Samba
Samba是在Linux和UNIX系统上实现SMB协议的一个免费软件,由服务器及客户端程序构成。SMB(Server Messages Block,信息服务块)是一种在局域网上共享文件和打印机的一种通信协议,它为局域网内的不同计算机之间提供文件及打印机等资源的共享服务。SMB协议是客户机/服务器型协议,客户机通过该协议可以访问服务器上的共享文件系统、打印机及其他资源。
1、安装
# yum install -y samba samba-client
# rpm -qa | grep samba
samba-common-libs-4.9.1-6.el7.x86_64
samba-client-4.9.1-6.el7.x86_64
samba-client-libs-4.9.1-6.el7.x86_64
samba-libs-4.9.1-6.el7.x86_64
samba-4.9.1-6.el7.x86_64
samba-common-4.9.1-6.el7.noarch
samba-common-tools-4.9.1-6.el7.x86_64
2、常用命令
1.systemctl status smb #查看smd服务的状态 2.systemctl start smb #运行smb服务 3.systemctl stop smb #停止服务 4.systemctl restart smb #重启服务,但在实际中一般不采用 5.systemctl reload smb #重载服务,在实际中较常用,不用停止服务
3、配置
# cat /etc/samba/smb.conf
[global] #定义全局策略
workgroup = SAMBA #定义工作组
security = user #安全等级,有四种
#share: 用户不需要帐号密码即可登录samba服务器
#user : 由提供服务的samba服务器负责检查账户及密码(默认)
#server :检查帐号密码的工作由另外Windows或samba服务器负责
#domain : 指定Windows域控制服务器来验证用户的账户及密码
passdb backend = tdbsam #用户后台,有三种
#smbpasswd : 使用smb工具smbpasswd给系统用户设置一个samba密码,客户端就用此密码访问samba 资源。smbpasswd在/etc/samba中,有时需要手动创建该文件。
#tdbsam : 使用数据库文件创建用户数据库。数据库文件叫passdb.tdb,在/etc/samba中。passdb.tdb可使用smbpasswd -a创建samba用户,要创建的samba用户必须是系统用户。也可使用pdbedit创建samba账户。pdbedit参数很多。列出几个重要的:
#pdbedit -a username :新建用户
#pdbedit -x username :删除用户
#pdbedit -L :列出用户列表,读取passdb.tdb数据库文件
#pdbedit -Lv : 列出用户列表详细信息
#pdbedit -c "[D]" -u username : 暂停该用户帐号
#pdbedit -c "[]" -u username : 恢复该用户帐号
# ldapsam:基于LDAP帐号管理方式验证用户。首先要建立LDAP服务,设置“passdb backend = ldapsam:ldap://LDAP Server”
printing = cups
printcap name = cups
load printers = yes #客户端在10分钟内没有打开任何Samba资源,
#服务器将自动关闭回话。
cups options = raw #打印属性
[homes] #共享名称
comment = Home Directories #注释,共享的描述信息
valid users = %S, %D%w%S #允许访问该共享的用户
browseable = No #共享目录是否可以被浏览
read only = No
inherit acls = Yes
[printers] #设置打印机共享
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
4、实例
*实验前,关闭selinux和iptables
# systemctl stop firewalld
# setenforce 0
1、共享一个目录,任何人都可以访问,即不用输入密码即可访问,要求只读
vim samba的配置文件/etc/samba/smb.conf
# cp smb.conf smb.conf.bak
# cat smb.conf
[global]
workgroup = WORKGROUP
security = share
passdb backend = tdbsam
[public]
comment = share all
path = /pubil
browseable = yes
public = yes
writable = Yes
报错了,不能用security = share,改配置
# cat /etc/samba/smb.conf
[global]
workgroup = testgroup
server string = this is test Samba Server Version %v
netbios name = testserver
log file = /var/log/samba/log.%m
max log size = 50
security = user
map to guest =Bad User
[public]
comment = Public Stuff
path = /public
public = yes
writable = yes
printable = no
write list = +staff
测试配置是否正确
# touch /public/test.txt
# testparm smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
如果没有错误,则在你的Windows机器上的浏览器输入file://IP/public看是否能够访问
2、共享一个目录,使用帐号和密码登录后才可以访问,要求可以读写。
打开samba的配置文件/etc/samba/smb.conf
# vim /etc/samba/smb.conf
[global]
workgroup = testgroup
server string = this is test Samba Server Version %v
netbios name = testserver
log file = /var/log/samba/log.%m
max log size = 50
security = user
map to guest =Bad User
passdb backend = tdbsam #用户后台管理
[public]
comment = Public Stuff
path = /public
public = yes
writable = yes
printable = no
write list = +staff
#新增一个共享项目
[myshare]
comment = share for users
path = /samba
browseable = yes
writeable = yes
public = no
保存配置文件,创建目录
# mkdir /samba
# chmod 777 /samba/
添加用户。因为在[globa]中“passdb backend = tdbsam”,所以要用“pdbedit”来增加用户,注意添加的用户必须在系统中存在。
# useradd user1
# useradd user2
# pdbedit -a user1
# pdbedit -a user2
# pdbedit -L
user1:1004:
user2:1005:
测试
# testparm /etc/samba/smb.conf
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
Processing section "[public]"
Processing section "[myshare]"
aded services file OK.
