使用Samba实现Linux与Windows文件共享实践

前言

一直以来都以为FTP和NFS是局域网文件共享的常用方式，但是在最近接触Samba之后，了解到一些用户需要简化访问学习成本，满足基础的权限控制管理，并支持实时编辑和保存文件，我才明白这些需求使用之前的方法都是很难满足的，而Samba却可以完美的支持上述需求，虽然在开始接触时花了一些时间学习，但把配置和语法梳理清楚之后就很简单了。

Unix与Windows文件共享的最佳方式之一

---

更新历史

2017年05月16日 - 完善内容
2015年07月28日 - 增加Samba日志审计部分
2015年07月11日 - 初稿

阅读原文 - https://wsgzao.github.io/post/samba/

扩展阅读

Samba - https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/
使用Samba或NFS实现文件共享 - http://www.linuxprobe.com/chapter-12.html
SAMBA服务器 - http://vbird.dic.ksu.edu.tw/linux_server/0370samba.php
RHEL6.5下部署samba企业级文件服务器实战 - http://yuan2.blog.51cto.com/446689/1588085
Samba日志分析 - http://chenguang.blog.51cto.com/350944/1606746

---

安装samba

各个平台的安装都蛮简单的，略过

配置samba

建议合理规划目录和用户权限，可以利用用户组来简化授权管理，参见扩展阅读

#创建目录（举例）
mkdir -p /data2/sm
chmod -R 777 /data2/sm

#添加用户（举例）
groupadd dengling
useradd -g dengling -s /sbin/nologin dengling
#推荐使用pdbedit
smbpasswd -a dengling

#备份smb配置文件并编辑
cd /etc/samba
cp smb.conf smb.conf.bak
vi smb.conf

#全局参数
[global]
security = share
log file = /var/log/samba/log.%m
idmap config * : backend = tdb
guest ok = Yes
lanman auth = Yes
client lanman auth = yes
client plaintext auth = yes
hosts allow = 127., 172., 192.168.1., 192.168.3.
cups options = raw
        vfs objects = full_audit
        full_audit:failure = none
        full_audit:success = rename unlink rmdir open opendir pwrite write
        full_audit:prefix = %u|%I|%m|%
admin log = yes
log level = 2
        syslog = 2

#共享参数
[homes]
    comment = Home Directories
    read only = No
    browseable = No

[sheji]
    comment = sheji
    path = /data2/sm/sheji
    valid users = share, shenwei, xuwei, shenjiamei, humengchu, rensiqiang, yeting, tongying, jinbo, zengfanan, fengpeisi
    read only = No
    create mask = 0775
    directory mask = 0775

[test]
    comment = sheji
    path = /data2/sm/test
    valid users = test, test2, shenwei
    read only = No
    create mask = 0775
    directory mask = 0775

[q2]
    comment = sheji
    path = /data2/sm/q2
    valid users = xuejia, sungaoshuai, lujingjing, huangsonghe, yefei, lvwenhan, fangyuan, zhanghuichen, liuguofa, xupeiyu, yangpengfei, lisuitao, sunzhen, shenwei, xuwei, shenjiamei, humengchu, rensiqiang, yeting, tongying, jinbo, zengfanan, fengpeisi, chenye, wuailing, pengnan, liangzhixue, chenhong, daimengyou, wangxiaoshuo, zhoujian, fenglu, linlijun, chenshuxian, linzhimin, yanyoushan, xiaguoying, zhanghuanrong, mayushu, xuyangjing, guogaoyan, huangyouyang, jinzhibin, huyuqing, shenxuemei, liukui
    read only = No
    create mask = 0775
    directory mask = 0775

[market]
    comment = sheji
    path = /data2/sm/market
    valid users = zhanghuichen, shenwei, chenye, wuailing, pengnan, liangzhixue, chenhong, daimengyou, wangxiaoshuo, xuyangjing, chenshuxian, linzhimin, caoling, guogaoyan, xiehaibo, huangyouyang, jinzhibin, huyuqing
    read only = No
    create mask = 0777
    directory mask = 0775

[market_finance]
    comment = sheji
    path = /data2/sm/market_finance
    valid users = yangqiong, shenwei, chenye, wuailing, pengnan, liangzhixue, chenhong, daimengyou, wangxiaoshuo, xiehaibo, gaofangjie, xuyangjing, chenshuxian, linzhimin, huangyouyang, jinzhibin, huyuqing
    read only = No
    create mask = 0777
    directory mask = 0775

[shenwei]
    comment = sheji
    path = /data2/sm/develop/shenwei
    valid users = shenwei
    read only = No
    create mask = 0777
    directory mask = 0775

[qijun]
    comment = qj
    path = /data2/sm/homedir/qijun
    valid users = qijun
    read only = No
    create mask = 0777
    directory mask = 0775
    guest ok = No

[wenyong]
    comment = sheji
    path = /data2/sm/develop/wenyong
    valid users = wenyong
    read only = No
    create mask = 0777
    directory mask = 0775

[wudi]
    comment = sheji
    path = /data2/sm/develop/wudi
    valid users = wudi
    read only = No
    create mask = 0777
    directory mask = 0775

[caijiannan]
    comment = sheji
    path = /data2/sm/develop/caijiannan
    valid users = caijiannan
    read only = No
    create mask = 0777
    directory mask = 0775

[weiduani2]
    comment = weiduan
    path = /data2/sm/develop/raochao/微端
    valid users = wangfeng
    read only = No
    create mask = 0777
    directory mask = 0775

[raochao]
    comment = raochao
    path = /data2/sm/develop/raochao
    read list = wangfeng, xuwei, shenjiamei, chenxianzhe, chenye, wuailing, liuyuting, dainan
    write list = raochao

[product]
    comment = product
    path = /data2/sm/product
    read only = No
    create mask = 0777
    directory mask = 0777

[jinbo]
    comment = JinBo
    path = /data2/sm/homedir/jinbo
    valid users = jinbo
    read only = No
    guest ok = No

[xiaoqiang]
    comment = xiaoqiang
    path = /data2/sm/homedir/xiaoqiang
    valid users = xiaoqiang
    read only = No
    guest ok = No

[share]
    comment = share
    path = /data2/sm/homedir/share
    valid users = share, market, wal, qijun, zhanghua
    read only = No

启动samba

#常用选项
[shared_name]
    path =                              # 文件系统路径
    browseable = {yes|no}               # 是否可以被查看到
    public = {yes|no}                   # 是否可被所有人读
    guest ok = {yes|no}                 # 与 public 相同
    read only = yes                     # 是否只读
    writeable = yes                     # 是否可写
    write list = user1, user2           # 可写用户列表
                @group, +group          # 可写组列表
    valid users =                       # 白名单
    invalid users =                     # 黑名单

#检查语法
testparm

#重启smb服务查看状态
service smb restart
smbstatus

Windows客户端访问

1.Windows上访问samba

在“计算机”中输入：\\xxx.xxx.xxx.xxx\

2.Windows断开samba共享连接，实在不行可以选择注销或者重启

在【开始】→【运行】→【CMD】回车中输入：net use * /del /y

3.将samba共享的Linux目录映射成Windows的一个驱动器盘符

在【右键计算机】→【映射网络驱动器】→【文件夹\XX.XX.XX.XX\】