SAMBA服务器

SAMBA可以实现在局域网内Linux/UNIX和Windows的文件共享和打印机共享
本文环境是CentOS Linux release 7.1.1503 (Core)
cat /etc/redhat-release

0x01 安装SAMBA

# 查看
yum list all samba*
# 安装
yum -y install samba.x86_64

0x02 配置SAMBA

# 配置文件路径
/etc/samba/
# 配置文件说明,samba的配置文件分段
grep -i 'Options -' /etc/samba/smb.conf
#======================= Global Settings =====================================
[global]
# ----------------------- Network-Related Options -------------------------
        workgroup = MYGROUP
        server string = Samba Server Version %v
;       netbios name = MYSERVER
;       interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
;       hosts allow = 127. 192.168.12. 192.168.13.
;       max protocol = SMB2
# --------------------------- Logging Options -----------------------------
        # log files split per-machine:
        log file = /var/log/samba/log.%m
        # maximum size of 50KB per log file, then rotate:
        max log size = 50
# ----------------------- Standalone Server Options ------------------------
        security = user
        passdb backend = tdbsam
# ----------------------- Domain Members Options ------------------------
;       security = domain
;       passdb backend = tdbsam
;       realm = MY_REALM

;       password server = <NT-Server-Name>
# ----------------------- Domain Controller Options ------------------------
# ----------------------- Browser Control Options ----------------------------
;       local master = no
;       os level = 33
;       preferred master = yes
# --------------------------- Printing Options -----------------------------
        load printers = yes
        cups options = raw
;       printcap name = /etc/printcap
        # obtain a list of printers automatically on UNIX System V systems:
;       printcap name = lpstat
;       printing = cups
# --------------------------- File System Options ---------------------------
#============================ Share Definitions ==============================
[homes]
        comment = Home Directories
        browseable = no
        writable = yes
;       valid users = %S
;       valid users = MYDOMAIN\%S
[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes
        
[shared name]
    comments = 
    path = 
    browseable = 
    public = // guest ok = 
    read only = 
    writable = // read only与writable如果同时间出现,哪个严格遵从哪个
    write list = user1, user2, @group1
    valid users = // 白名单
    invalid users = // 黑名单
    
# 测试配置文件是否OK
testparm
# 启动服务
systemctl start smb
# 查看端口 samba使用端口139/tcp,445/tcp
netstat -tunlp
# 将系统用户加入Samba账户(密码单独的)
smbpasswd -a ysai

0x03 配置SELinux

chcon -t samba_share_t /home/samba/share/test/

# setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
# 这句有错getsebool –a | grep samba_export
# semanage fcontext –at samba_share_t "/home/samba/share/test(/.*)?"
# restorecon /home/samba/share/test/

0x04 配置FireWalld

firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload

0x05 遇到的一些问题

# 将samba设置为开机自启
chkconfig --level 35 smb on             //在3、5级别上自动运行samba服务
# 同这种一样systemctl enable smb.service
chkconfig --list | grep smb
# 查看selinux状态
sestatus
# 临时关闭selinux
setenforce 0
# 永久关闭selinux,修改如下文件,需要重启
cat /etc/selinux/config
#SELINUX=enforcing
SELINUX=disabled
# 关闭firewalld
systemctl stop firewalld
# samba权限是共享权限和用户权限的交集