SMB(Sever Messages Block,信息服务块)是一种在局域网上共享文件和打印机的一种通信协议,它为局域网内的不同计算机之间提供文件及打印机等资源的共享服务。SMB协议是C/S协议,client可以通过协议访问服务器上的共享文件系统。
Samba的核心进程是:
1)smbd。这是samba的SMB服务器,它使用SMB协议与Client链接,完成用户认证,权限管理,和文件共享服务。
2)nmbd。提供NetBIOS名字服务器的守护进程,可以帮助客户定位服务器和域。
Samba的配置文件:smb.conf。
Samba的客户端:smbclient。用于访问其他SMB计算机共享的资源。
swat是一个samba专用的www服务器,用于通过客户浏览器配置samba,提供了对samba的图形配置界面。
smbprint是一个shell脚本,使用smbprint向windows计算机共享出的打印机发送要打印的文档。
nmblookup用于查询NetBIOS名字的命令工具。
主配置文件:/etc/samba/smb.conf
#=================== Global Settings===============
[global]部分设置,主要就是下列几项,其余可以保持不变,当然你要比较复杂高级的功能服务的话,那就另当别论了;
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = MSHOME #主机所属工作组名称
# server string is the equivalent of the NT Description field
server string = Samba Server #SAMBA服务器主机的注释,可选,但是建议还是留着,而且尽量写的详细准确,有助于识别;
# Security mode. Most people will want user level security. See security_level.txt for details.
security = share #安全模式,由于是共享目录,所以用share;
#==================== Share Definitions ==========
共享部分设置其它保存不动,直接在最后面添加你要共享的目录即可,同时要注意其访问权限;
[nfs]
path = /var/nfs
public = yes
writable = yes
/var/nfs目录对所有用户都可读可写;
四、启动服务
通过以上简单的设置,重启服务后,即可在Windows下在网上邻居中进行访问;
在FC5下,服务名为smb及nmb,启动smb时自动将nmb也启动;
五、注意事项
1、防火墙问题
2、确保共享目录的访问权限
3、通过网上邻居访问相应共享目录前,必须确保目录在服务器上存在。
范本:vi /etc/samba/smb.conf
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = WORKGROUP
netbios name = rayman_linux
# server string is the equivalent of the NT Description field
server string =Linux Samba Server TestServer
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts allow = 192.168.1. 192.168.2. 127.
# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
printcap name = /etc/printcap
load printers = yes
# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx, cups
printing = cups
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
guest account = detack
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/%m.log
# Put a capping on the size of the log files (in Kb).
max log size = 0
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = share
# Use password server option only with security = server
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
password server = <NT-Server-Name>
# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
password level = 8
username level = 8
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
# The following is needed to keep smbclient from spouting spurious errors
# when Samba is built with support for SSL.
ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
# The following are needed to allow password changing from Windows to
# update the Linux system password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
#the encrypted SMB passwords. They allow the Unix password
#to be kept in sync with the SMB password.
