Samba可以让Linux主机和Windows主机互相共享资源(文件、打印机)。
下面是在RHEL6的实验过程。
参考文档
http://linux.vbird.org/linux_server/0370samba.php
实验环境&实验内容
两台虚拟机,操作系统为RHEL6.5;
虚拟机1用作共享文件,虚拟机2尝试挂载虚拟机1共享的目录。
虚拟机1的IP是192.168.122.50;
虚拟机2的IP是192.168.122.60;
安装所需软件
[root@vserver1 ~]# yum install samba samba-client samba-common
[root@vserver1 ~]# chkconfig smb on [root@vserver1 ~]# chkconfig nmb on
不需要密码的共享
1. 先备份samba配置文件
[root@vserver1 ~]# cp /etc/samba/smb.conf /etc/samba/smb.conf.raw
2. 修改/etc/samba/smb.conf
把原有的配置都注释掉(用分号注释即可,原有的配置可能产生影响)。
添加以下配置
[global]
workgroup = vbirdhouse
netbios name = vbirdserver
server string = This is vbird's samba server
unix charset = utf8
display charset = utf8
dos charset = cp950
log file = /var/log/samba/log.%m
max log size = 50
security = share
load printers = no
[temp]
comment = Temporary file space
path = /tmp
writable = yes
browseable = yes
guest ok = yes
检查语法是否正确
[root@vserver1 ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[temp]" WARNING: The security=share option is deprecated Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] dos charset = cp950 unix charset = utf8 display charset = utf8 workgroup = VBIRDHOUSE netbios name = VBIRDSERVER server string = This is vbird's samba server security = SHARE log file = /var/log/samba/log.%m max log size = 50 load printers = No idmap config * : backend = tdb [temp] comment = Temporary file space path = /tmp read only = No guest ok = Yes
3. 测试:在本地查看共享的目录
[root@vserver1 ~]# /etc/init.d/smb restart [root@vserver1 ~]# /etc/init.d/nmb restart
[root@vserver1 ~]# smbclient -L //127.0.0.1 WARNING: The security=share option is deprecated Enter root's password: Domain=[VBIRDHOUSE] OS=[Unix] Server=[Samba 3.6.9-164.el6] Sharename Type Comment --------- ---- ------- temp Disk Temporary file space IPC$ IPC IPC Service (This is vbird's samba server) Domain=[VBIRDHOUSE] OS=[Unix] Server=[Samba 3.6.9-164.el6] Server Comment --------- ------- VBIRDSERVER This is vbird's samba server Workgroup Master --------- ------- VBIRDHOUSE VBIRDSERVER
4. 测试:本地挂载temp.
[root@vserver1 ~]# mount -t cifs //127.0.0.1/temp /mnt/samba/ Password: [root@vserver1 ~]# ll -a /mnt/samba/
需要登录的共享
1. 修改/etc/samba/smb.conf
[global]
workgroup = vbirdhouse
netbios name = vbirdserver
server string = This is vbird's samba server
unix charset = utf8
display charset = utf8
dos charset = cp950
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
load printers = no
[homes]
comment = Home Directories
browseable = no
writable = yes
create mode = 0664
directory mode = 0775
[project]
comment = smbuser's project
path = /home/project
browseable = yes
writable = yes
write list = @users
2. 建立project目录并修改权限
[root@vserver1 ~]# mkdir /home/project/ [root@vserver1 ~]# chgrp users /home/project/ [root@vserver1 ~]# chmod 2770 /home/project/ [root@vserver1 ~]# ll -d /home/project/ drwxrws---. 2 root users 4096 Dec 21 12:36 /home/project/
3. 创建登录用户
# useradd -G users smb1 # useradd -G users smb2 # useradd -G users smb3 # echo redhat | passwd --stdin smb1 # echo redhat | passwd --stdin smb2 # echo redhat | passwd --stdin smb3
4. 添加用户到samba的数据库(可以设定用于samba登录的密码,不需要跟系统用户密码一致)
# pdbedit -a -u smb1 # pdbedit -a -u smb2 # pdbedit -a -u smb3 # pdbedit -L
5. 测试:本地查询共享目录
