搭建用户认证共享服务器
1.准备工作
环境
ip | 主机 | 环境 |
---|---|---|
172.16.30.30 | system2 | redhat7图形界面 |
172.16.30.130 | system1 | redhat7图形界面 |
2.服务端
关防火墙和selinux。安装samba服务
[root@system2 Desktop]# systemctl stop firewalld.service
[root@system2 Desktop]# setenforce 0
[root@system2 Desktop]# yum -y install samba-*
[root@system2 Desktop]# useradd -M jianghu
[root@system2 Desktop]# smbpasswd -a jianghu
New SMB password:
Retype new SMB password:
Added user jianghu.
[root@system2 Desktop]# echo 'jianghu = share' > /etc/samba/smbusers
[root@system2 Desktop]# vim /etc/samba/smb.conf
[root@system2 Desktop]# mkdir -p /hupu/jianghu
[root@system2 Desktop]# chown -R jianghu.jianghu /hupu/jianghu/
[root@system2 Desktop]# ll /hupu/
total 0
drwxr-xr-x. 2 jianghu jianghu 6 Jan 15 09:43 jianghu
[root@system2 Desktop]# cat >> /etc/samba/smb.conf <<EOF
> [jianghu]
> comment = jianghu
> path = /hupu/jianghu
> browseable = yes
> guest ok = yes
> writable = yes
> write list = share
> public = yes
> EOF
[root@system2 Desktop]# tail -8 /etc/sa
samba/ sane.d/ sasl2/
[root@system2 Desktop]# tail -8 /etc/samba/smb.conf
[jianghu]
comment = jianghu
path = /hupu/jianghu
browseable = yes
guest ok = yes
writable = yes
write list = share
public = yes
[root@system2 Desktop]# systemctl start smb
[root@system2 Desktop]# systemctl restart smb
[root@system2 Desktop]# systemctl reload smb
[root@system2 Desktop]# systemctl enable smb
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
3.客户端验证
[root@system1 Desktop]# smbclient -L 172.16.30.30 -U share
Enter share's password:
Domain=[SAMBA] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
jianghu Disk jianghu
Domain=[SAMBA] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
Workgroup Master
挂载
[root@system1 Desktop]# mount -t cifs //172.16.30.30/jianghu /samba -o username=share,password=123456
[root@system1 Desktop]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 4.9G 3.0G 2.0G 60% /
devtmpfs 985M 0 985M 0% /dev
tmpfs 994M 140K 994M 1% /dev/shm
tmpfs 994M 8.9M 986M 1% /run
tmpfs 994M 0 994M 0% /sys/fs/cgroup
/dev/sda1 197M 104M 94M 53% /boot
/dev/sr0 3.5G 3.5G 0 100% /run/media/root/RHEL-7.0 Server.x86_64
//172.16.30.30/jianghu 4.9G 3.0G 2.0G 61% /samba
进入共享目录创建文件
[root@system1 Desktop]# cd /samba/
[root@system1 samba]# touch a
[root@system1 samba]# mkdir abc
[root@system1 samba]# ls
a abc
服务端验证
[root@system2 ~]# cd /hupu/jianghu/
[root@system2 jianghu]# ls
a abc
[root@system2 jianghu]#
永久挂载
[root@system1 samba]# vim /etc/fstab
//172.16.30.30/jianghu /samba cifs defaults,_netdev,username=share,password=123456 0 0
[root@system1 samba]# mount -a
[root@system1 samba]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 4.9G 3.0G 2.0G 60% /
devtmpfs 985M 0 985M 0% /dev
tmpfs 994M 140K 994M 1% /dev/shm
tmpfs 994M 8.9M 986M 1% /run
tmpfs 994M 0 994M 0% /sys/fs/cgroup
/dev/sda1 197M 104M 94M 53% /boot
/dev/sr0 3.5G 3.5G 0 100% /run/media/root/RHEL-7.0 Server.x86_64
//172.16.30.30/jianghu 4.9G 3.0G 2.0G 62% /samba
4.samba示例
4.1环境
ip | 主机 | 环境 |
---|---|---|
172.16.30.130 | system1 | redhat7图形界面 |
172.16.30.30 | system2 | redhat7图形界面 |
4.2服务端
在sever上配置SAMBA服务
您的samba服务器必须是STAFF工作组的一个成员
共享/common目录,共享名为common
只有example.com域的客户端可以访问common共享
common必须可以浏览的
用户natasha必须能够读取共享中的内容,如果需要的话,验证密码是tangkai
[root@system1 Desktop]# yum -y install samba-*
[root@system1 Desktop]# vim /etc/samba/smb.conf
workgroup =STAFF
[common]
path = /common
browseable = yes
valid users =natasha
[root@system1 Desktop]# systemctl mask iptables.service ebtables.service
ln -s '/dev/null' '/etc/systemd/system/iptables.service'
ln -s '/dev/null' '/etc/systemd/system/ebtables.service'
[root@system1 Desktop]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=samba accept' --permanent
success
[root@system1 Desktop]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.16.30.0/24 service name=samba-client accept' --permanent
success
[root@system1 Desktop]# firewall-cmd --reload
success
[root@system1 Desktop]# useradd natasha
[root@system1 Desktop]# smbpasswd -a natasha
New SMB password:
Retype new SMB password:
Added user natasha.
