实验需求：

RHEL6.4下搭建samba服务器

将目录/data共享，共享名设置为software

拒绝匿名用户访问，只允许manager组成员访问

1.服务器（192.168.100.1）安装软件包

[root@samba-server Desktop]# yum -y install samba samba-common samba-client

2.编辑主配置文件

[root@samba-server Desktop]# vim /etc/samba/smb.conf

……

 74        workgroup = jin

 75        server string = my fist file server

……

 89        log file = /var/log/samba/%m.log    //日志文件

...

 91        max log size = 50

...

101        security = user

102        passdb backend = tdbsam

……

255 [software]

256        comment = software

257        path = /data

258        browseable = yes

259        public = no

260        writable = yes            //可写

261        valid users = @manager 

262        write list = @manager

[root@samba-server Desktop]# testparm  //此命令测试主配置文件语法

3.创建测试用户与组，共享目录

[root@samba-server Desktop]# groupadd manager

[root@samba-server Desktop]# useradd -G manager obama

[root@samba-server Desktop]# useradd -G manager bush

[root@samba-server Desktop]# useradd sanmao          //非manager组成员账号

[root@samba-server Desktop]# echo 123456 | passwd --stdin obama

[root@samba-server Desktop]# echo 123456 | passwd --stdin bush

[root@samba-server Desktop]# echo 123456 | passwd --stdin sanmao

[root@samba-server Desktop]# pdbedit -a -u obama      //添加共享账号

[root@samba-server Desktop]# pdbedit -a -u bush

[root@samba-server Desktop]# pdbedit -a -u sanmao

[root@samba-server Desktop]# pdbedit -L              //查看samba库中共享用户

obama:503:

bush:504:

sanmao:505:

[root@samba-server Desktop]# mkdir /data   

[root@samba-server Desktop]# touch /data/test.txt     

[root@samba-server Desktop]# setfacl -m g:manager:rwx /data 

[root@samba-server Desktop]# getfacl /data

getfacl: Removing leading '/' from absolute path names

# file: data

# owner: root

# group: root

user::rwx

group::r-x

group:manager:rwx                  //确认manager组权限

mask::rwx

other::r-x

4.启动服务

[root@samba-server Desktop]# service smb start

[root@samba-server Desktop]# service nmb start

[root@samba-server Desktop]# chkconfig smb on

[root@samba-server Desktop]# chkconfig nmb on

5.linux客户端测试

[root@client ~]# smbclient -U obama //192.168.100.1/software

Enter bush's password:

Domain=[JIN] OS=[Unix] Server=[Samba 3.6.9-151.el6]

smb: \> ls

  .                                  D        0  Wed Apr 16 08:50:29 2014

  ..                                DR        0  Wed Apr 16 08:28:12 2014

  test.txt                                    0  Wed Apr 16 08:28:40 2014

63699 blocks of size 262144. 49537 blocks available              //成功登录

[root@client ~]# mount -t cifs  //192.168.100.1/software /mnt -o username=obama  //将共享挂载

mount: block device //192.168.100.1/software is write-protected, mounting read-only

mount: cannot mount block device //192.168.100.1/software read-only    //此错误是由于未安装cifs-utils软件包

[root@client ~]#yum -y install cifs-utils

[root@client ~]# mount -t cifs  //192.168.100.1/software /mnt -o username=obama //再次挂载成功

Password:

[root@client ~]# ls /mnt

test.txt

6.linux客户端使用非manager组成员sanmao测试

[root@client ~]# smbclient -U sanmao //192.168.100.1/software

Enter sanmao's password:

Domain=[JIN] OS=[Unix] Server=[Samba 3.6.9-151.el6]

tree connect failed: NT_STATUS_ACCESS_DENIED        //登录失败

7.window客户端测试

附注：samba使用账号密码登录也可实现自动挂载，但会暴露账号密码，一般不使用

开机自动挂载

vim /etc/fstab

//192.168.100.1/software /mnt cifs defaults,username=用户名,password=密码 0 0

autofs触发挂载方式

vim /etc/auto.master

/mnt /etc/auto.samba

vim /etc/auto.samba

samba -fstype=cifs,username=用户名,password=密码 ://192.168.100.1/software

service autofs restart