or delete corresponding unix
accounts
#
; security = user
; passdb backend =
tdbsam
; domain master = yes
; domain logons =
yes
# the login script name depends on the machine
name
; logon script = %m.bat
# the login script name depends
on the unix user used
; logon script = %u.bat
; logon path =
\\%L\Profiles\%u
# disables profiles support by specifing an empty
path
; logon path =
; add user script = /usr/sbin/useradd
"%u" -n -g users
; add group script = /usr/sbin/groupadd
"%g"
; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)"
-M -d /nohome -s /bin/false "%u"
; delete user script =
/usr/sbin/userdel "%u"
; delete user from group script =
/usr/sbin/userdel "%u" "%g"
; delete group script = /usr/sbin/groupdel
"%g"
5)、作为打印服务器的配置
# --------------------------- Printing
Options -----------------------------
#
# Load Printers let you load
automatically the list of printers rather
# than setting them up
individually
#
# Cups Options let you pass the cups libs custom options,
setting it to raw
# for example will let you use drivers on your Windows
clients
#
# Printcap Name let you specify an alternative printcap
file
#
# You can choose a non default printing system using the Printing
option
load printers = yes
cups options =
raw
printcap name = /etc/printcap
#obtain list of
printers automatically on SystemV
; printcap name =
lpstat
printing =
cups
6)、共享文件路径配置
机构
[共享名]
comment = 注释信息
path
= 共享路径
public = yes/no #匿名访问控制
valid users = 用户名 or @组名 #设置访问用户
或者用户组
readonly = yew/no #目录只读控制
writable = yew/no
#目录读写控制
writelist =用户名 or @组名 #读写用户控制
browsable = yes/no
#控制是否能浏览
#============================ Share Definitions
==================
[homes] #这个是特殊共享目录 表示用户的家目录
comment =
Home Directories
browseable = no
writable = yes
;
valid users = %S
; valid users =
MYDOMAIN\%S
[printers]#这个表示共享打印机
comment = All
Printers
path = /var/spool/samba
browseable =
no
guest ok = no
writable = no
printable =
yes
[src]#这个是共享的源代码存放目录
comment = local src
code
path = /usr/local/src
public =
yes
writeable =
yes
[webroot]#这个共享的是web服务器的www目录
comment =
webroot
path = /var/www
public = yes
readonly
=yes
如何建立samba账号认证:
samba将用户名和密码存放到了/etc/samba/smbpasswd中,在客户端提交用户名和密码资料后,samba回将其与该文件中的
信息做比较,如果相同并且samba服务器其他安全设置允许,客户端与samba服务器连接才能成功。
建立samba账号:
samba账号不能直接建立,必须在系统中存在同名的系统账号,如建立一个user1的账号 那么在系统中必须提前有一个user1的系统账号
建立方式如下:
useradd
-s:/bin/bash/nologin user1 #建立系统账号
passwd user1
#设置系统账号密码
smbpasswd -a user1
#建立samba账号
案例实战:
一、share级别共享建立
配置如下:
[global]
workgroup
= WORKGROUP #设置工作组和域名名称
server string = Samba Server Version %v
#服务器描述
log file = /var/log/samba/%m.log
max log size =
50
security = share
passdb backend =
tdbsam
#============================ Share Definitions
=================
[src]#这个是共享的源代码存放目录
comment = local src
code
path = /usr/local/src
public =
yes
writeable =
yes
[webroot]#这个共享的是web服务器的www目录
comment =
webroot
path = /var/www
public = yes
readonly
=yes
二、user级别的共享建立
配置如下:
1)、建立系统用户和系统用户组
groupadd
web
useradd -g web user1
useradd -g web
user2
passwd user1
passwd
user2
2)、建立samba账号
smbpasswd -a
user1
smbpasswd -a
user2
3)、修改smb.conf
[global]
workgroup =
WORKGROUP #设置工作组和域名名称
server string = Samba Server Version
%v #服务器描述
log file =
/var/log/samba/%m.log
max log size =
50
security =
user
#============================ Share Definitions
==================
[web]
#设置共享名
comment = webroot
path = /var/www
#设置共享路径
valid users =
@web#设置访问用户为web组
三、高级配置
1)、用户账号映射
在主配置文件smb.conf中添加全局设定
username map =
/etc/samba/smbusers
在/etc/samba/smbusers中添加账号映射
/等号前面是系统账号 后面是映射的虚拟账号
root = Admistrator
admin
nobody = guest
smbguest
user1 = hangjialin
user2
= james
2)、客户端访问控制
禁止IP和网段
或者某个域的用户访问
hosts deny = 10. 172.16
192.168.1
hosts allow = 10.0.0.2
hosts deny = .sale.com .net
free
hosts deny =
All
hosts allow =
user1
hosts deny =
All
hosts allow = 192.168.1 EXCEPT
192.168.1.100
hosts deny 和hosts
allow的作用范围
把这两个字段放在不同位置上作用范围是不一样的
放到[global]
小节里边对所有共享点都有效
放到某个共享点下只对该共享点有效,对单一目录生效
3)、设置权限
writeable
= yes #所有账号可以写入
writeable = no
#所有账号不可以写入
write list = user1
#列表中的账号可以写入
4)、设置隐藏共享
隐藏共享就是让某个目录不出现在浏览的时候,这是出于安全考虑,只有管理员和一些重要人员找到有这样一个共享
其他人无从知道。
brewsable
= no
表示隐藏该目录
四、隐藏目录实列:一个目录只有user1这个用户能浏览到,其他的人不可以浏览
1、cp
smb.conf smb.conf.user1
2、[global]
config =
/etc/samba/smb.conf.%U
[src]#这个是共享的源代码存放目录
comment
= local src code
path =
/usr/local/src
public = yes
writeable =
yes
brewsable =
no
3、编辑独立配置文件
vi
smb.conf.user1
[src]#这个是共享的源代码存放目录
path =
/usr/local/src
writeable =
yes
NOTIC:经过测试发现,如果给一个用设定了单独的配置文件 那么主配置文件中的配置项对该用户失效,只使用独立配置文件中的项目
五、samba客户端使用(用于浏览其它计算机上共享的资源)
1)、smbclient
-L 192.168.124.129 #查看主机192.168.124.129上边所有共享资源
2)、smbclient
-L 192.168.124.129 -U user1%hjllove 用账户user1 密码hjllove
查看samba服务器的共享资源
3)、smbclient //192.168.124.129/src -U
user2%test 用账户user2 密码test
查看smb服务器上共享的src文件夹
4)、采用挂载的方式使用其它共享服务器上的资源(包括Windows上的共享资源)
mount
-t cifs //192.168.124.129/webroot /media [-o
username=user1]
六、samba服务器打印共享设置(打印服务器)
#
--------------------------- Printing Options
-----------------------------
load printers =
yes
cups options = raw
printcap name =
/etc/printcap
#obtain list of printers automatically on
SystemV
;printcap name = lpstat
printing =
cups
#============================ Share Definitions
====================
[printers]#共享打印机
comment
= All Printers
path =
/var/spool/samba
browseable = yes
guest ok
= no
writable = no
printable = yes
原文地址:
