由于现在工作太忙了,也是偶太懒了好久也没好好
写点东东,工作原因偶配置sambs 服务器时候比较多,所以写下来和大家共同探讨
下.本文是针对red hat linux 9 samba server配置.希望能对像我样小菜有点帮助.本文没有什么技术含量.本人涉及linux造诣不深,还请各位指教.samba server
配置文件在/etc/samba/下smb.conf打开个终端中输入: gedit /etc/samba/smb.conf 也可以用vi编辑.由于文件太长,我把个人认为没有用东东删除了,主要是些注释.下面偶解释下主要字段意思.由于我这个文件配置过了,可能你机器和我不样.
= Global Settings =[global] //设置samba服务整体环境
workgroup = hackase //设置工作组名
server
= angel server //服务器名介绍说明; hosts allow = 192.168.1. 192.168.2. 127. //限制可访问此服务
IP范围,默认是全部 允许
,要是想设设置去掉前面";"pr
cap name = /etc/prcap //打印机配置文件load pr
ers = yes //是否共享打印机# bsd, sysv, plp, lprng, aix, hpux, qnx, cups
pr
ing = cups //打印机类型.标准打印机类型包括以上几种.; guest account = pcguest //pcguest为用户名.可改去掉前边
";"让用户以pcguest身份匿名登录,但保证/etc/passwd中有此人.
log file = /var/log/samba/%m.log //为登录服务器
用户建立区别日志文件.max log size = 0 //日志文件
大小,"0"代表无限制//以下是smb.conf文件对服务器安全级别
设置security = SHARE //安全性
级别共 4种.share、user、server、do
; password server = <NT-Server-Name> 密码验证服务器.
; password level = 8 //密码级别
; username level = 8
encrypt passwords = yes //用户密码加密,当然也可以不加密
smb passwd file = /etc/samba/smbpasswd //将密码服务器设置为samba server.需
要这个东东来指定验证文件.这个是文件
路径,如果samba server是指定win server这个不须要
; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*
*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*pam password change = yes
; username map = /etc/samba/smbusers //如果每个windows用户在samba服务器中有帐户这
个可以不设
;
= /etc/samba/smb.conf.%mobey pam restrictions = yes
;
erfaces = 192.168.12.2/24 192.168.13.2/24 如果多网段要在这里列出; remote announce = 192.168.1.255 192.168.2.44
; local master = no
; os level = 33
; do
master = yes; preferred master = yes
; do
logons = yes; logon script = %m.bat
; logon script = %U.bat
; logon path = \\%L\Profiles\%U
; wins support = yes //wins server支持
; wins server = w.x.y.z
; wins proxy = yes //wins 代理设置
dns proxy = no //dns代理设置
; preserve
= no;
preserve = no; default
= lower;
sensitive = no#
Share Definitions [homes] //用户访问自已目录
设置comment = Home Directories //介绍说明(以下同理)
browseable = no//设定目录可不可以别人浏览
writeable = yes//用户写入自己
权限valid users = %S
create mode = 0664
directory mode = 0775
; [netlogon] //此段域用户登录目录设置
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no
;[Profiles]
; path = /usr/local/samba/profiles
; browseable = no
; guest ok = yes
[pr
ers] //打印机设置comment = All Pr
ers path = /var/spool/samba
browseable = no
pr
able = yes;[tmp] //用户共享资源设置
; comment = Temporary file space
; path = /tmp //可以自定义目录,去掉前边
";"就OK了; read _disibledevent=>; public = yes
;[public] //用户共享资源设置
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; pr
able = no; write list = @staff
;[fredsprn]
; comment = Fred's Pr
er; valid users = fred
; path = /home/fred
; pr
er = freds_prer; public = no
; writable = no
; pr
able = yes;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; pr
able = no;[pchome]
; comment = PC Directories
; path = /usr/local/pc/%m
; public = no
; writable = yes
;[public]
; path = /usr/somewhere/
/public; public = yes
; _disibledevent=>; writable = yes
; pr
able = no;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; pr
able = no; create mask = 0765
[my work] //偶
东东comment = is me work
path = /root/my work
valid users angel
public = yes
writeable = yes
好了,了解smb.conf
文件就好办了.我们开始对samba server 4个安全级别分别讲解.1、share级配置
这个在 4个等级中是最低
,思路方法也是最简单.我们只要对smb.conf文件修改下就可以了.workgroup = hackase
server
= angel serverhosts allow = 192.168.1. //限制192.168.1
IP网段可以防问pr
cap name = /etc/prcap load pr
ers = yes //共享打印机pr
ing = cups //打印机用linux标准guest account = angel
log file = /var/log/samba/%m.log
max log size = 20
security = share
=其他
设置默认就可以了,也可以像我把所有注释删除.[tmp]这个字段";"去掉.路径可以更改. 重启下服务 /etc/samba/smb restart // service smb restart 也可用testparm测试我们配置
文件是否正确:=[root@localhost root]# testparm //测试时[pr
ers]注释掉了所以这里没有.Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[tmp]"
Processing section "[my]"
Loaded services file OK. //如有
,会在这列出地方.Press enter to see a dump of your service definitions
用smbclient命令查看网络共享情况
=[root@localhost etc]# smbclient -L localhost //本机名为localhost
Password:
Do
=[HACKBASE] OS=[Unix] Server=[Samba 2.2.7a]Sharename Type Comment
--------- ---- -------
tmp Disk Temporary file space
my Disk is me
IPC$ IPC IPC Service (angel server)
ADMIN$ Disk IPC Service (angel server)
root Pr
er Home DirectoriesServer Comment
--------- -------
Workgroup Master
--------- -------
=2、user级配置
user比share级安全级别高
点点,很简单,可以在share基础上改下就可以了.改
下security = share字段为:security = user.在加上如下字段:guest account = angel //机器上有这个用户名,如果你没有那就建
个吧!encrypt passwords=yes
smb passwd file=/etc/samba/smbpasswd
(1)生成口令文件.
