SAMBA完全攻略

理论篇一

SAMBA软件包可以很容易的将windows网络和Solaris网络环境结合在一起。

1.NetBIOS名
    在使用samba Daemon导出文件系统之前,需要用NetBIOS名称搜索协议定义客户和服务器系统。这个服务既是nmbd,nmbd服务运行在 solaris的137端口上,它实现的功能与Microsoft 下的NetBIOS命名是相同的,nmbd是一台理解并响应internet 协议(IP)上的名称服务请求的服务器。
    nmbd还可以用做Windows Internet Name Server (WINS)。
在NT下查看当前访问Windows NT服务器的客户系统列表,可以使用以下命令。即本地NT client上有多少用户可以访问samba服务器。

C:\>;nbtstat -s

本地连接:
Node IpAddress: [192.168.0.88] Scope Id: []

                     NetBIOS Connection Table

    Local Name             State    In/Out  Remote Host           Input   Output

    ----------------------------------------------------------------------------

    JIN            <00>;  Connected    Out       ULTRA60        <20>;       109KB
        54KB
    JIN            <03>;  Listening
    SUNMARMOT      <03>;  Listening
    ROOT           <03>;  Listening
    JINJF          <03>;  Listening

8888:
Node IpAddress: [61.165.145.1] Scope Id: []

    No Connections

C:\>;

用samba提供的工具在solaris下看所有的可用的主机,相当于windows下的net view

在NT下用
C:\>;net view
服务器名称            注释

-------------------------------------------------------------------------------
\\JIN
\\ULTRA60              Samba 2.0.5a
命令成功完成。

在solairs下用smba工具nmblookup

# pwd
/usr/local/samba/bin
# ./nmblookup workgroup
Sending queries to 192.168.0.255
192.168.0.88 workgroup<00>;

使用以下的命令启动nmbd:
#/usr/local/samba/bin/nmbd –D

2.配置Samba监控程序

启动smbd服务器

可以使用以下命令启动smba服务器。
#/usr/local/samba/bin/smbd –D
注意:-D选项的意思是指定NetBIOS名称服务应该作为单独的监控程序运行,而不是通过Internet超级监控程序(inetd)作为一项服务运行。

重起smbd服务器

# ps -eaf |grep smbd   
    root   339     1  0 20:38:48 ?        0:00 ./smbd -D
# kill -9 339
# /usr/local/samba/bin/smbd -D
# ps -eaf |grep smbd
    root   371     1  0 20:54:46 ?        0:00 /usr/local/samba/bin/smbd –D
或者
#kill -HUP 371
当然,也可以用samba GUI工具在图形化界面下重起smdb

samba的配置文档

基本的配置文档如下:
/usr/local/samba/lib/samb.conf
# Samba config file created using SWAT
# from 192.168.0.88 (192.168.0.8
# Date: 2002/12/01 00:43:33

# Global parameters
[global]
netbios name = ULTRA60
security = SHARE
os level = 65
dns proxy = No
guest account = jinjf

[homes]
comment = Home Directories
path = /tmp
read only = No
guest ok = Yes

[printers]
comment = All Printers
path = /usr/spool/samba
print ok = Yes
browseable = No

[public]
comment = PUBLIC DOC
path = /jinjf
read only = No
guest ok = Yes

Samb.conf的各个参数说明

# Global parameters定义了影响smbd操作的几个关键参数
[global]

workgroup = MYGROUP                           工作组名称

netbios name = Ultra60                        本地服务器名称

netbios aliases = FileServer                  本地服务器名称别名

server string = Samba Server   标识系统服务器的字符串

interfaces =                     
主要网络接口IP地址,也可以定义多个接口。在这些接口上samba可以在所有的网络接口上控制浏览
例如:interfaces = 192.168.2.10/24 192.168.3.10/24
      interfaces = 192.168.2.10/255.255.255.0 192.168.3.10/255.255.255.0
bind interfaces only = False                     
这个参数允许samba管理员限制在一台提供samba请求的服务器上的网络接口,默认为False。

guest account = ftp                    guest帐号名称

security
安全级别,这个参数控制samba clinet端如何响应samba,这是和非常重要的参数,默认的security=user,当需要和windows98和windowsNT访问这是个最常用的设置。注意:和samba2.0以前的版本默认设置不一样你可以从security = share", "security = server" 或者"security=domain".选择。
&#8226&#59;Default: security = USER
Example: security = DOMAIN

