2024年1月12日发(作者:)
实训指导书三: Samba服务器配置及访问Samba共享一.
实训目的:1.
驾驭
rpm吩咐安装软件包的方法2.
了解samba服务器的配置文件的编辑和运用方法;3.
驾驭Samba服务器的安装和配置方法;4.
运用samba共享用户认证和文件系统;5.
驾驭Linux与Windows的资源共享和互访方法。二.
实训内容:1.
利用rpm吩咐安装软件包的方法;2.
安装、配置Samba服务器并启动;3.
从Linux访问Windows资源;4.
从Windows访问Linux的资源;5.
Samba项目练习。三.
实训练习:1. SMB协议和Samba简介1.1 SMB协议为了使Windows 主机间的资源能够共享,微软于1980年开发了SMB(Server Message Block服务信息块)通信协议,并通过SMB通信协议,使网络上各台主机之间能够共享文件、打印机等资源;目前类似这种资源共享的通信协议还有NFS、Appletalk、Netware等。1.2 Samba简介
在局域网中,Windows 主机彼此间可利用“网上邻居”来访问共享的资源,NFS也能使Linux 主机之间实现资源共享。但如何能使Windows 主机和Linux主机之间实现资源共享呢?
微软的“网上邻居”就是Windows 上利用SMB通信协议实现资源共享的程序。通过运用“网上邻居”,用户在网上共享资源的操作简洁便利。有鉴于此,
Linux 爱好者起先在Linux 主机上实现SMB通信协议。Samba是用来实现SMB的一种软件,由澳大利亚的Andew Tridgell开发,是一种在Linux 环境里运行的自由软件。Samba的工作原理是让NetBIOS和SMB运行在TCP/IP之上,且运用NetBIOS的nameserver让Linux机器可以在Windows 网络邻居里被阅读。它使得Windows
主机和Linux主机之间实现了资源共享。
1.3 Samba软件的功能
SMB通信协议采纳的是Client/Server架构,因此Samba 软件可以分为客户端和服务器端两部分。通过执行Samba 客户端程序,Linux 主机便可以运用网络上Windows 主机所共享的资源;而在Linux 主机上安装Samba 服务器,则可以使Windows 主机访问Linux Samba 服务器共享的资源Samba 供应了以下功能:
(1)共享Linux 的文件系统(2)共享安装在Samba 服务器上的打印机(3)运用Windows 系统共享的文件和打印机
(4)支持 Windows 域限制器和Windows 成员服务器对运用Samba 资源的用户进行认证(5)支持WINS名字服务器解析及阅读(6)支持SSL平安套接层协议
2. Samba实训在本次试验起先之前,请确保把Linux的防火墙规划清掉,让相应的端口通过。任务一 Samba安装和启动samba服务,假如没有安装挂载Linux第一张安装光盘,利用rpm -ivh吩咐安装samba,samba-common和samba-client RPM 软件包并且启动smb服务。任务一步骤:1)假如用户在安装Linux 时已经安装了Samba ,就无需再安装了,可以通过下列吩咐确定是否已经安装了Samba 。
查询系统是否安装Samba:
检测系统是否安装了
# rpm –qa | grep samba
samba-commom -2.2.7a-7.9.0
samba-2.2.7a-7.9.0
samba-client-2.2.7a-7.9.0
redhat-config-samba-1.0.4-1
samba-swat-2.2.7a-7.9.0
若出现这5个软件包,则表示已经安装了Samba ,否则必需安装Samba 。
2)单击菜单栏“虚拟机”,选择“可移动设备—>CD-ROM” ,载入第一张ISO映像文件,例如: D:RedHatLinux_ISOFilesRedHatLinux9_i386_,将光盘挂载到
/mnt/cdrom书目;# mount /dev/cdrom /mnt/cdrom
3)切换到放置rpm文件的书目;# cd /mnt/cdrom/RedHat/RPMS
4)Samba 必备的程序,必需安装;# rpm -ivh samba-commom -
5)安装Samba 服务器程序,可以使Windows 主机访问Samba 服务器共享的资源;
# rpm -ivh
6)安装Samba 客户端程序,可以使Linux 主机访问Windows 主机上的共享资源;# rpm -ivh
或者4),5)和6)合为如下操作:# rpm –ivh /mnt/cdrom/RedHat/RPMS /samba-c*# rpm –ivh /mnt/cdrom/RedHat/RPMS /samba-2*7)启动smb服务;#service smb start当能看到下面的显示,就表示启动胜利。
Starting SMB service [确定]Starting NMB service [确定]
启动smb服务也可以运用吩咐:# /etc/init.d/smb start8) 停止smb服务 ;#service smb stop或者:# /etc/init.d/smb stop8) 重启smb服务# /etc/init.d/smb restart或者:#service smb restart任务二 Windows资源共享与运用
1.Windows资源共享:
1)运用TCP/IP协议作为Windows系统网络默认通讯协议;2) 在主机Windows操作系统中的DOS吩咐模式下运行ipconfig /all指令得到本地连接的IP地址和子网掩码,例如:192.168.1.6,255.255.255.0;3)在虚拟机中以root用户登录,确保把Linux的防火墙规划清掉。启动终端,运用ifconfig指令对虚拟机的网络地址进行配置,将虚拟机和主机配置在一个网段:(详细地址视实际状况而定);#man ifconfig (查看ifconfig吩咐的用法)#ifconfig (查看当前虚拟网卡配置)#ifconfig eth0 192.168.1.16 netmask 255.255.255.0 (配置当前虚拟网卡)#ifconfig eth0 up(启动网络连接)假如能ping通,表明连接正常。假如不能ping通,检查Windows主机防火墙配置(是否防止Ping入);4) 设置好Windows系统计算机名(例如:WINSERVER)和所属工作组(例如:WORKGROUP);
6)在Windows系统建立文件夹smb_win_test,运用写字板建立文件windows_,,内容为:“This is a file for the Linux smb test!”,共享文件夹smb_win_test ;7)在Windows系统建立用户test,密码为:“123456”2.Windows共享资源的运用:1)确认Linux虚拟机和Windows主机配置在一个网段上,网络连接正常;2)在Linux虚拟机上启动smb服务;# service smb start当能看到下面的显示,就表示启动胜利;
Starting SMB service [确定]Starting NMB service [确定]3) 在Linux计算机上,执行以下吩咐;# smbclient -L 192.168.1.6将在Linux计算机上列表显示出Windows系统计算机WINSERVER所供应的全部共享信息;
4) 在Linux计算机上,执行以下吩咐;
# smbclient //192.168.1.6/smb_win_test -U test
其中test是Windows 计算机上的用户,系统提示输入test的密码,输入“123456”,
密码验证正确后,系统提示:
smb:>
此时表明已正确登录到Samba服务器上,可以用smbclient的指令,象用FTP指令一样上传和下载文件。smbclient 吩咐说明吩咐 或help [command]![shell command]cd [书目]lcd [书目]dir 或ls
exit 或quit
说明供应关于帮助或某个吩咐的帮助;执行所用的SHELL吩咐,或让用户进入 SHELL提示符;切换到服务器端的指定书目,如未指定,则返回当前本地书目;切换到客户端指定的书目;列出服务器端当前书目下的文件;退出smbclient;
get file1 file2 从服务器上下载file1,并以文件名file2存在本地机上;假如不想改名,可以把file2省略;mget file1 file2 file3 filen 从服务器上下载多个文件;md或mkdir 书目在服务器上创建书目;rd或rmdir 书目删除服务器上的书目put file1 [file2]向服务器上传一个文件file1,传到服务器上改名为file2;mput file1 file2 filen 向服务器上传多个文件 5)运用md吩咐在Windows服务器上建立“passwd_bak”书目,将Linux系统中/etc/passwd,/etc/group和/etc/shadow等3个文件上传到Windows服务器的“passwd_bak”书目中,在Windows系统中运用写字板查看这3个文件。写出操作吩咐和过程,并加以验证。6)在Linux系统中/root书目下建立书目 /smb_linux_test,将Widows系统中在
“smb_win_test”书目下的文件 windows_下载到本机/root /smb_linux_test书目下,更命为windows_test_to_,在Linux系统中运用gedit查看这个文件。写出操作吩咐和过程,并加以验证。7)运用smbmount吩咐
知道某台主机所共享的资源后,执行smbmonut吩咐将远程共享挂载到本地。先创建挂载点书目:# mkdir –p /mnt/smb/win_share_dir将远程共享//192.168.1.6/smb_win_test挂载到本地书目/mnt/smb/win_share_dir# smbmount //192.168.1.6/smb_win_test /mnt/smb/win_share_dir# cd /mnt/smb/win_share_dir这样就可以象访问本机书目一样操作此挂载的书目了。若要卸载已挂载的书目,则执行umount吩咐即可。
# umount /mnt/smb/win_share_dir任务三 samba服务器的配置文件的编辑和运用方法
Samba最主要的配置文件是 /etc/samba/,其中有许多选项可以设置,但作为初学者,只须要驾驭其中一小部分选项的设置就可以配置所须要的Samba服务器了。在了解基本配置的基础上,就能很快架设一个基本的Samba服务器。在基本配置文件中,也只用到其中一小部分吩咐选项。
全局参数的配置在[global]字段中,没有出现(或被注释)的参数,Samba 采纳的是默认配置。