#cat/etc/passwd | mksmbpasswd.sh>/etc/samba/smbpasswd
本命令将生成口令文件"/etc/samba/smbpasswd" 这个就是我们刚加上
"smb passwd file=/etc/samba/smbpasswd"(2)我们知道建账户是建在etc/passwd文件里,我们须要用smbpasswd命令为刚才建立
账名设置samba server口令. 格式为:smbpasswd angel(3)重启samba server服务
user级
也OK了,你可以用testparm and smbclient命测试.windows用户想访问就要输入angel and passwd.这个就不是谁都可以访问你共享资源了.3、server 级配置
server级比user级也高那么
点,只需要user级配置上修改下就OK了.(1)security = user字段为:security = server
(2)加上password server = ****** //密码服务器,这个可以是你
windows主域控制器,也可以是别
个samba server服务器(名子无意思)(3)注释smb passwd file=/etc/samba/smbpasswd
(4)重启samba server服务,你可以用testparm and smbclient命测试.
好了,又完事
个现在如果台windows机器登录******(password server = ******设置)域服务器时候,也就同登录上了samba server,如果你以是*****主控域计算机,那你就可以输入你自己账号密码打开samba server文件了,但是你要保证*****和sambs server账号和密码相同.4、do
级配置do
级配置是samba server中级别最高他主要就是把samba加入到域中去,用域服务器作samba server密码服务器.其实do
级配置也很简单,只需要在user级基础上修改:(1)加入字段:NETBLOS =
//起个NETBLOS名,放在smb.conf文件最上边password server = ** //用主域控制器**来做密码服务器
(2)security = user字段为:security = do
workgroup = ***** //*****是主域控制器
域名(3)注释smb passwd file=/etc/samba/smbpasswd
(4)重启samba server服务,你可以用testparm and smbclient命测试.
终于完事了,好在我
"弹指神功"技术纯熟.这个时候我们就可以和windows系统通信了,我也要去呼呼了,等等~~~那网络可以共享了,那么我们本机linux系统和本机windows系统如何通信啊!呵呵.当然有办法,到现在大侠们可以起来活动活动了,帮我看看我写有什么.好了,打开终端输入:[root@localhost root]# fdisk -l //查下windows系统所在分区.Disk /dev/hdb: 61.4 GB, 61492838400
s255 heads, 63 sectors/track, 7476 cylinders
Units = cylinders of 16065 * 512 = 8225280
sDevice Boot Start End Blocks Id
/dev/hdb1 * 1 738 5927953+ 7 HPFS/NTFS
/dev/hdb2 739 7476 54122985 f Win95 Ext'd (LBA)
/dev/hdb5 739 1480 5960083+ 7 HPFS/NTFS
/dev/hdb6 1481 2383 7253316 b Win95 FAT32
/dev/hdb7 3651 6200 20482843+ b Win95 FAT32
/dev/hdb8 6201 7476 10249438+ b Win95 FAT32
/dev/hdb9 2384 2396 104391 83 Linux
/dev/hdb10 2397 3585 9550611 83 Linux
/dev/hdb11 3586 3650 522081 82 Linux swap
[root@localhost root]# mkdir /mnt/my //在mnt下建
个叫my目录(定义到那自己决定)[root@localhost root]# mount -t auto /dev/hdb7 /mnt/my //不用说了吧!
这样就可以防问windows
分区了,但是系统分区不可以是ntfs格式.windows系统访问linux系统要用到工具,"explore2fs"可以到
http://download.enet.com.cn/html/030282000080601.html下载
在工作中,大多用第 2种思路方法.好了,我终于可以去呼呼了.感谢您看完!!
最新评论