文章目录
  1. 1. 前言
  2. 2. 更新历史
  3. 3. 安装samba
  4. 4. 配置samba
  5. 5. 启动samba
  6. 6. Windows客户端访问

前言

一直以来都以为FTP和NFS是局域网文件共享的常用方式,但是在最近接触Samba之后,了解到一些用户需要简化访问学习成本,满足基础的权限控制管理,并支持实时编辑和保存文件,我才明白这些需求使用之前的方法都是很难满足的,而Samba却可以完美的支持上述需求,虽然在开始接触时花了一些时间学习,但把配置和语法梳理清楚之后就很简单了。

Unix与Windows文件共享的最佳方式之一


更新历史

2017年05月16日 - 完善内容
2015年07月28日 - 增加Samba日志审计部分
2015年07月11日 - 初稿

阅读原文 - https://wsgzao.github.io/post/samba/

扩展阅读

Samba - https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/
使用Samba或NFS实现文件共享 - http://www.linuxprobe.com/chapter-12.html
SAMBA服务器 - http://vbird.dic.ksu.edu.tw/linux_server/0370samba.php
RHEL6.5下部署samba企业级文件服务器实战 - http://yuan2.blog.51cto.com/446689/1588085
Samba日志分析 - http://chenguang.blog.51cto.com/350944/1606746


安装samba

各个平台的安装都蛮简单的,略过

配置samba

建议合理规划目录和用户权限,可以利用用户组来简化授权管理,参见扩展阅读

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

#创建目录(举例)
mkdir -p /data2/sm
chmod -R 777 /data2/sm

#添加用户(举例)
groupadd dengling
useradd -g dengling -s /sbin/nologin dengling
#推荐使用pdbedit
smbpasswd -a dengling

#备份smb配置文件并编辑
cd /etc/samba
cp smb.conf smb.conf.bak
vi smb.conf

#全局参数
[global]
security = share
log file = /var/log/samba/log.%m
idmap config * : backend = tdb
guest ok = Yes
lanman auth = Yes
client lanman auth = yes
client plaintext auth = yes
hosts allow = 127., 172., 192.168.1., 192.168.3.
cups options = raw
vfs objects = full_audit
full_audit:failure = none
full_audit:success = rename unlink rmdir open opendir pwrite write
full_audit:prefix = %u|%I|%m|%
admin log = yes
log level = 2
syslog = 2

#共享参数
[homes]
comment = Home Directories
read only = No
browseable = No

[sheji]
comment = sheji
path = /data2/sm/sheji
valid users = share, shenwei, xuwei, shenjiamei, humengchu, rensiqiang, yeting, tongying, jinbo, zengfanan, fengpeisi
read only = No
create mask = 0775
directory mask = 0775

[test]
comment = sheji
path = /data2/sm/test
valid users = test, test2, shenwei
read only = No
create mask = 0775
directory mask = 0775

[q2]
comment = sheji
path = /data2/sm/q2
valid users = xuejia, sungaoshuai, lujingjing, huangsonghe, yefei, lvwenhan, fangyuan, zhanghuichen, liuguofa, xupeiyu, yangpengfei, lisuitao, sunzhen, shenwei, xuwei, shenjiamei, humengchu, rensiqiang, yeting, tongying, jinbo, zengfanan, fengpeisi, chenye, wuailing, pengnan, liangzhixue, chenhong, daimengyou, wangxiaoshuo, zhoujian, fenglu, linlijun, chenshuxian, linzhimin, yanyoushan, xiaguoying, zhanghuanrong, mayushu, xuyangjing, guogaoyan, huangyouyang, jinzhibin, huyuqing, shenxuemei, liukui
read only = No
create mask = 0775
directory mask = 0775

[market]
comment = sheji
path = /data2/sm/market
valid users = zhanghuichen, shenwei, chenye, wuailing, pengnan, liangzhixue, chenhong, daimengyou, wangxiaoshuo, xuyangjing, chenshuxian, linzhimin, caoling, guogaoyan, xiehaibo, huangyouyang, jinzhibin, huyuqing
read only = No
create mask = 0777
directory mask = 0775

[market_finance]
comment = sheji
path = /data2/sm/market_finance
valid users = yangqiong, shenwei, chenye, wuailing, pengnan, liangzhixue, chenhong, daimengyou, wangxiaoshuo, xiehaibo, gaofangjie, xuyangjing, chenshuxian, linzhimin, huangyouyang, jinzhibin, huyuqing
read only = No
create mask = 0777
directory mask = 0775

[shenwei]
comment = sheji
path = /data2/sm/develop/shenwei
valid users = shenwei
read only = No
create mask = 0777
directory mask = 0775

[qijun]
comment = qj
path = /data2/sm/homedir/qijun
valid users = qijun
read only = No
create mask = 0777
directory mask = 0775
guest ok = No

[wenyong]
comment = sheji
path = /data2/sm/develop/wenyong
valid users = wenyong
read only = No
create mask = 0777
directory mask = 0775

[wudi]
comment = sheji
path = /data2/sm/develop/wudi
valid users = wudi
read only = No
create mask = 0777
directory mask = 0775

[caijiannan]
comment = sheji
path = /data2/sm/develop/caijiannan
valid users = caijiannan
read only = No
create mask = 0777
directory mask = 0775

[weiduani2]
comment = weiduan
path = /data2/sm/develop/raochao/微端
valid users = wangfeng
read only = No
create mask = 0777
directory mask = 0775

[raochao]
comment = raochao
path = /data2/sm/develop/raochao
read list = wangfeng, xuwei, shenjiamei, chenxianzhe, chenye, wuailing, liuyuting, dainan
write list = raochao

[product]
comment = product
path = /data2/sm/product
read only = No
create mask = 0777
directory mask = 0777

[jinbo]
comment = JinBo
path = /data2/sm/homedir/jinbo
valid users = jinbo
read only = No
guest ok = No

[xiaoqiang]
comment = xiaoqiang
path = /data2/sm/homedir/xiaoqiang
valid users = xiaoqiang
read only = No
guest ok = No

[share]
comment = share
path = /data2/sm/homedir/share
valid users = share, market, wal, qijun, zhanghua
read only = No

启动samba

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

#常用选项
[shared_name]
path = # 文件系统路径
browseable = {yes|no} # 是否可以被查看到
public = {yes|no} # 是否可被所有人读
guest ok = {yes|no} # 与 public 相同
read only = yes # 是否只读
writeable = yes # 是否可写
write list = user1, user2 # 可写用户列表
@group, +group # 可写组列表
valid users = # 白名单
invalid users = # 黑名单

#检查语法
testparm

#重启smb服务查看状态
service smb restart
smbstatus

Windows客户端访问

1.Windows上访问samba

在“计算机”中输入:\\xxx.xxx.xxx.xxx\

2.Windows断开samba共享连接,实在不行可以选择注销或者重启

在【开始】→【运行】→【CMD】回车中输入:net use * /del /y

3.将samba共享的Linux目录映射成Windows的一个驱动器盘符

在【右键计算机】→【映射网络驱动器】→【文件夹\XX.XX.XX.XX\】

文章目录
  1. 1. 前言
  2. 2. 更新历史
  3. 3. 安装samba
  4. 4. 配置samba
  5. 5. 启动samba
  6. 6. Windows客户端访问