1)Samba的全局参数的配置# This is the main Samba configuration file. You should read the
# (5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#================== Global Settings ============================
[global]
#这是配置文件中关于全局参数的设置部分。
…………
workgroup = SMBGROUP
#这是设置服务器所要加入的工作组的名称,会在Windows 的“网上邻居”中能看到MYGROUP工作组,可以在此设置所须要的工作组的名称。
netbios name=smb-server
#设置出现在“网上邻居”中的主机名。默认状况下,则运用真正的主机名。
server string = Samba Server
#这是设置服务器主机的说明信息,当在Windows 的“网上邻居”中打开Samba 上设置的工作组时,在Windows 的资源管理器窗口,会列出“名称”和“备注”栏,其中“名称”栏会显示出Samba服务器的NetBios名称,而“备注”栏则显示出此处设置的“Samba
Server”。当然,可以修改默认的“Sambe Server”,运用自己的描述信息。
hosts allow = 192.168.1. 127
#这里是设置允许什么样的IP地址的主机访问Samba服务器。默认的状况下,hosts allow选项被注释,表示允许全部IP地址的主机访问。
guest account = pcguest
#设置当访问那些被设置了“guest ok=yes”参数的资源时所要运用的帐号名。默认的帐号为”nobody”,假如不想用默认的值,则应当去掉注释用的分号,用你想要的帐号(如pcguest、
zhangsan等 ),然后,你必需将这一新帐号加入到/etc/passwd文件中去。
client code page=950
设置客户端访问Samba 服务器时所运用的字符编码表(code page),默认值为850,假如Samba 服务器要运用年中文名称来来命名共享的资源,要将此值改为950
log file = /var/log/samba/%
#这一选项要求Samba服务器为每一个连接的机器运用一个单独的日志文件,指定文件的位置,名称。Samba会自动将%m转换成连接主机的NetBios名。
max log size = 0
指定日志文件的最大容量(以KB为单位),设置为0,表示没有限制。默认值为5000。
max disk size =1000#设置能够共享的最大磁盘空间,单位为MB,默认值为0,表示不作任何限制。
max open file =100
#设置同一客户端最多能打开文件的数目,默认值为10000个。
security = user
#设置Samba服务器的平安等级。默认状况下,运用user等级。
#Samba服务器一共有四种平安等级。
share: 运用此等级,用户不须要帐号及密码可以登陆Samba服务器。
user: 运用此等级,由供应服务的Samba服务器检查用户帐号及密码。
server: 运用此等级,检查帐号及密码的工作可指定另一台Samba服务器负责。domain: 运用此等级,须要指定一台Windows NT/2000/XP服务器(通常为域限制器),以验证用户输入的帐号及密码。
; password server =
#假如平安等级为“server”或“domain”,则运用此选项指定要验证密码的主机名。
password level = 8
username level = 8
#设置当验证用户口令和帐号时最多允许几个大小写字不同。默认值为0。
encrypt passwords = yes
#设置当Samba客户端将帐号及密码传送到服务器端时,是否实行密码加密的方式。客户的操作系统假如是Windows 95 OSR2 及NT SP3以后的版本,应当将此选项的值设为yes,默认值为no。
smb passwd file = /etc/samba/smbpasswd
#设置在Samba服务器上存放加密的密码文件的位置(留意:Samba服务器与Linux采纳不同的密码文件)。
2)设置共享资源参数comment
#针对共享资源所作的说明、注释部分
browseable
#设置用户是否可以看到此共享资源。默认值为yes,若将此参数设置为no,用户虽然看不到此资源,但是拥有权限的用户仍可干脆输入该资源的网址来访问该资源。
writable
#设置共享的资源是否可以写入。若共享资源是打印机,则不需设置此参数
#设置可访问的用户。系统会自动将%S转换成登录帐号。
create mode
# 设置文件的访问权限,默认值为0744。
directory mode
设置书目的访问权限,默认值为0755。
path
#若共享资源是书目,则指定书目的位置;若为打印机,则指定打印机队列的位置。
read only
#设置共享资源是否只读或可以写入,默认值为yes。若共享资源为打印机时,此参数无任何意义。这一项与writable相反。
Public
#等同于guest ok选项,表示是否允许用户不运用帐号和密码便能访问此资源。假如起用此功能,当用户没有帐号和密码时,则会利用“guest account=”所设置的帐号名登录。该选项默认值为no,即不允许没有帐号即密码的用户运用此资源。
