smb server

最新推荐文章于 2024-08-27 19:28:34 发布

weixin_34266504

最新推荐文章于 2024-08-27 19:28:34 发布

阅读量223

点赞数

原文链接：http://blog.51cto.com/milkman/1378742

版权

samba服务器架设

特点：支持跨平台的文件共享
增加了一些访问控制，权限

samba-client.i386
samba-common.i386
samba.i386

配置目录： /etc/samba
配置文件： smb.conf

[global]
workgroup = MYGROUP
server string = Samba Server Version %v
# logs split per machine
# max 50KB per log file, then rotate
security = user <-- share,server,ads,domain
passdb backend = tdbsam
# the login script name depends on the machine name
# the login script name depends on the unix user used
# disables profiles support by specifing an empty path
load printers = yes
cups options = raw
#obtain list of printers automatically on SystemV
[homes]
comment = Home Directories
browseable = no <--匿名扫描或者别的帐号扫描是不能看到该资源
writable = yes <--可写
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes

一、安装

[root@www ~]# yum install samba* -y
Loaded plugins: rhnplugin, security
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package samba-client.i386 0:3.0.33-3.14.el5 set to be updated
---> Package samba-common.i386 0:3.0.33-3.14.el5 set to be updated
---> Package samba-swat.i386 0:3.0.33-3.14.el5 set to be updated
---> Package samba.i386 0:3.0.33-3.14.el5 set to be updated
--> Processing Dependency: perl(Convert::ASN1) for package: samba
--> Running transaction check
---> Package perl-Convert-ASN1.noarch 0:0.20-1.1 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
samba i386 3.0.33-3.14.el5 rhel-debuginfo 16 M
samba-swat i386 3.0.33-3.14.el5 rhel-debuginfo 8.2 M
Updating:
samba-client i386 3.0.33-3.14.el5 rhel-debuginfo 5.7 M
samba-common i386 3.0.33-3.14.el5 rhel-debuginfo 8.7 M
Installing for dependencies:
perl-Convert-ASN1 noarch 0.20-1.1 rhel-debuginfo 41 k

Transaction Summary
================================================================================
Install 3 Package(s)
Update 2 Package(s)
Remove 0 Package(s)

Total download size: 39 M
Downloading Packages:
(1/5): perl-Convert-ASN1-0.20-1.1.noarch.rpm | 41 kB 00:00
(2/5): samba-client-3.0.33-3.14.el5.i386.rpm | 5.7 MB 00:01
(3/5): samba-swat-3.0.33-3.14.el5.i386.rpm | 8.2 MB 00:01
(4/5): samba-common-3.0.33-3.14.el5.i386.rpm | 8.7 MB 00:02
(5/5): samba-3.0.33-3.14.el5.i386.rpm | 16 MB 00:03
--------------------------------------------------------------------------------
Total 3.8 MB/s | 39 MB 00:10
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : samba-common [1/7]
Updating : samba-client [2/7]
Installing : perl-Convert-ASN1 [3/7]
Installing : samba [4/7]
Installing : samba-swat [5/7]
Cleanup : samba-client [6/7]
Cleanup : samba-common [7/7]

Installed: samba.i386 0:3.0.33-3.14.el5 samba-swat.i386 0:3.0.33-3.14.el5
Dependency Installed: perl-Convert-ASN1.noarch 0:0.20-1.1
Updated: samba-client.i386 0:3.0.33-3.14.el5 samba-common.i386 0:3.0.33-3.14.el5
Complete!
You have new mail in /var/spool/mail/root

二、配置共享文件

Samba服务器使用的帐号的是系统必须存在的帐号，但帐号的密码是samba独立

[root@www ~]# useradd wych
You have new mail in /var/spool/mail/root
[root@www ~]# passwd wych
Changing password for user wych.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@www ~]# servce smb restart
-bash: servce: command not found
[root@www ~]# service smb restart
Shutting down SMB services: [FAILED]
Shutting down NMB services: [FAILED]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@www ~]# service smb restart
[root@www ~]# useradd wych
You have new mail in /var/spool/mail/root
[root@www ~]# passwd wych
Changing password for user wych.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@www ~]# smbpasswd wych
New SMB password:
Retype new SMB password:
Failed to find entry for user wych.
Failed to modify password entry for user wych
You have new mail in /var/spool/mail/root

例子1：

Samba服务器使用的帐号的是系统必须存在的帐号，但帐号的密码是samba独立
[root@squid conf]# smbpasswd -a tom
New SMB password:
Retype new SMB password:
Added user tom.
[root@squid conf]# smbpasswd -a bean
New SMB password:
Retype new SMB password:
Added user bean.

Service smb restart

匿名扫描
smbclient -L //10.1.1.21
使用某个帐号列出资源
# smbclient -L //10.1.1.21 -U tom
访问资源
smbclient //10.1.1.21/bean -U bean

例子2:增加自定义共享

[uplooking]
comment = Just for test
path = /www
browseable = yes
guest ok = no
writable = no

# smbclient //10.1.1.21/uplooking
Password:
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]
tree connect failed: NT_STATUS_ACCESS_DENIED

# smbclient //10.1.1.21/uplooking -U tom

在user模式下，把资源让匿名可以访问，资源可写
public = yes 《－－ guest ok =yes
read only = no <--- writeable = yes

在windows下访问的格式
//10.1.1.21/uplooking
关闭已经建立好的资源访问
net use * /del /y
在user模式下，就算是访问匿名资源也必须提供帐号，所以说，不能访问

更改成share模式之后：
security = share

例子3：关于可写资源文件的权限问题

使用两个独立帐号分别上传文件，发现可以相互删除，原因：只要拥有者对文件有写的权限，其他帐号就可以对它进行删除。

怎么去解决？让别人不能随便删除其他的文件。

对资源目录设定stick bit
chmod o+t /www

第2种办法：
让文件上传之后，自动去掉拥有者写权限
create mask = 0444 <--对于这样的权限，拥有者也不能删除自己的文件
directory mask = 0755

例子4: 访问控制，必须把级别改成user

控制资源参数
write list = tom <--如果存在read only = no 那么write list失效
valid users = tom,bean <--- invalid users =

控制访问来源

hosts deny = 10.1.1.
hosts allow = 10.1.1.20 《－－只允许10.1.1.20访问，别的都拒绝
总结：当deny和allow重叠的时候，allow说了算。

实现拒绝所有人访问，但是10.1.1.0/24可以访问,但是10.1.1.20不允访问
hosts deny = all
hosts allow = 10.1.1. EXCEPT 10.1.1.20

如果使用域名来实现，那么必须DNS支持正向和方向解析
hosts allow = .upl.com

例子5：在user模式下，实现tom可以上传下载，bean只能下载，其他用户不能登录，拒绝匿名访问。

valid users = tom,bean
guest ok = no
write list = tom
read list = bean <---可选