SAMBAファイル共有紹介及び実戦構築
Sambaサービスの主なプロセス:
NetBIOSはNetwork Basic Input/Output Systemの略称であり、一般的にローカルエリアネットワーク通信に用いられる一連のAPIを指す.
二、任務の需要
, cw,rs,sc pub, :
1. , /smb/cw , :
cw01 , ,boss01 。
2. , /smb/sc, :
, ,boss02 。
3. , /smb/rs , :
rs01HR ,HR ,vip
4、 , /smb/pub, ,
##三、sambaサーバー構築
1.Sambaソフトウェアのインストール
[root@smb-server ~]# yum install samba
......
:
samba.x86_64 0:4.9.1-6.el7
:
cups-libs.x86_64 1:1.6.3-40.el7
libldb.x86_64 0:1.4.2-1.el7
libtalloc.x86_64 0:2.1.14-1.el7
libtdb.x86_64 0:1.3.16-1.el7
libtevent.x86_64 0:0.9.37-1.el7
libwbclient.x86_64 0:4.9.1-6.el7
pytalloc.x86_64 0:2.1.14-1.el7
samba-client-libs.x86_64 0:4.9.1-6.el7
samba-common.noarch 0:4.9.1-6.el7
samba-common-libs.x86_64 0:4.9.1-6.el7
samba-common-tools.x86_64 0:4.9.1-6.el7
samba-libs.x86_64 0:4.9.1-6.el7
2.プロファイルの理解
[root@samba ~]# vim /etc/samba/smb.conf
[global]
workgroup = SAMBA samba
security = user :share |user |server
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
log file = /var/log/samba/log.%m
max log size = 50 KB
cups options = raw
[homes] ( )
comment = Home Directories
valid users = %S, %D%w%S
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no ——> public = no
writable = no ——> read only =yes
printable = yes
3.関連ユーザーとディレクトリおよびディレクトリ権限の作成
[root@smb-server ~]# mkdir /samba/{cw,rs,sc,pub} -p
[root@smb-server ~]# groupadd group
[root@smb-server ~]# groupadd cw
[root@smb-server ~]# groupadd rs
[root@smb-server ~]# groupadd sc
[root@smb-server ~]# useradd cw01 -g cw -G group
[root@smb-server ~]# useradd cw02 -g cw -G group
[root@smb-server ~]# useradd rs01 -g rs -G group
[root@smb-server ~]# useradd rs02 -g rs -G group
[root@smb-server ~]# useradd sc01 -g sc -G group
[root@smb-server ~]# useradd sc02 -g sc -G group
[root@smb-server ~]# useradd boss01 -g group
[root@smb-server ~]# useradd boss02 -g group
[root@smb-server ~]# useradd vip
:
[root@smb-server ~]# chmod 700 -R /smb
[root@smb-server ~]# chgrp itcast /smb
[root@smb-server ~]# chgrp cw /smb/cw
[root@smb-server ~]# chgrp rs /smb/rs
[root@smb-server ~]# chgrp sc /smb/sc
[root@smb-server ~]# chgrp itcast /smb/pub
ACL :
[root@smb-server ~]# setfacl -m g:itcast:rx /smb
[root@smb-server ~]# setfacl -m g:cw:rwx /smb/cw
[root@smb-server ~]# setfacl -m g:rs:rwx /smb/rs
[root@smb-server ~]# setfacl -m g:sc:rwx /smb/sc
[root@smb-server ~]# chmod 1777 /smb/pub/
[root@smb-server ~]# setfacl -m u:vip:rx /smb/
[root@smb-server ~]# setfacl -m u:vip:rx /smb/rs/
4.構成の変更:
samba , ,
[root@smb-server ~]# tail -19 /etc/samba/smb.conf
[cw]
path=/smb/cw
valid users = boss01,@cw,@rs
write list = cw01,boss01
[rs]
path=/smb/rs
valid users = vip,@rs
write list = rs01
[sc]
path=/smb/sc
valid users = @group
write list = @sc,boss02
[pub]
path=/smb/pub
valid users = @group,vip // vip ,
writable = yes
mount.cifs , cifs-utils-4.8.1-19.el6.x86_64
5.Sambaデータベースのユーザー情報の追加
smb ,
[root@smb-server ~]# smbpasswd -a cw01
New SMB password:
Retype new SMB password:
Added user cw01.
[root@smb-server ~]# smbpasswd -a cw02
New SMB password:
Retype new SMB password:
Added user cw02.
[root@smb-server ~]# smbpasswd -a rs01
New SMB password:
Retype new SMB password:
Added user rs01.
[root@smb-server ~]# smbpasswd -a rs02
New SMB password:
Retype new SMB password:
Added user rs02.
[root@smb-server ~]# smbpasswd -a sc01
New SMB password:
Retype new SMB password:
Added user sc01.
[root@smb-server ~]# smbpasswd -a sc02
New SMB password:
Retype new SMB password:
Added user sc02.
[root@smb-server ~]# smbpasswd -a boss01
New SMB password:
Retype new SMB password:
Added user boss01.
[root@smb-server ~]# smbpasswd -a boss02
New SMB password:
Retype new SMB password:
Added user boss02.
[root@smb-server ~]# smbpasswd -a vip
New SMB password:
Retype new SMB password:
Added user vip.
6.サービスの開始
[root@smb-server ~]# service nmb start
Starting NMB services: [ OK ]
[root@smb-server ~]# service smb start
Starting SMB services: [ OK ]
[root@smb-server ~]#
7.Samba共有へのアクセス
windows : : ip:\smb\{rs,cw,pub,sc}
linux :
smb :
[root@client ~]# smbclient -L 10.1.1.1 -U user01
Enter user01's password:
-L:
-U:
:
[root@client ~]# mount.cifs -o user=user01,pass=123 //10.1.1.1/samba/share /u01
8.テスト検証
[root@client ~]# smbclient //10.1.1.2/cw -U cw01
Enter cw01's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.9-164.el6]
smb: \> ls
. D 0 Sat Apr 21 10:12:11 2018
.. D 0 Sat Apr 21 10:12:11 2018
35418 blocks of size 524288. 25177 blocks available
smb: \> mkdir aaa
smb:\>
//boss01
[root@client ~]# smbclient //10.1.1.2/cw -U boss01
Enter boss01's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.9-164.el6]
smb: \> mkdir bbb
smb: \>
//cw02
[root@client ~]# smbclient //10.1.1.2/cw -U cw02
Enter cw02's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.9-164.el6]
smb: \> ls
. D 0 Sat Apr 21 10:48:15 2018
.. D 0 Sat Apr 21 10:12:11 2018
aaa D 0 Sat Apr 21 10:45:23 2018
bbb D 0 Sat Apr 21 10:48:15 2018
35418 blocks of size 524288. 25177 blocks available
smb: \> mkdir ccc
NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \ccc
smb: \>
// ,
[root@client ~]# smbclient //10.1.1.2/cw -U rs01
Enter rs01's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.9-164.el6]
smb: \> ls
. D 0 Sat Apr 21 10:48:15 2018
.. D 0 Sat Apr 21 10:12:11 2018
aaa D 0 Sat Apr 21 10:45:23 2018
bbb D 0 Sat Apr 21 10:48:15 2018
35418 blocks of size 524288. 25177 blocks available
smb: \> mkdir ccc
NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \ccc
smb: \>
//cw01 rs ,
[root@client ~]# smbclient //10.1.1.2/rs -U cw01
Enter cw01's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.9-164.el6]
tree connect failed: NT_STATUS_ACCESS_DENIED