工作的需要在Centos7下搭建了一个smb用于文件共享,其中走了些弯路还好最终把它都解决了,下面把思路梳理下:
a.centos 7 通过yum安装的是samba 4
b.samba 4 下参数security的值不再允许是share和server,建议使用user
c.samba 4 下如果希望有匿名访问共享,可将 map to guest = Bad User 打开
d.与samba配套使用的smbpasswd在samba-client中,建议安装时一并安装samba-client
e.很多人为了避免samba与linux的selinux机制冲突,选择将selinux关闭,这是很不可取的。建议将需要由samba共享的目录加入到selinux的过滤中,如chcon -t samba_share_t /home/share(插句题外话,这个可是在RHCE
认证中必考项。ls -Zd /home/share,检测是否成功)
f.samba与linux本身的鉴权是不同的体系,故很有必要设置不同的密码组合
g.为了系统安全着想,建议不赋予samba帐户登录服务器的权限。
h.最后啰嗦一句,服务器安全任何时候都是第一位,千万别和数据开玩笑
放上代码:
--关闭防火墙
#systemctl stop firewalld
#systemctl disable firewalld
--关闭selinux 将SELINUX设置为 disabled
[root@rac1 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
创建共享文件夹,可匿名读写
#mkdir /data
#chmod 777 /data
--安装samba
#yum install samba samba-client -y
#cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
#vi /etc/samba/smb.conf
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
map to guest = Bad User
[data]
path = /data
writeable = yes
browseable = yes
guest ok = yes
#service network restart
#chkconfig smb on
#systemctl restart smb
#systemctl status smb
#最后赠送几个有用的命令
#检测是否正常 smbclient -L 110.236.23.200 -U share%share
#挂载共享文件 mount //10.236.23.200/smbshare /home/share/ -o username=share,password=share
#自动开机挂载 echo -e "\n//10.236.23.200/smbshare /home/share/ cifs defaults,auto,username=share,password=share 0 0">>/etc/fstab
#客户端专用 yum install samba-client -y