debian开启samba文件夹共享服务,配置用户/密码。
1.安装samba服务
apt-get install samba
2.创建用户
useradd -m smb
设置密码
passwd xxxxx
3.设置samba访问共享账户密码,会要求你输入samba帐户的密码
smbpasswd -a smb
New SMB password:
Retype new SMB password:
列出现有的Samba用户列表:
pdbedit -w -L
4.修改/etc/samba/smb.conf,配置共享文件夹属性,在末尾处添加:
[smb name xxx]
path = /mnt/xxxxxxxx
writable = yes
guest ok = yes
write list = smb
valid users = smb
display charset = UTF-8
unix charset = UTF-8
dos charset = cp9365.重启samba服务
systemctrl restart smbd
适配局域网小米电视配置的SMB
#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
# - When such options are commented with ";", the proposed setting
# differs from the default Samba behaviour
# - When commented with "#", the proposed setting is the default
# behaviour of Samba but the option is considered important
# enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic
# errors.
#======================= Global Settings =======================
[global]
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = WORKGROUP
#### Networking ####
# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
; interfaces = 127.0.0.0/8 eth0
hosts allow = 192.168. //只允许192.168.0.0的网段访问
# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself. However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
; bind interfaces only = yes
#### Debugging/Accounting ####
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Cap the size of the individual log files (in KiB).
max log size = 1000
# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
# Append syslog@1 if you want important messages to be sent to syslog too.
logging = file
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone server" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
server role = standalone server
obey pam restrictions = yes
# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
unix password sync = yes
# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
# username map = /etc/samba/smbusers //用来定义用户名映射,比如可以将root换成administrator、admin等
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
pam password change = yes
# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
map to guest = bad user
########## Domains ###########
#
# The following settings only takes effect if 'server role = primary
# classic domain controller', 'server role = backup domain controller'
# or 'domain logons' is set
#
# It specifies the location of the user's
# profile directory from the client point of view) The following
# required a [profiles] share to be setup on the samba server (see
# below)
; logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
# logon path = \\%N\%U\profile
# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
; logon drive = H:
# logon home = \\%N\%U
# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
; logon script = logon.cmd
# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe. The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
# This allows machine accounts to be created on the domain controller via the
# SAMR RPC pipe.
# The following assumes a "machines" group exists on the system
; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.
; add group script = /usr/sbin/addgroup --force-badname %g
############ Misc ############
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap config * : backend = tdb
; idmap config * : range = 3000-7999
; idmap config YOURDOMAINHERE : backend = tdb
; idmap config YOURDOMAINHERE : range = 100000-999999
; template shell = /bin/bash
# Setup usershare options to enable non-root users to share folders
# with the net usershare command.
# Maximum number of usershare. 0 means that usershare is disabled.
# usershare max shares = 100
# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
usershare allow guests = yes
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = no
# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
read only = yes
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0700
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# The following parameter makes sure that only "username" can connect
# to \\server\username
# This might need tweaking when using external authentication schemes
valid users = %S
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; read only = yes
# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
; comment = Users profiles
; path = /home/samba/profiles
; guest ok = no
; browseable = no
; create mask = 0600
; directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
; write list = root, @lpadmin
security = share
[tv]
path = /mnt/downloads
writable = yes
guest ok = yes
#write list = tv
#valid users = tv
display charset = UTF-8
unix charset = UTF-8
dos charset = cp936samba配置详解
第一部分:Samba服务的控制选项(用户控制、访问控制)
1 用户控制
public = no 不允许匿名用户访问
browseable = yes 不隐藏目录(知道目录同样可以访问) (系统默认yes,可以不写)
valid users = 用户或列表或@用户组
writable = yes 可写(目录本身要可写)
writable list = 用户或列表或@用户组
readonly = yes 是否设置只读(系统默认yes,可以不写)
create mask = 0744 控制客户机创建文件的权限(系统默认0744)
directory mask = 0744 控制客户机创建目录的权限(系统默认0755)2,访问控制
max connections = 最大连接数目
deadtime = 断掉连接时间(分钟)0为不限制注:在全局里增加
hosts deny = .sale.com .net free 表示禁止.sale.com域和.net域及主机名为free的客户端访问
hosts deny = All 表示所有客户端,并不是说允许主机名为ALL的客户端可以访问。常用的通配符还有“*”,“?”,“LOCAL”等
hosts allow = 192.168.0. EXCEPT 192.168.0.100 192.168.0.78 表示允许192.168.0.0网段IP地址访问,但是192.168.0.100和192.168.0.78除外注:在可在全局与局部里增加
注::允许优先
第二部分:几个关键字段
根据需要增加在全局里面。虽然简单,但功能不简单,大家在用到的时候慢慢来体会。
include = /etc/samba/%G.smb.conf 调用用户组相关 的配置文件
include = /etc/samba/%U.smb.conf 调用用户相关的配置文件
username map = /etc/samba/smbusers 调用映射用户账号的配置文件第三部分:和Samba有关的一些命令
批量增加SMB用户
复制代码代码示例:
# for user in 用户列表
do
useradd -g group -s shell $user
smbpasswd -a $user
done编辑SMB的用户账号相关命令
smbpasswd
smbpasswd -a 增加一个账号
smbpasswd -d 禁用一个账号
smbpasswd -e 启用一个账号
smbpasswd -x 删除一个账号
smbpasswd 更改用户密码
pdbedit
pdbedit -L 列出SMB中的账号
pdbedit -a 增加一个账号
pdbedit -x 删除一个账号注:上面两个命令,大家根据需要选择
Linux客户端的访问工具
smbtree 显示局域网中的所有共享主机和目录列表
smbtree -D 只显示局域网中的工作组或域名。后面可以加上-U username%passwd ,则表示是相关用户的访问权限
nmblookup 某个主机的netbios主机名或工作组。 # 显示相应的IP
smbclient命令格式
smbclient -L //主机名或IP地址 -U 登录用户名 # 列出目标主机共享资源列表
smbclient //主机名或IP地址/共享目录名 -U 登录用户名 # 使用共享资源mount命令格式
mount //目标IP地址或主机名/共享目录名称 挂载点 -o username=用户名 # 挂载共享
umount 挂载点 # 卸载共享
smbtar -s server –u user –p passwd –x shareneam –t output.tar # 把远程 的内容备份到本地
tar tvf *.tar # 查看TAR文件包里面的的内容第四部分:实例详解
- 例1,员工可以在公司内流动办公,无论在任何一台机器上工作,都能把自己的文件放到服务器里,同时不能使用服务器上的SHELL。(注解:SMB中有关于用户家目录的默共享
设置,我们只要 设置USER级别,然后再增加用户和指定不可用的SHELL)
smb.conf配置文件更改的内容如下
复制代码代码示例:
security = user
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S配置好后,就重新启动SMB服务
复制代码代码示例:
useradd user -s /dev/null
smbpasswd -a user增加好用户和密码后,直接测试!