浏览器输入file://IP/myshare/ 然后输入用户名和密码,新建个文档
# ll /samba/
total 4
-rwxr--r--. 1 user1 user1 0 Oct 8 12:14 新建文本文档.txt
报错
启动smb服务,报错Failed to start Samba SMB Daemon.
[root@svn samba]# systemctl status smb.service ● smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2019-09-30 03:24:49 CST; 8min ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Process: 2130 ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS (code=exited, status=1/FAILURE) Main PID: 2130 (code=exited, status=1/FAILURE) Sep 30 03:24:49 svn systemd[1]: Starting Samba SMB Daemon... Sep 30 03:24:49 svn systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Sep 30 03:24:49 svn systemd[1]: Failed to start Samba SMB Daemon. Sep 30 03:24:49 svn systemd[1]: Unit smb.service entered failed state. Sep 30 03:24:49 svn systemd[1]: smb.service failed.
用journalctl -xe来查询服务启动失败的原因
“WARNING: Ignoring invalid value 'share' for parameter 'security'”
[root@svn samba]# journalctl -xe -- Subject: Unit smb.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit smb.service has begun starting up. Sep 30 03:24:09 svn systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Sep 30 03:24:09 svn systemd[1]: Failed to start Samba SMB Daemon. -- Subject: Unit smb.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit smb.service has failed. -- -- The result is failed. Sep 30 03:24:09 svn systemd[1]: Unit smb.service entered failed state. Sep 30 03:24:09 svn systemd[1]: smb.service failed. Sep 30 03:24:09 svn polkitd[778]: Unregistered Authentication Agent for unix-process:2117:2328615 (system bus nam Sep 30 03:24:49 svn polkitd[778]: Registered Authentication Agent for unix-process:2124:2332573 (system bus name Sep 30 03:24:49 svn systemd[1]: Starting Samba SMB Daemon... -- Subject: Unit smb.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit smb.service has begun starting up. Sep 30 03:24:49 svn systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE Sep 30 03:24:49 svn systemd[1]: Failed to start Samba SMB Daemon. -- Subject: Unit smb.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit smb.service has failed. -- -- The result is failed. Sep 30 03:24:49 svn systemd[1]: Unit smb.service entered failed state. Sep 30 03:24:49 svn systemd[1]: smb.service failed. Sep 30 03:24:49 svn polkitd[778]: Unregistered Authentication Agent for unix-process:2124:2332573 (system bus nam [root@svn samba]# [root@svn samba]# [root@svn samba]# testparm smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: Ignoring invalid value 'share' for parameter 'security' Load smb config files from smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: Ignoring invalid value 'share' for parameter 'security' Error loading services. [root@svn samba]#
用testparm测试smb.conf是否正确
[root@svn samba]# testparm smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: Ignoring invalid value 'share' for parameter 'security' Load smb config files from smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: Ignoring invalid value 'share' for parameter 'security' Error loading services.
WARNING: Ignoring invalid value 'share' for parameter 'security'
经查,配置samba服务器,中加入了security=share,但是testparm输出的信息里没有这一条,客户机也无法访问
security=share在新版中已经被废弃了
把security = share改为 security = user map to guest = Bad User
就可以了。