# dnf list | grep samba
centos-release-samba411.noarch 1.0-1.el8 extras
centos-release-samba412.noarch 1.0-1.el8 extras
centos-release-samba413.noarch 1.0-1.el8 extras
ipa-client-samba.x86_64 4.8.7-12.module_el8.3.0+514+e7703106 AppStream
pcp-pmda-samba.x86_64 5.1.1-3.el8 AppStream
python3-samba.i686 4.12.3-12.el8.3 BaseOS
python3-samba.x86_64 4.12.3-12.el8.3 BaseOS
python3-samba-test.x86_64 4.12.3-12.el8.3 BaseOS
smba.x86_64 4.12.3-12.el8.3 BaseOS
samba-client.x86_64 4.12.3-12.el8.3 BaseOS
samba-client-libs.i686 4.12.3-12.el8.3 BaseOS
samba-client-libs.x86_64 4.12.3-12.el8.3 BaseOS
samba-common.noarch 4.12.3-12.el8.3 BaseOS
samba-common-libs.x86_64 4.12.3-12.el8.3 BaseOS
samba-common-tools.x86_64 4.12.3-12.el8.3 BaseOS
samba-krb5-printing.x86_64 4.12.3-12.el8.3 BaseOS
samba-libs.i686 4.12.3-12.el8.3 BaseOS
samba-libs.x86_64 4.12.3-12.el8.3 BaseOS
samba-pidl.noarch 4.12.3-12.el8.3 BaseOS
samba-test.x86_64 4.12.3-12.el8.3 BaseOS
samba-test-libs.x86_64 4.12.3-12.el8.3 BaseOS
samba-winbind.x86_64 4.12.3-12.el8.3 BaseOS
samba-winbind-clients.x86_64 4.12.3-12.el8.3 BaseOS
samba-winbind-krb5-locator.x86_64 4.12.3-12.el8.3 BaseOS
samba-winbind-modules.i686 4.12.3-12.el8.3 BaseOS
samba-winbind-modules.x86_64 4.12.3-12.el8.3 BaseOS
# dnf -y install samba
# dnf list installed | grep samba
samba.x86_64 4.12.3-12.el8.3 @BaseOS
samba-client-libs.x86_64 4.12.3-12.el8.3 @BaseOS
samba-common.noarch 4.12.3-12.el8.3 @BaseOS
samba-common-libs.x86_64 4.12.3-12.el8.3 @BaseOS
samba-common-tools.x86_64 4.12.3-12.el8.3 @BaseOS
samba-libs.x86_64 4.12.3-12.el8.3 @BaseOS
# rpm -qa | grep samba
samba-common-libs-4.12.3-12.el8.3.x86_64
samba-libs-4.12.3-12.el8.3.x86_64
samba-4.12.3-12.el8.3.x86_64
samba-common-4.12.3-12.el8.3.noarch
samba-client-libs-4.12.3-12.el8.3.x86_64
samba-common-tools-4.12.3-12.el8.3.x86_64
# ls /usr/lib/systemd/system | grep smb
smb.service
# ls /etc/samba/
lmhosts smb.conf smb.conf.example
# systemctl start smb.service
# systemctl enable smb.service
# systemctl status smb.service
# systemctl | grep smb
smb.service
# ps -aux | grep smb
root 9829 0.0 0.6 443180 26360 ? Ss 23:05 0:00 /usr/sbin/smbd --foregroun d --no-process-group
root 9831 0.0 0.3 415524 12100 ? S 23:05 0:00 /usr/sbin/smbd --foregroun d --no-process-group
root 9832 0.0 0.1 415516 4768 ? S 23:05 0:00 /usr/sbin/smbd --foregroun d --no-process-group
root 9833 0.0 0.3 443180 12476 ? S 23:05 0:00 /usr/sbin/smbd --foregroun d --no-process-group
root 9866 0.0 0.0 221896 1084 pts/0 R+ 23:12 0:00 grep --color=auto smb
# ls /var/log/samba/
cores log.smbd old
# tail -5 /var/log/samba/log.smbd
[2021/01/02 09:28:40.606934, 0] ../../source3/smbd/server.c:1782(main)
smbd version 4.12.3 started.
Copyright Andrew Tridgell and the Samba Team 1992-2020
[2021/01/02 09:28:40.634023, 0] ../../lib/util/become_daemon.c:136(daemon_ready)
daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
# firewall-cmd --get-services | grep samba
...
salt-master samba samba-clien t samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptrap spideroak-lansync spoti
...
# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload
# firewall-cmd --zone=public --list-all
...
services: cockpit dhcpv6-client samba ssh
...
# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
...
# setsebool -P samba_enable_home_dirs on //分享預設的主目錄
# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> on
...
---------------------------------------------user 存取自己家目錄
# useradd s301
# passwd s301
123456
# smbpasswd -help
When run by root:
smbpasswd [options] [username]
otherwise:
smbpasswd [options]
options:
-L local mode (must be first option)
-h print this usage message
-s use stdin for password prompt
-c smb.conf file Use the given path to the smb.conf file
-D LEVEL debug level
-r MACHINE remote machine
-U USER remote username (e.g. SAM/user)
extra options when run by root or in local mode:
-a add user
-d disable user
-e enable user
-i interdomain trust account
-m machine trust account
-n set no password
-W use stdin ldap admin password
-w PASSWORD ldap admin password
-x delete user
-R ORDER name resolve order
# smbpasswd -a s301
New SMB password:123456
Retype new SMB password:123456
Added user s301.
# systemctl restart smb.service
檔案總管
\\192.168.1.100
s301
123456
------------------------------------------ user 存取自己家目錄 及 建立一個所有用戶都可寫入的公用目錄
# dnf -y install samba
# systemctl start smb
# systemctl enable smb
Created symlink /etc/systemd/system/multi-user.target.wants/smb.service → /usr/lib/systemd/system/smb.service.
