文章目录
一. samba 服务简介
作用:
windows 系统共享文件时用到的协议 smb
smb 是由 miscrosoft+sun
Linux cifs
二.samba 基本信息
基本信息 | |
---|---|
服务启动脚本 | smb.service |
主配置目录 | /etc/samba |
主配置文件 | /etc/smb.conf |
安全上下文 | samba_share_t |
端口 | 139,445 |
安装包 | samba,samba-common,samba-client |
三、samba使用
1.samba 的安装与启用
samba 的安装:
dnf install samba samba-common samba-client -y
samba 服务启动:
systemctl enable --now smb
samba 服务启用
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload
测试:
smbclient -L //172.25.254.20 ##当要输入 root 密码时请直接回车
%cifs是samba协议的一种
2.samba 用户的建立
1.samba 用户必须是被地存在的用户
2.samba 用户的建立
smbpasswd -a lee ##添加用户
pdbedit -L##查看用户列表
pdbedit -x lee##删除用户
3.samba 用户访问加目录
当 selinux 开启时:
setsebool -P samba_enable_home_dirs on
windows 下
\172.25.254.20##访问
net use##查看访问记录
net use * /del##删除访问记录
在 linux 下:
smbclient //172.25.254.20/westos -U westos
%用户的建立
[root@node2 ~]# useradd -s /bin/nologin -M admin
[root@node2 ~]# userdel -r lee
[root@node2 ~]# useradd -s /bin/nologin -M lee
[root@node2 ~]# useradd -s /bin/nologin -M linux
%往samba里添加用户
[root@node2 ~]# smbpasswd -a admin
New SMB password:westos #都是westos
Retype new SMB password:westos
Added user admin.
[root@node2 ~]# smbpasswd -a lee
New SMB password:
Retype new SMB password:
Added user lee.
[root@node2 ~]# smbpasswd -a linux
New SMB password:
Retype new SMB password:
Added user linux.
[root@node2 ~]# pdbedit -L ##查看用户列表
admin:1002:
linux:1004:
lee:1003:
[root@node2 ~]# pdbedit -x lee #删除用户
[root@node2 ~]# pdbedit -L
admin:1002:
linux:1004:
[root@node2 ~]# smbclient -L //172.25.254.203 #登陆
[root@node2 ~]# smbclient -L //172.25.254.203/LEE #不能指定文件登陆,因为samba不支持匿名用户操作
SMB1 disabled -- no workgroup available
[root@node2 ~]# smbclient //172.25.254.203/LEE -U admin #指定用户admin登陆,能ls查看内容
[root@node2 ~]# mount -o username=admin,password=westos //172.25.254.203/LEE /mnt/ #挂载
[root@node2 ~]# df
[root@node2 ~]# cd /mnt #此时的mnt是挂载的//172.25.254.203/LEE里面的
[root@node2 mnt]# ls
[root@node2 ~]# umount username=admin,password=westos //172.25.254.203/LEE /mnt/ #卸载
%使用autofs软件实现在客户端自动挂载
[root@node2 ~]# dnf search autofs
[root@node2 ~]# dnf install autofs.x86_64 -y
[root@node2 ~]# systemctl enable --now autofs.service
[root@node2 ~]# vim /etc/auto.master
添加
/mnt /etc/auto.samba
[root@node2 ~]# vim /etc/auto.samba
samba -fstype=cifs,username=lee,password=westos ://172.25.254.203/LEE
[root@node2 ~]# systemctl restart autofs.service
[root@node2 ~]# cd /mnt/
[root@node2 mnt]# ls
[root@node2 mnt]# cd samba
[root@node2 samba]# df #就会自动挂载了
[root@node2 samba]# vim /etc/autofs.conf
timeout = 3 #300秒改称等待3秒取消挂载
[root@node2 samba]# systemctl restart autofs.service #重启服务后就会取消挂载
[root@node2 samba]# df
%操作晚餐
4.samba 服务共享目录
mkdir /westosdir
touch /westosdir/westosfile{1…5}
semanage fcontext -a -t samba_share_t ‘/westosdir(/.*)?’
restorecon -RvvF /westosdir/
vim /etc/samba/smb.conf
[westosdir]
##共享名称
comment = westosdir ##共享说明
path = /westosdir ##共享路径
systemctl restart smb
测试:
smbclient //172.25.254.20/westosdir -U westos
%操作:samba 服务共享目录
[root@node2 ~]# dnf install samba samba-client samba-common -y
[root@node2 ~]# systemctl enable --now smb
[root@node2 ~]# systemctl disable --now firewalld
或者火墙增加samba
[root@node2 samba]# firewall-cmd --permanent --add-service=samba
success
[root@node2 samba]# firewall-cmd --reload
[root@node2 samba]# mkdir /westos/
[root@node2 ~]# semanage fcontext -a -t samba_share_t '/westos(/.*)?'
