Samba是SMB/CIFS网络协议的重新实现, 可以在跨平台系统间进行文件共享,适用于局域网内数据共享、以及分布式文件系统中的数据一致,Samba的搭建和维护是运维人员的必备技能。

安装

yum install samba

配置

匿名用户

/etc/samba/smb.conf
[global]
workgroup = workgroup
security = user
#匿名访问
map to guest = Bad User
hosts allow = 127.0.0.1 192.168.1.

# 匿名可读可写
[rwshare]
        comment = readable and writable
        writable = yes
        public = yes
        path = /home/samba/rwshare

# 匿名只读
[rshare]
        comment = readable
        public = yes
        path = /home/samba/rshare

Samba用户

  1. 配置 ./etc/samba/smb.conf

[global]
workgroup = workgroup
security = user
passdb backend = smbpasswd
username map = /etc/samba/smbusers
[staff]
comment = Staff
path = /home/staff
write list = @staff
writable = yes
create mask = 0644
directory mask = 0744

  1. 添加用户

groupadd staff
useradd -s /sbin/nologin liming -g staff
smbpasswd -a liming # 生成密码并保存于/var/lib/samba/private/smbpasswd

LDAP用户

/etc/samba/smb.conf
[global]
workgroup = workgroup
security = user
passdb backend = ldapsam:ldap://192.168.1.x:389
ldap suffix = "dc=liming,dc=pub"
ldap admin dn = "cn=admin,dc=liming,dc=pub"
ldap user suffix = "dc=liming,dc=pub"
ldap delete dn = no
ldap passwd sync = yes
ldap ssl = no
设置ldap管理员密码
smbpasswd -w "ldap admin's password"
/etc/samba/smb.conf
# 需要用户验证可读写
[ushare]
        comment = valid
        writable = yes
        public = no
        path = /home/samba/ushare

TIPS: 保存后可以使用 testparm 测试是否配置是否正确。

创建共享目录

chown nobody:nobody rwshare

启动服务

systemctl start smb
systemctl enable smb

客户端使用

# 挂载匿名samba
# mount -t cifs //192.168.1.x/rwshare /mnt/rwshare -o guest
# 挂载非匿名samba
mount -t cifs -o username="<username>",password="<password>" -o uid=<linuxuser> -o gid=<linuxgroup> //<WinIP>/<shared_dir> /<path>/<mount_dir>
CentOS示例
yum -y install cifs-utils
mkdir -p /mnt/rwshare
mount -t cifs -l //192.168.1.x/rwshare /mnt/rwshare
Manjaro示例
sudo mount.cifs //192.168.1.x/rwshare /mnt/rwshare
开机自动挂载

./etc/fstab

//192.168.1.x/rwshare /mnt/rwshare cifs defaults,username=samba,password=samba,uid=root,gid=root

附(配置参数):

comment---------注释说明
path------------分享资源的完整路径名称,除了路径要正确外,目录的权限也要设对
browseable------是yes/否no在浏览资源中显示共享目录,若为否则必须指定共享路径才能存取
printable-------是yes/否no允许打印
hide dot ftles--是yes/否no隐藏隐藏文件
public----------是yes/否no公开共享,若为否则进行身份验证(只有当security = share 时此项才起作用)
guest ok--------是yes/否no公开共享,若为否则进行身份验证(只有当security = share 时此项才起作用)
read only-------是yes/否no以只读方式共享,当与writable发生冲突时以writable为准
writable--------是yes/否no不以只读方式共享,当与read only发生冲突时,无视read only
vaild users-----设定只有此名单内的用户才能访问共享资源(拒绝优先)(用户名/@组名)
invalid users---设定只有此名单内的用户不能访问共享资源(拒绝优先)(用户名/@组名)
read list-------设定此名单内的成员为只读(用户名/@组名)
write list------若设定为只读时,则只有此设定的名单内的成员才可作写入动作(用户名/@组名)
create mask-----建立文件时所给的权限
directory mask--建立目录时所给的权限
force group-----指定存取资源时须以此设定的群组使用者进入才能存取(用户名/@组名)
force user------指定存取资源时须以此设定的使用者进入才能存取(用户名/@组名)
allow hosts-----设定只有此网段/IP的用户才能访问共享资源
deny hosts------设定只有此网段/IP的用户不能访问共享资源