Samba服务器
又叫操作系统集成工具
能验证IP网段。还能验证身份
安全性比NFS优越的多
SMB:tcp/139和tcp/445
NetBIOS: udp/137和udp/138
samba软件目前可以提供的功能---->一般用前两个,主要是第一个
文件共享
主机名解析
WINDOWS活动目录的支持(3.0以上的版本)---->将linux添加到域,成为域控制器,不过很少有人这么做
(LDAP协议)
三个功能分别放在三个脚本上:根据需要打开
文件共享---->smb
主机名解析---->nmb
活动目录(LDAP)--->winbind
受selinux影响比较深,最好selinux改成permissive或者disabled禁用
实现两种类型的访问控制:
1.IP地址的访问控制
hosts deny
hosts allow
2.基于用户名和密码的访问控制
类似于虚拟用户的方法完成认证-->并不是真正的系统用户,也不是真正的虚拟用户,而是在系统用户的基础上重新定义了虚拟用户
首先得失系统用户(存在于/etc/passwd中的用户)
在基于系统用户进行二次加密,并且将加密的内容保存在其他的文件中---->所以说类似,又叫半虚拟用户
主配置文件
/etc/samba.smb.conf
/var/lib/samba 跟samba有关的私密性文件
[root@localhost ~]# rpm -q samba-common
samba-common-3.5.4-68.el6.i686
[root@localhost ~]# rpm -q samba-client
samba-client-3.5.4-68.el6.i686
[root@localhost ~]# rpm -q samba
package samba is not installed
[root@localhost ~]# rpm -q libtalloc
libtalloc-2.0.1-1.1.el6.i686
[root@localhost ~]# rpm -q libtdb
libtdb-1.2.1-2.el6.i686
[root@localhost ~]# rpm -q libtevent
libtevent-0.9.8-8.el6.i686
用yum来卸载,解决依赖关系
[root@localhost ~]# yum -y erase samba-common samba-client libtalloc libtdb libtevent
[root@localhost ~]# rpm -q xinetd
package xinetd is not installed
[root@localhost ~]# cp /mnt/cdrom/Packages/xinetd-2.3.14-29.el6.i686.rpm ./
[root@localhost ~]# ls
anaconda-ks.cfg
install.log
install.log.syslog
libtalloc-2.0.7-2.el6.i686.rpm
libtdb-1.2.10-1.el6.i686.rpm
libtevent-0.9.18-3.el6.i686.rpm
samba-3.6.23-20.el6.i686.rpm
samba-client-3.6.23-20.el6.i686.rpm
samba-common-3.6.23-20.el6.i686.rpm
samba-doc-3.6.23-20.el6.i686.rpm
samba-swat-3.6.23-20.el6.i686.rpm
samba-winbind-3.6.23-20.el6.i686.rpm
samba-winbind-clients-3.6.23-20.el6.i686.rpm
samba-winbind-devel-3.6.23-20.el6.i686.rpm
xinetd-2.3.14-29.el6.i686.rpm
[root@localhost ~]# rpm -ivh *.rpm 安装所有
warning: libtalloc-2.0.7-2.el6.i686.rpm: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
warning: xinetd-2.3.14-29.el6.i686.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Preparing... ########################################### [100%]
1:libtalloc ########################################### [ 8%]
2:libtevent ########################################### [ 17%]
3:libtdb ########################################### [ 25%]
4:samba-common ########################################### [ 33%]
5:samba-winbind ########################################### [ 42%]
6:samba-winbind-clients ########################################### [ 50%]
7:samba ########################################### [ 58%]
8:xinetd ########################################### [ 67%]
9:samba-winbind-devel ########################################### [ 75%]
10:samba-doc ########################################### [ 83%]
11:samba-swat ########################################### [ 92%]
12:samba-client ########################################### [100%]
解析顺序:
hosts --> DNS缓存 --> DNS Serber --> lmhosts
[root@localhost ~]# ls /etc/samba/
lmhosts(本地主机的hosts文件) smb.conf smbusers映射
[root@localhost ~]# cat /etc/samba/smbusers
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
[root@localhost ~]# cat /etc/samba/lmhosts 格式和hosts文件一样
127.0.0.1 localhost
[root@localhost ~]# ls /var/lib/samba/ 私密性的东西
private scripts winbindd_privileged权限
[root@localhost ~]# vim /etc/samba/smb.conf
标题下(中括号)所有的语句是针对下面生效,直到下一个中括号