hosts allow
     这个选项可以控制那些主机可以访问samba的资源,例如:
&#8226&#59;Example 1: allow all IPs in 150.203.*.* except one
hosts allow = 150.203. EXCEPT 150.203.6.66
Example 2: allow hosts that match the given network/netmask
hosts allow = 150.203.15.0/255.255.255.0
Example 3: allow a couple of hosts
hosts allow = lapland, arvidsjaur
Example 4: allow only hosts in NIS netgroup "foonet", but deny access from one particular host
hosts allow = @foonet
hosts deny = pirate
Note that access still requires suitable user-level passwords.
See testparm (1) for a way of testing your host access to see if it does what you expect.
Default: none (i.e., all hosts permitted access)
Example: allow hosts = 150.203.5. myhost.mynet.edu.au
注意:默认为空,如果设置不当,会造成SWAT不能访问 。

hosts deny (S)
控制什么机器不能访问samba。
The opposite of 'hosts allow' - hosts listed here are NOT permitted access to services unless the specific services have their own lists to override this one. Where the lists conflict, the 'allow' list takes precedence.

Default: none (i.e., no hosts specifically excluded)
Example: hosts deny = 150.203.4. badhost.mynet.edu.au

log file = /usr/local/samba/var/log.%m                 log文件的存储位置

max log size = 500                                     log文件的大小

socket options = TCP_NODELAY   
      默认传输协议:有如下协议可以选
&#61548&#59;SO_KEEPALIVE
&#61548&#59;SO_REUSEADDR
&#61548&#59;SO_BROADCAST
&#61548&#59;TCP_NODELAY
&#61548&#59;IPTOS_LOWDELAY
&#61548&#59;IPTOS_THROUGHPUT
&#61548&#59;SO_SNDBUF *
&#61548&#59;SO_RCVBUF *
&#61548&#59;SO_SNDLOWAT *
&#61548&#59;SO_RCVLOWAT *
                     
Default: socket options = TCP_NODELAY 默认为TCP协议
Example: socket options = IPTOS_LOWDELAY
[homes]
comment = Home Directories
guest account = aaa
read only = No
guest ok = Yes
这里的homes是配置的访问目录及用户
[printers]
comment = All Printers
path = /usr/spool/samba
print ok = Yes
browseable = No
检查smb.conf脚本

可以使用testparm工具检查samba参数配置是否正确,如果不正确,testparm会在启动samba服务前对任何配置错误提出警告。此外,testparm会打印出与整体系统以及每个共享相关的所有参数,而不仅仅是在smb.conf文件中明确指定的那些参数:
# /usr/local/samba/bin/testparm
Load smb config files from /usr/local/samba/lib/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[/]"
Processing section "[public]"
Loaded services file OK.
Press enter to see a dump of your service definitions

