前言

一直以来都以为 FTP 和 NFS 是局域网文件共享的常用方式,但是在最近接触 Samba 之后,了解到一些用户需要简化访问学习成本,满足基础的权限控制管理,并支持实时编辑和保存文件,我才明白这些需求使用之前的方法都是很难满足的,而 Samba 却可以完美的支持上述需求,虽然在开始接触时花了一些时间学习,但把配置和语法梳理清楚之后就很简单了。

Unix 与 Windows 文件共享的最佳方式之一


更新历史

2017 年 05 月 16 日 - 完善内容
2015 年 07 月 28 日 - 增加 Samba 日志审计部分
2015 年 07 月 11 日 - 初稿

阅读原文 - https://wsgzao.github.io/post/samba/

扩展阅读

Samba - https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/
使用 Samba 或 NFS 实现文件共享 - http://www.linuxprobe.com/chapter-12.html
SAMBA 服务器 - http://vbird.dic.ksu.edu.tw/linux_server/0370samba.php
RHEL6.5 下部署 samba 企业级文件服务器实战 - http://yuan2.blog.51cto.com/446689/1588085
Samba 日志分析 - http://chenguang.blog.51cto.com/350944/1606746


安装 samba

各个平台的安装都蛮简单的,略过

配置 samba

建议合理规划目录和用户权限,可以利用用户组来简化授权管理,参见扩展阅读

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

# 创建目录(举例)
mkdir -p /data2/sm
chmod -R 777 /data2/sm

# 添加用户(举例)
groupadd dengling
useradd -g dengling -s /sbin/nologin dengling
# 推荐使用 pdbedit
smbpasswd -a dengling

# 备份 smb 配置文件并编辑
cd /etc/samba
cp smb.conf smb.conf.bak
vi smb.conf

# 全局参数
[global]
security = share
log file = /var/log/samba/log.%m
idmap config * : backend = tdb
guest ok = Yes
lanman auth = Yes
client lanman auth = yes
client plaintext auth = yes
hosts allow = 127., 172., 192.168.1., 192.168.3.
cups options = raw
vfs objects = full_audit
full_audit:failure = none
full_audit:success = rename unlink rmdir open opendir pwrite write
full_audit:prefix = %u|%I|%m|%
admin log = yes
log level = 2
syslog = 2

# 共享参数
[homes]
comment = Home Directories
read only = No
browseable = No

[sheji]
comment = sheji
path = /data2/sm/sheji
valid users = share, shenwei, xuwei, shenjiamei, humengchu, rensiqiang, yeting, tongying, jinbo, zengfanan, fengpeisi
read only = No
create mask = 0775
directory mask = 0775

[test]
comment = sheji
path = /data2/sm/test
valid users = test, test2, shenwei
read only = No
create mask = 0775
directory mask = 0775

[q2]
comment = sheji
path = /data2/sm/q2
valid users = xuejia, sungaoshuai, lujingjing, huangsonghe, yefei, lvwenhan, fangyuan, zhanghuichen, liuguofa, xupeiyu, yangpengfei, lisuitao, sunzhen, shenwei, xuwei, shenjiamei, humengchu, rensiqiang, yeting, tongying, jinbo, zengfanan, fengpeisi, chenye, wuailing, pengnan, liangzhixue, chenhong, daimengyou, wangxiaoshuo, zhoujian, fenglu, linlijun, chenshuxian, linzhimin, yanyoushan, xiaguoying, zhanghuanrong, mayushu, xuyangjing, guogaoyan, huangyouyang, jinzhibin, huyuqing, shenxuemei, liukui
read only = No
create mask = 0775
directory mask = 0775

[market]
comment = sheji
path = /data2/sm/market
valid users = zhanghuichen, shenwei, chenye, wuailing, pengnan, liangzhixue, chenhong, daimengyou, wangxiaoshuo, xuyangjing, chenshuxian, linzhimin, caoling, guogaoyan, xiehaibo, huangyouyang, jinzhibin, huyuqing
read only = No
create mask = 0777
directory mask = 0775

[market_finance]
comment = sheji
path = /data2/sm/market_finance
valid users = yangqiong, shenwei, chenye, wuailing, pengnan, liangzhixue, chenhong, daimengyou, wangxiaoshuo, xiehaibo, gaofangjie, xuyangjing, chenshuxian, linzhimin, huangyouyang, jinzhibin, huyuqing
read only = No
create mask = 0777
directory mask = 0775

[shenwei]
comment = sheji
path = /data2/sm/develop/shenwei
valid users = shenwei
read only = No
create mask = 0777
directory mask = 0775

[qijun]
comment = qj
path = /data2/sm/homedir/qijun
valid users = qijun
read only = No
create mask = 0777
directory mask = 0775
guest ok = No

[wenyong]
comment = sheji
path = /data2/sm/develop/wenyong
valid users = wenyong
read only = No
create mask = 0777
directory mask = 0775

[wudi]
comment = sheji
path = /data2/sm/develop/wudi
valid users = wudi
read only = No
create mask = 0777
directory mask = 0775

[caijiannan]
comment = sheji
path = /data2/sm/develop/caijiannan
valid users = caijiannan
read only = No
create mask = 0777
directory mask = 0775

[weiduani2]
comment = weiduan
path = /data2/sm/develop/raochao / 微端
valid users = wangfeng
read only = No
create mask = 0777
directory mask = 0775

[raochao]
comment = raochao
path = /data2/sm/develop/raochao
read list = wangfeng, xuwei, shenjiamei, chenxianzhe, chenye, wuailing, liuyuting, dainan
write list = raochao

[product]
comment = product
path = /data2/sm/product
read only = No
create mask = 0777
directory mask = 0777

[jinbo]
comment = JinBo
path = /data2/sm/homedir/jinbo
valid users = jinbo
read only = No
guest ok = No

[xiaoqiang]
comment = xiaoqiang
path = /data2/sm/homedir/xiaoqiang
valid users = xiaoqiang
read only = No
guest ok = No

[share]
comment = share
path = /data2/sm/homedir/share
valid users = share, market, wal, qijun, zhanghua
read only = No

启动 samba

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

# 常用选项
[shared_name]
path = # 文件系统路径
browseable = {yes|no} # 是否可以被查看到
public = {yes|no} # 是否可被所有人读
guest ok = {yes|no} # 与 public 相同
read only = yes # 是否只读
writeable = yes # 是否可写
write list = user1, user2 # 可写用户列表
@group, +group # 可写组列表
valid users = # 白名单
invalid users = # 黑名单

# 检查语法
testparm

# 重启 smb 服务查看状态
service smb restart
smbstatus

Windows 客户端访问

1.Windows 上访问 samba

在 “计算机” 中输入:\\xxx.xxx.xxx.xxx\

2.Windows 断开 samba 共享连接,实在不行可以选择注销或者重启

在【开始】→【运行】→【CMD】回车中输入:net use * /del /y

  1. 将 samba 共享的 Linux 目录映射成 Windows 的一个驱动器盘符

在【右键计算机】→【映射网络驱动器】→【文件夹 \XX.XX.XX.XX\】

文章目录
  1. 1. 前言
  2. 2. 更新历史
  3. 3. 安装 samba
  4. 4. 配置 samba
  5. 5. 启动 samba
  6. 6. Windows 客户端访问