avalible
#设置是否启用此共享资源。默认值为yes。若将此参数设置为no,则不管其他参数设置为什么,全部人均不得运用此资源。
valid users
3)配置Samba文件共享举例以下通过配置3个不同的共享书目为例,可以知道配置Samba文件共享的一般方法。
[global]
…………
#采纳前面的[global]配置
[homes]
#用来配置用户访问自己的书目
comment = Home Directories
#注释
browseable = no
#用户私人书目,不给别人阅读(并不是不允许别人访问)
writable = yes
#允许用户写入自己的书目
valid users = %S
#可访问的用户局限于用户自己。%s会被自动转换为登录帐号。
create mode = 0664
#文件的访问权限
directory mode = 0775
#书目的访问权限
# This one is useful for people to share files
[tmp]
#这个部分为全部用户供应临时共享的方式
comment = Temporary file space
#注释文字
path = /tmp
#指定位置
read only = no
#可以读写
public = yes
#允许用户不用帐号和密码访问
[public]
# 这个部分为全部用户供应可以共同访问的书目。允许staff组用户写入,但其他用户只可访问,不能写入。
comment = Public Stuff
path = /home/samba
public = yes
writable = yes
printable = no
write list = @staff
# write list参数是用来设置具有写权限的用户列表。这里只允许staff组的成员有写的权限
[fredsdir]
#这个部分用来设置某一用户fred的访问权限。
comment = Fred’s Service
path = /usr/fred/private
valid users = fred
#只有fred可以访问(留意:即使security=share,也不代表用户登录Linux 主机后可以访问随意资源。)该共享书目
public = no
writable = yes
printable = no
任务四 Linux资源共享与运用项目1:四个用户joe、karl、mary和smith除了有他们自己的在服务器上的共享,这四位用户同时在同一个部门工作并且须要一个地方来存储部门的文件。我们将须要一个Linux用户组,建立二个书目给这些用户来存储它们的内容,/smb_test/public允许组中的用户都可以写,而/smb_test/legal只允许joe写,且配置samba服务器来共享书目。•增加用户组:# groupadd -g 6000 legal•增加用户:# useradd -m -u 5001 -g 6000 joe# useradd -m -u 5002 -g 6000 karl# useradd -m -u 5003 -g 6000 mary# useradd -m -u 5004 -g 6000 smith•修改用户密码:# passwd joe# passwd karl# passwd mary
# passwd smith•建立书目:# mkdir -p /smb_test/legal# mkdir -p /smb_test/public•修改书目的组拥有者:# chgrp legal /smb_test/legal# chgrp legal /smb_test/public•修改书目的拥有者:# chown joe /smb_test/legal# chown karl /smb_test/public•修改书目的FAP:# chmod 770 /smb_test/legal# chmod 770 /smb_test/public•建立samba用户密码文件:# cat /etc/passwd | >/etc/samba/smbpasswd•修改用户samba密码:# smbpasswd joe# smbpasswd karl# smbpasswd mary# smbpasswd smith
•修改samba配置文件:#gedit /etc/samba/# This is the main Samba configuration file. You should read the# (5) manual page in order to understand the options listed# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example## Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a ## for commentry and a ; for parts of the config file that you# may wish to enable## NOTE: Whenever you modify this file you should run the command "testparm"# to check that you have not made any basic syntactic errors.
