SMB 文件共享
用 Internet 文件系统(CIFS)也称为服务器信是适用于 MicrosoftWindows 服务器和客户端的标准文件和打印机共享系统息块(SMB)
Samba 服务可用于将 Linux 文件系统作为 CIFS/SMB 网络文件共享进行共享,并将 Linux 打印机作为 CIFS/SMB 打印机共事进行共享
samba 服务的组成部分
软件包 :
Samba-common – Samba 的支持文件
Samba-client – 客户端应用程序
Samba – 服务器应用程序
服务名称 :smb nmb
服务端口 : 通常使用 TCP/445 进行所有连接。还使用UDP137 、 UDP138 和 TCP/139 进行向后兼容
主配置文件 :/etc/samba/smb.conf
一、配置Samba
1在服务端
安装
[root@localhost ~]# yum install samba samba-client samba-common -y ##安装samba服务和支持samba服务的应用程序
Loaded plugins: langpacks
Repository 'rhel_dvd' is missing name in configuration, using id
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
rhel_dvd | 4.1 kB 00:00
Package samba-common-4.1.1-31.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package samba.x86_64 0:4.1.1-31.el7 will be installed
---> Package samba-client.x86_64 0:4.1.1-31.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
samba x86_64 4.1.1-31.el7 rhel_dvd 527 k
samba-client x86_64 4.1.1-31.el7 rhel_dvd 513 k
Transaction Summary
================================================================================
Install 2 Packages
Total download size: 1.0 M
Installed size: 2.9 M
Downloading packages:
(1/2): samba-4.1.1-31.el7.x86_64.rpm | 527 kB 00:00
(2/2): samba-client-4.1.1-31.el7.x86_64.rpm | 513 kB 00:00
--------------------------------------------------------------------------------
Total 9.5 MB/s | 1.0 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : samba-4.1.1-31.el7.x86_64 1/2
Installing : samba-client-4.1.1-31.el7.x86_64 2/2
Verifying : samba-client-4.1.1-31.el7.x86_64 1/2
Verifying : samba-4.1.1-31.el7.x86_64 2/2
Installed:
samba.x86_64 0:4.1.1-31.el7 samba-client.x86_64 0:4.1.1-31.el7
Complete!
服务启动配置
[root@localhost ~]# systemctl start smb
[root@localhost ~]# systemctl enable smb.service
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# systemctl disable firewalld.service
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
查看samba服务的端口
[root@localhost ~]# netstat -antlupe | grep smb
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 43463 2116/smbd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 43464 2116/smbd
tcp6 0 0 :::445 :::* LISTEN 0 43461 2116/smbd
tcp6 0 0 :::139 :::* LISTEN 0 43462 2116/smbd
2、在客户端
[root@localhost ~]# yum install samba-client.x86_64 -y ##只下载samba服务就可以
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00
Resolving Dependencies
--> Running transaction check
---> Package samba-client.x86_64 0:4.1.1-31.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
samba-client x86_64 4.1.1-31.el7 rhel_dvd 513 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 513 k
Installed size: 1.4 M
Downloading packages:
samba-client-4.1.1-31.el7.x86_64.rpm | 513 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : samba-client-4.1.1-31.el7.x86_64 1/1
Verifying : samba-client-4.1.1-31.el7.x86_64 1/1
Installed:
samba-client.x86_64 0:4.1.1-31.el7
Complete!
3、创建用户
【smb用户必须本地存在】
在服务端
[root@localhost ~]# useradd westos ##添加用户
[root@localhost ~]# passwd westos ##添加密码
Changing password for user westos.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# smbpasswd -a westos ##在smb中添加用户
New SMB password:
Retype new SMB password:
Added user westos.
[root@localhost ~]# pdbedit -L ##显示所添加的用户
westos:1001:
在客户端
[root@localhost ~]# smbclient -L //172.25.254.166
Enter root's password: ##未添加用户密码 直接回车
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
添加用户后
[root@localhost ~]# smbclient //172.25.254.166/westos -U westos
Enter westos's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu Jun 28 04:05:44 2018
.. D 0 Thu Jun 28 04:05:44 2018
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.mozilla DH 0 Thu Jul 10 18:29:32 2014
.config DH 0 Thu Jul 10 19:06:52 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.bash_logout H 18 Wed Jan 29 07:45:18 2014
60458 blocks of size 8192. 56478 blocks available
smb: \> qiut
qiut: command not found
smb: \> quit
[root@localhost ~]# setsebool -P samba_enable_home_dirs on
setsebool: SELinux is disabled.
