虚拟机配置smb服务

发表于 更新于 分类于
学习记录

虚拟机配置smb服务

要求

Samba服务器的配置:

  • 修改工作组为WORKGROUP。

  • 注释[homes]和[printers]的内容。

  • 共享名为webdata。

  • webdata可浏览、可写。

  • 共享目录为/data/web_data,且Apache用户对该目录有读、写、执行权限,使用setfacl命令配置目录权限。

  • 只有IP地址为192.168.5.1的主机可以访问该目录(Vmnet8)。

  • 添加一个Apache用户(密码自定义)并对外提供Samba服务。

步骤

先拍个快照,真的不麻烦

安装samba服务器

1
2
3
4
5
6
7
8
9
10
[root@localhost ~]# yum install samba
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * c7-media: 
...
Installed size: 29 M
Is this ok [y/d/N]: y
Downloading packages:
...
Complete!

备份服务配置文件

1
2
3
4
[root@localhost ~]# ls /etc/samba
lmhosts  smb.conf  smb.conf.example
[root@localhost ~]# cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
[root@localhost ~]# vi /etc/samba/smb.conf

修改配置文件

此处192.168.5.1为物理机vmnet8的网卡地址

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
        workgroup = WORKGROUP
        security = user
        passdb backend = tdbsam
        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw
[webdata]
        hosts allow = 192.168.5.1        #VMnet8
        writable = yes
        browseable = yes
        path = /data/web_data
#[homes]
#       comment = Home Directories
#       valid users = %S, %D%w%S
#       browseable = No
#       read only = No
#       inherit acls = Yes
#
#[printers]
#       comment = All Printers
#       path = /var/tmp
#       printable = Yes
"/etc/samba/smb.conf" 39L, 830C

配置模版

如果有其他要求,可以在此找到键

1
cat /etc/samba/smb.conf.example | grep -v "#" | grep -v "^$"

测试配置文件

1
2
3
4
5
6
[root@localhost ~]# testparm  /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

建立网络服务文件

然后查看其权限

1
2
3
4
5
6
7
8
9
10
[root@localhost ~]# mkdir -p /data/web_data
[root@localhost ~]# echo "hello" > /data/web_data/hello.txt
[root@localhost ~]# getfacl /data/web_data
getfacl: Removing leading '/' from absolute path names
# file: data/web_data
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

新建linux用户

Apache

1
2
3
4
5
6
7
[root@localhost ~]# useradd Apache
[root@localhost ~]# passwd Apache
Changing password for user Apache.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

给smb服务配置用户

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@localhost ~]# pdbedit -a -u Apache
new password:
retype new password:
Unix username:        Apache
NT username:          
Account Flags:        [U          ]
User SID:             S-1-5-21-2237892677-58617703-3176231605-1000
Primary Group SID:    S-1-5-21-2237892677-58617703-3176231605-513
Full Name:            
Home Directory:       \\localhost\apache
HomeDir Drive:        
Logon Script:         
Profile Path:         \\localhost\apache\profile
Domain:               LOCALHOST
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          Wed, 06 Feb 2036 10:06:39 EST
Kickoff time:         Wed, 06 Feb 2036 10:06:39 EST
Password last set:    Wed, 23 Dec 2020 09:13:58 EST
Password can change:  Wed, 23 Dec 2020 09:13:58 EST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

将web_data文件授权给Apache

随后查看权限

1
2
3
4
5
6
7
8
9
10
11
[root@localhost ~]# setfacl -m u:Apache:rwx /data/web_data
[root@localhost ~]# getfacl /data/web_data
getfacl: Removing leading '/' from absolute path names
# file: data/web_data
# owner: root
# group: root
user::rwx
user:Apache:rwx
group::r-x
mask::rwx
other::r-x

SElinux弱策略

1
[root@localhost ~]# setenforce 0

防火墙服务授权

1
2
[root@localhost ~]# firewall-cmd --add-service samba
success

开启smb服务

设置自启

1
2
3
[root@localhost ~]# systemctl start smb
[root@localhost ~]# systemctl enable  smb
Created symlink from /etc/systemd/system/multi-user.target.wants/smb.service to /usr/lib/systemd/system/smb.service.

查看smb服务

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@localhost ~]# systemctl status smb
● smb.service - Samba SMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2020-12-23 09:17:53 EST; 48s ago
     Docs: man:smbd(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 3810 (smbd)
   Status: "smbd: ready to serve connections..."
   CGroup: /system.slice/smb.service
           ├─3810 /usr/sbin/smbd --foreground --no-process-group
           ├─3812 /usr/sbin/smbd --foreground --no-process-group
           ├─3813 /usr/sbin/smbd --foreground --no-process-group
           └─3814 /usr/sbin/smbd --foreground --no-process-group

Dec 23 09:17:53 localhost.localdomain systemd[1]: Starting Samba SMB Daemon...
Dec 23 09:17:53 localhost.localdomain smbd[3810]: [2020/12/23 09:17:53.592344,  0] ../../lib/...y)
Dec 23 09:17:53 localhost.localdomain systemd[1]: Started Samba SMB Daemon.
Dec 23 09:17:53 localhost.localdomain smbd[3810]:   daemon_ready: daemon 'smbd' finished star...ns
Hint: Some lines were ellipsized, use -l to show in full.

windows连接

会弹出一个窗口,输入给smb服务配置用户这一步中新建的用户id和passwd,进入文件夹

登陆的用户拥有该目录的rwx权,可以在此操作文件

同时,文件会同步到linux服务器

注意

  • 此次实验虚拟机为nat静态连接,ip地址设置在Vmnet8网段

  • 不要给/data/web_dat目录额外授权777了,如果你的pc弹窗地址无权访问,更可能是linux防火墙设置的问题,而不是共享文件夹的属性权限问题

  • 不需要关闭windows的防火墙

  • win10的这个服务也不需要开

  • 跟这些东西并没有关系

其实开始做这个实验时,出了些问题,百度一圈回来,找了一堆没用的建议,重做一遍发现结果是我配置文件里发布地址输错了。

配置出问题了怎么办?

  • 如果你的win10在警告弹窗有检测问题这个选项,记得看一下,某些时候还是挺有用的

  • testparm /etc/samba/smb.conf很好,可以检测你的配置文件是否“合格”

  • 可能只是某个步骤敲错了,回档再配一次