大家的云服务器能配置好Samba么
1. 安装iptables防火墙
安装iptables和iptables-services
yum install iptables
yum install iptables-services
*关闭centos自带的防火墙
systemctl stop firewalld
systemctl mask firewalld
2. 清空防火墙默认规则和自定义规则
iptables -P INPUT ACCEPT
iptables -F
iptables -X
iptables -Z
3. 防火墙开放samba服务所需端口和常用端口
vi /etc/sysconfig/iptables
添加以下内容到iptables中
-A INPUT -m state –state NEW -m tcp -p tcp –dport 139 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 445 -j ACCEPT
-A INPUT -m state –state NEW -m udp -p udp –dport 137 -j ACCEPT
-A INPUT -m state –state NEW -m udp -p udp –dport 138 -j ACCEPT
-A INPUT -p tcp –dport 22 -j ACCEPT
-A INPUT -p tcp –dport 21 -j ACCEPT
-A INPUT -p tcp –dport 80 -j ACCEPT
-A INPUT -p tcp –dport 443 -j ACCEPT
-A INPUT -p icmp –icmp-type 8 -j ACCEPT
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-P OUTPUT ACCEPT
4. 开启iptables防火墙
注册iptables服务
systemctl enable iptables.service
开启服务
systemctl start iptables.service
查看状态
systemctl status iptables.service
5. 安装和配置samba
yum install samba
设置samba开机启动
chkconfig smb on
vim /etc/samba/smb.conf,粘贴复制以下内容
[global]
unix charset = gbk
dos charset = gbk
workgroup = img
netbios name = img
server string = uc
security = user
smb ports = 1315 1314 #很重要,貌似阿里云屏蔽了samba默认的端口
[img]
comment = uc
path=/home/xuhaoguang/work
create mask = 0664
directory mask = 0775
writable = yes
valid users = work #登录samba服务的账号
browseable = yes
给samba添加work账号:
smbpasswd -a work
启动samba:
service smb restart
6. 客户端连接samba服务
mac:
command +k ; smb://ip_address:1314
windows:
运行输入:\Samba服务器的ip
我是按照上面的步骤完成阿里云服务器上的samba配置的,仅供大家参考!
怎么给阿里云服务器安装samba
linux
1安装软件samba-3.0.33-3.7.el5.i386.rpm2
2.创建共享文件夹,添加smb用户
3修改/etc/samba/smb.conf
4
[root@testclient ~]# service smb restart
[root@testclient ~]# service cups restart
[root@testclient ~]# chkconfig smb on
[root@testclient ~]# chkconfig cups on
如何配置samba服务器
这个简单,可以参考 《鸟哥的linux私房菜 服务器》 第一个服务器就是samba服务器。具体的来说:
【samba配置文件smb.conf】
一般你装系统的时候会默认安装samba,如果没有安装,只需要运行这个命令安装(CentOS):
“yum install -y samba samba-client”
Samba的配置文件为/etc/samba/smb.conf,通过修改这个配置文件来完成我们的各种需求。打开这个配置文件,你会发现很多内容都用”#”或者”;”注视掉了。先看一下未被注释掉的部分:
[global]
workgroup = MYGROUP
server string = Samba Server Version %v
security = user
passdb backend = tdbsam
load printers = yes
cups options = raw
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
主要有以上三个部分:[global], [homes], [printers]。
[global]定义全局的配置,”workgroup”用来定义工作组,相信如果你安装过windows的系统,你会对这个workgroup不陌生。一般情况下,需要我们把这里的”MYGROUP”改成”WORKGROUP”(windows默认的工作组名字)。
security = user #这里指定samba的安全等级。关于安全等级有四种:
share:用户不需要账户及密码即可登录samba服务器
user:由提供服务的samba服务器负责检查账户及密码(默认)
server:检查账户及密码的工作由另一台windows或samba服务器负责
domain:指定windows域控制服务器来验证用户的账户及密码。
passdb backend = tdbsam # passdb backend (用户后台),samba有三种用户后台:smbpasswd, tdbsam和ldapsam.
