Regarding file transfer between Linux and Windows systems, many people choose to use FTP, which is relatively safe, but sometimes there are still some problems, such as inexplicably garbled characters in the file name and changes in file size when uploading files. In comparison, using Samba as a file share is much easier and simpler.
The Samba server communication protocol (Server Messages Block) is to solve the sharing service problem of resources such as files or printers in the local area network, making it easier and easier to share files between multiple hosts. The following is a brief introduction to the operation record of deploying Samba service under Centos7 (test machine 192.168.1.35)
Install Samba
[root@localhost ~]# hostnamectl set-hostname samba-server #修改主机名
[root@samba-server ~]# cat /etc/redhat-release #查看系统版本
CentOS Linux release 7.6.1810 (Core)
[root@samba-server ~]# rpm -qa|grep samba #查看是否安装过samba
[root@samba-server ~]# yum install -y samba #安装samba
[root@samba-server ~]# rpm -qa|grep samba #查看安装包
From a security point of view, you need to set a firewall policy (do not turn off the firewall)
#添加samba服务到防火墙策略中
[root@samba-server ~]# firewall-cmd --add-service samba --permanent
success
#重启防火墙
[root@samba-server ~]# firewall-cmd --reload
success
#查看samba服务是否添加到防火墙中:
[root@samba-server ~]# firewall-cmd --list-all|grep samba
services: ssh dhcpv6-client samba
Remember: Be sure to close selinux (otherwise it will cause the windows client to fail to connect to Samba)
[root@samba-server ~]# vim /etc/sysconfig/selinux
.....
SELINUX=disabled
[root@samba-server ]# setenforce 0
[root@samba-server ]# getenforce
Permissive
Configure Samba service
[root@samba-server ~]# cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
[root@samba-server ~]# vim /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global] //全局配置
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers] //共享打印机配置
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root
create mask = 0664
directory mask = 0775
[backupfile] //这个是共享文件夹标识,表示登录samba打开时显示的文件夹名称。配置了多少个共享文件夹标识,登录samba时就会显示多少文件夹。
comment = please do not modify it all will //comment是对该共享的描述,可以是任意字符串
path= /home/backupfile //共享的路径
writable = yes //是否写入
public = no //是否公开
Add backupfile account (as added in the above configuration)
#设置为不予许登入系统,且用户的家目录为 /home/backupfile(相当于虚拟账号)的backupfile账号。
[root@samba-server ~]# useradd -d /home/backupfile -s /sbin/nologin backupfile
pdbedit command description
The pdbedit command is used to manage the account information database of the Samba service, the format is: "pdbedit [option] account"
The -a parameter needs to be used when writing user information to the database for the first time, and operations such as modifying user passwords and deleting users are no longer necessary.
pdbedit -L :查看samba用户
pdbedit -a -u user:添加samba用户
pdbedit -r -u user:修改samba用户信息
pdbedit -x -u user:删除samba用户
samba服务数据库的密码也可以用 smbpasswd 命令 操作
smbpasswd -a user:添加一个samba用户
smbpasswd -d user:禁用一个samba用户
smbpasswd -e user:恢复一个samba用户
smbpasswd -x user:删除一个samba用户
Add backupfile as samba user
[root@samba-server ~]# id backupfile
uid=1000(backupfile) gid=1000(backupfile) 组=1000(backupfile)
[root@samba-server ~]# pdbedit -a -u backupfile
#接着修改samba用户的家目录权限
[root@samba-server ~]# chown -Rf backupfile.backupfile /home/backupfile
Start the Samba service
[root@samba-server ~]# systemctl start smb
[root@samba-server ~]# systemctl enable smb
Created symlink from /etc/systemd/system/multi-user.target.wants/smb.service to /usr/lib/systemd/system/smb.service.
