当前位置: > CentOS > CentOS服务器 > 文件同步 >

CentOS安装Samba文件服务器

时间:2015-03-20 01:04来源:linux.it.net.cn 作者:IT

前言:文件服务器提供的服务在大多数公司或企业都会被用到,因为在任何的公司或企业都涉及不同职位获取不同资源文件的情况,这就需要根据不同职位配置相关的不同权限,以保证相关资源文件的安全性和保密性。

一、Samba介绍:

        Server Message Block的缩写是SMB,即服务器消息块,SMB主要是作为Microsoft的网络通讯协议。Samba将SMB通信协议应用到了Linux系统上,使得Samba成为一款能让Linux系统应用Microsoft网络通讯协议的软件。Samba最大的功能可用于Linux与windows系统直接的文件共享和打印共享,Samba既可用于windows与Linux之间的文件共享,也可用于Linux与Linux之间的资源共享,由于NFS的出现,因而 Samba更多用在Linux与windows之间的数据共享上面。

  SMB是基于客户机/服务器型的协议,故一台Samba服务器既可当文件共享服务器,也可充Samba的客户端。Samba在windows下使用的是NetBIOS协议,如果你要使用Linux下共享出来的文件,请确认你的windows系统下是否安装了NetBIOS协议。

  组成Samba运行的有两个服务,一个是SMB,另一个是NMB;SMB是Samba 的核心启动服务,主要负责建立Samba服务器与Samba客户机之间的对话,验证用户身份并提供对文件和打印系统的访问,只有SMB服务启动,才能实现文件的共享,监听139 TCP端口;而NMB服务是负责解析用的,类似与DNS实现的功能,NMB可以把Linux系统共享的工作组名称与其IP对应起来,如果NMB服务没有启动,就只能通过IP来访问共享文件,监听137和138 UDP端口。
        Samba服务器可实现如下功能:

         A、WINS和DNS服务;

         B、网络浏览服务;

         C、Linux和Windows域之间的认证和授权;

         D、UNICODE字符集和域名映射;

         E、满足CIFS协议的UNIX共享等。

二、环境准备:

         1、CentOS 6.3版本(32位),主机名:samba;

         2、IP地址:192.168.31.131;

         3、虚拟机:VMware Workstation 9.0.0 build-812388;

         4、samba软件:samba-3.6.9-167.el6_5.i686;

         5、工作组:Lmzsamba。

三、安装软件:

         A、安装前的准备工作:

                SELINUX=disabled

                关闭防火墙:service iptables stop

         B、执行如下命令安装samba:

                [root@samba ~]# yum install samba samba-client samba-swat

         C、检查samba是否安装成功:               

                [root@samba ~]# rpm -qa | grep samba

                如果显示有如下一些信息,则说明安装没有问题:

                samba-client-3.6.9-167.el6_5.i686

                samba-3.6.9-167.el6_5.i686

                samba-common-3.6.9-167.el6_5.i686

                samba-winbind-3.6.9-167.el6_5.i686

                samba-swat-3.6.9-167.el6_5.i686

                samba-winbind-clients-3.6.9-167.el6_5.i686

         D、启动samba服务及状态检查:

                [root@samba ~]# /etc/init.d/smb start

                显示结果:

                Starting SMB services:                                     [  OK  ]

                状态检查:

                [root@samba ~]# service smb status

                显示结果:

                smbd (pid  2462) is running...

         E、设置开机自启动,并查看是否设置成功:               

                [root@samba ~]# chkconfig --level 35 smb on

                检查是否成功:

                [root@samba ~]# chkconfig --list | grep smb

                结果显示如红色部分(在3、5级别上自动运行samba服务),则表示设置成功:

                smb             0:off   1:off   2:off   3:on    4:off   5:on    6:off

四、服务配置:

         Samba服务配置主要是指/etc/samba/smb.conf文件的配置。一般情况下,公司或企业主要分三种情况,即:

        1、公共匿名类共享目录的配置(即匿名账户访问共同的目录或者文件);

              A、配置文件:

                     [root@samba ~]# vi /etc/samba/smb.conf        

                     在文件中添加或者修改相关代码:

                     workgroup = WORKGROUP                                                //定义工作组,也就是windows中的工作组概念

                     server string = Lmz Samba Server Version %v              //定义Samba服务器的简要说明                     

                     netbios name = LmzSamba                                               //定义windows中显示出来的计算机名称

 

                     //定义Samba用户的日志文件,%m代表客户端主机名

                     //Samba服务器会在指定的目录中为每个登陆主机建立不同的日志文件

                     log file = /var/log/samba/log.%m

 

                     security = share                                                          //共享级别,用户不需要账号和密码即可访问

                    

                     [public]                                                                         //设置针对的是共享目录个别的设置,只对当前的共享资源起作用

                                 comment = Public Stuff                                 //对共享目录的说明文件,自己可以定义说明信息

                                 path = /share                                                   //用来指定共享的目录,必选项

                                 public = yes                                                     //所有人可查看,等效于guest ok = yes                         

              B、建立共享目录:

                     [root@samba ~]# cd ..