##======================= Global Settings =====================================[global]# workgroup = NT-Domain-Name or Workgroup-Name workgroup = MSHOME# server string is the equivalent of the NT Description field server string = Samba Server# This option is important for security. It allows you to restrict# connections to machines which are on your local network. The# following example restricts access to two C class networks and# the "loopback" interface. For more examples of the syntax see# the man page hosts allow = 192.168.1. 192.168.2. 127.# if you want to automatically load your printer list rather# than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes# It should not be necessary to spell out the print system type unless# yours is non-standard. Currently supported print systems include:# bsd, sysv, plp, lprng, aix, hpux, qnx, cups printing = cups# Uncomment this if you want a guest account, you must add this to /etc/passwd# otherwise the user "nobody" is used; guest account = pcguest# this tells Samba to use a separate log file for each machine# that connects log file = /var/log/samba/%
# Put a capping on the size of the log files (in Kb). max log size = 80# Security mode. Most people will want user level security. See# security_ for details. security = user# Use password server option only with security = server# The argument list may include:# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]# or to auto-locate the domain controller/s# password server = *; password server =
*passwd:*all*authentication*tokens*updated*successfully*# You can use PAM's password change control flag for Samba. If# enabled, then PAM will be used for password changes when requested# by an SMB client instead of the program listed in passwd program.# It should be possible to enable this without changing your passwd
# chat parameter for most setups. pam password change = yes# Unix users can map to different SMB User names; username map = /etc/samba/smbusers# Using the following line enables you to customise your configuration# on a per machine basis. The %m gets replaced with the netbios name# of the machine that is connecting; include = /etc/samba/.%m# This parameter will control whether or not Samba should obey PAM's# account and session management directives. The default behavior is# to use PAM for clear text authentication only and to ignore any# account or session management. Note that Samba always ignores PAM# for authentication in the case of encrypt passwords = yes obey pam restrictions = yes# Most people will find that this option gives better performance.# See and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192# Configure Samba to use multiple interfaces# If you have multiple network interfaces then you must list them# here. See the man page for details.# Configure remote browse list synchronisation here# request announcement to, or browse list sync from:#a specific host or from / to a whole subnet (see below)# Cause this host to announce itself to local subnets here# Browser Control Options:# set local master to no if you don't want Samba to become a master# browser on your network. Otherwise the normal election rules apply; local master = no# OS Level determines the precedence of this server in master browser# elections. The default value should be reasonable; os level = 33
# Domain Master specifies Samba to be the Domain Master Browser. This# allows Samba to collate browse lists between subnets. Don't use this# if you already have a Windows NT domain controller doing this job; domain master = yes
# Preferred Master causes Samba to force a local browser election on startup# and gives it a slightly higher chance of winning the election; preferred master = yes# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes# if you enable domain logons then you may want a per-machine or# per user logon script# run a specific logon batch file per workstation (machine); logon script = %# run a specific logon batch file per username; logon script = %# Where to store roving profiles (only for Win95 and WinNT)# %L substitutes for this servers netbios name, %U is username# You must uncomment the [Profiles] share below; logon path = %LProfiles%U# Windows Internet Name Serving Support Section:# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server; wins support = yes# WINS Server - Tells the