[root@localhost ~]# getenforce
Disabled
[root@localhost ~]# vim /etc/sysconfig/selinux
[root@localhost ~]# getenforce
Disabled
[root@localhost ~]# reboot
vim内,更改selinux状态
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
setsebool -P samba_enable_home_dirs on 设置 bool
[root@localhost ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> on ##确认开启
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
在客户端就可以查看
[root@localhost ~]# smbclient //172.25.254.166/westos -U westos
Enter westos's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu Jun 28 04:05:44 2018
.. D 0 Thu Jun 28 04:05:44 2018
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.mozilla DH 0 Thu Jul 10 18:29:32 2014
.config DH 0 Thu Jul 10 19:06:52 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.bash_logout H 18 Wed Jan 29 07:45:18 2014
60458 blocks of size 8192. 56477 blocks available
二、上传文件
[root@localhost ~]# smbclient //172.25.254.166/westos -U westos
Enter westos's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> !ls
anaconda-ks.cfg Documents Music Public Videos
Desktop Downloads Pictures Templates
smb: \> put anaconda-ks.cfg
putting file anaconda-ks.cfg as \anaconda-ks.cfg (4208.3 kb/s) (average 4208.5 kb/s)
smb: \> quit
[root@localhost bin]# smbclient //172.25.254.166/westos -U westos
Enter westos's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu Jun 28 04:41:18 2018
.. D 0 Thu Jun 28 04:05:44 2018
.bash_profile H 193 Wed Jan 29 07:45:18 2014
anaconda-ks.cfg A 8619 Thu Jun 28 04:41:18 2018
.mozilla DH 0 Thu Jul 10 18:29:32 2014
.config DH 0 Thu Jul 10 19:06:52 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.bash_logout H 18 Wed Jan 29 07:45:18 2014
60458 blocks of size 8192. 56476 blocks available
smb: \> !ls
[ mcookie
a2p mcopy
abrt-action-analyze-backtrace mc-tool
abrt-action-analyze-c mc-wait-for-name
abrt-action-analyze-ccpp-local md5sum
abrt-action-analyze-core mdel
abrt-action-analyze-oops mdeltree
abrt-action-analyze-python mdir
abrt-action-analyze-vmcore mdu
abrt-action-analyze-vulnerability mergerepo
abrt-action-analyze-xorg mesg
abrt-action-check-oops-for-hw-error metacity
abrt-action-generate-backtrace metacity-message
abrt-action-generate-core-backtrace mformat
abrt-action-install-debuginfo minfo
abrt-action-list-dsos mixartloader
abrt-action-notify mkafmmap
abrt-action-perform-ccpp-analysis mkdir
abrt-action-save-kernel-data mkfifo
smb: \> put mco
mcomp mcookie mcopy
smb: \> put mco
mcomp mcookie mcopy
smb: \> put mco
mcomp mcookie mcopy
smb: \> put mcookie
putting file mcookie as \mcookie (7710.6 kb/s) (average 7710.9 kb/s)
smb: \>
三、smb服务挂载
临时挂载
mount //172.25.254.166/westos /mnt/ -o username=westos,passwd=redhat
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3194760 7279140 31% /
devtmpfs 469344 0 469344 0% /dev
tmpfs 484932 80 484852 1% /dev/shm
tmpfs 484932 12772 472160 3% /run
tmpfs 484932 0 484932 0% /sys/fs/cgroup
/dev/mapper/vg0-vo 483670 2381 451798 1% /home
//172.25.254.166/westos 10473900 3157216 7316684 31% /mnt开机自动挂载
1.mount //172.25.254.166/westos /mnt/ -o username=westos,passwd=redhat 0 0
命令直接写在 /etc/fstab, 开机时会自动运行,但若命令稍有差错容易无法开机
2、 在 /etc/rc.d/rc.local 在此文件中写mount //172.25.254.166/westos /mnt/ -o username=westos,passwd=redhat 会在开机后服务器已经启动之后才运行 不会影响服务器的开机
然后再加上可执行权限chmod +x /etc/rc.d/rc.local
smb 客户端的使用
[root@localhost ~]# rpm -qc samba-common ##查看配置文件
/etc/logrotate.d/samba
/etc/samba/lmhosts
/etc/samba/smb.conf
/etc/sysconfig/samba
修改组名称
在服务端
[root@localhost ~]# vim /etc/samba/smb.conf
