构建samba服务器实现linux和windows系统之间共享文件的互访
samba的简介
samba是一个工具套件,在Unix上实现SMB(Server Message Block)协议,或者称之为NETBIOS/LanManager协议。SMB协议通常是被windows系列用来实现磁盘和打印机共享。需要注意的是,NetBIOS是基于以太网广播机制的,没有透明网桥是不能跨越网段的,也许用WINS和LMHOSTS可以,但我没试过。我感觉samba是把SMB绑定到TCP/IP上实现的,samba只在IP子网内广播(很多时候我不得不指定IP地址:-()。所以在win95上与samba通讯既要装NetBEUI协议,也要装tcp/ip协议。
两个守护程序:smbd 和 nmbd(对客户端提供NetBIOS名服务)
配置文件:/etc/smb.conf
使用工具:smbclient,smbstatus,smbmount,smbumount,smbprint,smbprint.sysv,smbrun
samba的启动脚本在/etc/rc.d/init.d/smb
案例一:
例子
文件夹 共享名 用户 权限
/tmp/user1 smbuser1 user1 rw
/tmp/user2 smbuser2 user2 rw
/tmp/abc public 任何人 ro
具体步骤:
1:安装
samba-3.0.33-3.14.el5.i386.rpm
samba-client-3.0.33-3.14.el5.i386.rpm
samba-common-3.0.33-3.14.el5.i386.rpm
2:查看文档
[root@zzu ~]# rpm -qc samba
[root@zzu ~]# rpm -ql samba
[root@zzu ~]# netstat -tupln|grep smbd共享和认证身份开放的端口
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3446/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 3446/smbd
[root@zzu ~]# netstat -tupln|grep nmbd宣告身份的端口
udp 0 0 192.168.1.100:137 0.0.0.0:* 3449/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 3449/nmbd
udp 0 0 192.168.1.100:138 0.0.0.0:* 3449/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 3449/nmbd
3:创建smb的用户
[root@zzu ~]# useradd user1
[root@zzu ~]# useradd user2
[root@zzu ~]# smbpasswd –a user1
New SMB password:
Retype new SMB password:
Failed to find entry for user user1.
Failed to modify password entry for user user1
[root@zzu ~]# smbpasswd –a user2
New SMB password:
Retype new SMB password:
Failed to find entry for user user2.
Failed to modify password entry for user user2
4:创建共享的目录,并设置相应的权限
[root@zzu ~]# mkdir /tmp/abc
[root@zzu ~]# mkdir /tmp/user1
[root@zzu ~]# mkdir /tmp/user2
[root@zzu tmp]# ll -d /tmp/abc/ /tmp/user1 /tmp/user2
drwxr-xr-x 2 root root 4096 Apr 14 13:10 /tmp/abc/
drwxr-xr-x 2 root root 4096 Apr 14 13:12 /tmp/user1
drwxr-xr-x 2 root root 4096 Apr 14 13:12 /tmp/user2
[root@zzu tmp]# chown user1.user1 /tmp/user1
[root@zzu tmp]# chown user2.user2 /tmp/user2
[root@zzu tmp]# ll -d /tmp/abc/ /tmp/user1 /tmp/user2
drwxr-xr-x 2 root root 4096 Apr 14 13:10 /tmp/abc/
drwxr-xr-x 2 user1 user1 4096 Apr 14 13:12 /tmp/user1
drwxr-xr-x 2 user2 user2 4096 Apr 14 13:12 /tmp/user2
[root@zzu ~]# cd /tmp/abc/
[root@zzu abc]# touch p1.txt
[root@zzu abc]# cd /tmp/user1
[root@zzu user1]# touch f1.txt
[root@zzu user1]# cd /tmp/user2
[root@zzu user2]# touch f2.txt
4:修改主配置文件
[root@zzu ~]# vim /etc/samba/smb.conf
290 [public]
291 comment = Public'share
292 path = /tmp/abc
293 public = yes
294 ; writable = yes
295 ; printable = no
296 ; write list = +staff
297
298 [smbuser1]
299 comment = smbuser1
300 path = /tmp/user1
301 valid users=user1
302 writable = yes
303 ; printable = no
304 ; write list = +staff
305
306 [smbuser2]
307 comment = smbuser2
308 path = /tmp/user2
309 valid users=user2
310 writable = yes
5:测试语法
[root@zzu ~]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[public]"
Processing section "[smbuser1]"
Processing section "[smbuser2]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
workgroup = MYGROUP
server string = Samba Server Version %v
passdb backend = tdbsam
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[public]
comment = Public'share
path = /tmp/abc
guest ok = Yes
[smbuser1]
comment = smbuser1
path = /tmp/user1
valid users = user1
read only = No
[smbuser2]
comment = smbuser2
path = /tmp/user2
valid users = user2