                     [root@samba /]# mkdir share

                     [root@samba /]# cd share

                     [root@samba share]# touch samba.txt

                     [root@samba share]# touch aa.txt                    

                     [root@samba share]# ls -ls

                     显示结果:

                     total 0

                     0 -rw-r--r--. 1 root root 0 Mar 13 11:02 aa.txt

                     0 -rw-r--r--. 1 root root 0 Mar 13 11:02 samba.txt

                     为/share目录给匿名用户授权为nobody权限:

                     [root@samba /]# chown -R nobody:nobody share/

                     [root@samba /]# ll /share/

                     total 0

                     -rw-r--r--. 1 nobody nobody 0 Mar 13 11:02 aa.txt

                     -rw-r--r--. 1 nobody nobody 0 Mar 13 11:02 samba.txt

              C、重启smb服务:

                     [root@samba /]# /etc/init.d/smb restart

                     Shutting down SMB services:                                [  OK  ]

                     Starting SMB services:                                            [  OK  ]

                     [root@samba /]# /etc/init.d/nmb restart

                     Shutting down NMB services:                                [FAILED]

                     Starting NMB services:                                            [  OK  ]

              D、测试smb.conf配置是否正确:                    

                     [root@samba /]# testparm

                     显示结果:

                     Load smb config files from /etc/samba/smb.conf

                     rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)

                     Processing section "[homes]"

                     Processing section "[printers]"

                     Processing section "[public]"

                     WARNING: The security=share option is deprecated

                     Loaded services file OK.

                     Server role: ROLE_STANDALONE

                     Press enter to see a dump of your service definitions

                     [global]

                                  netbios name = LMZSAMBA

                                  server string = Lmz Samba Server Version %v

                                  security = SHARE

                                  log file = /var/log/samba/log.%m

                                  max log size = 50

                                  idmap config * : backend = tdb

                                  cups options = raw

                     [homes]

                                  comment = Home Directories

                                  read only = No

                                  browseable = No

                     [printers]

                                  comment = All Printers

                                  path = /var/spool/samba

                                  printable = Yes

                                  print ok = Yes

                                  browseable = No

                     [public]

                                  comment = Public Stuff

                                  path = /share

                                  guest ok = Yes

              E、访问Samba服务器的共享文件:   

                     E1:CentOS系统下测试:                  

                     [root@samba /]# smbclient //127.0.0.1/public

                     显示结果:

                     WARNING: The security=share option is deprecated

                     Enter root's password:

                     由于是匿名用户,没有设置密码,所以在此直接回车即可:

                     Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.9-167.el6_5]

                     Server not using user level security and no password supplied.

                     smb: \>

                     在此输入 ls 命令,回车得到如下信息:

                     smb: \> ls

                                       .                                   D        0  Thu Mar 13 11:02:47 2014

                                       ..                                 DR        0  Thu Mar 13 11:13:53 2014

                                       aa.txt                                       0  Thu Mar 13 11:02:47 2014

                                       samba.txt                                    0  Thu Mar 13 11:02:37 2014

                                                  35755 blocks of size 524288. 29202 blocks available

                     smb: \>

                     在此输入 q 命令,退出访问。

                     E2:window xp系统下测试,结果如图:

                     

                     从图中可以看出,公共目录共享成功。

         2、按照权限对目录进行分组(即除公共共享目录外,各组访问各组的文件或目录,以技术部门TS为例);

               A、添加TS部组和用户,并赋给用户密码:  

                     [root@samba ~]# groupadd ts

                     [root@samba ~]# useradd -g ts zhangsan

                     [root@samba ~]# useradd -g ts lisi

                     设置lisi的密码:

                     [root@samba ~]# passwd lisi

                     显示结果:

                     Changing password for user lisi.

                     New password:

                     在此输入密码:123456,回车:

                     BAD PASSWORD: it is too short

                     BAD PASSWORD: is too simple

                     Retype new password:

                     再次输入密码:123456,回车:

                     passwd: all authentication tokens updated successfully.

                     设置zhangsan的密码:

                     [root@samba ~]# passwd zhangsan

                     显示结果:

                     Changing password for user zhangsan.

                     New password:

                     在此输入密码:123456,回车:

                     BAD PASSWORD: it is too short

                     BAD PASSWORD: is too simple

                     Retype new password:

                     再次输入密码:123456,回车:

                     passwd: all authentication tokens updated successfully.

               B、在根目录下建立/ts 文件夹:  

                     [root@samba ~]# cd /

                     [root@samba /]# mkdir ts

                     [root@samba /]# cd ts

                     [root@samba ts]# touch ts.txt

                     [root@samba ts]# ls -ls

                     total 0

                     0 -rw-r--r-- 1 root root 0 Mar 13 18:17 ts.txt

               C、将建立的两个帐户(lisi、zhangsan)添加到samba的账户中:  

                     [root@samba ~]# smbpasswd -a zhangsan

                     New SMB password:

                     Retype new SMB password:

                     Added user zhangsan.

                     [root@samba ~]# smbpasswd -a lisi

                     New SMB password:

                     Retype new SMB password:

                     Added user lisi.