[global]
workgroup = MYGROUP 改成WORKGROUP windows的工作组
server string = Samba Server Version %v 被识别的主机名 %v叫宏,表示版本号
; netbios name = MYSERVER netbios名称 windows的主机名
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 多个则空格隔开
; hosts allow = 127. 192.168.12. 192.168.13. 白名单 部分网络地址,网络部分写出来 ,主机部分省略
注释掉的意思是所有主机所有IP都可访问
# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach
# logs split per machine
log file = /var/log/samba/log.%m %m代表客户端主机的名字 macheine
# max 50KB per log file, then rotate
max log size = 50 隐藏单位为KB 达到50KB滚动 5M写成5120 或5000
# ----------------------- Standalone Server Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
security = user 安全级别
passdb backend = tdbsam 用户存在哪 默认在/var/lib/samba
:/etc/samba/smbpasswd
安全级别security
1.share 只允许匿名用户(来宾用户win--->guest,linux-->nobody)访问
2.user 使用本地的tdb数据库文件保存samba用户和密码---->对于保存在tdb数据库的用户进行验证
3.server 使用一台专用的服务器来进行用户身份验证,windows服务器--->server 必须是基于windows的redis服务器
4.domain 使用一台活动目录域控制器来进行用户身份验证
# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads活动目录
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can‘t
# use the DNS to locate Domain Controllers
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
; security = domain
; passdb backend = tdbsam
; realm = MY_REALM
; password server = <NT-Server-Name>
# ----------------------- Browser Control Options ----------------------------
#
# set local master to no if you don‘t want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
; local master = no 本地管理员 ,注释掉的话本地管理员为root
; os level = 33 操作系统的等级决定优先级
; preferred master = yes 更受欢迎的管理员
#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it‘s WINS Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.
; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
; dns proxy = yes
# --------------------------- Printing Options -----------------------------
#共享一台打印机,很少用
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option
load printers = yes
cups options = raw 通用unix打印服务
; printcap name = /etc/printcap
#obtain list of printers automatically on SystemV
; printcap name = lpstat
; printing = cups
# --------------------------- Filesystem Options ---------------------------
#
# The following options can be uncommented if the filesystem supports 如果文件系统支持这些扩展属性并生效可以取消注释
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares
; map archive = no
; map hidden = no
; map read only = no
; map system = no
; store dos attributes = yes 存储dos属性
#============================ Share Definitions ==============================
[homes]
comment = Home Directories 说明、注释、描述 = 家目录(所有用户的家)
browseable = no 可浏览的 = no 不能随意浏览,登陆的用户是谁,就能看见谁的家
writable = yes 可写的,是不是有写权限,共享权限当中的写权限
; valid users = %S 有效用户--->白名单 %S登陆shell对应的用户--->当前用户
; valid users = MYDOMAIN\%S
comment = Home Directories 注释信息,描述信息
browseable = no
writable = yes
valid users = username1 username2 @groupname1 @groupname2 空格隔开
用户的白名单--->注释掉则为所有人都能访问
invalid users = username1 username2 @groupname1 @groupname2
用户的黑名单
valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no 可浏览的
guest ok = no
writable = no
printable = yes 可打印的
path = /PATH/TO/SHARED_DIR
共享的目录的路径,绝对路径
guest ok = no
是否允许来宾访问,相当于public = no
write list = +staff
哪些用户或组可以访问并可以写,但是功能更强大
相当于
valid users = +staff
writable =yes