# Global parameters
[global]
        workgroup = WORKGROUP
        netbios name = ULTRA60
        netbios aliases =
        server string = Samba 2.0.5a
        interfaces =
        bind interfaces only = No
        security = SHARE
        encrypt passwords = No
        update encrypted = No
        allow trusted domains = Yes
        hosts equiv =
        min passwd length = 5
        map to guest = Never
        null passwords = No
        password server =
        smb passwd file = /usr/local/samba/private/smbpasswd
        root directory = /
        passwd program = /bin/passwd
        passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\
n *changed*
        passwd chat debug = No
        username map =
        password level = 0
        username level = 0
        unix password sync = No
        restrict anonymous = No
        use rhosts = No
        log level = 2
        syslog = 1
        syslog only = No
        log file =
        max log size = 5000
        timestamp logs = Yes
        protocol = NT1
        read bmpx = No
        read raw = Yes
        write raw = Yes
        nt smb support = Yes
        nt pipe support = Yes
        nt acl support = Yes
        announce version = 4.2
        announce as = NT
        max mux = 50
        max xmit = 65535
        name resolve order = lmhosts host wins bcast
        max packet = 65535
        max ttl = 259200
        max wins ttl = 518400
        min wins ttl = 21600
        time server = No
        change notify timeout = 60
        deadtime = 0
        getwd cache = Yes
        keepalive = 300
        lpq cache time = 10
        max disk size = 0
        max open files = 10000
        read prediction = No
        read size = 16384
        shared mem size = 1048576
        socket options =
        stat cache size = 50
        load printers = Yes
        printcap name = lpstat
        printer driver file = /usr/local/samba/lib/printers.def
        strip dot = No
        character set =
        mangled stack = 50
        coding system =
        client code page = 850
        stat cache = Yes
        domain groups =
        domain admin group =
        domain guest group =
        domain admin users =
        domain guest users =
        machine password timeout = 604800
        add user script =
        delete user script =
        logon script =
        logon path = \\%N\%U\profile
        logon drive =
        logon home = \\%N\%U
        domain logons = No
        os level = 65
        lm announce = Auto
        lm interval = 60
        preferred master = No
        local master = Yes
        domain master = No
        browse list = Yes
        dns proxy = No
        wins proxy = No
        wins server =
        wins support = No
        kernel oplocks = Yes
        ole locking compatibility = Yes
        oplock break wait time = 10
        smbrun = /usr/local/samba/bin/smbrun
        config file =
        preload =
        lock dir = /usr/local/samba/var/locks
        default service =
        message command =
        dfree command =
        valid chars =
        remote announce =
        remote browse sync =
        socket address = 0.0.0.0
        homedir map =
        time offset = 0
        unix realname = No
        NIS homedir = No
        panic action =
        comment =
        path =
        alternate permissions = No
        revalidate = No
        username =
        guest account = jinjf
        invalid users =
        valid users =
        admin users =
        read list =
        write list =
        force user =
        force group =
        read only = Yes
        create mask = 0744
        force create mode = 00
        security mask = 037777777777
        force security mode = 037777777777
        directory mask = 0755
        force directory mode = 00
        directory security mask = 037777777777
        force directory security mode = 037777777777
        guest only = No
        guest ok = No
        only user = No
        hosts allow =
        hosts deny =
        status = Yes
        max connections = 0
        min print space = 0
        strict sync = No
        sync always = No
        print ok = No
        postscript = No
        printing = sysv
        print command = lp -c -d%p %s&#59; rm %s
        lpq command = lpstat -o%p
        lprm command = cancel %p-%j
        lppause command = lp -i %p-%j -H hold
        lpresume command = lp -i %p-%j -H resume
        queuepause command = lpc stop %p
        queueresume command = lpc start %p
        printer name =
        printer driver = NULL
        printer driver location =
        default case = lower
        case sensitive = No
        preserve case = Yes
        short preserve case = Yes
        mangle case = No
        mangling char = ~
        hide dot files = Yes
        delete veto files = No
        veto files =
        hide files =
        veto oplock files =
        map system = No
        map hidden = No
        map archive = Yes
        mangled names = Yes
        mangled map =
        browseable = Yes
        blocking locks = Yes
        fake oplocks = No
        locking = Yes
        mangle locks = Yes
        oplocks = Yes
        level2 oplocks = No
        oplock contention limit = 2
        strict locking = No
        share modes = Yes
        copy =
        include =
        exec =
        postexec =
        root preexec =
        root postexec =
        available = Yes
        volume =
        fstype = NTFS
        set directory = No
        wide links = Yes
        follow symlinks = Yes
        dont descend =
        magic script =
        magic output =
        delete readonly = No
        dos filetimes = No
        dos filetime resolution = No
        fake directory create times = No

[homes]
        comment = Home Directories
        path = /tmp
        read only = No
        guest ok = Yes

[printers]
        comment = All Printers
        path = /usr/spool/samba
        print ok = Yes
        browseable = No

[/]
        path = /tmp

[public]
        comment = PUBLIC DOC
        path = /jinjf
        read only = No
        guest ok = Yes
#


samba监控程序的状态

  在端口139上启动Samba服务器后,很容易使用smbstaus命令跟踪服务器的状态:
# /usr/local/samba/bin/smbstatus

Samba version 2.0.5a
Service      uid      gid      pid     machine
----------------------------------------------
public       jinjf    root      4271   jin      (192.168.0.8 Sun Dec  1 00:3
28 2002
root         jinjf    root      4271   jin      (192.168.0.8 Sun Dec  1 00:3
48 2002

No locked files

Share mode memory usage (bytes):
   1048464(99%) free + 56(0%) used + 56(0%) overhead = 1048576(100%) total
他将返回本地Samba系统访问数据的所有当前客户的列表:

samb的smbstatus 报告当前samba的联接状态中文参考手册
SMBSTATUS
名字
smbstatus - 报告当前samba的联接状态
总览
smbstatus [-b] [-d] [-L] [-p] [-S] [-s configuration file] [-u username]
  
描述
此程序是samba套件的一部分。
smbstatus是个非常简单的程序,用于列示当前samba的联接状态。
  
选项
-b
指定只输出简短的内容。
-d
指定以详细方式输出内容。
-L
让smbstatus只列出/var目录中的被锁定项。
-p
用这个参数来列出smbd进程的列表然后退出。对脚编程来说很有用。
-S
让smbstatus只列出共享资源项。
-s configuration file
用这个参数指定一个配置文件。当然在编译时已做好了默认的配置文件。文件中包含了服务需要的详细配置信息。参见smb.conf (5)获得更多信息。
-u username
用这个参数来查看只与username用户对应的信息。