要求:
1、在server0服務器上安裝配置samba,工作組為STAFF,共享目錄/smb1, 共享名smb1,僅允許192.168.100.0/24網段中的主機訪問。samba用戶user1可以讀取,密碼為Ynyd1234; 並且在desktop0服務器自動掛載到/mnt/smb1目錄下。
2、配置共享目錄/smb2,共享名smb2,僅允許192.168.100.0/24網段中的主機訪問。
僅允許用戶user1讀取, user2讀寫,密碼都為Ynyd1234;客戶機desktop0以multiuser方式自動掛接到/mnt/smb2
服務端server0配置192.168.100.201:
# yum install samba samba-client -y
# firewall-cmd --permanent --add-service=samba
# firewall-cmd --reload
# systemctl enable smb nmb
# systemctl restart nmb smb
# netsat -antulp | grep smb
# mkdir /smb1
# mkdir /smb2
# chmod 777 /smb1
# chmod 777 /smb2
# chcon -R -t samba_share_t /smb1
# chcon -R -t samba_share_t /smb2
# man 8 semanage-fcontext
# semanage fcontext -a -t samba_share_t "/smb1(/.*)?"
# semanage fcontext -a -t samba_share_t "/smb2(/.*)?"
# ll -dZ /smb1
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /smb1
# ll -dZ /smb2
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /smb2
# useradd user1
# useradd user2
# smbpasswd -a user1
# smbpasswd -a user2
# vi /etc/samba/smb.conf [global] workgroup = STAFF #此處修改為STAFF,並新增以下內容 [smb1] path = /smb1 #writable = yes #默認不加這句,user1及所有用戶都只讀,不可寫。加上之后,所有用戶都可寫。 hosts allow = 192.168.100.0/24 [smb2] path = /smb2 hosts allow = 192.168.100.0/24 writable = no write list = user2 #user2可寫,當然也可讀。 read list = user1 #user1可讀,不可寫。
客戶端desktop0配置:
#yum install -y samba-client cifs-utils
smbclient 連接測試
1、/smb1對所有用戶只讀。 [root@ldaptest ~]# smbclient //192.168.100.201/smb1 -U user1 Enter user1's password: Domain=[STAFF] OS=[Windows 6.1] Server=[Samba 4.6.2] smb: \> ls . D 0 Thu Dec 14 17:34:24 2017 .. DR 0 Thu Dec 14 16:50:29 2017 smb1filetest 0 Thu Dec 14 17:34:24 2017 53214 blocks of size 524288. 43678 blocks available smb: \> mkdir user1_mkdirtest NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \user1_mkdirtest smb: \> quit [root@ldaptest ~]# smbclient //192.168.100.201/smb1 -U user2 Enter user2's password: Domain=[STAFF] OS=[Windows 6.1] Server=[Samba 4.6.2] smb: \> ls . D 0 Thu Dec 14 17:34:24 2017 .. DR 0 Thu Dec 14 16:50:29 2017 smb1filetest 0 Thu Dec 14 17:34:24 2017 53214 blocks of size 524288. 43678 blocks available smb: \> mkdir user2_mkdir_test NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \user2_mkdir_test smb: \> exit 2、/smb2對user1用戶只讀,不可寫。對user2用戶可讀可寫。 # smbclient //192.168.100.201/smb2 -U user1 Enter user1's password: Domain=[STAFF] OS=[Windows 6.1] Server=[Samba 4.6.2] smb: \> ls . D 0 Thu Dec 14 17:34:32 2017 .. DR 0 Thu Dec 14 16:50:29 2017 smb2filetest 0 Thu Dec 14 17:34:32 2017 53214 blocks of size 524288. 43677 blocks available smb: \> mkdir user1_mkdir_test NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \user1_mkdir_test smb: \> quit # smbclient //192.168.100.201/smb2 -U user2 Enter user2's password: Domain=[STAFF] OS=[Windows 6.1] Server=[Samba 4.6.2] smb: \> ls . D 0 Thu Dec 14 17:34:32 2017 .. DR 0 Thu Dec 14 16:50:29 2017 smb2filetest 0 Thu Dec 14 17:34:32 2017 53214 blocks of size 524288. 