[root@samba-server ~]# systemctl restart smb
[root@samba-server ~]# systemctl status smb
start testing
#先往共享路径/home/backupfile里添加点内容
[root@samba-server ~]# cd /home/backupfile
[root@samba-server backupfile]# touch test1 test2 test3
[root@samba-server backupfile]# mkdir a1 a2 a3
[root@samba-server backupfile]# echo "HELLO WORD" > test1
[root@samba-server backupfile]# cat test1
HELLO WORD
Then test it locally on the windos client. "Open the cmd window or Win+E key" to open, enter "\\192.168.1.35" in the top "Network" address bar, then press Enter, enter the samba account backupfile and its password set above, and you can share to linux The files under /home/backupfile on the
After connecting, you can directly share the folder in windows and linux, and you can put some test files in it
Shared directories of multiple business groups can be established in a samba environment
for example:
Create a samba shared disk in the operation and maintenance department, and you can see all the shared content;
Create a samba shared disk of the product risk control group, and you can only see the shared content of your own group;
[root@samba-server backupfile]# cd /etc/samba/
[root@samba-server samba]# ls
lmhosts ops.smb.conf smb.conf smb.conf.bak smbusers chanpinfengkong.smb.conf
[root@samba-server samba]# vim ops.smb.conf
[信息科技部-运维]
comment = please do not modify it all will
path= /data/samba
public = no
valid users = xiaoqiang,xiaohong,@samba
printable = no
write list = @samba
[root@samba-server samba]# vim chanpinfengkong.smb.conf
[产品风控组共享目录]
comment = please do not modify it all will
path= /data/samba/产品风控组
public = no
valid users = xiaomin,mazi,@samba
printable = no
write list = @samba
将这几个用户添加到samba里
[root@samba-server ~]# pdbedit -a -u xiaoqiang
[root@samba-server ~]# pdbedit -a -u xiaohong
[root@samba-server ~]# pdbedit -a -u xiaomin
[root@samba-server ~]# pdbedit -a -u mazi
[root@samba-server ~]# pdbedit –L
backupfile:1000:
xiaohong:1002:
mazi:1004:
xiaoqiang:1001:
xiaomin:1003:
创建chanpinfengkong组,将xiaomin和mazi添加到这个组内
[root@samba-server ~]# useradd chanpinfengkong
[root@samba-server ~]# usermod -G chanpinfengkong xiaomin
[root@samba-server ~]# usermod -G chanpinfengkong mazi
创建samba共享目录
[root@samba ~]# cd /data/
[root@samba-server data]# mkdir samba
[root@samba-server data]# mkdir samba/产品风控组
[root@samba-server data]# chown -R samba.samba samba
[root@samba-server data]# chmod -R 777 samba
[root@samba-server data]# setfacl -R -m g:chanpinfengkong:rwx samba/产品风控组
如上配置后,登录samba:
1)用xiaoqiang,xiaohong账号登录samba,能看到"/data/samba"下面所有的共享内容。
2)用xiaomin,mazi账号登录samba,只能看到"/data/samba/产品风控组" 下面的共享内容
3)如果还需要分更多的组,就如上面的"产品风控组"一样进行配置即可!
Precautions
If a network error occurs when connecting to Samba on the windows client: Windows cannot access \\192.168.1.35\backupfile, the solution is as follows:
查看上下文的安全关系
[root@samba-server ~]# semanage backupfile -a -t samba_share_t /home/backupfile/
-bash: semanage: command not found
如果系统出现上面的报错 ,说明你系统里没有安装 semanage命令,下面开始安装semanage:
[root@samba-server ~]# yum provides /usr/sbin/semanage
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.0x.sg
* epel: mirror.dmmlabs.jp
* extras: mirror.0x.sg
* updates: mirror.0x.sg
policycoreutils-python-2.5-17.1.el7.x86_64 : SELinux policy core python utilities //这个是安装包
Repo : base
Matched from:
Filename :
[root@samba-server ~]# yum install -y policycoreutils-python
然后再执行一次,执行完成后,不要忘了刷新上下文关系
[root@samba-server ~]# semanage fcontext -a -t samba_share_t /home/backupfile
[root@samba-server ~]# restorecon -Rv /home/backupfile
允许SElinux对于SMB用户共享家目录的布尔值
重启Samba
[root@samba-server ~]# systemctl restart smb
How to log in by switching another user when accessing samba on the windows machine
方法如下:
1)按键ctrl+r,打开"运行",输入"cmd"
2)输入命令"net use * /delete",接着输入"Y",即先取消所有的net 连接
3)输入切换账号的命令"net use \\192.168.1.35\IPC$ grace@123 /user:grace",即表示切换到grace账号(密码为grace@123)
重置samba账号密码
[root@samba-server ~]# smbpasswd -a kevin //即重置kevin密码
Clean up the samba service cache connected to linux under windows
At the beginning of the installation and configuration of the samba service on the linux server, the samba service will inevitably undergo multiple modification and configuration/restarts. During this period, the win system may have already been connected to samba. After the samba modification configuration is modified, especially the user permissions, it is easy to not allow access or operation due to cached permissions when logging in from win again.
At this time, it usually takes a long time to clear the cache, and restarting win will also clear it. But this is very inefficient. Real-time cleaning can be done with the following manual methods.
清理步骤:
1)打开win的命令行(ctrl+R,输入cmd)。
2)在命令行里输入net use,就会打印出当前缓存的连接上列表。
3)根据列表,一个个删除连接: net use 远程连接名称 /del;
或者一次性全部删除:net use * /del。
这样再次命令行输入samba服务地址的时候,就会重新让你输入访问的账户和密码了。