#######################samba###################

###############################################

1.samba作用

提供cifs协议实现共享文件

2.安装

[root@localhost ~]# yum install -y samba samba-common samba-clien

[root@localhost ~]# systemctl start smb nmb

[root@localhost ~]# systemctl enable smb nmb

3.添加smb用户

smb用户必须是本地用户

smbpasswd -a student

New SMB password:               ##输入smb当前用户密码

Retype new SMB password:        ##确认密码

[root@localhost ~]# pdbedit  -L ##查看smb用户信息

student:1000:Student User

pdbedit -x smb用户              ##删除用户

[root@localhost ~]#  smbclient -L //172.25.254.101 -U student   ##在selinux中设定smb用户可以访问自己的家目录

4.共享目录的基本设定

[root@localhost ~]# mkdir /lin

[root@localhost ~]# touch /lin/linwei

[root@localhost ~]# vim /etc/samba/smb.conf

  321         [westos]

  322         comment = local directory

  323         path = /lin

当共享目录为用户自己建立的目录时

[root@localhost ~]# semanage fcontext -a -t samba_share_t ‘/lin(/.*)?‘

[root@localhost ~]# restorecon -RvvF /lin

restorecon reset /lin context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0

restorecon reset /lin/linwei context unconfined_u:object_r:default_t:s0->sy

当共享目录为系统建立的目录时

[root@localhost ~]# setsebool -P samba_export_all_ro on    ##只读共享

[root@localhost ~]# setsebool -P samba_export_all_rw on    ##读写共享

5.samba的配置参数

#匿名用户的访问

 321         [westos]

322         comment = local directory

323         path = /lin

324         guest ok = yes

125         map to guest = bad user

#访问控制

1）hosts allow = 172.25.254.11      ##只允许，其他拒绝

  [root@foundation11 ~]# smbclient //172.25.254.101/westos -U student

  Enter student‘s password:

  Domain=[LINWEI] OS=[Windows 6.1] Server=[Samba 4.2.3]

  smb: \> ls

  .                                   D        0  Fri Jun  9 00:15:59 2017

  ..                                  D        0  Thu Jun  8 23:53:42 2017

  file1                               N        0  Fri Jun  9 00:15:59 2017

  file2                               N        0  Fri Jun  9 00:15:59 2017

2）hosts deny = 172.25.254.11      ##只拒绝

[root@foundation11 ~]# smbclient //172.25.254.101/westos -U student

  Enter student‘s password:

  Domain=[LINWEI] OS=[Windows 6.1] Server=[Samba 4.2.3]

  tree connect failed: NT_STATUS_ACCESS_DENIED

3）valid users = westos            ##当前共享的有效用户为westos

[root@foundation11 ~]# smbclient //172.25.254.101/westos -U westos

  Enter westos‘s password:

  Domain=[LINWEI] OS=[Windows 6.1] Server=[Samba 4.2.3]

  smb: \> ls

  .                                   D        0  Fri Jun  9 00:15:59 2017

  ..                                  D        0  Thu Jun  8 23:53:42 2017

  file1                               N        0  Fri Jun  9 00:15:59 2017

[root@foundation11 ~]# smbclient //172.25.254.101/westos -U student

  Enter student‘s password:

  Domain=[LINWEI] OS=[Windows 6.1] Server=[Samba 4.2.3]

  tree connect failed: NT_STATUS_ACCESS_DENIED

4）valid users = +westos|@westos    ##当前共享的有效用户为westoszu

[root@localhost ~]# usermod -G westos student

[root@foundation11 ~]# smbclient //172.25.254.101/westos -U student

  Enter student‘s password:

  Domain=[LINWEI] OS=[Windows 6.1] Server=[Samba 4.2.3]

  smb: \> quit

#读写控制

所有用户都可写

[root@localhost ~]# chmod o+w /mnt

[root@localhost ~]# setsebool -P samba_export_all_rw on

[root@localhost ~]# vim /etc/samba/smb.conf

  321         [westos]

  322         comment = local directory

  323         path = /lin

  324          writable = yes

设定指定用户可写

1）write list = student       ##可写用户

[root@foundation11 ~]# mount -o username=westos,password=2 //172.25.254.101/westos /mnt

[root@foundation11 ~]# cd /mnt

[root@foundation11 mnt]# touch westos

touch: cannot touch ‘file’: Permission denied

2）write list = +student|@student     ##可写的用户组

[root@localhost ~]# usermod -G student westos

[root@foundation11 ~]# mount -o username=westos,password=2 //172.25.254.101/westos /mnt

[root@foundation11 ~]# cd /mnt

[root@foundation11 mnt]# touch file

[root@foundation11 mnt]# cd ~

3）admin users = student             ##共享的超级用户指定

在client上进行多用户挂载

[root@localhost ~]# vim /root/westos

[root@localhost ~]# chmod 600 /root/westos

[root@localhost ~]# yum install -y cifs-utils

[root@localhost ~]# mount -o credentials=/root/westos,multiuser,sec=ntlmssp //172.25.254.101/westos /mnt

[root@localhost ~]# df

Filesystem              1K-blocks    Used Available Use% Mounted on

/dev/vda1                10473900 3163272   7310628  31% /

devtmpfs                   927072       0    927072   0% /dev

#credentials=/root/westos  指定挂载时所用到的用户文件

#multiuser                 支持多用户认证

#sec=ntlmssp               认证方式为标准smb认证方式

测试：

[root@localhost ~]# su student

[student@localhost root]$ ls /mnt

ls: cannot access /mnt: Permission denied   ##因为没有作smb的认证而无法访问smb共享

[student@localhost root]$ cifscreds add -u westos 172.25.254.101

Password:                     ##输入用户westos的sambmima

[student@localhost root]$ ls /mnt

file   file10  file3  file5  file7  file9  westos

file1  file2   file4  file6  file8  lin

samb