菜鸟学Linux 第067篇笔记 samba, cifs

菜鸟学Linux 第067篇笔记 samba, cifs

ftp 应用层
无法直接在远程服务器上编辑文件(并非不可以，只是实现起来难)

nfs
而此可以
rpc(Remote Procedure Call)

但上述两者都只可以linux之间文件共享使用 ftp虽然可以实现跨平台但是无法直接编辑文件

CIFS/SMB
CIFS (Common Internet File System)
SMB (Service Message Block)
NetBIOS (Network Basic Input/Output System)
WINNS 用来解析windows的主机名
UNC \\IP\shared_path
Universal Naming Convention

此为windows文件共享

在Linux/Unix 实现 Samba 软件
NetBIOS
CIFS/SMB
Winbind
LDAP
即可实现和Windows互相通信，实现文件共享，并可直接在其目录内实时编辑

NetBIOS
137/udp 138/udp 139/tcp
445/tcp 共享文件

Samba
用户认证
使用linux上的系统用户，但是密码却是samba单独保存的密码
也可以使用第三方服务器认证
安全级别
User 必须输入用户名密码
Share 可以匿名访问

共享名不可同名（同台主机）
共享权限，文件系统权限
是否允许看到此文件目录

samba 进程
nmbd NetBIOS
smbd 文件共享
winbind 和域结合使用

/etc/rc.d/init.d/smb 服务脚本
/etc/samba
smb.conf 主配置文件

主配置文件解析 /etc/samba/smb.conf
[global]
workgroup
server string 用户鼠标停在主机上所显示的内容
log file 根据用户访问分别保存日志信息目录
max log
[home]
comment 注释信息
browseable 是否允许其它用户看到此目录
writable

共享一个目录
[shared name]
comment =
path =
browseable =
public =
read only =
writable =
write list = user1,user2..
@group +group
valid users =
invalid users =

命令
testparm (check an smb.conf configuration file for internal correctness)
smbpasswd (change a user's SMB password)
-a
This option specifies that the username following
should be added to the local smbpasswd file, with the
new password typed (type <Enter> for the old
password). This option is ignored if the username
following already exists in the smbpasswd file and it
is treated like a regular change password command.
Note that the default passdb backends require the
user to already exist in the system password file
(usually /etc/passwd), else the request to add the
user will fail.
This option is only available when running smbpasswd
as root.
-x
This option specifies that the username following
should be deleted from the local smbpasswd file.
This option is only available when running smbpasswd
as root.
-d
This option specifies that the username following
should be disabled in the local smbpasswd file.
-e
This option specifies that the username following
should be enabled in the local smbpasswd file, if the
account was previously disabled.
-n
This option specifies that the username following
should have their password set to null (i.e. a blank
password) in the local smbpasswd file.

smbclient (ftp-like client to access SMB/CIFS resources on servers)
-L|--list
This option allows you to look at what services are
available on a server. You use it as smbclient -L
host and a list should appear.
-U|--user=username[%password]
Sets the SMB username or username and password.
If %password is not specified, the user will be
prompted.

samba 基于IP的访问控制
iptables
tcp 139, 445
udp 137, 138
samba /etc/samba/smb.conf
hosts allow

samba-swat
web GUI 基于web来配置samba
# yum -y install samba3x-swat
# service xinetd restart (默认开启)
# chkconfig swat on
# service xinetd restart
# vim /etc/xinetd/swat
only_from = 192.168.11.100（修改为指定地址访问）
# service xinetd restart
此时便可用此客户端192.168.11.100访问该地址了
192.168.11.122:901

实现linux共享文件夹供windows访问
共享一个目录/shared/test
共享名叫tools

配置安装samba
1. 安装samba
# rpm -e samba-client samba-common
# yum -y install samba3x samba3x-client samba3x-common

2. 配置共享
# mkdir -pv /shared/test
# vim /etc/samba/smb.conf
添加至尾部
[tools]
comment = Share Testing
path = /shared/test
public = yes
writable = yes
# testparm
# service smb start
# netstat -tunlp
# useradd smbtest
# passwd smbtest
# smbpaddwd -a smbtest
# setfacl -m u:smbtest:rwx /shared/test/
(服务器端配置完成)

客户端(windows)连接Linux共享目录
\\192.168.11.122
输入用户名密码即可访问(注意密码是smbpasswd所指定的密码)
也可以做成映射网络驱动器，这里就不详细写出过程

配置windows共享让linux来连接此共享

1.配置windows共享文件夹(这里就不说了，你懂得)
配置共享名字为test
主机地址为192.168.11.121
用户名为winuser
密码为123123
2.配置linux访问windows共享文件夹
查看某windows主机的共享信息
# smbclient -L 192.168.11.121 -U winuser
将windows共享的文件夹挂载至/mnt目录下
# mount -t cifs //192.168.11.121/test /mnt -o username=winuser
添加开机挂载此文件系统
# vim /etc/fstab
//192.168.11.121/test /mnt cifs credentials=/etc/samba/cred.passwd 0 0
# vim /etc/samba/cred.passwd
username=winuser
password=123123
# chown root.root /etc/samba/cred.passwd
(到此便配置完成)