不用重新启动SMB服务!
- 例2,建立共享目录student,它的本机路径为“/home/student”,只有teachers组的用户可以读写该目 录,students用户组只能读取。(注解:这个关键是不同组对同一个目
录的权限设置,student这 个目录属于students用户组,并设置他的OTHER 权限为7,我们通过这个OTHER权限来实现teachers组对student目录的访问,通过SMB的配置文件来
限制用户访问)
复制代码代码示例:
mkdir /home/student
groupadd students
groupadd teachers
useradd -g students user
useradd -g teachers user
smbpasswd -a user
chgrp students /home/student
chmod 757 /home/student
chmod g+s /home/studentsmb.conf配置文件更改的内容如下
复制代码代码示例:
security = user
[student]
path = /home/student
comment = student
write list = @teachers
valid users = @teachers @students重新启动SMB服务,进行测试。
- 例3,公司有二个部门( sales market ),销售部和市场部有自己单独的共享目录,只可以总经理和相应部门员工访问,并且公司员工禁止访问非本部门的共享目录。(注
解:这一个内容与第二个类似,只是用户组变成用户,多了一个用户组,只需要把文件夹所有者给总经理,所属组为用户 组就OK)
复制代码代码示例:
mkdir /home/sales
mkdir /home/market
groupadd sales
groupadd market
useradd -g sales user
useradd -g market user
smbpasswd -a user
chgrp sales /home/sales
chgrp market /home/market
chown ceo /home/sales
chown ceo /home/market
chmod 770 /home/sales
chmod 770 /home/market
chmod g+s /home/sales
chmod g+s /home/marketsmb.conf配置文件更改的内容如下
复制代码代码示例:
security = user
[sales]
path = /home/sales
comment = sales
write list = @sales ceo
valid users = @sales ceo
create mask = 0770
directory mask = 0770
[market]
path = /home/market
comment = market
write list = @market ceo
valid users = @market ceo
create mask = 0770
directory mask = 0770重新启动SMB服务,进行测试。
- 例4,实现在登陆的时候只能看到自己的共享目录,没有权限访问的看不到。
(注解:其实实现这个主要靠加载独立的配置文件来实现,只要把独立的文件设置好相应的权限就 OK,SMB主配置文件中加入独立的配置文件,其他不用设置)
关于用户的增加我这里 就不写出来了,和上面的没有区别。(略过)
首先,把源始的smb.conf COPY 出来,后面加上相应的用户或者组, 如:smb.conf.user smb.conf.group
然后,配置各己的配置文件。
如:smb.conf.ceo
复制代码代码示例:
[sales]
comment = sales
path = /home/sales
writeable = yes
valid users = ceo
create mask = 0770
directory mask = 0770
[markets]
comment = markets
path = /home/markets
writeable = yes
valid users = ceo
create mask = 0770
directory mask = 0770如:smb.conf.sales
复制代码代码示例:
[sales]
comment = sales
path = /home/sales
writeable = yes
valid users = @sales
create mask = 0770
directory mask = 0770如:smb.conf.markets
复制代码代码示例:
[markets]
comment = markets
path = /home/markets
writeable = yes
valid users = @markets
create mask = 0770
directory mask = 0770主配置文件如下:
复制代码代码示例:
security = user
include = /etc/samba/smb.conf.%G
include = /etc/samba/smb.conf.%U其他的不用设置,重新启动SMB服务,然后测试!
第五部分:Samba服务搭建的注意事项
1、防火墙和SELinux
2、主机名
3、建立Samba用户
4、用户的权限
5、目录的权限
6、其他事项第六部分:Samba服务排错
(1)错误信息
(2)配置文件
(3)日志文件
testparm #查看配置文件
testparm /etc/samba/smb.conf 主机名 IP #测试具体机器能否访问及访问的范围
[netstat](http://www.jbxue.com/shouce/linuxcmd/网络通讯/netstat.html) –tlunp | grep service #显示服务的对应端就是这些了,为大家详细介绍了samba的服务安装与配置、及相关的注意事项,希望对大家有所帮助。
-150x150.jpg)
-150x150.jpg)
-150x150.jpg)
-150x150.jpg)
-150x150.jpg)
-150x150.jpg)
-150x150.jpg)
-150x150.jpg)
-150x150.jpg)
-150x150.jpg)
-150x150.jpg)
-150x150.jpg)
-150x150.jpg)
-150x150.jpg)
-150x150.jpg)
-150x150.jpg)
