CentosOS 7.6 samba服务器搭建
系统环境
os: "CentOS 7.6 x64"
lang: "en"
搭建教程
手动安装
1. 环境安装
安装samba服务
yum install -y samba
2. 启动Samba服务并设置开机自启
systemctl start smb
systemctl enable smb
3. 关闭防火墙
方法1 (永久关闭)
- 暂停防火墙服务
systemctl stop firewalld.service
- 关闭开机启动
systemctl disable firewalld.service
方法2(只允许samba需要的端口)
- 添加samba访问端口
firewall-cmd --zone=public --add-port=139/tcp --permanent
firewall-cmd --zone=public --add-port=445/tcp --permanent
firewall-cmd --zone=public --add-port=137/udp --permanent
firewall-cmd --zone=public --add-port=138/udp --permanent
- 重新加载防火墙配置
firewall-cmd --reload
- 重启防火墙
systemctl restart firewalld.service
4. 关闭selinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
vi /etc/selinux/config
文件中设置SELINUX=disabled ,然后重启服务器。
修改前
修改后
5. 修改Samba配置
- 删除samba原有配置
rm -f /etc/samba/smb.conf
- 添加新samba配置
cat << 'EOF' > /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = WORKGROUP
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[share]
comment = Share Directories
path = /home/user1/share/
public = yes
writable = yes
browseable = yes
create mask = 0644
directory mask = 0775
EOF
6. 添加Samba用户
useradd user1
smbpasswd -a user1
7. 创建共享目录并设置权限
mkdir -p /home/user1/share
chmod -R 777 /home/user1/share
chown -R user1:user1 /home/user1/share
/home/user1/share 这个文件目录一定要给Samba对应的用户权限,不放心可设置777权限
8. 重启Samba服务
systemctl restart smb
注意
smb.conf配置添加注释需要另起一行输入,在单行中既包含配置信息又包含注释会导致路径无效以及其他报错
文件已经存在报错
假设你想要将 /home/user1/share 目录的所有者更改为 Samba 用户(假设是 user1),并且将其权限设置为 rwxr-xr-x(即 755),可以使用以下命令
附录
smb服务管理
启动服务
systemctl start smb
设置smb开机运行
sudo systemctl enable smb.service
检查是否smb开机启动
sudo systemctl is-enabled smb.service
查看samba的状态
systemctl status smb
看到Active就说明在运行中了
附加
修改文件夹权限
修改权限
chmod 777 /home/user1/share -R
修改之前
修改之后
chown -R user1:user1 /home/user1/share
修改之前
修改之后
都执行完成后
/home 目录下的权限
/home/user1 目录下的权限
/home/user1/share/ 目录下的权限
chmod 777 /home/user1/share -R
第3步:重启samba服务
systemctl restart smb
Windows挂载Samba共享文件
Win + R快捷键打开命令输入框,输入
\samba服务器IP,如
\10.1.203.36
可以映射为磁盘,以后开机就自动连接了,相当于一个外挂的共享磁盘。
net use z: \\192.168.44.132\
Linux挂载Samba共享文件
首先我们需要在centos7上安装一个samba客户端程序
yum install -y cifs-utils
在客户端服务器,创建一个挂载点
mkdir /data
执行挂载命令
mount -t cifs -o username=“username”,password=“your password” //samba服务器域名或者samba服务器IP/共享名/ /挂载点
翻译一下:
mount -t cifs -o username="你的samba用户名",password="你的密码" //IP地址/share /挂载到本地服务器目录
常见问题
smb.conf配置文件中路径配置无效或路径不存在会报错以下界面
多用户安装
1. 环境安装
安装samba服务
yum install -y samba
2. 启动Samba服务并设置开机自启
systemctl start smb
systemctl enable smb
3. 关闭防火墙
方法1 (永久关闭)
- 暂停防火墙服务
systemctl stop firewalld.service
- 关闭开机启动
systemctl disable firewalld.service
方法2(只允许samba需要的端口)