设置服务的黑名单、白名单
[root@localhost ~]# vim /etc/samba/smb.conf
在客户端测试会出现
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE设置smb的共享目录
在服务端
[root@localhost ~]# mkdir /test
[root@localhost ~]# touch /test/file{1..5} ##新建一些文件用来测试
[root@localhost ~]# ls /test/
file1 file2 file3 file4 file5
[root@localhost ~]# semanage fcontext -a -t samba_share_t '/test(/.*)?' ##修改安全上下文
[root@localhost ~]# restorecon -FvvR /test/ ##刷新
restorecon reset /test context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
restorecon reset /test/file1 context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
restorecon reset /test/file2 context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
restorecon reset /test/file3 context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
restorecon reset /test/file4 context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
restorecon reset /test/file5 context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
[root@localhost ~]# semanage fcontext -l | grep /test 过滤test看是否更改成功
/test(/.*)? all files system_u:object_r:samba_share_t:s0
/usr/lib/pgsql/test/regress(/.*)? all files system_u:object_r:postgresql_db_t:s0
/usr/lib/pgsql/test/regress/.*\.sh regular file system_u:object_r:bin_t:s0
/usr/lib/pgsql/test/regress/.*\.so.* regular file system_u:object_r:lib_t:s0
/usr/lib/pgsql/test/regress/pg_regress regular file system_u:object_r:postgresql_exec_t:s0
编辑配置文件
[root@localhost ~]# vim /etc/samba/smb.conf
在文件最后添加
[root@localhost ~]# smbclient //172.25.254.166/DIR -U westos
Enter westos's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu Jun 28 07:57:44 2018
.. D 0 Thu Jun 28 07:57:26 2018
file1 N 0 Thu Jun 28 07:57:44 2018
file2 N 0 Thu Jun 28 07:57:44 2018
file3 N 0 Thu Jun 28 07:57:44 2018
file4 N 0 Thu Jun 28 07:57:44 2018
file5 N 0 Thu Jun 28 07:57:44 2018
40913 blocks of size 262144. 28434 blocks available
smb: \>
可以看到共享的test下五个文件
smb 权限管理
1、是否允许浏览:browseable = yes|no
2、是否可写:writable = yes|no
3、允许用户列表:write list = westos
4、允许组列表(+或@表示组):write list = +westos
5、指定超级用户,在可写情况下才可以执行动作:admin users = westos
smb 多用户挂载
[root@localhost ~]# useradd test
[root@localhost ~]# passwd test
Changing password for user test.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# yum install cifs-utils.x86_64 -y
Loaded plugins: langpacks
Repository 'rhel_dvd' is missing name in configuration, using id
Resolving Dependencies
--> Running transaction check
---> Package cifs-utils.x86_64 0:6.2-6.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================
Package Arch Version Repository Size
==============================================================================
Installing:
cifs-utils x86_64 6.2-6.el7 rhel_dvd 83 k
Transaction Summary
==============================================================================
Install 1 Package
Total download size: 83 k
Installed size: 174 k
Downloading packages:
cifs-utils-6.2-6.el7.x86_64.rpm | 83 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : cifs-utils-6.2-6.el7.x86_64 1/1
Verifying : cifs-utils-6.2-6.el7.x86_64 1/1
Installed:
cifs-utils.x86_64 0:6.2-6.el7
Complete!
[root@localhost ~]# vim /root/smbpass
[root@localhost ~]# cat /root/smbpass
username=student
password=redhat
[root@localhost ~]# mount -o cr#credentials=/root/smbpasswd 指定挂载时所用到的用户文件
#multiuser 支持多用户认证
#sec=ntlmssp 认证方式为标准smb认证方式
smb 匿名用户访问
linux 的匿名用户 Anonymous
windows 的匿名用户 guest
[root@localhost ~]# vim /etc/samba/smb.conf
[root@localhost ~]# systemctl restart smb.service
