以下是一次简单的smb服务的配置记录,基本上都有注释:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
SMB服务
login as: root
[email protected]’s password:
Last login: Wed Sep 12 05:27:12 2012 from 192.168.202.1
[root@lovn ~]# ls
anaconda-ks.cfg install.log 公共的 视频 文档 音乐
bin install.log.syslog 模板 图片 下载 桌面
[root@lovn ~]# who
root tty1 2012-10-07 05:50 (:0)
root pts/0 2012-10-07 05:51 (192.168.1.252)

使用Samba服务器需要防火墙开放以下端口
UDP 137 UDP 138 TCP 139 TCP 445

[root@lovn ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
~
~
"/etc/sysconfig/iptables" 13L, 476C

-A INPUT -m state –state NEW -m tcp -p tcp –dport 139 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 445 -j ACCEPT
-A INPUT -m state –state NEW -m udp -p udp –dport 137 -j ACCEPT
-A INPUT -m state –state NEW -m udp -p udp –dport 138 -j ACCEPT
#像下面这样
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state NEW -m tcp -p tcp –dport 139 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 445 -j ACCEPT
-A INPUT -m state –state NEW -m udp -p udp –dport 137 -j ACCEPT
-A INPUT -m state –state NEW -m udp -p udp –dport 138 -j ACCEPT
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
~
~
— INSERT —

#重启防火墙,使规则生效
[root@lovn ~]# service iptables restart
iptables:清除防火墙规则: [确定]
iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:正在卸载模块: [确定]
iptables:应用防火墙规则: [确定]
[root@lovn ~]#

#关闭系统的 SELinux(不关闭会无权限)
[root@lovn ~]# vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted

~
~
"/etc/selinux/config" 13L, 456C
#修改如下
#SELINUX=enforcing #注释掉
#SELINUXTYPE=targeted #注释掉
SELINUX=disabled #增加

#改完Selinux需要重启
[root@lovn ~]#reboot
Broadcast message from [email protected]
(/dev/pts/0) at 6:30 …

The system is going down for reboot NOW!

#检查Samba服务包是否已安装
[root@lovn ~]# rpm -qa | grep samba
samba-common-3.5.10-114.el6.i686
samba-winbind-clients-3.5.10-114.el6.i686
samba-client-3.5.10-114.el6.i686
samba4-libs-4.0.0-23.alpha11.el6.i686

#缺少相关包则安装
[root@lovn ~]# yum install samba
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: centos.ustc.edu.cn
* extras: centos.ustc.edu.cn
* updates: centos.ustc.edu.cn
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package samba.i686 0:3.5.10-125.el6 will be installed
–> Processing Dependency: samba-winbind-clients = 3.5.10-125.el6 for package: samba-3.5.10-125.el6.i686
–> Processing Dependency: samba-common = 3.5.10-125.el6 for package: samba-3.5.10-125.el6.i686
–> Running transaction check
—> Package samba-common.i686 0:3.5.10-114.el6 will be updated
–> Processing Dependency: samba-common = 3.5.10-114.el6 for package: samba-client-3.5.10-114.el6.i686
—> Package samba-common.i686 0:3.5.10-125.el6 will be an update
—> Package samba-winbind-clients.i686 0:3.5.10-114.el6 will be updated
–> Processing Dependency: samba-winbind-clients = 3.5.10-114.el6 for package: libsmbclient-3.5.10-114.el6.i686
—> Package samba-winbind-clients.i686 0:3.5.10-125.el6 will be an update
–> Running transaction check
—> Package libsmbclient.i686 0:3.5.10-114.el6 will be updated
—> Package libsmbclient.i686 0:3.5.10-125.el6 will be an update
—> Package samba-client.i686 0:3.5.10-114.el6 will be updated
—> Package samba-client.i686 0:3.5.10-125.el6 will be an update
–> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
samba i686 3.5.10-125.el6 base 4.9 M
Updating for dependencies:
libsmbclient i686 3.5.10-125.el6 base 1.6 M
samba-client i686 3.5.10-125.el6 base 11 M
samba-common i686 3.5.10-125.el6 base 13 M
samba-winbind-clients i686 3.5.10-125.el6 base 1.1 M

Transaction Summary
================================================================================
Install 1 Package(s)
Upgrade 4 Package(s)