- 添加samba访问端口
firewall-cmd --zone=public --add-port=139/tcp --permanent
firewall-cmd --zone=public --add-port=445/tcp --permanent
firewall-cmd --zone=public --add-port=137/udp --permanent
firewall-cmd --zone=public --add-port=138/udp --permanent
- 重新加载防火墙配置
firewall-cmd --reload
- 重启防火墙
systemctl restart firewalld.service
4. 关闭selinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
vi /etc/selinux/config
文件中设置SELINUX=disabled ,然后重启服务器。
修改前
修改后
5. 修改Samba配置
- 删除samba原有配置
rm -f /etc/samba/smb.conf
- 添加新samba配置
cat << 'EOF' > /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
#
# Note:
# SMB1 is disabled by default. This means clients without support for SMB2 or
# SMB3 are no longer able to connect to smbd (by default).
[global]
workgroup = WORKGROUP
netbios name = huicheng
security = user
map to guest = bad user
dns proxy = no
server min protocol = SMB3
server max protocol = SMB3
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root
create mask = 0664
directory mask = 0775
[主管部门]
comment = ManagementDepartment share for users
path = /srv/team_share/ManagementDepartment/
browseable = yes
writable = yes
create mask = 0777
directory mask = 0777
valid users = @ManagementDepartment
write list = @ManagementDepartment
[运维部门]
comment = MaintenanceDepartment share for users
path = /srv/team_share/MaintenanceDepartment/
browseable = yes
writable = yes
create mask = 0777
directory mask = 0777
valid users = @ManagementDepartment,@MaintenanceDepartment,@TechnicalDepartment,@CustomerDepartment,@CodeDepartment,@ShadowDepartment
write list = @ManagementDepartment,@MaintenanceDepartment
read list = @TechnicalDepartment,@CustomerDepartment,@CodeDepartment,@ShadowDepartment
[技术部门]
comment = TechnicalDepartment share for users
path = /srv/team_share/TechnicalDepartment/
browseable = yes
writable = yes
create mask = 0777
directory mask =0777
valid users = @ManagementDepartment,@TechnicalDepartment
write list = @ManagementDepartment
read list = @TechnicalDepartment
[客服部门]
comment = CustomerDepartment share for users
path = /srv/team_share/CustomerDepartment/
browseable = yes
writable = yes
create mask = 0777
directory mask = 0777
valid users = @ManagementDepartment,@CustomerDepartment
write list = @ManagementDepartment
read list = @CustomerDepartment
[代号部门]
comment = CodeDepartment share for users
path = /srv/team_share/CodeDepartment/
browseable = yes
writable = yes
create mask = 0777
directory mask = 0777
valid users = @ManagementDepartment,@CodeDepartment
write list = @ManagementDepartment
read list = @CodeDepartment
[影子部门]
comment = ShadowDepartment share for users
path = /srv/team_share/ShadowDepartment/
browseable = yes
writable = yes
create mask = 0777
directory mask = 0777
valid users = @ManagementDepartment,@ShadowDepartment
write list = @ManagementDepartment
read list = @ShadowDepartment
EOF
linux 命令 批量添加用户,并添加组
创建用户文件
- 创建文件input_file.txt
cat >> input_file.txt <<'EOF'
User_1001_vMrAyb 0vuPy91pQYbP ManagementDepartment
User_2001_esPms2 5nsBIsFpZxgt TechnicalDepartment
User_2002_qSFjLg M9tKPpWE3tIN TechnicalDepartment
User_2003_Wc6fLa mGlD3kw93y3i TechnicalDepartment
User_2004_ZNUIz2 TZh8Lfb9bHQU TechnicalDepartment
User_2005_ac6X9U CPBspV1jaB6m TechnicalDepartment
User_2006_Pc2j9m R6n648NK1WD2 TechnicalDepartment
User_3001_CuBKow 5GjqHbljVvBK CustomerDepartment
User_3002_1aC9nH DvfLlrnmPHEG CustomerDepartment
