搭建用户认证Samba共享服务器

版权声明：勇哥出品必属精品违者必究，相信勇哥幸福一生，不信勇哥抱憾终身，盗版一时爽全家火葬场！ https://blog.csdn.net/weixin_42837637/article/details/82658845

搭建用户认证Samba共享服务器

一、Samba介绍

二、环境说明

主机名	IP	环境系统
服务器	192.168.69.133	cenos7图形化
客户端	192.168.69.134	cenos7最小化

三、Samba安装设置

1.配置SAMBA
服务端配置
新建samba用户

[root@localhost ~]# yum -y install samba-*
[root@localhost ~]# useradd jerry -s /sbin/nologin
[root@localhost ~]# smbpasswd -a jerry

2.新建共享目录，赋予权限

[root@localhost ~]# mkdir /date/samba/share -p
[root@localhost ~]# chown jerry.jerry /date/samba/share -R

3.修改配置文件，在/etc/samba/smb.conf的配置文件最下面添加

[root@localhost ~]# cat /etc/samba/smb.conf
[samba-share]
    comment = This is share
    path = /date/samba/share
    public = no
    writable = yes

4.映射系统用户，并将路径写入smb.conf配置中

[root@localhost ~]# echo "jerry = qinyong" > /etc/samba/smbusers //将系统用户jerry映射为qinyong虚拟用户
[root@localhost ~]# vi   /etc/samba/smb.conf
[global]
    workgroup = SAMBA
    security = user
    map to guest = Bad User
    username map = /etc/samba/smbusers   \\增加项
    passdb backend = tdbsam`
[root@localhost ~]# systemctl restart smb.service   //重启服务

客户端验证,查看共享目录
1.客户端查看服务端哪些共享资源

[root@localhost ~]# smbclient -L 192.168.69.133 -U qinyong //需要输入密码
Enter SAMBA\qinyong's password: 
    Sharename       Type      Comment
    ---------       ----      -------
    samba-shard     Disk      This is shard
    samba-share     Disk      This is share
    IPC$            IPC       IPC Service (Samba 4.7.1)
Reconnecting with SMB1 for workgroup listing.

    Server               Comment
    ---------            -------

    Workgroup            Master
    -----

2.挂载

[root@localhost ~]# mkdir /samba -p
[root@localhost ~]# mount -t cifs -o username=qinyong,password=1 //192.168.69.133/samba-share /samba/   

四、检测验证结果

1.在客户端创建，在服务端读取

[root@localhost ~]# echo "hehe" >> 123 //客户端创建
[root@localhost ~]# ls
123
[root@localhost ~]# cat /date/samba/share/123  //服务验证该用户有读写权限

2.自动挂载

[root@localhost ~]# vim /etc/fstab
//192.168.69.133/samba-share /samba             cifs    defaults,_netdev,username=qinyong,password=1 0 0
[root@samba-client ~]# mount -a
[root@samba-client ~]# df
Filesystem                   1K-blocks    Used Available Use% Mounted on
/dev/sda2                      865676 155344   753453  22% /
devtmpfs                        490012       0    494352   0% /dev
tmpfs                           499860       0    4435340   0% /dev/shm
tmpfs                           499860    6880    4354350   2% /run
tmpfs                           499860       0    493440  0% /sys/fs/cgroup
/dev/sda1                      1134546  135675    83434  12% /boot
tmpfs                            99972       0     14356  12% /run/user/0
//192.168.69.133/samba-shard  1832345 3215464  1326434 37% /cifs
//192.168.69.133/samba-share  1832345 3215464  1326434 37% /samba  //挂载成功

3.验证客户端重启挂载成功

五、Samba服务模拟实验

在server上配置samba服务
samba服务器必须是STAFF工作组的一个成员
共享/common目录,共享名为common
只有example.com域内的客户端可以访问common共享、
common必须是可以浏览的
用户natasha必须能够读取共享中的内容,如果需要的话,验证密码是:tangkai
1.服务端设置

[root@server0 ~]# yum -y install samba*
[root@server0 ~]# mkdir /common
[root@server0 ~]# vi /etc/samba/smb.conf
workgroup = STAFF
[common] 
   path = /common
   browseable = yes
[root@server0 ~]# systemctl mask iptables.service ebtables.service   
[root@server0 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.25.0.0/24 service name=samba  accept ' --permanent
success
[root@server0 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.25.0.0/24 service name=samba-client  accept ' --permanent
success
[root@server0 ~]# firewall-cmd --reload
success
[root@server0 ~]# useradd natasha
[root@server0 ~]# smbpasswd  -a natasha
tangkai
[root@server0 ~]# setsebool  -P samba_enable_home_dirs  yes
setsebool: illegal value yes for boolean samba_enable_home_dirs
[root@server0 ~]# setsebool  -P samba_enable_home_dirs  on
[root@server0 ~]# chcon  -Rt samba_share_t  /common/
[root@server0 ~]# systemctl enable smb nmb
[root@server0 ~]# systemctl restart  smb nmb

2.客户端设置

[root@desktop0 ~]# mount -t cifs -o username=natasha,password=tangkai //172.25.0.11/common  /mnt
[root@desktop0 ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/vda1              10G  3.1G  7.0G  31% /
devtmpfs              482M     0  482M   0% /dev
tmpfs                 498M   80K  497M   1% /dev/shm
tmpfs                 498M   14M  485M   3% /run
tmpfs                 498M     0  498M   0% /sys/fs/cgroup
//172.25.0.11/common   10G  3.1G  6.9G  31% /mnt
[root@desktop0 ~]# cd /mnt/
[root@desktop0 mnt]# touch a
touch: cannot touch ‘a’: Permission denied

3.服务端设置

[root@server0 ~]# touch  /common/aa
[root@server0 ~]# mkdir  /storage
[root@server0 ~]# chcon -Rt samba_share_t  /storage/
[root@server0 ~]# vi /etc/samba/smb.conf
[common]
   path = /common
   browseable = yes
   valid users = natasha
[share]
   path = /storage
   browseable = yes
   valid users = sarah,kitty
   writable = no
   write  list  = kitty
[root@server0 ~]# systemctl restart smb nmb

4.客户端设置

[root@desktop0 ~]# umount /mnt/
[root@desktop0 ~]# ls /mnt/
[root@desktop0 ~]# mkdir /mnt/dev
[root@desktop0 ~]# vi /etc/fstab
//172.25.0.11/share  /mnt/dev  cifs  multiuser,username=sarah,password=tangkai,sec=ntlmssp 0 0
[root@desktop0 ~]#cd /mnt/dev
[root@desktop0 ~]#yum -y install cifs-utils*
[root@desktop0 ~]#su - student
[student@desktop0 ~]#cifscreds add -u kitty 172.25.0.11