               D、修改主配置文件如下:  

                     [root@samba ~]# vi /etc/samba/smb.conf

                     修改security:

                     security = user                         //共享级别,用户不需要账号和密码即可访问

                     添加信息:

                     [ts]

                         comment = TS

                         path = /ts

                         valid users = @ts

               E、重新加载samba服务:

                     [root@samba ~]# service smb reload

                     显示结果:

                     Reloading smb.conf file:                                   [  OK  ]

               F、在window xp下测试:

                     打开我的电脑,在地址栏中输入\\192.168.31.131,弹出用户登陆框,如图所示: 

                      

                     在图中输入用户名:lisi,密码:123456,登陆成功后,可以看到相应的目录,包括lisi自己的目录、匿名公共目录、lisi与zhangsan共享的非匿名目录。如下图所示:

                      

                     从图中可以看到,达到我们相要的预期效果。

         3、共享目录下的不同目录进行分组。

               需求:1. 在系统分区时单独分一个Company的区,在该区下有以下几个文件夹:HR、 FM和Share。在Share下又有以下几个文件夹:HR、FM和Tools。

                           2. 各部门对应的文件夹由各部门自己管理,Tools文件夹由管理员维护。

                           3. HR管理员账号:hradmin;普通用户账号:hruser。FM管理员账号:fmadmin;普通用户账号:fmuser。

               A、新建用户,并设置SMB账户密码:

                      添加用户:

                      [root@samba ~]# useradd -s /sbin/nologin hradmin

                      [root@samba ~]# useradd -g hradmin -s /sbin/nologin hruser

                      [root@samba ~]# useradd -s /sbin/nologin fmadmin

                      [root@samba ~]# useradd -g hradmin -s /sbin/nologin fmuser

                      [root@samba ~]# useradd -s /sbin/nologin admin

                      设置密码:

                      [root@samba ~]# smbpasswd -a hradmin

                      New SMB password:

                      Retype new SMB password:

                      Added user hradmin.

                      [root@samba ~]# smbpasswd -a hruser

                      New SMB password:

                      Retype new SMB password:

                      Added user hruser.

                      [root@samba ~]# smbpasswd -a fmadmin

                      New SMB password:

                      Retype new SMB password:

                      Added user fmadmin.

                      [root@samba ~]# smbpasswd -a fmuser

                      New SMB password:

                      Retype new SMB password:

                      Added user fmuser.

                      [root@samba ~]# smbpasswd -a admin

                      New SMB password:

                      Retype new SMB password:

                      Added user admin.

                      为了方便记忆,在配置的时候,统一设置为:123456。

               B、新建目录:

                     [root@samba ~]# cd /

                     [root@samba /]# mkdir company

                     [root@samba /]# cd company

                     [root@samba company]# mkdir HR FM Share

                     [root@samba company]# cd Share

                     [root@samba Share]# mkdir HR FM Tools

               C、更改目录属性:

                     [root@samba company]# chown hradmin.hradmin HR

                     [root@samba company]# chown fmadmin.fmadmin FM

                     [root@samba company]# chown admin.admin Share

                     [root@samba company]# cd Share

                     [root@samba Share]# chown hradmin.hradmin HR

                     [root@samba Share]# chown fmadmin.fmadmin FM

                     [root@samba Share]# chown admin.admin Tools

                     [root@samba Share]# chmod 1775 HR FM

               D、修改主配置文件如下

                     security = user

                     passdb backend = tdbsam


                     [HR]

                          comment = This is a directory of HR.

                          path = /company/HR/

                          public = no

                          admin users = hradmin

                          valid users = @hradmin

                          writable = yes

                          create mask = 0750

                          directory mask = 0750

                     [FM]

                         comment = This is a directory of FM.

                         path = /company/FM/

                         public = no

                         admin users = fmadmin

                         valid users = @fmadmin

                         writable = yes

                         create mask = 0750

                         directory mask = 0750

                   [Share]

                         comment = This is a share directory.

                         path = /company/Share/

                         public = no

                         valid users = admin,@hradmin,@fmadmin

                         writable = yes

                         create mask = 0755

                         directory mask = 0755

               E、重新启动samba服务:

                     [root@samba Share]# /etc/init.d/smb restart

                     Shutting down SMB services:                                [  OK  ]

                     Starting SMB services:                                            [  OK  ]

                     [root@samba Share]# /etc/init.d/nmb restart

                     Shutting down NMB services:                                [  OK  ]

                     Starting NMB services:                                            [  OK  ]

               F、在window xp系统下测试:

                     打开我的电脑,在地址栏中输入\\192.168.31.131,弹出用户登陆框,如图所示:

                      

                     在图中输入用户名:hradmin,密码:123456,可以看到相应的共享目录,如下图所示:

                      

                     测试完毕。

         4、设置网络映射驱动器,可以在计算中添加一个类似盘符文件夹,这样就比较方便,如下图所示:

                

         5、如果网络断不开,出现下面的情况,如下图所示:

                

                可以采用如下图的形式解决问题即可:

                

          配置完毕,欢迎拍砖!




(责任编辑:IT)
------分隔线----------------------------