User_3003_No8m6T 64QbB8ZARuG4 CustomerDepartment
User_3004_pt0iE6 QFwE39D097oX CustomerDepartment
User_3005_LIdi35 ofGdH3yp9EhD CustomerDepartment
Virtual_1001_S71QA3 urdKUHnKLsn1 CodeDepartment
Virtual_1002_tLSYeb CW89mfDckEN9 CodeDepartment
Virtual_1003_v92kQc 5NbaV8YglpNu CodeDepartment
Virtual_2001_VtcKsx IwBRPT1RK60i CodeDepartment
Virtual_2002_evMdSW 5uHEGmjRAGci CodeDepartment
Virtual_3001_cqMdS1 ZmguZP6qw7lD ShadowDepartment
Virtual_3002_6tNovh mDFe7a4BRgsu ShadowDepartment
Virtual_3003_rlO476 vy6ASfB2QeWo ShadowDepartment
Virtual_3004_p4Up62 LPgY6bG6LRKa ShadowDepartment
Virtual_3005_lwRICB 9rT4Nc4qpO86 ShadowDepartment
Virtual_3006_pyFCID uay0kl74t9DM ShadowDepartment
Virtual_3007_YQ3ff4 1bP3NP0OQuig ShadowDepartment
EOF
批量添加用户
方法1. 一键创建user和samba用户(推荐)
new
cat >> all_usersambaadd_script.sh <<'EOF'
#!/bin/bash
# 定义包含用户名、密码和用户组的文件路径
input_file="input_file.txt"
# 检查输入文件是否存在
if [ ! -f "$input_file" ]; then
echo "Input file not found: $input_file"
exit 1
fi
# 逐行读取输入文件,并为每个用户执行用户创建和 SAMBA 用户创建操作
while IFS=' ' read -r username password group; do
# 创建组
groupadd "${group}"
#添加用户到组
useradd -g "${group}" "${username}"
# 创建Samba用户
echo -e "${password}\n${password}" | smbpasswd -a "$username" -s
# 检查 smbpasswd 命令的退出状态,并输出相应的消息
if [ $? -eq 0 ]; then
echo "${username}已成功添加为SAMBA用户."
else
echo "用户${username}添加失败!"
fi
echo "User ${username} created and added to group ${group}"
done < "$input_file"
echo "Batch user creation and SAMBA user creation completed."
EOF
old
cat >> all_usersambaadd_script.sh <<'EOF'
#!/bin/bash
# 定义包含用户名、密码和用户组的文件路径
input_file="input_file.txt"
# 检查输入文件是否存在
if [ ! -f "$input_file" ]; then
echo "Input file not found: $input_file"
exit 1
fi
# 逐行读取输入文件,并为每个用户执行用户创建和 SAMBA 用户创建操作
while IFS=' ' read -r username password group; do
# 创建用户
useradd -m -s /bin/bash "${username}"
# 设置用户密码
echo "${username}:${password}" | chpasswd
# 如果用户组不存在,则创建用户组
getent group "${group}" || groupadd "${group}"
# 添加用户到用户组
usermod -aG "${group}" "${username}"
# 创建Samba用户
echo -e "${password}\n${password}" | smbpasswd -a "$username" -s
# 检查 smbpasswd 命令的退出状态,并输出相应的消息
if [ $? -eq 0 ]; then
echo "${username}已成功添加为SAMBA用户."
else
echo "用户${username}添加失败!"
fi
echo "User ${username} created and added to group ${group}"
done < "$input_file"
echo "Batch user creation and SAMBA user creation completed."
EOF
bash all_usersambaadd_script.sh
方法2. 批量创建user脚本,创建samba脚本
cat >> useradd_script.sh <<'EOF'
#!/bin/bash
# 从文本文件中读取用户名、密码和用户组
while IFS=' ' read -r username password group; do
# 创建用户
useradd -m -s /bin/bash "${username}"
# 设置密码
echo "${username}:${password}" | chpasswd
# 如果用户组不存在,则创建用户组
getent group "${group}" || groupadd "${group}"
# 添加到用户组
usermod -aG "${group}" "${username}"
echo "User ${username} created and added to group ${group}"
done < input_file.txt
echo "Batch user creation completed."
EOF
bash useradd_script.sh
cat >> sambaadd_script.sh <<'EOF'
#!/bin/bash
# 定义 SAMBA 密码
samba_password="password123"
# 定义包含用户名、密码和组名的文件路径
input_file="input_file.txt"
# 检查输入文件是否存在
if [ ! -f "$input_file" ]; then
echo "Input file not found: $input_file"
exit 1
fi
# 逐行读取输入文件,并为每个用户执行 smbpasswd 命令
while IFS=' ' read -r username password group; do
# 使用 echo 命令来输入密码,然后将其传递给 smbpasswd 命令
echo -e "${password}\n${password}" | smbpasswd -a "$username" -s
# 检查 smbpasswd 命令的退出状态,并输出相应的消息
if [ $? -eq 0 ]; then
echo "${username}已成功添加为SAMBA用户."
else
echo "用户${username}添加失败!"