# systemctl status smb
# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload
# getsebool -a | grep samba
# setsebool -P samba_enable_home_dirs on
# useradd s301
# passwd s301
123456
# smbpasswd -a s301
New SMB password:
123456
# ls -ilZ /home
16786325 drwx------. 2 s301 s301 unconfined_u: object_r: user_home_dir_t: s0 78 1月 9 22:31 s301
\\192.168.1.100
s301
123456
/*
user 可以讀取、寫入自己家目錄
*/
# mkdir /data
# ls -ilZ /
...
17515184 drwxr-xr-x. 2 root root unconfined_u:object_r:default_t:s0 6 1月 7 10:53 data
...
33575794 drwxrwxrwt. 7 root root system_u:object_r:tmp_t:s0 119 1月 7 10:46 tmp
...
# chmod -R 777 /data
# chcon -t samba_share_t /data
# ls -ilZ /
...
17515184 drwxrwxrwx. 2 root root unconfined_u:object_r:samba_share_t:s0 6 1月 7 10:53 data
...
# vi /etc/samba/smb.conf
...
[data]
comment = temporary file space //檔案總管滑鼠靠上提示文字
path = /data
read only = no
writable = yes // no 只能讀取不能寫入
public = yes
# systemctl restart smb.service
\\192.168.1.100
/*
user 可以讀取、寫入自己家目錄s301 與 data
*/
--------------------------------------------- 所有系統用戶皆能讀取,但只有super 群組成員能寫入
# dnf -y install samba
# systemctl start smb
# systemctl enable smb
Created symlink /etc/systemd/system/multi-user.target.wants/smb.service → /usr/lib/systemd/system/smb.service.
# systemctl status smb
# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload
# getsebool -a | grep samba
...
samba_enable_home_dirs --> off
...
# setsebool -P samba_enable_home_dirs on
/******
# man setsebool
or false or off to disable it.
Without the -P option, only the current boolean value is affected; the boot-time
default settings are not changed.
If the -P option is given, all pending values are written to the policy file on
disk. So they will be persistent across reboots.
******/
# useradd s301
# passwd s301
123456
# smbpasswd -a s301
New SMB password:
123456
\\192.168.1.100
s301
123456
/*
s301 可以讀取、寫入自己家目錄
*/
# mkdir /work
# ls -ilZ /
...
17412903 drwxr-xr-x. 2 root root unconfined_u:object_r:default_t:s0 6 1月 9 22:59 work
...
# groupadd --help
Usage: groupadd [options] GROUP
Options:
-f, --force exit successfully if the group already exists,
and cancel -g if the GID is already used
-g, --gid GID use GID for the new group
-h, --help display this help message and exit
-K, --key KEY=VALUE override /etc/login.defs defaults
-o, --non-unique allow to create groups with duplicate
(non-unique) GID
-p, --password PASSWORD use this encrypted password for the new group
-r, --system create a system account
-R, --root CHROOT_DIR directory to chroot into
-P, --prefix PREFIX_DIR directory prefix
# groupadd -g 3001 super
# cat /etc/group
...
s301:x:1000:
super:x:3001:
# chown -R root:super /work
# chmod 775 /work
# chcon -t samba_share_t /work
# ls -ilZ /
...
538308 drwxrwxr-x. 2 root super unconfined_u:object_r:samba_share_t:s0 6 1月 10 16:41 work
...
# vi /etc/samba/smb.conf
...
[work]
comment = only super group can write ,others read only
path = /work
public = yes
writable = yes
printable = no
write list = @super
# systemctl restart smb
\\192.168.1.100
s301
123456
/*
s301 可以讀取、寫入自己家目錄s301 , work 只能讀取不能寫入
*/
# gpasswd -a s301 super
正在將使用者“s301”加入到“super”群組中
# cat /etc/group
s301:x:1000:
super:x:3001:s301
# systemctl restart smb
\\192.168.1.100\work
/*
s301 可以讀取、寫入自己家目錄s301 與 work 目錄
*/
# useradd s302
# passwd s302
123456
# smbpasswd -a s302
New SMB password:
123456
/******
Windows10:
開始--> Windows系統-->命令提示字元-->右鍵-->更多-->以系統管理員身分執行
or
執行-->cmd-->確定
C:\Windows\system32>net use ?
這個命令的語法是:
NET USE
[devicename | *] [\\computername\sharename[\volume] [password | *]]
[/USER:[domainname\]username]
[/USER:[dotted domain name\]username]
[/USER:[username@dotted domain name]
[/SMARTCARD]
[/SAVECRED]
[/REQUIREINTEGRITY]
[/REQUIREPRIVACY]
[/WRITETHROUGH]
[[/DELETE] | [/PERSISTENT:{YES | NO}]]
NET USE {devicename | *} [password | *] /HOME
NET USE [/PERSISTENT:{YES | NO}]
C:\Windows\system32>net use \\192.168.1.100
密碼或使用者名稱不適用於 \\192.168.1.100。
輸入 '192.168.1.100' 的使用者名稱: s302
輸入 192.168.1.100 的密碼:
命令已經成功完成。
C:\Windows\system32>net use \\192.168.1.100 /delete
\\192.168.1.100 已經刪除。
似乎只能重新開機試,較正確。
******/
\\192.168.1.100
/*
s302 可以讀取、寫入自己家目錄s302 , work 只能讀取不能寫入
*/
# gpasswd -a s302 super
正在將使用者“s302”加入到“super”群組中
# systemctl restart smb
\\192.168.1.100
/*
s302 可以讀取、寫入自己家目錄s302 與 work 目錄
*/
沒有留言:
張貼留言