create mode = 0644 不写默认744
用户创建的文件在linux中被识别的权限
dir[ectory] mod = 0755 不写默认775
用户创建的目录在linux中被识别的权限
主配置文件格式:
[global]
[homes]
[printers]
[public]
注释符号有两种:
#用来注释说明信息
;用来注释配置语句
statement = value (最好等号两边留空格)
xxx = yes | Yes | no | No 全大写没试过,建议尝试
安全级别security = user
1.share 只允许匿名用户(来宾用户win--->guest,linux-->nobody)访问
2.user 使用本地的tdb数据库文件保存samba用户和密码---->对于保存在tdb数据库的用户进行验证
3.server 使用一台专用的服务器来进行用户身份验证,windows服务器--->server 必须是基于windows的redis服务器
4.domain 使用一台活动目录域控制器来进行用户身份验证
comment = Home Directories 注释信息,描述信息
browseable = no
writable = yes
valid users = username1 username2 @groupname1 @groupname2 空格隔开
用户的白名单--->注释掉则为所有人都能访问
invalid users = username1 username2 @groupname1 @groupname2
用户的黑名单
valid users = MYDOMAIN\%S
path = /PATH/TO/SHARED_DIR
共享的目录的路径,绝对路径
guest ok = no
是否允许来宾访问,相当于public = no
write list = +staff
哪些用户或组可以访问并可以写,但是功能更强大
相当于
valid users = +staff
writable =yes
create mode = 0644 不写默认744
用户创建的文件在linux中被识别的权限
dir[ectory] mod = 0755 不写默认775
用户创建的目录在linux中被识别的权限
[名称最好是纯字母]
服务器端
[root@localhost ~]# vim /etc/samba/smb.conf
[myshare]
comment = my share dir
path = /var/shared
public = no
writable = yes
[root@localhost ~]# ls /var/shared/ -ld
drwxr-xr-x. 3 root root 4096 May 29 03:51 /var/shared/
[root@localhost ~]# ls /var/shared/ -ld
drwxr-xr-x. 3 root root 4096 May 29 03:51 /var/shared/
[root@localhost ~]# chmod 1777 /var/shared
[root@localhost ~]# service smb start
Starting SMB services: [ OK ]
[root@localhost ~]# service nmb start
Starting NMB services: [ OK ]
[root@localhost ~]# echo test > /var/shared/test.file
客户端
smbclient
-L :以列表显示服务器的共享文件夹
-U USERNAME :以USERNAME用户的身份进行身份验证--->服务器端被授权能够访问服务器的用户
特殊的命令提示符:命令跟FTP几乎一样
smb: \>
在服务器上添加samba用户
smbpasswd
-a:添加用户
-d:禁用用户
-e:启用用户
-x:删除用户
[root@localhost ~]# useradd hadoop
[root@localhost ~]# useradd hive
[root@localhost ~]# smbpasswd -a hadoop
New SMB password:
Retype new SMB password:
Added user hadoop.
[root@localhost ~]# ls /var/lib/samba/private/
passdb.tdb用户名 secrets.tdb加密密码
[root@localhost ~]#
[root@localhost ~]# ls -l /var/lib/samba/private/
total 832
-rw-------. 1 root root 421888 May 29 08:35 passdb.tdb
-rw-------. 1 root root 430080 May 29 08:28 secrets.tdb
这个用户能访问samba服务器但是不能登陆
客户端
[root@localhost ~]# smbclient -L //192.168.100.1 -U hadoop
Enter hadoop‘s password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-20.el6]
Sharename Type Comment
--------- ---- -------
myshare Disk my share dir
IPC$(隐藏文件) IPC(进程间通信机制) IPC Service (Samba Server Version 3.6.23-20.el6)
hadoop Disk Home Directories 用户的家
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-20.el6]
Server Comment
--------- -------
LOCALHOST Samba Server Version 3.6.23-20.el6
Workgroup Master
--------- -------
MYGROUP LOCALHOST
WORKGROUP LYJ
客户端
[root@localhost ~]# smbclient //192.168.100.1/myshare -U hadoop
Enter hadoop‘s password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-20.el6]
smb: \>
smb: \>
smb: \> !pwd 叹号调用本地
/root
smb: \> pwd
Current directory is \\192.168.100.1\myshare\
smb: \> lcd /tmp
smb: \> !pwd
/tmp
smb: \> ls
. D 0 Fri May 29 08:30:17 2015
.. D 0 Fri May 29 08:28:13 2015
test.file 5 Fri May 29 08:30:17 2015
cdrom DR 0 Thu Sep 23 06:24:55 2010
39109 blocks of size 524288. 34441 blocks available
smb: \> get test.file