read only = No
6:重新启动该服务
[root@zzu ~]# service smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services:
使用windows server 2003 进行访问
1:通过网上邻居进行访问
User1用户
常用的安全技术
1:hosts allow = 127. 192.168.1. EXCEPT 192.168.1.200
pc:200
Pc:201
2:基于网卡的ip地址来说的
interfaces = lo eth0 192.168.1.100/24 只允许访问eth0网卡上的1.100的地址进行访问
bind interfaces only=yes
[root@zzu ~]# smbclient -L //192.168.1.101
Error connecting to 192.168.1.101 (Connection refused)
Connection to 192.168.1.101 failed (Error NT_STATUS_CONNECTION_REFUSED)
[root@zzu ~]# smbclient -L //192.168.1.100
Password:
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.33-3.14.el5]
Sharename Type Comment
--------- ---- -------
public Disk Public'share
smbuser1 Disk smbuser1
smbuser2 Disk smbuser2
IPC$ IPC IPC Service (Samba Server Version)
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.33-3.14.el5]
Server Comment
--------- -------
ZZU Samba Server Version
Workgroup Master
--------- -------
MYGROUP
[root@zzu ~]#
3:开启日志的功能
log file = /var/log/samba/%m.log
# max 50KB per log file, then rotate
max log size = 50
[root@zzu ~]# cd /var/log/samba/
[root@zzu samba]# ll
total 24
-rw-r--r-- 1 root root 0 Apr 14 14:25 192.168.1.201.log
drwx------ 4 root root 4096 Apr 14 12:29 cores
-rw-r--r-- 1 root root 3548 Apr 14 14:25 nmbd.log
-rw-r--r-- 1 root root 9421 Apr 14 14:25 smbd.log
-rw-r--r-- 1 root root 290 Apr 14 14:25 zzu-2003.log
二:将windows 2003作为服务器,linux作为客户端
使用user3 访问共享的资源
[root@zzu samba]# smbclient //192.168.1.201/share -U user3
Password:
Domain=[ZZU-2003] OS=[Windows Server 2003 3790 Service Pack 1] Server=[Windows Server 2003 5.2]
smb: \> dir
. D 0 Sat Apr 14 13:41:39 2012
.. D 0 Sat Apr 14 13:41:39 2012
123124.txt A 0 Sat Apr 14 13:41:34 2012
65452 blocks of size 131072. 48142 blocks available
smb: \> get 123124.txt
getting file \123124.txt of size 0 as 123124.txt (0.0 kb/s) (average 0.0 kb/s)
smb: \> !dir
123124.txt 192.168.1.201.log cores nmbd.log smbd.log zzu-2003.log
映射到本地
[root@zzu tmp]# mkdir /mnt/smb
[root@zzu samba]# mount -t cifs -o username=user3,password='123' //192.168.1.201/share /mnt/smb
[root@zzu samba]# mount
/dev/sda3 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
/dev/hdc on /media/RHEL_5.4 i386 DVD type iso9660 (ro,noexec,nosuid,nodev,uid=0)
/dev/hdc on /mnt/cdrom type iso9660 (ro)
//192.168.1.201/share on /mnt/smb type cifs (rw,mand)
[root@zzu samba]#vim /etc/fstab
//192.168.1.201/share /mnt/smb cifs defaults,username=user3,password=123 0 0
[root@zzu samba]# umount /mnt/smb/
[root@zzu samba]# mount
/dev/sda3 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
/dev/hdc on /media/RHEL_5.4 i386 DVD type iso9660 (ro,noexec,nosuid,nodev,uid=0)
/dev/hdc on /mnt/cdrom type iso9660 (ro)
[root@zzu samba]# mount -a
[root@zzu samba]# mount
/dev/sda3 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
/dev/hdc on /media/RHEL_5.4 i386 DVD type iso9660 (ro,noexec,nosuid,nodev,uid=0)
/dev/hdc on /mnt/cdrom type iso9660 (ro)
//192.168.1.201/share on /mnt/smb type cifs (rw,mand)
由于fstab文件每一个账号都可以查看,为了增加安全性,我们做一下的修改
[root@zzu samba]#vim /etc/fstab
//192.168.1.201/share /mnt/smb cifs defaults, credentials=/etc/samba/account.txt 0 0
[root@zzu samba]vim /etc/samba/account.txt
Username=user3
Password=123
[root@zzu samba]chmod 600 /etc/samba/account.txt
[root@zzu ~]# ll /etc/samba/account.txt
-rw------- 1 root root 28 Apr 14 18:14 /etc/samba/account.txt