[root@node2 ~]# restorecon -RvvF /westos/
[root@node2 ~]# cd /etc/samba/
[root@node2 samba]# ls
lmhosts smb.conf smb.conf.example
[root@node2 samba]# cp smb.conf.example smb.conf
[root@node2 samba]# vim smb.conf
在最后添加
[LEE] #名称
comment = westos dir #共享说明
path = /westos #共享真实路径
[root@node2 ~]# systemctl restart smb.service
[root@node2 ~]# smbpasswd -a admin #samba 用户必须是被地存在的用户
New SMB password:
Retype new SMB password:
Failed to add entry for user admin.
[root@node2 ~]# id admin
id: ‘admin’: no such user
6.samba 的访问控制
hosts allow 172.25.254.30 172.25.254.
##当写到单独共享时之对此共享生效
hosts deny
##当写到【GLOBAL】时对 samba 整体生效
7.samba 的常用配置参数
writable = yes##可写
write list = westos ##指定用户可写
write list = +westos ##指定组可写
write list = @westosvalid users = lee##指定访问用户
valid users = +lee|@lee ##指定访问组,组成员都可以
browseable = yes|no ##是否隐藏共享,但是可以挂载可以用,只是不能被看到
map to guest = bad user ##写到全局设定中
guest ok = yes ##允许匿名用户访问
admin users = lee ##指定此共享的超级用户身份呢
%操作
[root@node2 samba]# vim /etc/samba/smb.conf
[LEE]
comment = westos dir
path = /mnt
[root@node2 samba]# systemctl restart smb
[root@node2 samba]# setsebool -P samba_export_all_ro on
[root@node2 samba]# getsebool -a | grep samba
[root@node2 samba]# smbclient //172.25.254.203/LEE -U admin
smb: \> ls
. D 0 Sun Nov 29 11:52:39 2020
.. D 0 Sun Nov 29 11:38:04 2020
20480 blocks of size 1024. 0 blocks available
smb: \> quit
[root@node2 ~]# chmod 777 /westos/
[root@node2 samba]# vim smb.conf
[LEE]
comment = westos dir
path = /westos
writable = yes #能够建立文件
[root@node2 ~]# systemctl restart smb
[root@node2 ~]# umount /mnt/samba
[root@node2 ~]# mount //172.25.254.203/LEE -o username=lee,password=westos /mnt/
[root@node2 ~]# cd /etc/samba/
[root@node2 samba]# ls
[root@node2 samba]# touch file1
[root@node2 samba]# ls
[root@node2 ~]# vim /etc/samba/smb.conf
[LEE]
comment = westos dir
path = /westos
; writable = yes
write list = admin ##指定用户可写
[root@node2 ~]# systemctl restart smb
[root@node2 ~]# mount //172.25.254.203/LEE -o username=lee,password=westos /mnt/
[root@node2 ~]# cd /mnt
[root@node2 mnt]# touch f2 #lee用户不能写
touch: cannot touch 'f2': Permission denied
[root@node2 mnt]# cd
[root@node2 ~]# umount /mnt
[root@node2 samba]# vim /etc/samba/smb.conf
[LEE]
comment = westos dir
path = /westos
; writable = yes
; write list = admin
write list = @admin #指定用户组可写,含有admin用户组都可
[root@node2 ~]# systemctl restart smb
[root@node2 ~]# id lee
uid=1003(lee) gid=1003(lee) groups=1003(lee)
[root@node2 ~]# usermod -G admin lee #添加admin用户组
[root@node2 ~]# id lee
uid=1003(lee) gid=1003(lee) groups=1003(lee),1002(admin)
[root@node2 ~]# mount //172.25.254.203/LEE -o username=lee,password=westos /mnt/
[root@node2 ~]# cd /mnt/
[root@node2 mnt]# touch f2
[root@node2 mnt]# ls
f1 f2
[root@node2 ~]# umount /mnt
[root@node2 samba]# vim /etc/samba/smb.conf
[LEE]
comment = westos dir
path = /westos
; writable = yes
; write list = admin
; write list = @admin
valid users = admin #指定挂载访问用户
[root@node2 ~]# systemctl restart smb
[root@node2 ~]# mount //172.25.254.203/LEE -o username=lee,password=westos /mnt/ #不能挂载
mount: /mnt: cannot mount //172.25.254.203/LEE read-only.
