REHL/CentOS Samba搭建与挂载

原创

搬砖的弟弟 2021-05-23 17:57:35 博主文章分类：Linux相关 ©著作权

文章标签 samba 文章分类 开源

©著作权归作者所有：来自51CTO博客作者搬砖的弟弟的原创作品，请联系作者获取转载授权，否则将追究法律责任

1.Samba服务搭建

1.1 Samba软件安装

1.1.1 安装软件包

[root@localhost ~]# yum install samba -y

1.1.2 启动并配置服务开机自启动

[root@localhost ~]# systemctl start smb.service nmb.service 
[root@localhost ~]# systemctl enable smb.service nmb.service

关于smbd、nmbd服务描述：

The two services these units start, smbd and nmbd, must communicate through the local firewall.

Samba's smbddaemon normally uses TCP/445 for SMB connections. It also listens on TCP/139 for

NetBIOS over TCP backward compatibility. The nmbd daemon uses UDP/137 and UDP/138 to provide

NetBIOS over TCP/IP network browsing support.

1.2 配置Samba相关服务

1.2.1 创建sbm服务共享文件目录

[root@localhost ~]# mkdir /smb_share

1.2.2 配置共享目录SELinux Context值（关闭SELinux可忽略）

目录创建完成后，需要修改目录的Context值，否则SELinux会阻止samba用户访问文件夹。默认的context值如下：

[root@localhost ~]# ls -dZ /smb_share/
unconfined_u:object_r:default_t:s0 /smb_share/

修改SELinux Context值

[root@localhost ~]# semanage fcontext -a -t samba_share_t '/smb_share(/.*)?'

重打标签

[root@localhost ~]# restorecon -vvFR /smb_share/
Relabeled /smb_share from unconfined_u:object_r:default_t:s0 to system_u:object_r:samba_share_t:s0

#重打标签后查看文件夹context标签
[root@localhost ~]# ls -dZ /smb_share/
system_u:object_r:samba_share_t:s0 /smb_share/

1.2.3 配置防火墙

添加防火墙规则，允许防火墙通过samba服务相关端口。（也可直接关闭防火墙。）

[root@localhost ~]# firewall-cmd --permanent --add-service=samba
success
[root@localhost ~]# firewall-cmd --reload 
success

1.2.4 配置samba配置文件

修改samba配置文件

配置文件如下：（详细配置请参考 man 5 smb.conf）

[root@localhost ~]# vim /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
        workgroup = WORKGROUP
        security = user

        passdb backend = tdbsam

        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @printadmin root
        force group = @printadmin
        create mask = 0664
        directory mask = 0775

#新建common标签，客户端挂载需要用到
[common]
path = /smb_share #路径
hosts allow = 172.16.11.0/24  #控制访问，也可基于用户和组控制，详细信息请查看man帮助
browseable = yes  #可读开关
writable = no #可写开关
write list = smbuser01 #其他人只读，smbuser01可读写

1.2.5 创建samba用户

在系统下创建用户

[root@localhost ~]# useradd -s /sbin/nologin smbuser01
[root@localhost ~]# useradd -s /sbin/nologin smbuser02

为用户设置文件夹权限

[root@localhost ~]# setfacl -m u:smbuser01:rwx /smb_share/

为用户配置密码

[root@localhost ~]# smbpasswd -a smbuser01
New SMB password:
Retype new SMB password:
Added user smbuser01.

[root@localhost ~]# smbpasswd -a smbuser02
New SMB password:
Retype new SMB password:
Added user smbuser02.

完成上述步骤后重启服务

[root@localhost ~]# systemctl restart smb.service nmb.service

2.samba客户端配置

2.1 客户端软件安装

安装客户端软件

[root@localhost ~]# yum install samba-client cifs-utils -y

查看smb server共享

[root@localhost ~]# smbclient -L //172.16.11.157 -U smbuser01
Enter SAMBA\smbuser01's password: 

	Sharename       Type      Comment
	---------       ----      -------
	print$          Disk      Printer Drivers
	common          Disk                            #smb server与共享目录关联的共享
	IPC$            IPC       IPC Service (Samba 4.13.3)
	smbuser01       Disk      Home Directories
SMB1 disabled -- no workgroup available

2.2 smb目录挂载

创建挂载目录

[root@localhost ~]# mkdir /mnt/smb

2.2.1 手动挂载

[root@localhost ~]# mount -t cifs -o multiuser,username=smbuser01,sec=ntlmssp //172.16.11.157/common /mnt/smb/
Password for smbuser01@//172.16.11.157/common:  ******

[root@localhost ~]# df -h
Filesystem              Size  Used Avail Use% Mounted on
devtmpfs                1.8G     0  1.8G   0% /dev
tmpfs                   1.9G     0  1.9G   0% /dev/shm
tmpfs                   1.9G   18M  1.8G   1% /run
tmpfs                   1.9G     0  1.9G   0% /sys/fs/cgroup
/dev/mapper/rhel-root    35G  4.7G   30G  14% /
/dev/nvme0n1p2         1014M  234M  781M  24% /boot
/dev/nvme0n1p1          599M  6.9M  592M   2% /boot/efi
tmpfs                   371M  1.2M  370M   1% /run/user/42
tmpfs                   371M  4.6M  367M   2% /run/user/0
//172.16.11.157/common   35G  4.8G   30G  14% /mnt/smb

2.2.2 自动挂载

编辑/etc/fstab（详细配置，请参考man mount.cifs）

方法一：

[root@localhost ~]# vim /etc/fstab 
#在fstab文件里增加如下一行
//172.16.11.157/common /mnt/smb cifs defaults,multiuser,username=smbuser01,password=123456,sec=ntlmssp 0 0

方法二：也可将smb用户名和密码存在文件中，让系统读取文件中的用户名密码

[root@localhost ~]# vim /root/smb.info
username=smbuser01
password=123456
[root@localhost ~]# chmod  600  /root/smb.info
[root@localhost ~]# vim /etc/fstab 
#在fstab文件里增加如下一行
//172.16.11.157/common /mnt/smb	cifs defaults,multiuser,credentials=/root/smb.info,sec=ntlmssp 0 0

执行挂载

[root@localhost ~]# mount -a
[root@localhost ~]# df -h
Filesystem              Size  Used Avail Use% Mounted on
devtmpfs                1.8G     0  1.8G   0% /dev
tmpfs                   1.9G     0  1.9G   0% /dev/shm
tmpfs                   1.9G   18M  1.8G   1% /run
tmpfs                   1.9G     0  1.9G   0% /sys/fs/cgroup
/dev/mapper/rhel-root    35G  4.7G   30G  14% /
/dev/nvme0n1p2         1014M  234M  781M  24% /boot
/dev/nvme0n1p1          599M  6.9M  592M   2% /boot/efi
tmpfs                   371M  1.2M  370M   1% /run/user/42
tmpfs                   371M  4.6M  367M   2% /run/user/0
//172.16.11.157/common   35G  4.8G   30G  14% /mnt/smb
[root@localhost ~]# cd /mnt/smb
[root@localhost smb]# touch file
[root@localhost smb]# ls
file

完成挂载