[root@vserver1 ~]# /etc/init.d/smb restart [root@vserver1 ~]# /etc/init.d/nmb restart
不登录查询
[root@vserver1 ~]# smbclient -L //127.0.0.1 Enter root's password: Anonymous login successful Domain=[VBIRDHOUSE] OS=[Unix] Server=[Samba 3.6.9-164.el6] Sharename Type Comment --------- ---- ------- project Disk smbuser's project IPC$ IPC IPC Service (This is vbird's samba server) Anonymous login successful Domain=[VBIRDHOUSE] OS=[Unix] Server=[Samba 3.6.9-164.el6] Server Comment --------- ------- VBIRDSERVER This is vbird's samba server Workgroup Master --------- ------- VBIRDHOUSE VBIRDSERVER
登录查询
[root@vserver1 ~]# smbclient -L //127.0.0.1 -U smb1 Enter smb1's password: Domain=[VBIRDHOUSE] OS=[Unix] Server=[Samba 3.6.9-164.el6] Sharename Type Comment --------- ---- ------- project Disk smbuser's project IPC$ IPC IPC Service (This is vbird's samba server) smb1 Disk Home Directories Domain=[VBIRDHOUSE] OS=[Unix] Server=[Samba 3.6.9-164.el6] Server Comment --------- ------- VBIRDSERVER This is vbird's samba server Workgroup Master --------- ------- VBIRDHOUSE VBIRDSERVER
可以看到smb1的家目录。
6. 修改SELinux
[root@vserver1 ~]# chcon -t samba_share_t /home/project/ [root@vserver1 ~]# ll -Zd /home/project/ drwxrws---. root users unconfined_u:object_r:samba_share_t:s0 /home/project/ [root@vserver1 ~]# [root@vserver1 ~]# setsebool -P samba_enable_home_dirs=1
7. 测试:本地挂载
尝试挂载用户家目录
[root@vserver1 ~]# mount -t cifs //127.0.0.1/smb1 /mnt/samba -o username=smb1 Password: [root@vserver1 ~]# ls /mnt/samba/
尝试挂载project目录
[root@vserver1 ~]# umount /mnt/samba/ [root@vserver1 ~]# mount -t cifs //127.0.0.1/project /mnt/samba -o username=smb1 Password: [root@vserver1 ~]# ls /mnt/samba/
8. 测试:尝试在Server2 挂载Server1 的共享目录
[root@vserver1 ~]# netstat -tulnp | grep mbd tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 26225/smbd tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 26225/smbd tcp 0 0 :::445 :::* LISTEN 26225/smbd tcp 0 0 :::139 :::* LISTEN 26225/smbd udp 0 0 192.168.122.255:137 0.0.0.0:* 26239/nmbd udp 0 0 192.168.122.50:137 0.0.0.0:* 26239/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 26239/nmbd udp 0 0 192.168.122.255:138 0.0.0.0:* 26239/nmbd udp 0 0 192.168.122.50:138 0.0.0.0:* 26239/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 26239/nmbd
iptables开放相关端口,在/etc/sysconfig/iptables 中加入
-A INPUT -p tcp -m multiport --dports 445,139 -j ACCEPT -A INPUT -p udp -m multiport --dports 137,138 -j ACCEPT
重启iptables。
在Server2中,尝试挂载project目录。
[root@vserver2 ~]# mount -t cifs //192.168.122.50/project /mnt/samba/ -o username=smb1 Password: [root@vserver2 ~]# ls /mnt/samba/
在Server2中尝试挂载家目录。
[root@vserver2 ~]# mount -t cifs //192.168.122.50/smb1 /mnt/samba/ -o username=smb1 [root@vserver2 ~]# ls /mnt/samba/
iptables & SELinux
与samba相关的端口是:
TCP: 139, 445;
UDP: 137, 138;
SELinux要注意共享文件的context值,以及boolean值。
samba_share_t , public_content_t , public_content_rw_t 是常用的context.
boolean可参考
[root@vserver1 ~]# getsebool -a | grep samba samba_create_home_dirs --> off samba_domain_controller --> off samba_enable_home_dirs --> on samba_export_all_ro --> off samba_export_all_rw --> off samba_portmapper --> off samba_run_unconfined --> off samba_share_fusefs --> off samba_share_nfs --> off sanlock_use_samba --> off use_samba_home_dirs --> off virt_use_samba --> off