基于参数Security= User,即用户需要登录认证才能访问共享资源,这种模式应该如何配置呢?
1 服务器端配置
1.1 系统用户管理
创建用户:
[root@node1 ~]# useradd -d /home/smbuser1 -msmbuser1
[root@node1 ~]# ls /home/
smbuser1
[root@node1 ~]#
设置密码(可以不做)
[root@node1 ~]# passwd smbuser1
Changing password for user smbuser1.
New password:
BAD PASSWORD: The password contains the user namein some form
Retype new password:
passwd: all authentication tokens updatedsuccessfully.
[root@node1 ~]#
1.2 SMB用户管理
添加SMB用户系统中
[root@node1 ~]# smbpasswd -a smbuser1
New SMB password:
Retype new SMB password:
Added user smbuser1.
[root@node1 ~]#
1.3 配置文件
1.3.1 配置参数
源码如下:
#======================= Global Settings=====================================
[global]
# ----------------------- Network-Related Options-------------------------
workgroup= MYGROUP
serverstring = Samba Server Version %v
# --------------------------- Logging Options-----------------------------
log file =/var/log/samba/log.%m
max logsize = 51200
# ----------------------- Standalone Server Options------------------------
security =user
passdbbackend = tdbsam
# ----------------------- Domain Members Options------------------------
# ----------------------- Domain Controller Options------------------------
# ----------------------- Browser Control Options----------------------------
#----------------------------- Name Resolution-------------------------------
# --------------------------- Printing Options-----------------------------
load printers= yes
cupsoptions = raw
# --------------------------- File System Options---------------------------
#============================ Share Definitions==============================
[yysmb01]
comment =yynfs01
path =/mnt/hyyfs/nfs01
createmask = 0664
directorymask = 0775
writeable= no
validusers = nisuser01,nisuser02,nisuser03,smbuser1
write list= nisuser02,smbuser1
[yysmb02]
comment =yynfs02
path =/mnt/hyyfs/nfs02
writeable= yes
public =yes
guest ok =yes
1.3.2 检查配置参数
使用testparm -v检测配置文件的正确性
[root@node1 mnt]# testparm -v
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimumWindows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[yysmb01]"
Processing section "[yysmb02]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your servicedefinitions
…
1.3.3 开放权限
开放权限
1.4 服务管理
服务器端需要为smbuser1开放权限。在服务器端执行如下设置:
[root@node1 ~]# chown smbuser1:smbuser1 /mnt/hyyfs/nfs01/-R
2 Client端
服务器端设置了Security = User,即用户需要登录认证才能访问共享资源。
[root@node2 ~]# mount -tcifs //192.168.192.91/yysmb01 /mnt/nfs/ -o username=smbuser1,password=smbuser1
[root@node2 ~]# df -h |grep yysmb01
//192.168.192.91/yysmb01 60G 532M 60G 1% /mnt/nfs
[root@node2 ~]#
BUT:权限不足
[root@node2 nfs]# mkdir 11
mkdir: cannot create directory ‘11’: Permissiondenied
[root@node2 nfs]# touch 111
touch: cannot touch ‘111’: Permission denied
[root@node2 nfs]#
原因在于服务器端没有为smbuser1开放权限。在服务器端执行如下设置:
[root@node1 ~]# chown smbuser1:smbuser1 /mnt/hyyfs/nfs01/-R
---轻轻地我走了,正如我轻轻地来---