CentOS7--Samba
构建Samba文件共享服务器
根据公司的信息化建设要求,需要在局域网内部搭建一台文件服务器,便于对数据的集中管理和备份。考虑到服务器的运行效率及稳定,安全性问题
实验环境:
根据公司的信息化建设要求,需要在局域网内部搭建一台文件服务器,便于对数据的集中管理和备份。考虑到服务器的运行效率及稳定,安全性问题,选择在RHEL5操作系统中构建Samba服务器以提供文件资源共享服务。
需求描述:
1. 在/var/share目录中建立三个子目录public、training、devel,用途如下:
Public目录用于存放公共数据,如公司的规章制度,员工手册等。
Training目录用于存放公司的技术培训资料。
Devel目录用于存放项目开发数据。
2. 将/var/share/public/目录共享为Public、所有员工都可以访问,但只有读取权限。
3. 将/var/share/training/目录共享为peixun,允许管理员admin和技术部的所有员工读取数据,但不能写入;禁止其他人访问。
4. 将/var/share/devel/目录共享为kaifa,技术部的所有员工都可以读取该目录的文件但只有管理员admin及benet项目组的员工有写入权限。
问题分析:
1. 建立benet项目组的组账号benet,技术部的组账号tech。将benet项目组的所有员工如ben01都加入基本组benet、公共组tech。将技术部的其他所有员工账号如tec01都加入基本组tech。
2. 将/var/share/devel/目录的属组该为benet,并在组权限中增加可写w属性。
3. 将tech组、benet组内的每个系统用户都创建共享用户,在samba配置中使用“@组名”的形式进行访问授权。
一、实验前准备
查看当前sabma包信息
[root@samba ~]# rpm -qa | grep samba
samba-common-tools-4.2.10-6.2.el7_2.x86_64
samba-common-libs-4.2.10-6.2.el7_2.x86_64
samba-libs-4.2.10-6.2.el7_2.x86_64
samba-common-4.2.10-6.2.el7_2.noarch
samba-client-libs-4.2.10-6.2.el7_2.x86_64
samba-4.2.10-6.2.el7_2.x86_64
[root@samba ~]#
[root@samba ~]# service smb start
Redirecting to /bin/systemctl start smb.service
[root@samba ~]# netstat -utpln | grep "mbd"
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 2648/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 2648/smbd
tcp6 0 0 :::139 :::* LISTEN 2648/smbd
tcp6 0 0 :::445 :::* LISTEN 2648/smbd
[root@samba ~]#
[root@samba ~]# service nmb start
Redirecting to /bin/systemctl start nmb.service
[root@samba ~]# netstat -utpln | grep bd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 2648/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 2648/smbd
tcp6 0 0 :::139 :::* LISTEN 2648/smbd
tcp6 0 0 :::445 :::* LISTEN 2648/smbd
udp 0 0 172.17.255.255:137 0.0.0.0:* 2701/nmbd
udp 0 0 172.17.0.1:137 0.0.0.0:* 2701/nmbd
udp 0 0 192.168.142.255:137 0.0.0.0:* 2701/nmbd
udp 0 0 192.168.142.167:137 0.0.0.0:* 2701/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 2701/nmbd
udp 0 0 172.17.255.255:138 0.0.0.0:* 2701/nmbd
udp 0 0 172.17.0.1:138 0.0.0.0:* 2701/nmbd
udp 0 0 192.168.142.255:138 0.0.0.0:* 2701/nmbd
udp 0 0 192.168.142.167:138 0.0.0.0:* 2701/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 2701/nmbd
[root@samba ~]#
二、实施过程:
1.建立组账号tech、benet;创建benet员工ben01.技术部员工tec01;创建普通用户yua01.
