linux系统中部署Samba服务（实现linux系统之间文件共享）

samba的文件共享服务采用服务器/客户端模式，本质为服务器端的特定目录实现在客户机端特定目录的挂载，从而实现服务器端和客户机端的目录文件共享。

在以下实验中，PC1为服务器端，IP为192.168.10.10；  PC2为客户机端，IP为192.168.10.20；

1、在PC1服务器端安装samba服务

[root@PC1 ~]# yum install samba -y
Loaded plugins: langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
rhel7                                                      | 4.1 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package samba.x86_64 0:4.1.1-31.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================
 Package         Arch             Version                   Repository       Size
==================================================================================
Installing:
 samba           x86_64           4.1.1-31.el7              rhel7           527 k

Transaction Summary
==================================================================================
Install  1 Package

Total download size: 527 k
Installed size: 1.5 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : samba-4.1.1-31.el7.x86_64                                      1/1 
rhel7/productid                                            | 1.6 kB  00:00:00     
  Verifying  : samba-4.1.1-31.el7.x86_64                                      1/1 

Installed:
  samba.x86_64 0:4.1.1-31.el7                                                     

Complete!

2、在PC1服务器端精简samba服务的主配置文件

[root@PC1 ~]# cd /etc/samba/
[root@PC1 samba]# ls
lmhosts  smb.conf
[root@PC1 samba]# cp smb.conf smb.conf.bak
[root@PC1 samba]# grep -v "#" smb.conf.bak | grep -v ";" | grep -v "^$" > smb.conf
[root@PC1 samba]# cat smb.conf
[global]
    workgroup = MYGROUP
    server string = Samba Server Version %v
    log file = /var/log/samba/log.%m
    max log size = 50
    security = user
    passdb backend = tdbsam
    load printers = yes
    cups options = raw
[homes]
    comment = Home Directories
    browseable = no
    writable = yes
[printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    writable = no
    printable = yes

3、在PC1服务器端创建用于访问共享资源的账户信息（samba服务采用用户口令认证模式，用于登录的用户在PC1服务器端必须已经存在）

[root@PC1 ~]# id linuxprobe
uid=1000(linuxprobe) gid=1000(linuxprobe) groups=1000(linuxprobe),10(wheel)
[root@PC1 ~]# pdbedit -a -u linuxprobe
new password:      ## 此处设定在客户端登录时的密码
retype new password:
Unix username:        linuxprobe
NT username:          
Account Flags:        [U          ]
User SID:             S-1-5-21-1761013935-1237571759-2663186072-1000
Primary Group SID:    S-1-5-21-1761013935-1237571759-2663186072-513
Full Name:            linuxprobe
Home Directory:       \\pc1\linuxprobe
HomeDir Drive:        
Logon Script:         
Profile Path:         \\pc1\linuxprobe\profile
Domain:               PC1
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          Wed, 06 Feb 2036 23:06:39 CST
Kickoff time:         Wed, 06 Feb 2036 23:06:39 CST
Password last set:    Tue, 15 Dec 2020 21:22:58 CST
Password can change:  Tue, 15 Dec 2020 21:22:58 CST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

4、在PC1服务器端创建用户共享资源的文件目录

[root@PC1 ~]# mkdir /home/database
[root@PC1 ~]# ll -d /home/database/
drwxr-xr-x. 2 root root 6 Dec 15 21:25 /home/database/
[root@PC1 ~]# chown -R linuxprobe:linuxprobe /home/database/   ## 修改权限，客户端登录用户权限
[root@PC1 ~]# ll -d /home/database/
drwxr-xr-x. 2 linuxprobe linuxprobe 6 Dec 15 21:25 /home/database/
[root@PC1 ~]# ll -ldZ /home/database/   ## 查看SELinux上下文
drwxr-xr-x. linuxprobe linuxprobe unconfined_u:object_r:home_root_t:s0 /home/database/
[root@PC1 ~]# semanage fcontext -a -t samba_share_t /home/database   ## 修改上下文
[root@PC1 ~]# restorecon -Rv /home/database/  ## 启动
restorecon reset /home/database context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:samba_share_t:s0
[root@PC1 ~]# ll -ldZ /home/database/
drwxr-xr-x. linuxprobe linuxprobe unconfined_u:object_r:samba_share_t:s0 /home/database/

5、在PC1服务器端设置SELinux服务于策略，使家目录支持samba服务

[root@PC1 ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
[root@PC1 ~]# setsebool -P samba_enable_home_dirs=on
[root@PC1 ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off

6、在PC1服务器端修改samba服务主配置文件，填写共享信息

[root@PC1 ~]# vim /etc/samba/smb.conf
[global]
        workgroup = MYGROUP
        server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        security = user
        passdb backend = tdbsam
        load printers = yes
        cups options = raw
[homes]
        comment = Home Directories
        browseable = no
        writable = yes
[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes
[database]
comment = Do not arbitrarily modify the database file
path = /home/database
public = no
writable = yes
~                                                                                                   

7、在PC1服务器端重启samba服务

[root@PC1 ~]# systemctl restart smb
[root@PC1 ~]# systemctl enable smb
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'

8、在PC1服务器端清空防火墙策略

[root@PC1 ~]# iptables -F
[root@PC1 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@PC1 ~]# systemctl status smb   ## 查看samba服务状态
smb.service - Samba SMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled)
   Active: active (running) since Tue 2020-12-15 21:41:03 CST; 1min 42s ago
 Main PID: 4487 (smbd)
   Status: "smbd: ready to serve connections..."
   CGroup: /system.slice/smb.service
           ├─4487 /usr/sbin/smbd
           └─4490 /usr/sbin/smbd

Dec 15 21:41:03 PC1 smbd[4487]: [2020/12/15 21:41:03.287294,  0] ../lib/util/become_daemon.c:...ady)
Dec 15 21:41:03 PC1 systemd[1]: Started Samba SMB Daemon.
Hint: Some lines were ellipsized, use -l to show in full.