smbpasswd:该方式是使用smb工具smbpasswd给系统用户(真实用户或者虚拟用户)设置一个Samba 密码,客户端就用此密码访问Samba资源。smbpasswd在/etc/samba中,有时需要手工创建该文件。
tdbsam:使用数据库文件创建用户数据库。数据库文件叫passdb.tdb,在/etc/samba中。passdb.tdb用户数据库可使用smbpasswd –a创建Samba用户,要创建的Samba用户必须先是系统用户。也可使用pdbedit创建Samba账户。pdbedit参数很多,列出几个主要的:
pdbedit –a username:新建Samba账户。
pdbedit –x username:删除Samba账户。
pdbedit –L:列出Samba用户列表,读取passdb.tdb数据库文件。
pdbedit –Lv:列出Samba用户列表详细信息。
pdbedit –c “[D]”–u username:暂停该Samba用户账号。
pdbedit –c “[]”–u username:恢复该Samba用户账号。
ldapsam:基于LDAP账户管理方式验证用户。首先要建立LDAP服务,设置“passdb backend = ldapsam:ldap://LDAP Server”
load printers 和 cups options 两个参数用来设置打印机相关。
除了这些参数外,还有几个参数需要你了解:
netbios name = MYSERVER # 设置出现在“网上邻居”中的主机名
hosts allow = 127. 192.168.12. 192.168.13. # 用来设置允许的主机,如果在前面加”;”则表示允许所有主机
log file = /var/log/samba/%m.log #定义samba的日志,这里的%m是上面的netbios name
max log size = 50 # 指定日志的最大容量,单位是K
[homes]该部分内容共享用户自己的家目录,也就是说,当用户登录到samba服务器上时实际上是进入到了该用户的家目录,用户登陆后,共享名不是homes而是用户自己的标识符,对于单纯的文件共享的环境来说,这部分可以注视掉。
[printers]该部分内容设置打印机共享。
【samba实践】
注意:在试验之前,请先检测selinux是否关闭,否则可能会试验不成功。关于如何关闭selinux请查看第十五章 linux系统日常管理的“linux的防火墙”部分
1. 共享一个目录,任何人都可以访问,即不用输入密码即可访问,要求只读。
打开samba的配置文件/etc/samba/smb.conf
[global]部分
把”MY GROUP”改成”WORKGROUP”
把”security = user” 修改为“security = share”
然后在文件的最末尾处加入以下内容:
[share]
comment = share all
path = /tmp/samba
browseable = yes
public = yes
writable = no
mkdir /tmp/samba
chmod 777 /tmp/samba
启动samba服务
/etc/init.d/smb start
测试:
首先测试你配置的smb.conf是否正确,用下面的命令
testparm
如果没有错误,则在你的windows机器上的浏览器中输入file://IP/share 看是否能访问
2. 共享一个目录,使用用户名和密码登录后才可以访问,要求可以读写
打开samba的配置文件/etc/samba/smb.conf
[global] 部分内容如下:
[global]
workgroup = WORKGROUP
server string = Samba Server Version %v
security = user
passdb backend = tdbsam
load printers = yes
cups options = raw
然后加入以下内容:
[myshare]
comment = share for users
path = /samba
browseable = yes
writable = yes
public = no
保存配置文件,创建目录:
mkdir /samba
chmod 777 /samba
然后添加用户。因为在[globa]中” passdb backend = tdbsam”,所以要使用” pdbedit” 来增加用户,注意添加的用户必须在系统中存在。
useradd user1 user2
pdbedit -a user1 # 添加user1账号,并定义其密码
pdbedit -a user2
pdbedit -L # 列出所有的账号
测试:
打开IE浏览器输入file://IP/myshare/ 然后输入用户名和密码
3. 使用linux访问samba服务器
Samba服务在linux下同样可以访问。前提是你的linux安装了samba-client软件包。安装完后就可以使用smbclient命令了。
smbclient //IP/共享名 -U 用户名
如:[root@localhost]# smbclient //10.0.4.67/myshare/ -U user1
Password:
Domain=[LOCALHOST] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_6.2]
smb: \>
出现如上所示的界面。可以打一个”?”列出所有可以使用的命令。常用的有cd, ls, rm, pwd, tar, mkdir, chown, get, put等等,使用help + 命令可以打印该命令如何使用,其中get是下载,put是上传。
另外的方式就是通过mount挂载了:
如:
mount -t cifs //10.0.4.67/myshare /mnt -o username=user1,password=123456
格式就是这样,要指定-t cifs //IP/共享名本地挂载点 -o后面跟username 和 password
挂载完后就可以像使用本地的目录一样使用共享的目录了。
在阿里云服务器上搭建samba,为什么怎么都不成功?