getting file \test.file of size 5 as test.file (0.1 KiloBytes/sec) (average 0.1 KiloBytes/sec)
smb: \> dir
. D 0 Fri May 29 08:30:17 2015
.. D 0 Fri May 29 08:28:13 2015
test.file 5 Fri May 29 08:30:17 2015
cdrom DR 0 Thu Sep 23 06:24:55 2010
39109 blocks of size 524288. 34441 blocks available
smb: \> lcd /etc
smb: \> put fstab
putting file fstab as \fstab (14.8 kb/s) (average 14.8 kb/s)
smb: \> ls
. D 0 Fri May 29 08:43:10 2015
.. D 0 Fri May 29 08:28:13 2015
fstab A 861 Fri May 29 08:43:10 2015
test.file 5 Fri May 29 08:30:17 2015
cdrom DR 0 Thu Sep 23 06:24:55 2010
39109 blocks of size 524288. 34441 blocks available
smb: \>
smb: \> quit
[root@localhost ~]# ls /tmp/
test.file yum.log 刚下载的
服务器
[root@localhost ~]# ls /var/shared/
cdrom fstab(具有执行权限) test.file
[root@localhost ~]# ls /var/shared/ -l
total 14
dr-xr-xr-x. 9 root root 6144 Sep 23 2010 cdrom
-rwxr--r--. 1 hadoop hadoop 861 May 29 08:43 fstab 744权限
-rw-r--r--. 1 root root 5 May 29 08:30 test.file
客户端
[root@localhost ~]# smbclient //192.168.100.1/myshare -U hadoop
Enter hadoop‘s password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-20.el6]
smb: \> mkdir abc
smb: \> ls
. D 0 Fri May 29 08:45:21 2015
.. D 0 Fri May 29 08:28:13 2015
abc D 0 Fri May 29 08:45:21 2015
fstab A 861 Fri May 29 08:43:10 2015
test.file 5 Fri May 29 08:30:17 2015
cdrom DR 0 Thu Sep 23 06:24:55 2010
39109 blocks of size 524288. 34441 blocks available
smb: \>
服务器
[root@localhost ~]# ls /var/shared/ -l
total 18
drwxr-xr-x. 2 hadoop hadoop 4096 May 29 08:45 abc
dr-xr-xr-x. 9 root root 6144 Sep 23 2010 cdrom
-rwxr--r--. 1 hadoop hadoop 861 May 29 08:43 fstab
-rw-r--r--. 1 root root 5 May 29 08:30 test.file
[root@localhost ~]# !vim
vim /etc/samba/smb.conf
[myshare]
comment = my share dir
path = /var/shared
public = no
writable = yes
create mode = 0644
dir mode =0755
[root@localhost ~]# service smb restart
Shutting down SMB services: [ OK ]
Starting SMB services: [ OK ]
客户端
[root@localhost ~]# smbclient //192.168.100.1/myshare -U hadoop
Enter hadoop‘s password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-20.el6]
smb: \> lcd /etc/
smb: \> put mtab
putting file mtab as \mtab (15.2 kb/s) (average 15.2 kb/s)
服务器
[root@localhost ~]# ls /var/shared/ -l
total 22
drwxr-xr-x. 2 hadoop hadoop 4096 May 29 08:45 abc
dr-xr-xr-x. 9 root root 6144 Sep 23 2010 cdrom
-rwxr--r--. 1 hadoop hadoop 861 May 29 08:43 fstab
-rw-r--r--. 1 hadoop hadoop 357 May 29 08:47 mtab
-rw-r--r--. 1 root root 5 May 29 08:30 test.file
[root@localhost ~]# useradd alice
[root@localhost ~]# useradd bob
[root@localhost ~]# useradd cobe
[root@localhost ~]# useradd david
[root@localhost ~]# smbpasswd -a hive
New SMB password:
Retype new SMB password:
Added user hive.
[root@localhost ~]# smbpasswd -a alice
New SMB password:
Retype new SMB password:
Added user alice.
[root@localhost ~]# smbpasswd -a bob
New SMB password:
Retype new SMB password:
Added user bob.
[root@localhost ~]# smbpasswd -a cobe
New SMB password:
Retype new SMB password:
Added user cobe.
[root@localhost ~]# smbpasswd -a david
New SMB password:
Retype new SMB password:
Mismatch - password unchanged.
Unable to get new password.
[root@localhost ~]# smbpasswd -a david
New SMB password:
Retype new SMB password:
Added user david.
