Samba server configuration under Centos7 (actual combat)
Samba overview
Samba is a free software that implements the SMB protocol on Linux and UNIX systems, and consists of server and client programs. SMB (Server Messages Block, Information Service Block) is a communication protocol for sharing files and printers on a LAN. It provides sharing services for resources such as files and printers between different computers in the LAN. The SMB protocol is a client/server protocol through which the client can access the shared file system, printers and other resources on the server. By setting "NetBIOS over TCP/IP", Samba can not only share resources with LAN hosts, but also share resources with computers all over the world.
1. Anonymous access to Samba shared services1. Install Samba service
[root@localhost ~]</code># yum install samba -y ##安装Samba服务
2. Configure Samba configuration file information
[root@localhost ~]# cd /etc/samba/ ##切换到Samba配置文件目录
[root@localhost samba]# mv smb.conf smb.conf.bak ##备份
[root@localhost samba]# grep -v "#" smb.conf.bak > smb.conf ##重新创建一个配置文件(除去注释的)
[root@localhost samba]# vim smb.conf ##修改配置文件
[global] ##全局
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
map to guest = Bad User ##添加此项,开启匿名用户访问
##大G到末行添加下面的配置信息
[myshare] ##添加的share文件
path=/opt/abc ##路径
public=yes ##公共访问
browseable=yes ##能够访问
writable=yes ##写权限
create mask=0644 ##设置权限
directory mask=0755
3. Create the myshare path directory and give permissions
[root@localhost samba]# mkdir /opt/abc ##创建目录
[root@localhost samba]# chmod 777 /opt/abc ##给全部权限
[root@localhost samba]# systemctl stop firewalld.service ##关闭防火墙
[root@localhost samba]# setenforce 0 ##关闭增强功能
[root@localhost samba]# systemctl start smb.service ##开启Samba服务
4. Use the test machine to access
Use the test machine to access the share
View shared folders
create a file in the shared folder
View created files in Linux
[root@localhost samba]# cd /opt/abc/ ##查看共享文件目录,查看到创建的文本
[root@localhost abc]# ls
111.txt
[root@localhost abc]# ls -l ##Linux的匿名访问用户是nobody
总用量 0
-rw-r--r--. 1 nobody nobody 0 11月 5 15:51 111.txt
Second, authentication of Samba shared services
1. Configure Samba configuration file information
[root@localhost ~]# cd /etc/samba/ ##切换到Samba配置文件目录
[root@localhost samba]# vim smb.conf ##修改配置文件
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw ##将匿名访问的一项删除
##大G到末行添加下面的配置信息
[test]
path=/opt/test ##共享文件目录路径
browseable=yes ##能够访问,将public项去除
create mask=0644
directory mask=0755
valid users=zhangsan, lisi ##允许访问的用户
write list=zhangsan ##允许写入的用户
2. Create smb user
[root@localhost samba]# useradd zhangsan ##创建两个用户
[root@localhost samba]# useradd lisi
[root@localhost samba]# smbpasswd -a zhangsan ##创建smb用户并设置密码
New SMB password: ##设置密码
Retype new SMB password: ##确认密码
Added user zhangsan.
[root@localhost samba]# smbpasswd -a lisi
New SMB password:
Retype new SMB password:
Added user lisi.
[root@localhost samba]# pdbedit -L ##列出smb用户列表
zhangsan:1001:
lisi:1002:
[root@localhost samba]# cd /opt/
[root@localhost opt]# mkdir test ##创建共享目录
[root@localhost opt]# ls
abc rh test
[root@localhost opt]# chmod 777 test/ ##给最大权限
[root@localhost opt]# systemctl restart smb.service ##重启Samba服务
3. Use the test machine to access the share
In order to avoid errors, you can clear the cache on the test first
Use the test machine to access the share
Authentication is required, enter username and password
Create a file in the test shared folder
View created files in Linux
[root@localhost opt]# cd /opt/test/
[root@localhost test]# ls ##创建成功
222.txt
4. Because only zhangsan is allowed to write in the configuration file, test whether lisi can write
access share with lisi
test build file
3. Account name mapping of Samba shared service (account alias login)
1. Configuration mapping file and Samba configuration file
[root@localhost ~]# cd /etc/samba/
[root@localhost samba]# vim smbusers ##创建账户映射配置文件
zhangsan = t01 t02 ##别名t01 t02 密码还是zhangsan用户的密码
[root@localhost samba]# vim smb.conf ##配置Samba配置文件
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
username map = /etc/samba/smbusers ##添加别名的配置文件路径
[root@localhost samba]# systemctl restart smb.service ##重启Samba服务
2. Use the test machine to test the alias access and use the alias to log in
Fourth, the access control list of the Samba shared service
1. Configure Samba configuration file information
[root@localhost ~]# cd /etc/samba/ ##切换到Samba配置文件目录
[root@localhost samba]# vim smb.conf ##修改配置文件
[test]
path=/opt/test
browseable=yes
create mask=0644
directory mask=0755
valid users=zhangsan, lisi
write list=zhangsan
hosts deny=192.168.13. ##添加拒绝192.168.13段访问test
[root@localhost samba]# systemctl restart smb.service ##重启Samba服务
2. Use the test machine to access the test shared folder
5. Directly mount to Linux through Windows shared folder for use
1. Use Linux to access Windows shared files
[root@localhost ~]# smbclient -L //192.168.100.99/share ##访问共享
Enter SAMBA\root's password: ##密码
2. Mount the shared file to Linux and directly access the file
[root@localhost ~]# mkdir -p /opt/share01 ##创建挂载点
[root@localhost ~]# mount.cifs //192.168.100.99/share /opt/share01 ##将共享文件夹挂载到挂载点
Password for root@//192.168.100.99/share:
[root@localhost ~]# cd /opt/share01 ##切换到挂载点
[root@localhost share01]# ls
test.txt
[root@localhost share01]# cat test.txt ##查看共享文件夹的文件内容
this is a test!!