fi
done < "$input_file"
echo "批量 SAMBA 用户创建已完成。"
EOF
bash sambaadd_script.sh
创建文件夹并设置权限
- 批量创建部门文件夹
mkdir -p /srv/team_share/{ManagementDepartment,MaintenanceDepartment,TechnicalDepartment,CustomerDepartment,CodeDepartment,ShadowDepartment}
- 设置权限
chmod -R 777 /srv/team_share/{ManagementDepartment,MaintenanceDepartment,TechnicalDepartment,CustomerDepartment,CodeDepartment,ShadowDepartment}
附加
无法访问samba也有可能是没有关闭防火墙导致
uaseredd username #添加用户到系统
groupadd groupname #添加用户组到系统
pdbedit命令
pdbedit -L #显示列表
pdbedit -a username #添加username用户到samba,添加前确保此用户已在系统内(uaseredd username)
pdbedit -x username #删除username用户
其他
valid users = @groupname #可以访问资源用户组需要在前面添加@,单个用户不需要添加@
invalid users=share #限制某个用户访问资源
net use * /del 代表清除samba用户连接数据。需要普通用户cmd执行。
windows端使用端口映射,将本地的455端口映射到远端服务器的5058端口,并重启电脑
管理员运行CMD命令行,并执行命令
netsh interface portproxy add v4tov4 listenport=445 listenaddress=127.0.0.1 connectport=5058 connectaddress=144.123.128.62
一键脚本
cat >> autosmb.sh <<'EOF'
#!/bin/bash
# 1. 安装Samba服务
yum install -y samba
# 2. 启动Samba服务并设置开机自启
systemctl start smb
systemctl enable smb
## 3:防火墙只允许samba需要的端口
firewall-cmd --zone=public --add-port=139/tcp --permanent
firewall-cmd --zone=public --add-port=445/tcp --permanent
firewall-cmd --zone=public --add-port=137/udp --permanent
firewall-cmd --zone=public --add-port=138/udp --permanent
firewall-cmd --reload
systemctl restart firewalld.service
# 4. 关闭SELinux
## 方法1:临时关闭
setenforce 0
EOF
执行一键脚本
bash autosmb.sh
删除原有配置
rm -f /etc/samba/smb.conf
测试脚本1
cat << 'EOF' > /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
#
# Note:
# SMB1 is disabled by default. This means clients without support for SMB2 or
# SMB3 are no longer able to connect to smbd (by default).
[global]
workgroup = WORKGROUP
netbios name = huicheng
security = user
map to guest = bad user
dns proxy = no
server min protocol = SMB3
server max protocol = SMB3
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root
create mask = 0664
directory mask = 0775
[主管部门]
comment = ManagementDepartment share for users
path = /srv/team_share/ManagementDepartment/
browseable = yes
writable = yes
create mask = 0777
directory mask = 0777
valid users = @ManagementDepartment
write list = @ManagementDepartment
[运维部门]
comment = MaintenanceDepartment share for users
path = /srv/team_share/MaintenanceDepartment/
browseable = yes
writable = yes
create mask = 0777
directory mask = 0777
valid users = @ManagementDepartment,@MaintenanceDepartment,@TechnicalDepartment,@CustomerDepartment,@CodeDepartment,@ShadowDepartment
write list = @ManagementDepartment,@MaintenanceDepartment
read list = @TechnicalDepartment,@CustomerDepartment,@CodeDepartment,@ShadowDepartment
[技术部门]
comment = TechnicalDepartment share for users
path = /srv/team_share/TechnicalDepartment/
browseable = yes
writable = yes
create mask = 0777
directory mask =0777
valid users = @ManagementDepartment,@TechnicalDepartment
write list = @ManagementDepartment
read list = @TechnicalDepartment
[客服部门]
comment = CustomerDepartment share for users
path = /srv/team_share/CustomerDepartment/
browseable = yes
writable = yes
create mask = 0777
directory mask = 0777
valid users = @ManagementDepartment,@CustomerDepartment
write list = @ManagementDepartment
read list = @CustomerDepartment
[代号部门]
comment = CodeDepartment share for users
path = /srv/team_share/CodeDepartment/
browseable = yes
writable = yes
create mask = 0777
directory mask = 0777
valid users = @ManagementDepartment,@CodeDepartment
write list = @ManagementDepartment
read list = @CodeDepartment
[影子部门]
comment = ShadowDepartment share for users
path = /srv/team_share/ShadowDepartment/
browseable = yes
writable = yes
create mask = 0777
directory mask = 0777
valid users = @ManagementDepartment,@ShadowDepartment
write list = @ManagementDepartment
read list = @ShadowDepartment
EOF
执行一键脚本
bash autosmb.sh
old
Filename batadduser.sh
#!/bin/bash
# 从文本文件中读取用户名、密码和用户组
while IFS=' ' read -r username password group; do
# 创建用户
useradd -m -s /bin/bash "${username}"
# 设置密码
echo "${username}:${password}" | chpasswd
# 如果用户组不存在,则创建用户组
getent group "${group}" || groupadd "${group}"
# 添加到用户组
usermod -aG "${group}" "${username}"
echo "User ${username} created and added to group ${group}"
done < input_file.txt
echo "Batch user creation completed."