[root@localhost ~]# smbclient //192.168.100.1/myshare -U david
Enter david‘s password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-20.el6]
smb: \> ls
. D 0 Fri May 29 08:47:28 2015
.. D 0 Fri May 29 08:28:13 2015
mtab 357 Fri May 29 08:47:28 2015
abc D 0 Fri May 29 08:45:21 2015
fstab A 861 Fri May 29 08:43:10 2015
test.file 5 Fri May 29 08:30:17 2015
cdrom DR 0 Thu Sep 23 06:24:55 2010
39109 blocks of size 524288. 34441 blocks available
smb: \> rm fstab
NT_STATUS_ACCESS_DENIED deleting remote file \fstab
smb: \> lcd /etc/
smb: \> put issue
putting file issue as \issue (9.2 kb/s) (average 9.2 kb/s)
smb: \> ls
. D 0 Fri May 29 08:50:45 2015
.. D 0 Fri May 29 08:28:13 2015
mtab 357 Fri May 29 08:47:28 2015
abc D 0 Fri May 29 08:45:21 2015
fstab A 861 Fri May 29 08:43:10 2015
test.file 5 Fri May 29 08:30:17 2015
cdrom DR 0 Thu Sep 23 06:24:55 2010
issue 75 Fri May 29 08:50:45 2015
39109 blocks of size 524288. 34441 blocks available
smb: \> rm issue
smb: \> ls
. D 0 Fri May 29 08:50:51 2015
.. D 0 Fri May 29 08:28:13 2015
mtab 357 Fri May 29 08:47:28 2015
abc D 0 Fri May 29 08:45:21 2015
fstab A 861 Fri May 29 08:43:10 2015
test.file 5 Fri May 29 08:30:17 2015
cdrom DR 0 Thu Sep 23 06:24:55 2010
39109 blocks of size 524288. 34441 blocks available
smb: \>
[myshare]
comment = my share dir
path = /var/shared
public = no
writable = yes
create mode = 0644
dir mode =0755
invalid users = hadoop david cobe黑名单
[root@localhost ~]# smbclient //192.168.100.1/myshare -U david
Enter david‘s password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-20.el6]
tree connect failed: NT_STATUS_ACCESS_DENIED 黑名单
[root@localhost ~]# smbclient //192.168.100.1/myshare -U hive
Enter hive‘s password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-20.el6]
smb: \>
[myshare]
comment = my share dir
path = /var/shared
public = no
writable = yes
create mode = 0644
dir mode =0755
valid users = hadoop david cobe 白名单,其他用户不允许访问
[root@localhost ~]# smbclient //192.168.100.1/myshare -U hive
Enter hive‘s password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-20.el6]
tree connect failed: NT_STATUS_ACCESS_DENIED
服务器
[root@localhost ~]# groupadd mygroup
[root@localhost ~]# usermod -g mygroup alice
[root@localhost ~]# usermod -g mygroup bob
[root@localhost ~]# usermod -g mygroup david
[myshare]
comment = my share dir
path = /var/shared
public = no
writable = yes
create mode = 0644
dir mode =0755
valid users = @mygroup 或者+mygroup
客户机
[root@localhost ~]# smbclient //192.168.100.1/myshare -U alice
Enter alice‘s password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-20.el6]
smb: \>
[root@localhost ~]# smbclient //192.168.100.1/myshare -U hadoop
Enter hadoop‘s password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-20.el6]
tree connect failed: NT_STATUS_ACCESS_DENIED
[root@localhost ~]#
服务器
[myshare]
comment = my share dir
path = /var/shared
public = no
writable = yes
create mode = 0644
dir mode =0755
valid users = @mygroup
hosts allow = 192.168.100.254真实机 限制IP
客户机
[root@localhost ~]# smbclient //192.168.100.1/myshare -U alice
Enter alice‘s password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-20.el6]
tree connect failed: NT_STATUS_ACCESS_DENIED
XP在运行访问
\\192.168.100.1
服务器
[myshare]
comment = my share dir
path = /var/shared
public = no
writable = yes
create mode = 0644
dir mode =0755
valid users = @mygroup
hosts deny = 192.168.10.