[root@node2 ~]# mount //172.25.254.203/LEE -o username=admin,password=westos /mnt/
[root@node2 ~]# umount /mnt
[root@node2 samba]# vim /etc/samba/smb.conf
[LEE]
comment = westos dir
path = /westos
; writable = yes
; write list = admin
; write list = @admin
valid users = +admin #指定挂载访问用户组
[root@node2 ~]# systemctl restart smb
[root@node2 ~]# id lee
uid=1003(lee) gid=1003(lee) groups=1003(lee),1002(admin)
[root@node2 ~]# mount //172.25.254.203/LEE -o username=lee,password=westos /mnt/
[root@node2 ~]# umount /mnt
[root@node2 samba]# vim /etc/samba/smb.conf
[LEE]
comment = westos dir
path = /westos
; writable = yes
; write list = admin
; write list = @admin
; valid users = +admin
browseable = no ##是否隐藏共享,但是可以挂载可以用,只是不能被看到
[root@node2 ~]# systemctl restart smb
[root@node2 ~]# smbclient -L //172.25.254.203 #看不到LEE,但可以被访问被挂载
[root@node2 samba]# vim /etc/samba/smb.conf
116 security = user
117 passdb backend = tdbsam
118 map to guest = bad user
[LEE]
comment = westos dir
path = /westos
; writable = yes
; write list = admin
; write list = @admin
; valid users = +admin
; browseable = no
guest ok = yes ##允许匿名用户访问
[root@node2 ~]# systemctl restart smb
[root@node2 ~]# mount //172.25.254.203/LEE /mnt -o username=guest
[root@node2 ~]# umount /mnt
[LEE]
comment = westos dir
path = /westos
; writable = yes
; write list = admin
; write list = @admin
; valid users = +admin
; browseable = no
; guest ok = yes
; hosts allow = 172.25.254.203 #只允许172.25.254.203访问
hosts deny = 172.25.254.203 #只拒绝172.25.254.203访问
%操作晚餐
8.samba 的多用户挂载
%操作samba的多用户挂载操作
1,安装
[root@node2 ~]# dnf search cifs
[root@node2 ~]# dnf install cifs-utils.x86_64 -y
[root@node2 ~]# vim /root/smbpass
username=lee
password=westos
[root@node2 samba]# mount -o credentials=/root/smbauth,multiuser,sec=ntlmssp //172.25.254.203/LEE /samba/
[root@node2 samba]# su - westos
[westos@node2 ~]$ cd /samba
[westos@node2 samba]$ ls
ls: cannot open directory '.': Permission denied #普通用户不能查看
[westos@node2 samba]$ cifscreds --help
cifscreds: unrecognized option '--help'
Usage:
cifscreds add [-u username] [-d] <host|domain>
cifscreds clear [-u username] [-d] <host|domain>
cifscreds clearall
cifscreds update [-u username] [-d] <host|domain>
[westos@node2 samba]$ cifscreds add -u w 172.25.254.203 #当w不是samba用户时,不能看
Password:
[westos@node2 samba]$ ls
ls: cannot open directory '.': Permission denied
[westos@node2 samba]$ cifscreds add -u lee 172.25.254.203
You already have stashed credentials for 172.25.254.203 (172.25.254.203)
If you want to update them use:
cifscreds update
[westos@node2 samba]$ cifscreds clearall
[westos@node2 samba]$ cifscreds add -u lee 172.25.254.203 #添加lee,shisamba用户时,不能看
Password:
[westos@node2 samba]$ ls
[westos@node2 samba]$ ll /westos/
total 0
[westos@node2 samba]$ ls -ld /westos/
drwxrwxrwx. 2 root root 6 Nov 29 14:14 /westos/
[root@node2 ~]# vim /etc/auto.master
9 /- /etc/auto.cifs
[root@node2 ~]# vim /etc/auto.cifs
/samba -fstype=cifs,credentials=/root/smbauth,sec=ntlmssp,mltiuser ://172.25.254
.203/LEE
[root@node2 ~[root@node2 samba]# mount -o credentials=/root/smbauth,multiuser,sec=ntlmssp //172.25.254.203/LEE /samba/]# su - westos
[westos@node2 ~]$ cd /samba/
[westos@node2 samba]$ ls #普通用户就能查看了
[westos@node2 samba]$
%操作晚餐
9.nfs 配置参数
anonuid=1000,anongid=1000##指定用户身份
sync
##更改生成后同步数据到服务器
async
##时时同步数据到服务器
rw
##读写
ro
##只读
no_root_squash
##root 用户挂载不转换身份####nfs+autofs#######