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
# You can use PAM's password change control flag for Samba. If
# enabled, then PAM will be used for password changes when requested
# by an SMB client instead of the program listed in passwd program.
# It should be possible to enable this without changing your passwd
# chat parameter for most setups.
pam password change = yes
# Unix users can map to different SMB User names
username map = /etc/samba/smbusers
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
include = /etc/samba/smb.conf.%m
# This parameter will control whether or not Samba should obey PAM's
# account and session management directives. The default behavior is
# to use PAM for clear text authentication only and to ignore any
# account or session management. Note that Samba always ignores PAM
# for authentication in the case of encrypt passwords = yes
obey pam restrictions = yes
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
interfaces = 192.168.12.2/24 192.168.13.2/24
# Configure remote browse list synchronisation here
# request announcement to, or browse list sync from:
# a specific host or from / to a whole subnet (see below)
remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
remote announce = 192.168.1.255 192.168.2.44
# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = no
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
os level = 33
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = yes
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
logon script = %m.bat
# run a specific logon batch file per username
logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
#%L substitutes for this servers netbios name, %U is username
#You must uncomment the [Profiles] share below
logon path = \\%L\Profiles\%U
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = no
# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
preserve case = no
short preserve case = no
# Default case is normally upper case for all DOS files
default case = lower
# Be very careful with case sensitivity - it can break things!
case sensitive = no
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775
# If you want users samba doesn't recognize to be mapped to a guest user
map to guest = bad user
# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon
guest ok = yes
writable = no
share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
path = /usr/local/samba/profiles
browseable = no
guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
# This one is useful for people to share files
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
# A publicly accessible directory, but read only, except for people in
# the "staff" group
[public]
comment = Public Stuff
path = /home/samba
public = yes
writable = yes
printable = no
write list = @staff
# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
[fredsprn]
comment = Fred's Printer
valid users = fred
path = /home/fred
printer = freds_printer
public = no
writable = no
printable = yes
# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
[fredsdir]
comment = Fred's Service
path = /usr/somewhere/private
valid users = fred
public = no
writable = yes
printable = no
# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
[pchome]
comment = PC Directories
path = /usr/local/pc/%m
public = no
writable = yes
# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
[public]
path = /home/detack/app/tomcat
public = yes
browseable = yes
writable = yes
printable = no
guest ok = yes
# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
[myshare]
comment = Mary's and Fred's stuff
path = /usr/somewhere/shared
valid users = mary fred
public = no
writable = yes
printable = no
create mask = 0765
Samba服务可以用于在linux主机之间共享文件,也可以在linux和windows之间共享文件。
给Windows客户提供文件服务是通过samba实现的,而samba也是一套基于UNIX类系统、实现SMB/CIFS协议的软件,作为UNIX的克隆,Linux也可以运行这套软件。samba的文件服务功能效率很高,借助Linux本身,可以实现用户磁盘空间限制功能。本文基于Linux介绍Samba的配置和使用。
主要内容:
一、关于配置文件
二、关于配置和使用
三、其它
samba通过配置文件来进行各种控制,关于配置文件,下面给出一个大致的介绍。
samba的最重要配置文件就是"/etc/samba/smb.conf",它有三个重要的节:[global],[homes],[public]。一般来说本地的这个文件中都有对其内容的详细注释,这里列出一个完整的配置文件内容,并解释如下。具体信息参见"man smb.conf"的输出。
用于用户映射的文件/etc/samba/smbuser内容大致如下:
乱码情况:
为了防止共享时出现中文目录乱码的情况,可能需要为smb.conf的[global]段添加如下几行:
这里,其中根据你的local,UTF-8 有可能需要改成 cp936。
这里介绍如何配置samba服务以及使用它,为便于查阅,先给出一个最简的配置方式,后面会给出关于配置和使用相对具体的内容。 以下内容,都是在CentOS release 5.5 (Final)上面实践的结果,并假定配置samba的机器ip地址是10.1.2.213。
这里,如果只是想要搭建一个可以工作的samba服务器,那么可以按照如下步骤配置:
这样,我们可以看到机器上面已经安装了samba,可以进行后面的配置了。如果你的机器上面没有相应的软件包,那么需要使用"yum install samba.i386"之类的命令安装,默认来说系统都将这个服务安装了的。
编辑之后的文件内容如下:
这里需要注意,不要将mysamba目录设置到 /home 下的某个子用户目录中,这样会导致目录无法通过其他的机器访问到。
这样,外部就可以访问这个目录了。注意首先在本地机器上将这个目录的读写权限打开,这样外面才能访问。
这样刚才的配置可以生效。
在文件浏览器的位置栏输入: smb://10.1.2.213
这样,将看到一个目录"public1"就是那个smb.conf中设置的"[public1]"组名,进入"public1"就可以看到内容了,内容实际就是服务器上面的/home/mysamba路径下面的内容。
在文件浏览器的位置栏输入: \\10.1.2.213
这样,将看到一个目录"public1"就是那个smb.conf中设置的"[public1]"组名,进入"public1"就可以看到内容了,内容实际就是服务器上面的/home/mysamba路径下面的内容。
总之两步,一个是修改"/etc/samba/smb.conf"设置共享目录,一个是运行"/etc/init.d/smb restart"让设置生效。
配置samba可以控制哪些目录可以访问,以及谁可以访问,以什么权限访问等等。我们可以使用图形化的工具配置,方法是运行"#system-config-samba"命令或者通过菜单"系统-系统管理-Samba",方法很简单就不多说了。还可以通过修改配置文件进行配置,这里重点介绍修改配置文件的方法,如下。
修改配置文件如下:
这里,workgroup表示工作组名server string表示服务器名(名称自定)netbios name是对服务器的描述hosts allow填入顺序访问的ip段,用空格分开,如果不设置则使用[global]中的,如果[global]中也没有,就表示允许任何ip访问security表示访问权限,访问权限由低到高有三种:share、user和server。其中share安全级别最低,user模式要求连接时输入用户名和口令。具体支持的字段,以及每个字段的含义在配置文件的注释中都有详细的说明,或者可以查看"man smb.conf"文档说明。
以上配置可知,设置了个共享目录:public1,public2,public3,且public3共享目录只有quietheart和lv-k用户可以访问。
配置之后,重新启动samba:
这样刚才的配置可以生效。
这里,添加帐号和修改密码都用这个smbpasswd命令。如果想要添加samba的网络访问帐户,首先必须保证系统中有相应的帐户名称,如果没有则需要使用"#useradd quietheart"建立一个,否则使用这个smbpasswd添加用户的时候,会出错误。 要注意,虽然samba的用户必须是本地机器的用户,但是samba的登录密码可以和本机登录密码可以不一样,上面只是为系统增加了quietheart这个用户,却没有给用户赋予本机登录密码,因为我们只用这个用户来远程samba访问,不想用它来做为一个本地登陆帐号,所以这个用户将只能从远程经过samba访问,不能从远程登录本机。
这个功能没太大必要,因为samba中的帐户,一定就是系统中的某个帐户,虽然密码不一样,所以可以查看/etc/passwd来得知所有系统帐号进而知道samba可能包含的用户帐号。
这里,删除命令就是将前面添加命令的-a改成-x了。
通过smbclient工具,可以实现在命令行下访问samba的目的,使用smbclient登陆samba之后,可以像ftp服务那样进行各种命令操作。
参考资料:
欢迎分享,转载请注明来源:夏雨云
微信扫一扫
支付宝扫一扫
评论列表(0条)