samba

配置SMB服务，并实现多用户SMB 挂载

描述：在服务端配置SMB服务，并通过SMB目录/haiyun 满足以下要求：

1、SMB 服务器：192.168.10.10 必须是 DING 工作组的一个成员
2、共享 /haiyun 目录，共享名为 haiyun
3、共享目录 haiyun 只能被 192.168.10.10 域内中的客户端使用
4、共享目录 haiyun 必须可以被浏览
5、用户 hai 必须能以读的方式访问此共享，访问密码是 redhat
6、用户 yun 必须能以读写的方式访问此共享，访问密码是 redhat
7、此共享永久挂载在客户端：192.168.10.20 上的 /mnt/multi 目录, 并使用用户 hai 作为认证
8、任何用户可以通过用户 yun 来临时获取写的权限

服务端：

[root@linuxprobe ~]# yum install samba samba-client -y
[root@linuxprobe ~]# systemctl restart smb nmb
[root@linuxprobe ~]# systemctl enable smb nmb
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
ln -s '/usr/lib/systemd/system/nmb.service' '/etc/systemd/system/multi-user.target.wants/nmb.service'

[root@linuxprobe ~]# firewall-cmd --permanent --add-service=samba
success
[root@linuxprobe ~]# firewall-cmd --permanent --add-service=mountd 
success
[root@linuxprobe ~]# firewall-cmd --reload
success

[root@linuxprobe ~]# useradd hai
[root@linuxprobe ~]# smbpasswd -a hai
New SMB password:
Retype new SMB password:
Added user hai.
[root@linuxprobe ~]# useradd yun
[root@linuxprobe ~]# smbpasswd -a yun
New SMB password:
Retype new SMB password:
Added user yun.

　[root@linuxprobe ~]# id hai
　uid=1001(hai) gid=1001(hai) groups=1001(hai)
　[root@linuxprobe ~]# id yun
　uid=1002(yun) gid=1002(yun) groups=1002(yun)

[root@linuxprobe ~]# mkdir -p /haiyun
[root@linuxprobe ~]# ls -Zd /haiyun
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /haiyun
[root@linuxprobe ~]# chmod o+w /haiyun
[root@linuxprobe ~]# chcon -R -t samba_share_t /haiyun
[root@linuxprobe ~]# ls -Zd /haiyun
drwxr-xrwx. root root unconfined_u:object_r:samba_share_t:s0 /haiyun

[root@linuxprobe ~]# vim /etc/samba/smb.conf
  1 [global]
  2         workgroup = MYGROUP
  3         server string = Samba Server Version %v
  4         log file = /var/log/samba/log.%m
  5         max log size = 50
  6         security = user
  7         passdb backend = tdbsam
  8 
  9 [haiyun]
 10         path = /haiyun
 11         hosts allow = 192.168.10.
 12         browseable = yes
 13         writable = no
 14         write list = yun
[root@linuxprobe ~]# systemctl restart smb nmb

[root@linuxprobe ~]# cd /haiyun/
[root@linuxprobe haiyun]# ls
[root@linuxprobe haiyun]# touch ding
[root@linuxprobe haiyun]# ls
ding
[root@linuxprobe haiyun]# vim ding
[root@linuxprobe haiyun]# cat ding
welcome dingding!!!!!

客户端：

[root@localhost ~]# yum install samba-client cifs-utils -y
[root@localhost ~]# smbclient -L //192.168.10.10 -U hai
Enter hai's password: 
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

    Sharename       Type      Comment
    ---------       ----      -------
    haiyun          Disk      
    IPC$            IPC       IPC Service (Samba Server Version 4.1.1)
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

    Server               Comment
    ---------            -------
    LINUXPROBE           Samba Server Version 4.1.1

    Workgroup            Master
    ---------            -------
    MYGROUP              LINUXPROBE
    WORKGROUP            QT-201301241844
[root@localhost ~]# smbclient -L //192.168.10.10 -U yun
Enter yun's password: 
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

    Sharename       Type      Comment
    ---------       ----      -------
    haiyun          Disk      
    IPC$            IPC       IPC Service (Samba Server Version 4.1.1)
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

    Server               Comment
    ---------            -------
    LINUXPROBE           Samba Server Version 4.1.1

    Workgroup            Master
    ---------            -------
    MYGROUP              LINUXPROBE
    WORKGROUP            QT-201301241844

[root@localhost ~]# mkdir /mnt/multi
[root@localhost ~]# ll -d /mnt/multi
drwxr-xr-x. 2 root root 6 Jan 13 20:43 /mnt/multi
[root@localhost ~]# chmod o+w /mnt/multi
[root@localhost ~]# ll -d /mnt/multi
drwxr-xrwx. 2 root root 6 Jan 13 20:43 /mnt/multi
[root@localhost ~]# vim /etc/fstab 
//192.168.10.10/haiyun /mnt/multi cifs defaults,multiuser,username=hai,password=redhat,sec=ntlmssp 0 0
[root@localhost ~]# mount -a
[root@localhost ~]# df -h
Filesystem              Size  Used Avail Use% Mounted on
//192.168.10.10/haiyun   18G  3.6G   14G  21% /mnt/multi

[root@localhost ~]# useradd hai
[root@localhost ~]# passwd hai
Changing password for user hai.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.
[root@localhost ~]# useradd yun
[root@localhost ~]# passwd yun
Changing password for user yun.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

[root@localhost ~]#  su - hai
[hai@localhost ~]$ cd /mnt/multi
[hai@localhost multi]$ ls
ls: reading directory .: Permission denied
[hai@localhost multi]$ cifscreds add 192.168.10.10
Password: 
[hai@localhost multi]$ ls
ding
[hai@localhost multi]$ cat ding
welcome dingding!!!!!
[hai@localhost multi]$ touch dingding
touch: cannot touch ‘dingding’: Permission denied

[root@localhost ~]# su - yun
Last login: Mon Jan 13 21:22:44 CST 2020 on pts/0
[yun@localhost ~]$ cd /mnt/multi
[yun@localhost multi]$ ls
ls: reading directory .: Permission denied
[yun@localhost multi]$ cifscreds add 192.168.10.10
Password: 
[yun@localhost multi]$ ls
ding
[yun@localhost multi]$ cat ding
welcome dingding!!!!!
[yun@localhost multi]$ touch dingding
[yun@localhost multi]$ ls
ding  dingding
[yun@localhost multi]$ vim dingding
[yun@localhost multi]$ cat dingding
welcome dingdingding!!!!!!