Centos 5 下构建samba服务及相关配置
1.在线安装samba
[root@centos5 ~]# yum -y install samba
[root@centos5 ~]# rpm -qa |grep samba
samba-common-3.0.33-3.7.el5_3.1
samba-3.0.33-3.7.el5_3.1
2:/etc/samba目录下找不到smbpasswd文件的解决方法
[root@centos5 ~]# ls /etc/samba/
lmhosts passdb.tdb secrets.tdb smb.conf smbusers
主要是因为samba启用了tdbsam验证,注释掉相应的
[root@centos5 ~]# grep -r passdb /etc/samba/smb.conf
# passdb backend = tdbsam
; passdb backend = tdbsam
; passdb backend = tdbsam
添加一行 smb passwd file
[root@centos5 ~]# grep -r "smb passwd file" /etc/samba/smb.conf
smb passwd file = /etc/samba/smb.conf
[root@centos5 ~]# /etc/rc.d/init.d/smb reload
重新载入 smb.conf 文件: [确定]
[root@centos5 ~]# useradd yang
[root@centos5 ~]# smbpasswd -a yang
New SMB password:
Retype new SMB password:
startsmbfilepwent_internal: file /etc/samba/smbpasswd did not exist. File successfully created.
Added user yang.
[root@centos5 ~]# ls /etc/samba/
lmhosts passdb.tdb secrets.tdb smb.conf smbpasswd smbusers
[root@centos5 ~]# cat /etc/samba/smbpasswd
yang:501:CCF9155E3E7DB453AAD3B435B51404EE:3DBDE697D71690A769204BEB12283678:[U ]:LCT-49847B4F:
[root@centos5 ~]# ls /var/log/samba/
cores nmbd.log smbd.log
3:查看相关的日志信息
[root@centos5 ~]# cat /var/log/samba/nmbd.log
[2009/02/01 00:09:19, 0] nmbd/nmbd.c:main(724)
Netbios nameserver version 3.0.33-3.7.el5_3.1 started.
Copyright Andrew Tridgell and the Samba Team 1992-2008
[2009/02/01 00:15:01, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
*****
Samba name server CENTOS5 is now a local master browser for workgroup MYGROUP on subnet 192.168.0.200
*****
[root@centos5 ~]# tail -f /var/log/samba/smbd.log
[2009/02/01 00:11:12, 1] smbd/service.c:make_connection_snum(1033)
naruto-pc (192.168.0.2) connect to service yang initially as user yang (uid=501, gid=501) (pid 2635)
[2009/02/01 00:11:29, 1] smbd/service.c:close_cnum(1230)
naruto-pc (192.168.0.2) closed connection to service yang
4:新建一个所有人都可以读取但不能写入的共享目录,适用用内部网络常用软件的共 享
[root@centos5 ~]# tail -5 /etc/samba/smb.conf | grep -v "^;" |grep -v "^#"
[software]
comment = "software download"
path = /usr/local/src
read only = yes
public = yes
[root@centos5 ~]# service smb reload
重新载入 smb.conf 文件: [确定]
[root@centos5 ~]# touch /usr/local/src/mysql.tar.gz
5:给技术部新建一个共享目录,只有技术部的员工才能访问该目录,且除tech1用户 外,所有tech组的用户都只有读取的权限,适用于独立的部门文档资料等共享。
[root@centos5 ~]# tail -7 /etc/samba/smb.conf |grep -v "^;"
[tech]
comment = "tech group doc"
path = /home/tech
read only = yes
public = no
valid users = @tech
write list = tech1
[root@centos5 ~]# groupadd tech
[root@centos5 ~]# useradd -g tech tech1
[root@centos5 ~]# useradd -g tech tech2
[root@centos5 ~]# tail -2 /etc/passwd
tech1:x:502:502::/home/tech1:/bin/bash
tech2:x:503:502::/home/tech2:/bin/bash
[root@centos5 ~]# grep tech /etc/group
tech:x:502:
[root@centos5 ~]# cat /etc/samba/smbpasswd
yang:501:CCF9155E3E7DB453AAD3B435B51404EE:3DBDE697D71690A769204BEB12283678:[U ]:LCT-498477D6:
tech1:502:CCF9155E3E7DB453AAD3B435B51404EE:3DBDE697D71690A769204BEB12283678:[U ]:LCT-49847FC9:
