构建samba服务器实现linux和windows系统之间共享文件的互访

samba的简介

   samba是一个工具套件,在Unix上实现SMB(Server Message Block)协议,或者称之为NETBIOS/LanManager协议。SMB协议通常是被windows系列用来实现磁盘和打印机共享。需要注意的是,NetBIOS是基于以太网广播机制的,没有透明网桥是不能跨越网段的,也许用WINS和LMHOSTS可以,但我没试过。我感觉samba是把SMB绑定到TCP/IP上实现的,samba只在IP子网内广播(很多时候我不得不指定IP地址:-()。所以在win95上与samba通讯既要装NetBEUI协议,也要装tcp/ip协议。

两个守护程序:smbd 和 nmbd(对客户端提供NetBIOS名服务)

配置文件:/etc/smb.conf

使用工具:smbclient,smbstatus,smbmount,smbumount,smbprint,smbprint.sysv,smbrun

samba的启动脚本在/etc/rc.d/init.d/smb

案例一:

例子

文件夹           共享名          用户        权限

/tmp/user1   smbuser1    user1     rw

/tmp/user2   smbuser2   user2      rw

/tmp/abc     public   任何人  ro

具体步骤:

1:安装

samba-3.0.33-3.14.el5.i386.rpm

samba-client-3.0.33-3.14.el5.i386.rpm

samba-common-3.0.33-3.14.el5.i386.rpm

2:查看文档

[root@zzu ~]# rpm -qc samba

[root@zzu ~]# rpm -ql samba

[root@zzu ~]# netstat -tupln|grep smbd共享和认证身份开放的端口

tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3446/smbd

tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 3446/smbd

[root@zzu ~]# netstat -tupln|grep nmbd宣告身份的端口

udp 0 0 192.168.1.100:137 0.0.0.0:* 3449/nmbd

udp 0 0 0.0.0.0:137 0.0.0.0:* 3449/nmbd

udp 0 0 192.168.1.100:138 0.0.0.0:* 3449/nmbd

udp 0 0 0.0.0.0:138 0.0.0.0:* 3449/nmbd

3:创建smb的用户

[root@zzu ~]# useradd user1

[root@zzu ~]# useradd user2

[root@zzu ~]# smbpasswd –a user1

New SMB password:

Retype new SMB password:

Failed to find entry for user user1.

Failed to modify password entry for user user1

[root@zzu ~]# smbpasswd –a user2

New SMB password:

Retype new SMB password:

Failed to find entry for user user2.

Failed to modify password entry for user user2

4:创建共享的目录,并设置相应的权限

[root@zzu ~]# mkdir /tmp/abc

[root@zzu ~]# mkdir /tmp/user1

[root@zzu ~]# mkdir /tmp/user2

[root@zzu tmp]# ll -d /tmp/abc/ /tmp/user1 /tmp/user2

drwxr-xr-x 2 root root 4096 Apr 14 13:10 /tmp/abc/

drwxr-xr-x 2 root root 4096 Apr 14 13:12 /tmp/user1

drwxr-xr-x 2 root root 4096 Apr 14 13:12 /tmp/user2

[root@zzu tmp]# chown user1.user1 /tmp/user1

[root@zzu tmp]# chown user2.user2 /tmp/user2

[root@zzu tmp]# ll -d /tmp/abc/ /tmp/user1 /tmp/user2

drwxr-xr-x 2 root root 4096 Apr 14 13:10 /tmp/abc/

drwxr-xr-x 2 user1 user1 4096 Apr 14 13:12 /tmp/user1

drwxr-xr-x 2 user2 user2 4096 Apr 14 13:12 /tmp/user2

[root@zzu ~]# cd /tmp/abc/

[root@zzu abc]# touch p1.txt

[root@zzu abc]# cd /tmp/user1

[root@zzu user1]# touch f1.txt

[root@zzu user1]# cd /tmp/user2

[root@zzu user2]# touch f2.txt

4:修改主配置文件

[root@zzu ~]# vim /etc/samba/smb.conf

290 [public]

291 comment = Public'share

292 path = /tmp/abc

293 public = yes

294 ; writable = yes

295 ; printable = no

296 ; write list = +staff

297

298 [smbuser1]

299 comment = smbuser1

300 path = /tmp/user1

301 valid users=user1

302 writable = yes

303 ; printable = no

304 ; write list = +staff

305

306 [smbuser2]

307 comment = smbuser2

308 path = /tmp/user2

309 valid users=user2

310 writable = yes

5:测试语法

[root@zzu ~]# testparm

Load smb config files from /etc/samba/smb.conf

Processing section "[homes]"

Processing section "[printers]"

Processing section "[public]"

Processing section "[smbuser1]"

Processing section "[smbuser2]"

Loaded services file OK.

Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

[global]

workgroup = MYGROUP

server string = Samba Server Version %v

passdb backend = tdbsam

cups options = raw

[homes]

comment = Home Directories

read only = No

browseable = No

[printers]

comment = All Printers

path = /var/spool/samba

printable = Yes

browseable = No

[public]

comment = Public'share

path = /tmp/abc

guest ok = Yes

[smbuser1]

comment = smbuser1

path = /tmp/user1

valid users = user1

read only = No

[smbuser2]

comment = smbuser2

path = /tmp/user2

valid users = user2

read only = No

6:重新启动该服务

[root@zzu ~]# service smb restart

Shutting down SMB services: [ OK ]

Shutting down NMB services: [ OK ]

Starting SMB services: [ OK ]

Starting NMB services:

使用windows server 2003 进行访问

1:通过网上邻居进行访问

User1用户

常用的安全技术

1:hosts allow = 127. 192.168.1. EXCEPT 192.168.1.200

pc:200

Pc:201

2:基于网卡的ip地址来说的

interfaces = lo eth0 192.168.1.100/24 只允许访问eth0网卡上的1.100的地址进行访问

bind interfaces only=yes

[root@zzu ~]# smbclient -L //192.168.1.101

Error connecting to 192.168.1.101 (Connection refused)

Connection to 192.168.1.101 failed (Error NT_STATUS_CONNECTION_REFUSED)

[root@zzu ~]# smbclient -L //192.168.1.100

Password:

Anonymous login successful

Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.33-3.14.el5]

Sharename Type Comment

--------- ---- -------

public Disk Public'share

smbuser1 Disk smbuser1

smbuser2 Disk smbuser2

IPC$ IPC IPC Service (Samba Server Version)

Anonymous login successful

Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.33-3.14.el5]

Server Comment

--------- -------

ZZU Samba Server Version

Workgroup Master

--------- -------

MYGROUP

[root@zzu ~]#

3:开启日志的功能

log file = /var/log/samba/%m.log

# max 50KB per log file, then rotate

max log size = 50

[root@zzu ~]# cd /var/log/samba/

[root@zzu samba]# ll

total 24

-rw-r--r-- 1 root root 0 Apr 14 14:25 192.168.1.201.log

drwx------ 4 root root 4096 Apr 14 12:29 cores

-rw-r--r-- 1 root root 3548 Apr 14 14:25 nmbd.log

-rw-r--r-- 1 root root 9421 Apr 14 14:25 smbd.log

-rw-r--r-- 1 root root 290 Apr 14 14:25 zzu-2003.log

二:将windows 2003作为服务器,linux作为客户端

使用user3 访问共享的资源

[root@zzu samba]# smbclient //192.168.1.201/share -U user3

Password:

Domain=[ZZU-2003] OS=[Windows Server 2003 3790 Service Pack 1] Server=[Windows Server 2003 5.2]

smb: \> dir

. D 0 Sat Apr 14 13:41:39 2012

.. D 0 Sat Apr 14 13:41:39 2012

123124.txt A 0 Sat Apr 14 13:41:34 2012

65452 blocks of size 131072. 48142 blocks available

smb: \> get 123124.txt

getting file \123124.txt of size 0 as 123124.txt (0.0 kb/s) (average 0.0 kb/s)

smb: \> !dir

123124.txt 192.168.1.201.log cores nmbd.log smbd.log zzu-2003.log

映射到本地

[root@zzu tmp]# mkdir /mnt/smb

[root@zzu samba]# mount -t cifs -o username=user3,password='123' //192.168.1.201/share /mnt/smb

[root@zzu samba]# mount

/dev/sda3 on / type ext3 (rw)

proc on /proc type proc (rw)

sysfs on /sys type sysfs (rw)

devpts on /dev/pts type devpts (rw,gid=5,mode=620)

/dev/sda1 on /boot type ext3 (rw)

tmpfs on /dev/shm type tmpfs (rw)

none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

/dev/hdc on /media/RHEL_5.4 i386 DVD type iso9660 (ro,noexec,nosuid,nodev,uid=0)

/dev/hdc on /mnt/cdrom type iso9660 (ro)

//192.168.1.201/share on /mnt/smb type cifs (rw,mand)

[root@zzu samba]#vim /etc/fstab

//192.168.1.201/share /mnt/smb cifs defaults,username=user3,password=123 0 0

[root@zzu samba]# umount /mnt/smb/

[root@zzu samba]# mount

/dev/sda3 on / type ext3 (rw)

proc on /proc type proc (rw)

sysfs on /sys type sysfs (rw)

devpts on /dev/pts type devpts (rw,gid=5,mode=620)

/dev/sda1 on /boot type ext3 (rw)

tmpfs on /dev/shm type tmpfs (rw)

none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

/dev/hdc on /media/RHEL_5.4 i386 DVD type iso9660 (ro,noexec,nosuid,nodev,uid=0)

/dev/hdc on /mnt/cdrom type iso9660 (ro)

[root@zzu samba]# mount -a

[root@zzu samba]# mount

/dev/sda3 on / type ext3 (rw)

proc on /proc type proc (rw)

sysfs on /sys type sysfs (rw)

devpts on /dev/pts type devpts (rw,gid=5,mode=620)

/dev/sda1 on /boot type ext3 (rw)

tmpfs on /dev/shm type tmpfs (rw)

none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

/dev/hdc on /media/RHEL_5.4 i386 DVD type iso9660 (ro,noexec,nosuid,nodev,uid=0)

/dev/hdc on /mnt/cdrom type iso9660 (ro)

//192.168.1.201/share on /mnt/smb type cifs (rw,mand)

由于fstab文件每一个账号都可以查看,为了增加安全性,我们做一下的修改

[root@zzu samba]#vim /etc/fstab

//192.168.1.201/share /mnt/smb cifs defaults, credentials=/etc/samba/account.txt 0 0

[root@zzu samba]vim /etc/samba/account.txt

Username=user3

Password=123

[root@zzu samba]chmod 600 /etc/samba/account.txt

[root@zzu ~]# ll /etc/samba/account.txt

-rw------- 1 root root 28 Apr 14 18:14 /etc/samba/account.txt