利用网页管理,需要先备份一下,否则网页修改的会直接替换 只保留有效信息没有注释
[root@localhost ~]# cd /etc/samba/
[root@localhost samba]# ls
lmhosts smb.conf smbusers
[root@localhost samba]# cp smb.conf smb.conf.bak
[root@localhost samba]# rpm -q samba-swat
samba-swat-3.6.23-20.el6.i686
[root@localhost samba]# service xinetd start
Starting xinetd: [ OK ]
[root@localhost samba]# chkconfig --list
xinetd based services:
chargen-dgram: off
chargen-stream: off
cvs: off
daytime-dgram: off
daytime-stream: off
discard-dgram: off
discard-stream: off
echo-dgram: off
echo-stream: off
rsync: off
swat: off ---->off 默认没开
tcpmux-server: off
time-dgram: off
time-stream: off
swat 套接字 tcp/901
_____________
| |
| xinetd |
_____________
[root@localhost samba]# chkconfig swat on
[root@localhost samba]# chkconfig --list
xinetd based services:
chargen-dgram: off
chargen-stream: off
cvs: off
daytime-dgram: off
daytime-stream: off
discard-dgram: off
discard-stream: off
echo-dgram: off
echo-stream: off
rsync: off
swat: on
tcpmux-server: off
time-dgram: off
time-stream: off
另一种开启方法
[root@localhost samba]# ls /etc/xinetd.d/
chargen-dgram daytime-dgram discard-stream rsync time-dgram
chargen-stream daytime-stream echo-dgram swat time-stream
cvs discard-dgram echo-stream tcpmux-server
[root@localhost samba]# vim /etc/xinetd.d/swat
service swat
{
disable = no yes改为no
port = 901
socket_type = stream 基于tcp ;基于udp叫数据报
wait = no 不等待,允许多个请求并行处理
only_from = 127.0.0.1 只允许谁访问,想要访问先写允许访问的IP地址
user = root
server = /usr/sbin/swat 用这个应用程序响应
log_on_failure += USERID 登陆失败了怎么样,收集UID记录
}
主机访问
http://192.168.100.1:901
利用网页创建
[temprate]
comment = tmp share dir
path = /tmp
valid users = alice, bob, hadoop
write list = alice
read only = No
available = Yes
[root@localhost ~]# smbclient -L //192.168.100.1/myshare -U alice
Enter alice‘s password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-20.el6]
Sharename Type Comment
--------- ---- -------
myshare Disk my share dir
temprate Disk tmp share dir
IPC$ IPC IPC Service (Samba Server Version 3.6.23-20.el6)
alice Disk Home Directories
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-20.el6]
Server Comment
--------- -------
LOCALHOST Samba Server Version 3.6.23-20.el6
Workgroup Master
--------- -------
MYGROUP LOCALHOST
WORKGROUP LYJ
cifs
Common Internet Filesystem 通用网络文件系统
[root@localhost ~]# rpm -ivh /mnt/cdrom/Packages/cifs-utils-4.4-5.el6.i686.rpm
warning: /mnt/cdrom/Packages/cifs-utils-4.4-5.el6.i686.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Preparing... ########################################### [100%]
1:cifs-utils ########################################### [100%]
mount -t cifs -o username=alice //192.168.100.1/myshare /mnt/samba
[root@localhost ~]# mount -t cifs -o username=alice //192.168.100.1/myshare /mnt/samba
Password:
[root@localhost ~]# df -hTP | column -t
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda3 ext4 20G 1.3G 17G 7% /
/dev/sda1 ext4 97M 24M 69M 26% /boot
tmpfs tmpfs 504M 0 504M 0% /dev/shm
//192.168.100.1/myshare/ cifs 20G 1.4G 17G 8% /mnt/samba
[temprate]
comment = tmp share dir
path = /tmp
valid users = alice, bob, hadoop
write list = alice
writable = Yes
[root@localhost ~]# mount -t cifs -o username=david //192.168.100.1/temprate /mnt/samba
Password:
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
不重启更改配置文件
smbcontrol - send messages to smbd, nmbd or winbindd processes
[root@localhost samba]# smbcontrol
[root@localhost samba]# smbcontrol smbd reload-config
//192.168.100.1/myshare /mnt/samba cifs _netdev,username=alice,password=123 0 0
将用户名密码单独写出来:
[root@localhost ~]# vim /etc/samba/abc
username=alice
password=123
[root@localhost ~]# vim /etc/fstab
加一条
//192.168.100.1/myshare /mnt/samba cifs _netdev,credenials=/etc/samba/abc 0 0
[root@localhost ~]# chmod 600 /etc/samba/abc 安全考虑将权限设为600
本文出自 “小运维的逆袭” 博客,请务必保留此出处http://liyongjian5179.blog.51cto.com/10134786/1733360
原文地址:http://liyongjian5179.blog.51cto.com/10134786/1733360