NMBD components of Samba to be a WINS Client#Note: Samba can be either a WINS Server, or a WINS Client, but NOT both# WINS Proxy - Tells Samba to answer name resolution queries on# behalf of a non WINS capable client, for this to work there must be# at least oneWINS Server on the network. The default is NO.; wins proxy = yes# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names# via DNS nslookups. The built-in default for versions 1.9.17 is yes,# this has been changed in version 1.9.18 to no. dns proxy = no
# Case Preservation can be handy - system default is _no_# NOTE: These can be set on a per share basis; preserve case = no; short preserve case = no# Default case is normally upper case for all DOS files; default case = lower# Be very careful with case sensitivity - it can break things!; case sensitive = no#============================ Share Definitions ==============================[homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775# If you want users samba doesn't recognize to be mapped to a guest user; map to guest = bad user# Un-comment the following and create the netlogon directory for Domain Logons; [netlogon]; comment = Network Logon Service; path = /usr/local/samba/lib/netlogon; guest ok = yes; writable = no; share modes = no# Un-comment the following to provide a specific roving profile share# the default is to use the user's home directory;[Profiles]; path = /usr/local/samba/profiles; browseable = no; guest ok = yes# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer[printers] comment = All Printers path = /var/spool/samba browseable = no
# Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes# This one is useful for people to share files;[tmp]; comment = Temporary file space; path = /tmp; read only = no; public = yes# A publicly accessible directory, but read only, except for people in# the "staff" group[public] comment = Public Stuff path = /smb_test/public public = nocreate mask =0660 printable = no write list = @legal# Other examples.
## A private printer, usable only by fred. Spool data will be placed in fred's# home directory. Note that fred must have write access to the spool directory,# wherever it is.;[fredsprn]; comment = Fred's Printer; valid users = fred; path = /home/fred; printer = freds_printer; public = no; writable = no; printable = yes# A private directory, usable only by fred. Note that fred requires write# access to the directory.;[fredsdir]; comment = Fred's Service; path = /usr/somewhere/private; valid users = fred; public = no; writable = yes
; printable = no# a service which has a different directory for each machine that connects# this allows you to tailor configurations to incoming machines. You could# also use the %U option to tailor it by user name.# The %m gets replaced with the machine name that is connecting.;[pchome]; comment = PC Directories; path = /usr/local/pc/%m; public = no; writable = yes# A publicly accessible directory, read/write to all users. Note that all files# created in the directory by users will be owned by the default user, so# any user with access can delete any other user's files. Obviously this# directory must be writable by the default user. Another user could of course# be specified, in which case all files would be owned by that user instead.;[public]; path = /usr/somewhere/else/public; public = yes; only guest = yes; writable = yes; printable = no# The following two entries demonstrate how to share a directory so that two# users can place files there that will be owned by the specific users. In this# setup, the directory should be writable by both users and should have the# sticky bit set on it to prevent abuse. Obviously this could be extended to# as many users as required.[legal] comment = Legal's files path = /smb_test/legal valid users = @legal public = nocreate mask =0660 write list=joe•存储samba配置文件:•重启samba服务: # /etc/init.d/smb restart 或 # service smb restart•确认Linux虚拟机和Windows主机配置在一个网段上,网络连接正常
•在Windows系统中运行:项目2:Geecy软件开发公司即将起先在Linux系统上进行两个项目的开发。开发人员David和Peter组成一个小组,负责A项目的开发;开发人员Jack和Mike组成另一个小组,负责B项目的开发。系统管理员Ray须要为这四名开发人员分别建立用户帐号,配置samba服务器并满意以下要求:(1)建立书目“/project_a”,该书目里面的文件只能由David和Peter两人读取、增加、删除、修改以及执行,其他用户不能对该书目进行任何的访问操作;(2)建立书目“/project_b”,该书目里面的文件只能由Jack和Mike两人读取、增加、删除、修改以及执行,其他用户不能对该书目进行任何的访问操作;(3)建立书目“/project”,该书目里面的文件只能由David、Peter、Jack和Mike四人读取、增加、删除、修改以及执行,其他用户只可以对该书目进行只读的访问操作。
发布评论