执行linux脚本
bash batadduser.sh
附录
create mask =0777 #指新创建的文件的访问权限是否放开
directory mask = 0777 #指新创建的目录的访问权限是否放开
如果设置的权限有0660或0770的情况需要通过shell命令 chmod 777 /home/samba/$[filename] -R 来重新定义权限。才能访问
valid users #可访问用户
write list #可写
read list #只读
systemctl restart smb nmb #重启smb nmb
sysetmctl enable smb.service #自启动smb
systemctl enable nmb.service #自启动nmb
chmod 777 /srv/team_share -R #设置文件夹权限,不设置权限也是无法访问
chmod 777 /srv/team_share/ManagementDepartment -R #设置文件夹权限,不设置权限即使打开了也是显示无法创建文件夹以及文件
chmod 777 /srv/team_share/TechnicalDepartment -R
给smb用户设置连接密码,命令回车后需要键盘输入密码,记住密码否则后期连不上。
第2步:设置共享目录,文件权限
mkdir /home/user1/share
文件已经存在报错
假设你想要将 /home/user1/share 目录的所有者更改为 Samba 用户(假设是 user1),并且将其权限设置为 rwxr-xr-x(即 755),可以使用以下命令
修改文件夹权限
修改权限
chmod 777 /srv/team_share/ManagementDepartment -R
修改之前
修改之后
chown -R User_1001_vMrAyb:User_1001_vMrAyb /srv/team_share/ManagementDepartment
chown -R ManagementDepartment:ManagementDepartment /srv/team_share/ManagementDepartment
修改之前
修改之后
都执行完成后
修改Samba配置
修改前
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
待删
添加Samba用户
useradd user1
smbpasswd -a user1
添加Samba用户,即客户端连接需要用户名+密码才可
第1步:需要添加一个linux系统级用户来管理,可以使用已有用户(非root),也可以新建用户
useradd user1
//添加用户
passwd user1
//修改密码(linux系统的用密码,可以不设置,然后禁止该用户登录)
设置samba用户的连接密码(这一步很重要,必须要执行,这是后期客户端连接时需要输入的密码)
smbpasswd -a user1
给smb用户设置连接密码,命令回车后需要键盘输入密码,记住密码否则后期连不上。
常见问题
1. 可以打开目录,但是无法添加删除文件,问题如下
权限配置
解决方案
添加权限
chmod -R 777 /srv/team_share/{ManagementDepartment,MaintenanceDepartment,TechnicalDepartment,CustomerDepartment,CodeDepartment,ShadowDepartment}
添加权限后的界面
文件也能创建成功了
2.能显示目录,但是无法打开目录,显示如下
原因是没有指定目录
解决方案 创建samba配置中配置的目录
3. 能显示目录但是无法访问报错
原因有可能你只创建的user用户并没有创建samba用户
解决方案添加samba用户密码
smbpasswd -a User_1001_vMrAyb
坑!大重点,让我研究了好几天
- 对于组的分配,设置后不生效是因为组的创建有问题
创建组和用户的方法1
useradd User_1001_vMrAyb
groupadd ManagementDepartment
usermod -aG "ManagementDepartment" "User_1001_vMrAyb"
创建组和用户的方法2
groupadd ManagementDepartment
useradd -g ManagementDepartment User_1001_vMrAyb
解决方案,需要用方法2创建组,要不会无法分配组配额
标签:ManagementDepartment,users,CentOS,mask,share,samba,7.6,Samba,smb From: https://www.cnblogs.com/leytebrad/p/18168048