43677 blocks available smb: \> mkdir user1_mkdir_test smb: \> ls . D 0 Thu Dec 14 17:38:12 2017 .. DR 0 Thu Dec 14 16:50:29 2017 smb2filetest 0 Thu Dec 14 17:34:32 2017 user1_mkdir_test D 0 Thu Dec 14 17:38:12 2017 53214 blocks of size 524288. 43677 blocks available smb: \> exit [root@ldaptest ~]# smbcliet常用命令測試: ?或help [command] 提供關於幫助或某個命令的幫助 ![shell command] 執行所用的SHELL命令,或讓用戶進入 SHELL提示符 cd [目錄] 切換到服務器端的指定目錄,如未指定,則 smbclient 返回當前本地目錄 lcd [目錄] 切換到客戶端指定的目錄; dir 或ls 列出當前目錄下的文件; exit 或quit 退出smbclient get file1 file2 從服務器上下載file1,並以文件名file2存在本地機上;如果不想改名,可以把file2省略 mget file1 file2 file3 filen 從服務器上下載多個文件; md或mkdir 目錄 在服務器上創建目錄 rd或rmdir 目錄 刪除服務器上的目錄 put file1 [file2] 向服務器上傳一個文件file1,傳到服務器上改名為file2; mput file1 file2 filen 向服務器上傳多個文件 # smbclient //192.168.100.201/smb2 -U user2 Enter user2's password: Interrupted by signal. cd /boot/ # smbclient //192.168.100.201/smb2 -U user2 Enter user2's password: Domain=[STAFF] OS=[Windows 6.1] Server=[Samba 4.6.2] smb: \> put 按Tab鍵列出/boot目錄下的所有內容。 config-2.6.32-431.el6.x86_64 lost+found/ efi/ symvers-2.6.32-431.el6.x86_64.gz grub/ System.map-2.6.32-431.el6.x86_64 initramfs-2.6.32-431.el6.x86_64.img vmlinuz-2.6.32-431.el6.x86_64 initrd-2.6.32-431.el6.x86_64kdump.img .vmlinuz-2.6.32-431.el6.x86_64.hmac smb: \> lcd /tmp/ 切換到客戶機服務器的指定目錄 smb: \> get initrd-2.6.32-431.el6.x86_64kdump.img getting file \initrd-2.6.32-431.el6.x86_64kdump.img of size 5089507 as initrd-2.6.32-431.el6.x86_64kdump.img (171386.4 KiloBytes/sec) (average 171387.0 KiloBytes/sec)
客戶機desktop0 配置自動掛載:
# mkdir /mnt/smb1 創建掛載目錄
# mkdir /mnt/smb2
掛載測試:
[root@desktop ~]# mount -t cifs -o username=user1 //192.168.100.201/smb1 /mnt/smb1 Password for user1@//192.168.100.201/smb1: ******** [root@desktop ~]# ls /mnt/smb1/ smb1filetest [root@desktop ~]# mount -t cifs -o username=user2 //192.168.100.201/smb2 /mnt/smb2 Password for user2@//192.168.100.201/smb2: ******** [root@desktop ~]# ls /mnt/smb2/ initrd-2.6.32-431.el6.x86_64kdump.img install.log smb2filetest user1_mkdir_test
# cat /root/smb1.passwd 手動新建這兩個密碼文件
username=user1
password=Ynyd1234
# cat /root/smb2.passwd
username=user2
password=Ynyd1234
# vi /etc/fstab 添加如下兩行
# vi /etc/fstab 添加如下兩行
//192.168.100.201/smb1 /mnt/smb1 cifs defaults,credentials=/root/smb1.passwd 0 0 //192.168.100.201/smb2 /mnt/smb2 cifs defaults,multiuser,credentials=/root/smb2.passwd,sec=ntlmssp 0 0
[root@desktop ~]# umount /mnt/smb1
[root@desktop ~]# umount /mnt/smb2/
[root@desktop ~]# ls /mnt/smb1/
[root@desktop ~]# ls /mnt/smb2/
[root@desktop ~]# mount –a 該命令會自動使用/etc/fstab配置文件里的內容完成掛載。
[root@desktop ~]# ls /mnt/smb1/
smb1filetest
[root@desktop ~]# ls /mnt/smb2/
initrd-2.6.32-431.el6.x86_64kdump.img install.log smb2filetest user1_mkdir_test
[root@ldesktop ~]# 自動掛載測試正常
客戶端配置寫的有點多,其實大部分都是測試的內容。在掛載前,我們先手動測試下看能否掛載成功,之后,再配置自動掛載。
總結起來就4點:1、安裝samba-client cifs-utils 2、創建掛載目錄 3、創建密碼文件 4、編輯fstab配置文件。