[root@system1 Desktop]# setfacl -m u:natasha:r-x /common/
[root@system1 Desktop]# getsebool -a| grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
[root@system1 Desktop]# setsebool -P samba_enable_home_dirs on
[root@system1 Desktop]# chcon -Rt samba_share_t /common/
[root@system1 Desktop]# vim /etc/samba/smb.conf
[root@system1 Desktop]# systemctl restart smb nmb
[root@system1 Desktop]# systemctl enable smb.service nmb.service
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
ln -s '/usr/lib/systemd/system/nmb.service' '/etc/systemd/system/multi-user.target.wants/nmb.service'
[root@system1 Desktop]# touch /common/aa
[root@system1 Desktop]# ls
[root@system1 Desktop]# cd /common/
[root@system1 common]# ls
aa
4.3客户端挂载并验证
[root@system2 Desktop]# mount -t cifs -o username=natasha,password=tangkai //172.16.30.130/common /mnt
[root@system2 Desktop]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 4.9G 3.0G 1.9G 62% /
devtmpfs 985M 0 985M 0% /dev
tmpfs 994M 140K 994M 1% /dev/shm
tmpfs 994M 8.9M 986M 1% /run
tmpfs 994M 0 994M 0% /sys/fs/cgroup
/dev/sda1 197M 104M 94M 53% /boot
/dev/sr0 3.5G 3.5G 0 100% /run/media/root/RHEL-7.0 Server.x86_64
//172.16.30.130/common 4.9G 3.0G 2.0G 60% /mnt
[root@system2 Desktop]# cd /mnt
[root@system2 mnt]# ls
aa
4.4多用户samba挂载
在server上通过samba共享目录/storage
共享名为share
共享目录只能被example.com域内的客户端使用
共享目录share可以被浏览
用户sarah能以读的方式访问此共享,访问密码是tangkai
用户kitty能能以读写的方式访问此共享,访问密码是tangkai
此共享永久挂载在desktop上的/mnt/dev目录,并使用用户Sarah进行认证,任何用户可临时通过kitty来获得读写权限
服务端:
[root@system1 common]# mkdir /storage
[root@system1 common]# chcon -Rt samba_share_t /storage
[root@system1 common]# vim /etc/samba/smb.conf
[share]
path = /storage/
browseable = yes
valid users = sarah,kitty
writable = no
writ list =kitty
[root@system1 common]# useradd sarah
[root@system1 common]# useradd kitty
[root@system1 common]# smbpasswd -a sarah
New SMB password:
Retype new SMB password:
Added user sarah.
[root@system1 common]# smbpasswd -a kitty
New SMB password:
Retype new SMB password:
Added user kitty.
[root@system1 common]# setfacl -m u:sarah:r-x /storage
[root@system1 common]# setfacl -m u:kitty:rwx /storage
[root@system1 common]# systemctl restart smb nmb
客户端
挂载并验证
[root@system2 ~]# umount /mnt/
[root@system2 ~]# ls /mnt
[root@system2 ~]# mkdir /mnt/dev
[root@system2 ~]# vim /etc/fstab
//172.16.30.130/share /mnt/dev cifs multiuser,username=sarah,password=tangkai,sec=ntlmssp 0 0
[root@system2 ~]# mount -a
[root@system2 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 4.9G 3.0G 2.0G 62% /
devtmpfs 985M 0 985M 0% /dev
tmpfs 994M 140K 994M 1% /dev/shm
tmpfs 994M 8.9M 986M 1% /run
tmpfs 994M 0 994M 0% /sys/fs/cgroup
/dev/sda1 197M 104M 94M 53% /boot
/dev/sr0 3.5G 3.5G 0 100% /run/media/root/RHEL-7.0 Server.x86_64
//172.16.30.130/share 4.9G 3.0G 2.0G 60% /mnt/dev
[root@system2 ~]# cd /mnt/dev/
[root@system2 dev]# ls
[root@system2 dev]# yum -y install cifs-utils*
[root@system2 dev]# ls /home
student
[root@system2 dev]# su - student
[student@system2 ~]$ cifscreds add -u kitty 172.16.30.130
Password:
[student@system2 ~]$ ls
[student@system2 ~]$ touch aa
[student@system2 ~]$ ll
total 0
-rw-rw-r--. 1 student student 0 Jan 15 17:22 aa