9、查看PC1服务器端IP

[root@PC1 ~]# ifconfig | head -n 5
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.10  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::20c:29ff:fe66:37f7  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:66:37:f7  txqueuelen 1000  (Ethernet)
        RX packets 222  bytes 45170 (44.1 KiB)

 10、在PC2客户端测试与PC1服务器主机的连通性

[root@PC2 ~]# ifconfig | head -n 5
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.20  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::20c:29ff:fe25:bb3e  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:25:bb:3e  txqueuelen 1000  (Ethernet)
        RX packets 78  bytes 26676 (26.0 KiB)
[root@PC2 ~]# ping -c 3 192.168.10.10
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.408 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=64 time=0.231 ms
64 bytes from 192.168.10.10: icmp_seq=3 ttl=64 time=0.238 ms

--- 192.168.10.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.231/0.292/0.408/0.083 ms

11、在PC2客户端安装支持文件共享服务的软件包（cifs-utils）

[root@PC2 ~]# yum install cifs-utils -y
Loaded plugins: langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package cifs-utils.x86_64 0:6.2-6.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package             Arch            Version               Repository      Size
================================================================================
Installing:
 cifs-utils          x86_64          6.2-6.el7             rhel7           83 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 83 k
Installed size: 174 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : cifs-utils-6.2-6.el7.x86_64                                  1/1 
rhel7/productid                                          | 1.6 kB     00:00     
  Verifying  : cifs-utils-6.2-6.el7.x86_64                                  1/1 

Installed:
  cifs-utils.x86_64 0:6.2-6.el7                                                 

Complete!

12、在PC2客户端，将登陆用户、密码和共享域写入到认证文件中

[root@PC2 ~]# pwd
/root
[root@PC2 ~]# vim auth.smb
username=linuxprobe
password=abc123456   ## 此处的密码为在PC1服务器端使用pdbedit命令创建用户资料是设定的登陆密码
domain=MYGROUP
[root@PC2 ~]# ll auth.smb 
-rw-r--r--. 1 root root 54 Dec 15 22:09 auth.smb
[root@PC2 ~]# chmod 600 auth.smb  ## 设定为仅root可查看
[root@PC2 ~]# ll auth.smb 
-rw-------. 1 root root 54 Dec 15 22:09 auth.smb

13、在PC2客户机端创建挂载点

[root@PC2 ~]# mkdir /database

14、修改开机自动挂载配置文件

[root@PC2 ~]# vim /etc/fstab 
#
# /etc/fstab
# Created by anaconda on Wed Dec  2 16:46:09 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/rhel-root   /                       xfs     defaults        1 1
UUID=5cc50fd7-fef7-4902-a0f6-d583b437954d /boot                   xfs     defaults        1 2
/dev/mapper/rhel-swap   swap                    swap    defaults        0 0
/dev/cdrom      /media/cdrom    iso9660 defaults        0       0
//192.168.10.10/database        /database       cifs    credentials=/root/auth.smb      0       0

15、在PC1服务器端的共享点创建测试文件

[root@PC1 database]# cd /home/database/
[root@PC1 database]# echo 'i am pc1' > pc1
[root@PC1 database]# mkdir dirpc1
[root@PC1 database]# ls
dirpc1  pc1

16、在PC2客户机端挂载共享目录

[root@PC2 ~]# df -h
Filesystem             Size  Used Avail Use% Mounted on
/dev/mapper/rhel-root   18G  3.0G   15G  17% /
devtmpfs               985M     0  985M   0% /dev
tmpfs                  994M   80K  994M   1% /dev/shm
tmpfs                  994M  8.8M  986M   1% /run
tmpfs                  994M     0  994M   0% /sys/fs/cgroup
/dev/sda1              497M  119M  379M  24% /boot
/dev/sr0               3.5G  3.5G     0 100% /media/cdrom
[root@PC2 ~]# mount -a
[root@PC2 ~]# df -h
Filesystem                Size  Used Avail Use% Mounted on
/dev/mapper/rhel-root      18G  3.0G   15G  17% /
devtmpfs                  985M     0  985M   0% /dev
tmpfs                     994M   80K  994M   1% /dev/shm
tmpfs                     994M  8.8M  986M   1% /run
tmpfs                     994M     0  994M   0% /sys/fs/cgroup
/dev/sda1                 497M  119M  379M  24% /boot
/dev/sr0                  3.5G  3.5G     0 100% /media/cdrom
//192.168.10.10/database   18G  3.0G   15G  17% /database

17、在PC2端进入挂载点，检测是否PC1服务器端测试文件

[root@PC2 database]# cd /database/
[root@PC2 database]# ls
dirpc1  pc1
[root@PC2 database]# cat pc1 
i am pc1
[root@PC2 database]# echo 'i am pc2' > pc2
[root@PC2 database]# mkdir dirpc2
[root@PC2 database]# ls
dirpc1  dirpc2  pc1  pc2

18、在PC1服务器端共享目录检测客户端创建的文件

[root@PC1 database]# cd /home/database/
[root@PC1 database]# ls
dirpc1  dirpc2  pc1  pc2
[root@PC1 database]# cat pc2
i am pc2

　　以上实验说明了PC1服务器端的目录 /home/database在客户机端/database(挂载点）实现了文件共享。