参看 autofs 章节内容
vim /etc/auto.nfs
nfs 172.25.254.30:/westosdir
10.autofs+samba
%操作:
[root@node2 ~]# dnf install nfs-utils.x86_64 -y
[root@node2 ~]# systemctl enable --now nfs-server
[root@node2 ~]# showmount -e 172.25.254.203
Export list for 172.25.254.203:
%但是此时只能自己ip能查看,其他主机ip不能查看showmount -e 172.25.254.203,需要以下火墙设置
[root@node2 ~]# firewall-cmd --permanent --add-service=rpc-bind
success
[root@node2 ~]# firewall-cmd --reload
success
[root@node2 ~]# firewall-cmd --permanent --add-service=mountd
success
[root@node2 ~]# firewall-cmd --reload
success
[root@node2 ~]# firewall-cmd --permanent --add-service=nfs
success
[root@node2 ~]# firewall-cmd --reload
success
%但是此时其他主机ip能查看,但不能挂载mount 172.25.254.203:/westos /mnt
[root@node2 ~]# vim /etc/exports
/westos *(ro,sync)
[root@node2 ~]# exportfs -rv #使文件exports立即生效
[root@node2 ~]# mount 172.25.254.203:/westos /mnt #自己别人都能挂载
[root@node2 ~]# man 5 exports
[root@node2 ~]# vim /etc/exports
/westos *(ro,sync) 172.25.254.203(rw,async)
[root@node2 ~]# exportfs -rv
[root@node2 ~]# mount 172.25.254.203:/westos /mnt/
[root@node2 ~]# cd /mnt/
[root@node2 mnt]# ls
[root@node2 mnt]# touch file1
[root@node2 mnt]# ls
file1
[root@node2 mnt]# ll #新建的文件时nobody nobody
total 0
-rw-r--r--. 1 nobody nobody 0 Nov 29 16:59 file1
[root@node2 ~]# vim /etc/exports
/westos *(ro,sync) 172.25.254.203(rw,async,anonuid=1003,anongid=1004)
[root@node2 ~]# exportfs -rv
[root@node2 ~]# mount 172.25.254.203:/westos /mnt/
[root@node2 ~]# cd /mnt/
[root@node2 mnt]# ls
file1
[root@node2 mnt]# touch file2
[root@node2 mnt]# ll
total 0
-rw-r--r--. 1 nobody nobody 0 Nov 29 16:59 file1
-rw-r--r--. 1 lee linux 0 Nov 29 17:05 file2 #新建的文件是 anonuid=1003,anongid=1004,即lee linux
[root@node2 ~]# vim /etc/exports
/westos *(ro,sync) 172.25.254.202(rw,async,anonuid=1003,anongid=1004) 172.25.254.203(rw,sync,no_root_squid)
[root@node2 ~]# vim /etc/auto.master
/misc /etc/auto.misc
#/mnt /etc/auto.samba
#/- /etc/auto.cifs
/mnt /etc/auto.nfs
[root@node2 ~]# systemctl restart autofs.service
[root@node2 westos]# vim /etc/auto.nfs
nfs -vers=3 172.25.254.203:/westos
四、iscsi共享服务:设备的网络共享
#1建立设备
#2访问名称
#3建立关联
#4设置共享key
targetcli
/> /backstores/block create westos:storage1 /dev/vdb1 #1建立设备
/> /iscsi create iqn.2020-12.org.westos:storage1 #2访问名称
/> iscsi/iqn.2020-12.org.westos:storage1/tpg1/luns create /backstores/block/westos:storage1 #3建立关联
/> iscsi/iqn.2020-12.org.westos:storage1/tpg1/acls create iqn.2020-12.org.westos:westoskey
Created Node ACL for iqn.2020-12.org.westos:westoskey#4设置key
/> exit
%操作,两台主机:服务端node2,客户端node1
%先服务端node2中,先关机新加硬盘(不选镜像)进行分区(20G的)
#fdisk -l #查看分区
#n新建,p查看,wq保存
[root@node2 ~]# fdisk /dev/vdb
Command (m for help): p
Disk /dev/vdb: 20 GiB, 21474836480 bytes, 41943040 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x7b58db3c
Device Boot Start End Sectors Size Id Type
/dev/vdb1 2048 41943039 41940992 20G 83 Linux
Command (m for help): wq
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
[root@node2 ~]# fdisk /dev/vdb
Command (m for help): p
Disk /dev/vdb: 20 GiB, 21474836480 bytes, 41943040 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x7b58db3c
Device Boot Start End Sectors Size Id Type
/dev/vdb1 2048 41943039 41940992 20G 83 Linux
Command (m for help): wq
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
[root@node2 ~]# fdisk
fdisk: bad usage
Try 'fdisk --help' for more information.