[root@samba ~]# groupadd tech
[root@samba ~]# groupadd benet
[root@samba ~]# useradd -g benet -G tech ben01
[root@samba ~]# id ben01
uid=1001(ben01) gid=1002(benet) groups=1002(benet),1001(tech)
[root@samba ~]# useradd -g tech tec01
[root@samba ~]# id tec01
uid=1002(tec01) gid=1001(tech) groups=1001(tech)
[root@samba ~]# useradd yua01
2. 创建存放共享资源的文件夹/var/share/,以及子目录public、traning、devel。
[root@samba ~]# mkdir -p /var/share/pulic -p
[root@samba ~]# mkdir /var/share/training
[root@samba ~]# mkdir /var/share/devel
[root@samba ~]# chown :benet /var/share/devel
[root@samba ~]# chmod g+w /var/share/devel/
[root@samba ~]# chmod a-w /var/share/pulic/
[root@samba ~]# chmod 550 /var/share/training/
[root@samba ~]# ls -l /var/share/
total 0
drwxrwxr-x 2 root benet 6 Jul 26 20:44 devel
dr-xr-xr-x 2 root root 6 Jul 26 20:44 pulic
dr-xr-x--- 2 root root 6 Jul 26 20:44 training
[root@samba ~]#
3. 创建共享用户yua01、ben01、tec01、root、为root设置别名admin。
[root@samba ~]# pdbedit -a -u yua01
new password:
retype new password:
Unix username: yua01
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3913672100-2717989358-3523335343-1000
Primary Group SID: S-1-5-21-3913672100-2717989358-3523335343-513
Full Name:
Home Directory: \\samba\yua01
HomeDir Drive:
Logon Script:
Profile Path: \\samba\yua01\profile
Domain: SAMBA
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Tue, 26 Jul 2016 20:47:59 CST
Password can change: Tue, 26 Jul 2016 20:47:59 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@samba ~]#
[root@samba ~]# pdbedit -a -u ben01
new password:
retype new password:
Unix username: ben01
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3913672100-2717989358-3523335343-1001
Primary Group SID: S-1-5-21-3913672100-2717989358-3523335343-513
Full Name:
Home Directory: \\samba\ben01
HomeDir Drive:
Logon Script:
Profile Path: \\samba\ben01\profile
Domain: SAMBA
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Tue, 26 Jul 2016 20:48:42 CST
Password can change: Tue, 26 Jul 2016 20:48:42 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@samba ~]#
[root@samba ~]# pdbedit -a -u tec01
new password:
retype new password:
Unix username: tec01
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3913672100-2717989358-3523335343-1002
Primary Group SID: S-1-5-21-3913672100-2717989358-3523335343-513
Full Name:
Home Directory: \\samba\tec01
HomeDir Drive:
Logon Script:
Profile Path: \\samba\tec01\profile
Domain: SAMBA
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Tue, 26 Jul 2016 20:49:01 CST
Password can change: Tue, 26 Jul 2016 20:49:01 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@samba ~]#
[root@samba ~]# pdbedit -a -u root
new password:
retype new password:
Unix username: root
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3913672100-2717989358-3523335343-1003
Primary Group SID: S-1-5-21-3913672100-2717989358-3523335343-513
Full Name: root
Home Directory: \\samba\root
HomeDir Drive:
Logon Script:
Profile Path: \\samba\root\profile
Domain: SAMBA
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Tue, 26 Jul 2016 20:49:09 CST
Password can change: Tue, 26 Jul 2016 20:49:09 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@samba ~]#
查看samba用户
[root@samba ~]# pdbedit -L
yua01:1003:
tec01:1002:
ben01:1001:
root:0:root
[root@samba ~]#
4. 修改smb.conf文件,添加共享设置,并启动smb服务。
备份配置文件
[root@samba ~]# cp /etc/samba/smb.conf /etc/samba/smb.bak
[root@samba ~]# ls /etc/samba/
lmhosts smb.bak smb.conf
账号映射
[root@samba ~]# vim /etc/samba/smbusers
[root@samba ~]# cat /etc/samba/smbusers
root = admin
...
[global]
workgroup = MYGROUP
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
security = user
passdb backend = tdbsam
username map = /etc/samba/smbusers
[kaifa]
comment = kaifa directory
path = /var/share/devel
browseable = yes
writable = yes
valid users = @benet,root
[public]
comment = Public Stuff
path = /var/share/public
public = yes
browseable = yes
writable = no
[peixun]
comment = Training directory
path = /var/share/training
public = no
browseable = yes
valid users = root,@tech
...