官网登陆——》控制台——》云服务器ECS——》网络和安全——》安全组——》配置规则——》添加安全组规则
配置文件可以这样
[public]
comment = Public Stuff
path = /var/samba/public
public = no
writable = no
printable = no
browseable = yes
admin users = admin
valid users = guest
创建个用户
echo -e "test\guest" | smbpasswd -s -a guest
追问
安全规则是早已经添加了的,配置文件我照你的改了 , 添加用户的时候提示是这样的
pdbedit -L 查看samba用户的时候也没有查到创建成功。
Linux如何搭建samba服务
主配置文件:
/etc/samba/smb.conf
#=================== Global Settings===============
[global]部分设置,主要就是下列几项,其余可以保持不变,当然你要比较复杂高级的功能服务的话,那就另当别论了;
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = MSHOME #主机所属工作组名称
# server string is the equivalent of the NT Description field
server string = Samba Server #SAMBA服务器主机的注释,可选,但是建议还是留着,而且尽量写的详细准确,有助于识别;
# Security mode. Most people will want user level security. See security_level.txt for details.
security = share #安全模式,由于是共享目录,所以用share;
#==================== Share Definitions ==========
共享部分设置其它保存不动,直接在最后面添加你要共享的目录即可,同时要注意其访问权限;
[nfs]
path = /var/nfs
public = yes
writable = yes
/var/nfs目录对所有用户都可读可写;
四、启动服务
通过以上简单的设置,重启服务后,即可在Windows下在网上邻居中进行访问;
在FC5下,服务名为smb及nmb,启动smb时自动将nmb也启动;
五、注意事项
1、防火墙问题
2、确保共享目录的访问权限
3、通过网上邻居访问相应共享目录前,必须确保目录在服务器上存在。
范本:vi /etc/samba/smb.conf
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = WORKGROUP
netbios name = rayman_linux
# server string is the equivalent of the NT Description field
server string =Linux Samba Server TestServer
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
; hosts allow = 192.168.1. 192.168.2. 127.
# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
printcap name = /etc/printcap
load printers = yes
# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx, cups
printing = cups
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
guest account = detack
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/%m.log
# Put a capping on the size of the log files (in Kb).
max log size = 0
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = share
# Use password server option only with security = server
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
; password server = <NT-Server-Name>
# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
; password level = 8
; username level = 8
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
# The following is needed to keep smbclient from spouting spurious errors
# when Samba is built with support for SSL.
; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
# The following are needed to allow password changing from Windows to
# update the Linux system password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
# the encrypted SMB passwords. They allow the Unix password
# to be kept in sync with the SMB password.
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
# You can use PAM's password change control flag for Samba. If
# enabled, then PAM will be used for password changes when requested
# by an SMB client instead of the program listed in passwd program.
# It should be possible to enable this without changing your passwd
# chat parameter for most setups.
pam password change = yes
# Unix users can map to different SMB User names
; username map = /etc/samba/smbusers
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /etc/samba/smb.conf.%m
# This parameter will control whether or not Samba should obey PAM's
# account and session management directives. The default behavior is
# to use PAM for clear text authentication only and to ignore any
# account or session management. Note that Samba always ignores PAM
# for authentication in the case of encrypt passwords = yes
obey pam restrictions = yes
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24
# Configure remote browse list synchronisation here
# request announcement to, or browse list sync from:
# a specific host or from / to a whole subnet (see below)
; remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
; remote announce = 192.168.1.255 192.168.2.44
# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 33
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
; preferred master = yes
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = no
# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
; preserve case = no
; short preserve case = no
# Default case is normally upper case for all DOS files
; default case = lower
# Be very careful with case sensitivity - it can break things!
; case sensitive = no
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775
# If you want users samba doesn't recognize to be mapped to a guest user
; map to guest = bad user
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /usr/local/samba/profiles
; browseable = no
; guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = @staff
# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /home/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes
# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no
# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/local/pc/%m
; public = no
; writable = yes
# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
[public]
path = /home/detack/app/tomcat
public = yes
browseable = yes
writable = yes
printable = no
guest ok = yes
# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765