tech2:503:CCF9155E3E7DB453AAD3B435B51404EE:3DBDE697D71690A769204BEB12283678:[U ]:LCT-49847FCF:
[root@centos5 ~]# service smb reload
重新载入 smb.conf 文件: [确定]
[root@centos5 ~]# mkdir /home/tech
[root@centos5 ~]# touch /home/tech/source.txt
[root@centos5 ~]# ll -d /home/tech
drwxr-xr-x 2 root root 4096 02-01 00:47 /home/tech
[root@centos5 ~]# chmod -R 777 /home/tech
6:新建一个所有人都可以读取和写入,可以删除自己的文件,但不能删除其他人文件 的共享目录,适用用公司内部的公用资料共享等
[root@centos5 ~]# tail -6/etc/samba/smb.conf |grep -v "^;"
[public]
comment = "public directory"
path = /home/public
public = yes
write able = yes
create mask = 0755
[root@centos5 ~]# mkdir /home/public
[root@centos5 ~]# chmod -R 777 /home/public/
[root@centos5 ~]# service smb reload
重新载入 smb.conf 文件: [确定]
7:前面的共享都需要输入用户名和密码,即使是那些公用的共享,也只能在输入了合 法用户名和密码之后才能使用共享,这样对于公用共享目录的访问来说不太方便,下面就来建
立一个不需要用户名和密码就能访问公用共享目录,而其他的非公用目录是需要输入密 码才能访问的配置文件,同时注销掉samba用户的home目录
[root@centos5 ~]# useradd -s /bin/false naruto
[root@centos5 ~]# grep -r naruto /etc/samba/smb.conf
guest account = naruto
[root@centos5 ~]# grep -r "Bad User" /etc/samba/smb.conf
map to guest = Bad User
#[homes]
# comment = Home Directories
# browseable = no
# writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
[root@centos5 ~]# service smb reload
重新载入 smb.conf 文件: [确定]
[root@centos5 ~]# tail -f /var/log/samba/smbd.log
[2009/07/22 06:41:40, 1] smbd/service.c:make_connection_snum(1033)
naruto-pc (192.168.0.2) connect to service public initially as user naruto (uid=511, gid=511) (pid 2997)
[2009/07/22 06:41:55, 1] smbd/service.c:close_cnum(1230)
naruto-pc (192.168.0.2) closed connection to service public
[2009/07/22 06:43:08, 1] smbd/service.c:make_connection_snum(1033)
naruto-pc (192.168.0.2) connect to service public initially as user naruto (uid=511, gid=511) (pid 3002)
[2009/07/22 06:43:24, 1] smbd/service.c:close_cnum(1230)
8:samba默认使用的是和系统账户同名的samba账号,这也就意味着当知道 了samba的账号之后,也就知道了服务器中存在着这个同名的系统账号,因而服务器的安全性下降了许多
[root@centos5 ~]# grep -r "username map" /etc/samba/smb.conf
username map = /etc/samba/smbusers
[root@centos5 ~]# cat /etc/samba/smbusers
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
tech1 = delphi
[root@centos5 ~]# tail -f /var/log/samba/smbd.log
[2009/07/22 06:41:40, 1] smbd/service.c:make_connection_snum(1033)
naruto-pc (192.168.0.2) connect to service public initially as user naruto (uid=511, gid=511) (pid 2997)
[2009/07/22 06:41:55, 1] smbd/service.c:close_cnum(1230)
naruto-pc (192.168.0.2) closed connection to service public
[2009/07/22 06:43:08, 1] smbd/service.c:make_connection_snum(1033)
naruto-pc (192.168.0.2) connect to service public initially as user naruto (uid=511, gid=511) (pid 3002)
[2009/07/22 06:43:24, 1] smbd/service.c:close_cnum(1230)
naruto-pc (192.168.0.2) closed connection to service public
[2009/07/22 06:52:22, 1] smbd/service.c:make_connection_snum(1033)
naruto-pc (192.168.0.2) connect to service tech initially as user tech1 (uid=502, gid=502) (pid 3033)
- 最新评论