Samba
Samba是在Linux和UNIX系統上實現SMB協議的一個免費軟件,由服務器及客戶端程序構成。SMB(Server Messages Block,信息服務塊)是一種在局域網上共享文件和打印機的一種通信協議,它為局域網內的不同計算機之間提供文件及打印機等資源的共享服務。SMB協議是客戶機/服務器型協議,客戶機通過該協議可以訪問服務器上的共享文件系統、打印機及其他資源。
1、安裝
# yum install -y samba samba-client
# rpm -qa | grep samba
samba-common-libs-4.9.1-6.el7.x86_64
samba-client-4.9.1-6.el7.x86_64
samba-client-libs-4.9.1-6.el7.x86_64
samba-libs-4.9.1-6.el7.x86_64
samba-4.9.1-6.el7.x86_64
samba-common-4.9.1-6.el7.noarch
samba-common-tools-4.9.1-6.el7.x86_64
2、常用命令
1.systemctl status smb #查看smd服務的狀態 2.systemctl start smb #運行smb服務 3.systemctl stop smb #停止服務 4.systemctl restart smb #重啟服務,但在實際中一般不采用 5.systemctl reload smb #重載服務,在實際中較常用,不用停止服務
3、配置
# cat /etc/samba/smb.conf
[global] #定義全局策略
workgroup = SAMBA #定義工作組
security = user #安全等級,有四種
#share: 用戶不需要帳號密碼即可登錄samba服務器
#user : 由提供服務的samba服務器負責檢查賬戶及密碼(默認)
#server :檢查帳號密碼的工作由另外Windows或samba服務器負責
#domain : 指定Windows域控制服務器來驗證用戶的賬戶及密碼
passdb backend = tdbsam #用戶后台,有三種
#smbpasswd : 使用smb工具smbpasswd給系統用戶設置一個samba密碼,客戶端就用此密碼訪問samba 資源。smbpasswd在/etc/samba中,有時需要手動創建該文件。
#tdbsam : 使用數據庫文件創建用戶數據庫。數據庫文件叫passdb.tdb,在/etc/samba中。passdb.tdb可使用smbpasswd -a創建samba用戶,要創建的samba用戶必須是系統用戶。也可使用pdbedit創建samba賬戶。pdbedit參數很多。列出幾個重要的:
#pdbedit -a username :新建用戶
#pdbedit -x username :刪除用戶
#pdbedit -L :列出用戶列表,讀取passdb.tdb數據庫文件
#pdbedit -Lv : 列出用戶列表詳細信息
#pdbedit -c "[D]" -u username : 暫停該用戶帳號
#pdbedit -c "[]" -u username : 恢復該用戶帳號
# ldapsam:基於LDAP帳號管理方式驗證用戶。首先要建立LDAP服務,設置“passdb backend = ldapsam:ldap://LDAP Server”
printing = cups
printcap name = cups
load printers = yes #客戶端在10分鍾內沒有打開任何Samba資源,
#服務器將自動關閉回話。
cups options = raw #打印屬性
[homes] #共享名稱
comment = Home Directories #注釋,共享的描述信息
valid users = %S, %D%w%S #允許訪問該共享的用戶
browseable = No #共享目錄是否可以被瀏覽
read only = No
inherit acls = Yes
[printers] #設置打印機共享
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
4、實例
*實驗前,關閉selinux和iptables
# systemctl stop firewalld
# setenforce 0
1、共享一個目錄,任何人都可以訪問,即不用輸入密碼即可訪問,要求只讀
vim samba的配置文件/etc/samba/smb.conf
# cp smb.conf smb.conf.bak
# cat smb.conf
[global]
workgroup = WORKGROUP
security = share
passdb backend = tdbsam
[public]
comment = share all
path = /pubil
browseable = yes
public = yes
writable = Yes
報錯了,不能用security = share,改配置
# cat /etc/samba/smb.conf
[global]
workgroup = testgroup
server string = this is test Samba Server Version %v
netbios name = testserver
log file = /var/log/samba/log.%m
max log size = 50
security = user
map to guest =Bad User
[public]
comment = Public Stuff
path = /public
public = yes
writable = yes
printable = no
write list = +staff
測試配置是否正確
# touch /public/test.txt
# testparm smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
如果沒有錯誤,則在你的Windows機器上的瀏覽器輸入file://IP/public看是否能夠訪問
2、共享一個目錄,使用帳號和密碼登錄后才可以訪問,要求可以讀寫。
打開samba的配置文件/etc/samba/smb.conf
# vim /etc/samba/smb.conf
[global]
workgroup = testgroup
server string = this is test Samba Server Version %v
netbios name = testserver
log file = /var/log/samba/log.%m
max log size = 50
security = user
map to guest =Bad User
passdb backend = tdbsam #用戶后台管理
[public]
comment = Public Stuff
path = /public
public = yes
writable = yes
printable = no
write list = +staff
#新增一個共享項目
[myshare]
comment = share for users
path = /samba
browseable = yes
writeable = yes
public = no
保存配置文件,創建目錄
# mkdir /samba
# chmod 777 /samba/
添加用戶。因為在[globa]中“passdb backend = tdbsam”,所以要用“pdbedit”來增加用戶,注意添加的用戶必須在系統中存在。
# useradd user1
# useradd user2
# pdbedit -a user1
# pdbedit -a user2
# pdbedit -L
user1:1004:
user2:1005:
測試
# testparm /etc/samba/smb.conf
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
Processing section "[public]"
Processing section "[myshare]"
aded services file OK.