5. 在客户机以不同的用户访问共享文件夹是,根据实验需求验证实施结果。分别使用不同的用户登录public共享:
测试客户端安装samba-client
[root@ftp-server ~]# yum install samba-client
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.yun-idc.com
* extras: mirrors.tuna.tsinghua.edu.cn
* updates: mirrors.tuna.tsinghua.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package samba-client.x86_64 0:4.2.10-6.2.el7_2 will be installed
--> Processing Dependency: libsmbclient = 4.2.10-6.2.el7_2 for package: samba-client-4.2.10-6.2.el7_2.x86_64
--> Processing Dependency: libsmbclient.so.0(SMBCLIENT_0.1.0)(64bit) for package: samba-client-4.2.10-6.2.el7_2.x86_64
--> Processing Dependency: libsmbclient.so.0()(64bit) for package: samba-client-4.2.10-6.2.el7_2.x86_64
--> Processing Dependency: libarchive.so.13()(64bit) for package: samba-client-4.2.10-6.2.el7_2.x86_64
--> Running transaction check
---> Package libarchive.x86_64 0:3.1.2-7.el7 will be installed
---> Package libsmbclient.x86_64 0:4.2.10-6.2.el7_2 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================
Package Arch Version Repository Size
========================================================================================================
Installing:
samba-client x86_64 4.2.10-6.2.el7_2 updates 497 k
Installing for dependencies:
libarchive x86_64 3.1.2-7.el7 base 317 k
libsmbclient x86_64 4.2.10-6.2.el7_2 updates 120 k
Transaction Summary
========================================================================================================
Install 1 Package (+2 Dependent packages)
Total download size: 934 k
Installed size: 2.1 M
Is this ok [y/d/N]: y
Downloading packages:
(1/3): libsmbclient-4.2.10-6.2.el7_2.x86_64.rpm | 120 kB 00:00:02
(2/3): libarchive-3.1.2-7.el7.x86_64.rpm | 317 kB 00:00:02
(3/3): samba-client-4.2.10-6.2.el7_2.x86_64.rpm | 497 kB 00:00:05
--------------------------------------------------------------------------------------------------------
Total 159 kB/s | 934 kB 00:00:05
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libsmbclient-4.2.10-6.2.el7_2.x86_64 1/3
Installing : libarchive-3.1.2-7.el7.x86_64 2/3
Installing : samba-client-4.2.10-6.2.el7_2.x86_64 3/3
Verifying : samba-client-4.2.10-6.2.el7_2.x86_64 1/3
Verifying : libarchive-3.1.2-7.el7.x86_64 2/3
Verifying : libsmbclient-4.2.10-6.2.el7_2.x86_64 3/3
Installed:
samba-client.x86_64 0:4.2.10-6.2.el7_2
Dependency Installed:
libarchive.x86_64 0:3.1.2-7.el7 libsmbclient.x86_64 0:4.2.10-6.2.el7_2
Complete!
[root@ftp-server ~]#
验证public
[root@ftp-server ~]# smbclient //192.168.142.167/public -U ben01
Enter ben01's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
[root@ftp-server ~]# smbclient //192.168.142.167/public -U tec01
Enter tec01's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
[root@ftp-server ~]# smbclient //192.168.142.167/public -U yua01
Enter yua01's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
[root@ftp-server ~]#
验证kaifa
[root@ftp-server ~]# smbclient //192.168.142.167/kaifa -U tec01
Enter tec01's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
tree connect failed: NT_STATUS_ACCESS_DENIED
[root@ftp-server ~]# smbclient //192.168.142.167/kaifa -U ben01
Enter ben01's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
smb: \> quit
[root@ftp-server ~]# smbclient //192.168.142.167/kaifa -U yua01
Enter yua01's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
tree connect failed: NT_STATUS_ACCESS_DENIED
[root@ftp-server ~]#
验证peixun
[root@ftp-server ~]# smbclient //192.168.142.167/peixun -U tec01
Enter tec01's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
smb: \> quit
[root@ftp-server ~]# smbclient //192.168.142.167/peixun -U ben01
Enter ben01's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
smb: \> quit
[root@ftp-server ~]# smbclient //192.168.142.167/peixun -U yua01
Enter yua01's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
tree connect failed: NT_STATUS_ACCESS_DENIED
[root@ftp-server ~]#