[root@node2 ~]# fdisk -l
Disk /dev/vda: 8 GiB, 8589934592 bytes, 16777216 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x7d0d0bcc
Device Boot Start End Sectors Size Id Type
/dev/vda1 * 2048 1026047 1024000 500M 83 Linux
/dev/vda2 1026048 2050047 1024000 500M 82 Linux swap / Solaris
/dev/vda3 2050048 16777215 14727168 7G 83 Linux
Disk /dev/vdb: 20 GiB, 21474836480 bytes, 41943040 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x7b58db3c
Device Boot Start End Sectors Size Id Type
/dev/vdb1 2048 41943039 41940992 20G 83 Linux
[root@node2 ~]# dnf install targetcli -y #安装targetcli
[root@node2 ~]# targetcli #登陆targetcli
/> ls
/> /backstores/block create westos:storage1 /dev/vdb1 #1建立设备
/> ls
/> /iscsi create iqn.2020-12.org.westos:storage1 #2访问名称
/> ls
/> iscsi/iqn.2020-12.org.westos:storage1/tpg1/luns create /backstores/block/westos:storage1 #3建立关联
/> iscsi/iqn.2020-12.org.westos:storage1/tpg1/acls create iqn.2020-12.org.westos:westoskey
/> ls
/> exit
%客户端node1中操作
[root@localhost yum.repos.d]# dnf install iscsi-initiator-utils.x86_64 -y
[root@localhost yum.repos.d]# systemctl disable --now firewalld #node1和node2的火墙都关掉或者firewall-cmd --permanent --add-port=3260/tcp firewall-cmd --reload
[root@localhost yum.repos.d]# iscsiadm -m discovery -t st -p 172.25.254.203
[root@localhost yum.repos.d]# iscsiadm -m node -T iqn.2020-12.org.westos:storage1 -p 172.25.254.203 -l #没有key不能登陆
[root@localhost yum.repos.d]# vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2020-12.org.westos:westoskey
[root@localhost yum.repos.d]# systemctl restart iscsid #重启的服务iscsid
[root@localhost yum.repos.d]# iscsiadm -m node -T iqn.2020-12.org.westos:storage1 -p 172.25.254.203 -l #可以登陆
[root@localhost yum.repos.d]# fdisk -l
Disk /dev/sda: 20 GiB, 21473787904 bytes, 41940992 sectors
Units: sectors of 1 * 512 = 512 bytes
[root@localhost yum.repos.d]# fdisk /dev/sda #新建一个20G的(大小直接回车)
Device Boot Start End Sectors Size Id Type
/dev/sda1 2048 41940991 41938944 20G 83 Linux
[root@localhost yum.repos.d]# mkfs.xfs -K /dev/sda1 #格式化
[root@localhost yum.repos.d]# mount /dev/sda1 /mnt
[root@localhost yum.repos.d]# df
[root@localhost yum.repos.d]# tree /var/lib/iscsi/
root@localhost yum.repos.d]# vim /etc/fstab #开机自动挂载,不用时注释掉
/dev/sda1 /mnt xfs defaults,_netdev 0 0 #/dev/sad1是网络设备,系统刚启动时网络还美没启动,读取不了/dev/sad1,所以应该告诉系统/dev/sad1是网络设备。
%删除,node1客户端
[root@localhost yum.repos.d]# iscsiadm -m node -T iqn.2020-12.org.westos:storage1 -p 172.25.254.203 -u
Logging out of session [sid: 2, target: iqn.2020-12.org.westos:storage1, portal: 172.25.254.203,3260]
Logout of [sid: 2, target: iqn.2020-12.org.westos:storage1, portal: 172.25.254.203,3260] successful.
[root@localhost yum.repos.d]# iscsiadm -m node -T iqn.2020-12.org.westos:storage1 -p 172.25.254.203 -o delete
[root@localhost yum.repos.d]# tree /var/lib/iscsi/ #没了
%在node2服务端删除
[root@node2 ~]# targetcli
/> help
/> clearconfig confirm=true
/> ls #没了
/> exit
%操作晚餐