Total download size: 32 M

#同意安装
Is this ok [y/N]: y
Downloading Packages:
(1/5): libsmbclient-3.5.10-125.el6.i686.rpm | 1.6 MB 00:05
(2/5): samba-3.5.10-125.el6.i686.rpm | 4.9 MB 00:14
(3/5): samba-client-3.5.10-125.el6.i686.rpm | 11 MB 00:33
(4/5): samba-common-3.5.10-125.el6.i686.rpm | 13 MB 00:44
(5/5): samba-winbind-clients-3.5.10-125.el6.i686.rpm | 1.1 MB 00:01
——————————————————————————–
Total 279 kB/s | 32 MB 01:56
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : samba-winbind-clients-3.5.10-125.el6.i686 1/9
Updating : samba-common-3.5.10-125.el6.i686 2/9
Updating : samba-client-3.5.10-125.el6.i686 3/9
Installing : samba-3.5.10-125.el6.i686 4/9
Updating : libsmbclient-3.5.10-125.el6.i686 5/9
Cleanup : samba-client-3.5.10-114.el6.i686 6/9
Cleanup : samba-common-3.5.10-114.el6.i686 7/9
Cleanup : libsmbclient-3.5.10-114.el6.i686 8/9
Cleanup : samba-winbind-clients-3.5.10-114.el6.i686 9/9
Verifying : samba-winbind-clients-3.5.10-125.el6.i686 1/9
Verifying : samba-common-3.5.10-125.el6.i686 2/9
Verifying : samba-client-3.5.10-125.el6.i686 3/9
Verifying : samba-3.5.10-125.el6.i686 4/9
Verifying : libsmbclient-3.5.10-125.el6.i686 5/9
Verifying : libsmbclient-3.5.10-114.el6.i686 6/9
Verifying : samba-common-3.5.10-114.el6.i686 7/9
Verifying : samba-client-3.5.10-114.el6.i686 8/9
Verifying : samba-winbind-clients-3.5.10-114.el6.i686 9/9

Installed:
samba.i686 0:3.5.10-125.el6

Dependency Updated:
libsmbclient.i686 0:3.5.10-125.el6
samba-client.i686 0:3.5.10-125.el6
samba-common.i686 0:3.5.10-125.el6
samba-winbind-clients.i686 0:3.5.10-125.el6

Complete!

#再次检查
[root@lovn ~]# rpm -qa | grep samba
samba-common-3.5.10-125.el6.i686
samba-winbind-clients-3.5.10-125.el6.i686
samba-3.5.10-125.el6.i686
samba-client-3.5.10-125.el6.i686
samba4-libs-4.0.0-23.alpha11.el6.i686

#配置samba
[root@lovn ~]#vi /etc/samba/smb.conf
[global] #找到这一行(全局设置标签),在此行下面修改:
workgroup = WORKGROUP #工作组名称改为 Windows 网络所定义的工作组名,这里默认是MYGROUP,改一下
server string = Samba Server Version %v #设置samba服务器的主机名称
security = user #设置samba服务器安全级别为user,即以账号和口令访问

#保存配置

#添加用于samba的用户和组(这里可以用添加用户的参数,指定samba用户不能直接登陆到系统,本例不处理)
[root@lovn ~]# groupadd samba
[root@lovn ~]# useradd -g samba smb1
[root@lovn ~]# useradd -g samba smb2
#创建用户密码
[root@lovn ~]# smbpasswd -a smb1
New SMB password:
Retype new SMB password:
tdbsam_open: Converting version 0.0 database to version 4.0.
tdbsam_convert_backup: updated /var/lib/samba/private/passdb.tdb file.
account_policy_get: tdb_fetch_uint32 failed for type 1 (min password length), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 2 (password history), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 3 (user must logon to change password), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 4 (maximum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 5 (minimum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 6 (lockout duration), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 7 (reset count minutes), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 8 (bad lockout attempt), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 9 (disconnect time), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 10 (refuse machine password change), returning 0
Added user smb1.
#另外一个用户的密码
[root@lovn ~]# smbpasswd -a smb2
New SMB password:
Retype new SMB password:
Added user smb2.
#这里设置的密码是用户登录该机的Samba共享的密码,不是登陆系统的密码;

#重启Samba服务器
[root@lovn ~]# service smb restart
关闭 SMB 服务: [确定]
启动 SMB 服务: [确定]

######################################################################################################3
#以上配置是默认的用户登陆后能看到自己家目录的内容
#下面的配置将会增加一个公共的共享目录(公共的意思并不是不需要登陆就能看到,而是登陆的用户都能看到)
#编辑Samba配置文件
[root@lovn ~]# vi /etc/samba/smb.conf
[any]
comment = any!
path = /home/android #指定目录
public = yes #公开目录(不公开目录与它的区别在于访问到目录是是否直接显示)
writable = no #不可写(公共目录,只读)
#保存退出

#重启Samba服务器
[root@lovn ~]# service smb restart
关闭 SMB 服务: [确定]
启动 SMB 服务: [确定]

#如果哪有其他权限问题,尝试关闭iptables
[root@lovn ~]# service iptables stop
iptables:清除防火墙规则: [确定]
iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:正在卸载模块: [确定]