瀏覽器輸入file://IP/myshare/ 然后輸入用戶名和密碼,新建個文檔
# ll /samba/
total 4
-rwxr--r--. 1 user1 user1 0 Oct 8 12:14 新建文本文檔.txt
報錯
啟動smb服務,報錯Failed to start Samba SMB Daemon.
[root@svn samba]# systemctl status smb.service ● smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2019-09-30 03:24:49 CST; 8min ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Process: 2130 ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS (code=exited, status=1/FAILURE) Main PID: 2130 (code=exited, status=1/FAILURE) Sep 30 03:24:49 svn systemd[1]: Starting Samba SMB Daemon... Sep 30 03:24:49 svn systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Sep 30 03:24:49 svn systemd[1]: Failed to start Samba SMB Daemon. Sep 30 03:24:49 svn systemd[1]: Unit smb.service entered failed state. Sep 30 03:24:49 svn systemd[1]: smb.service failed.
用journalctl -xe來查詢服務啟動失敗的原因
“WARNING: Ignoring invalid value 'share' for parameter 'security'”
[root@svn samba]# journalctl -xe -- Subject: Unit smb.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit smb.service has begun starting up. Sep 30 03:24:09 svn systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Sep 30 03:24:09 svn systemd[1]: Failed to start Samba SMB Daemon. -- Subject: Unit smb.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit smb.service has failed. -- -- The result is failed. Sep 30 03:24:09 svn systemd[1]: Unit smb.service entered failed state. Sep 30 03:24:09 svn systemd[1]: smb.service failed. Sep 30 03:24:09 svn polkitd[778]: Unregistered Authentication Agent for unix-process:2117:2328615 (system bus nam Sep 30 03:24:49 svn polkitd[778]: Registered Authentication Agent for unix-process:2124:2332573 (system bus name Sep 30 03:24:49 svn systemd[1]: Starting Samba SMB Daemon... -- Subject: Unit smb.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit smb.service has begun starting up. Sep 30 03:24:49 svn systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Sep 30 03:24:49 svn systemd[1]: Failed to start Samba SMB Daemon. -- Subject: Unit smb.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit smb.service has failed. -- -- The result is failed. Sep 30 03:24:49 svn systemd[1]: Unit smb.service entered failed state. Sep 30 03:24:49 svn systemd[1]: smb.service failed. Sep 30 03:24:49 svn polkitd[778]: Unregistered Authentication Agent for unix-process:2124:2332573 (system bus nam [root@svn samba]# [root@svn samba]# [root@svn samba]# testparm smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: Ignoring invalid value 'share' for parameter 'security' Load smb config files from smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: Ignoring invalid value 'share' for parameter 'security' Error loading services. [root@svn samba]#
用testparm測試smb.conf是否正確
[root@svn samba]# testparm smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: Ignoring invalid value 'share' for parameter 'security' Load smb config files from smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: Ignoring invalid value 'share' for parameter 'security' Error loading services.
WARNING: Ignoring invalid value 'share' for parameter 'security'
經查,配置samba服務器,中加入了security=share,但是testparm輸出的信息里沒有這一條,客戶機也無法訪問
security=share在新版中已經被廢棄了
把security = share改為 security = user map to guest = Bad User
就可以了。