1. 搜尋 Samba 套件
# yum search samba | grep ^samba
samba-client.x86_64 : Samba client programs
samba-common.i686 : Files used by both Samba servers and clients
samba-common.x86_64 : Files used by both Samba servers and clients
samba-doc.x86_64 : Documentation for the Samba suite
samba-glusterfs.x86_64 : Samba VFS module for GlusterFS
samba-swat.x86_64 : The Samba SMB server Web configuration program
samba-winbind.x86_64 : Samba winbind
samba-winbind-clients.i686 : Samba winbind clients
samba-winbind-clients.x86_64 : Samba winbind clients
samba-winbind-krb5-locator.x86_64 : Samba winbind krb5 locator
samba4-client.x86_64 : Samba client programs
samba4-common.x86_64 : Files used by both Samba servers and clients
samba4-devel.x86_64 : Developer tools for Samba libraries
samba4-libs.x86_64 : Samba libraries
samba4-python.x86_64 : Samba Python libraries
samba4-test.x86_64 : Testing tools for Samba servers and clients
samba4-winbind.x86_64 : Samba winbind
samba4-winbind-clients.x86_64 : Samba winbind clients
samba4-winbind-krb5-locator.x86_64 : Samba winbind krb5 locator
samba.x86_64 : Server and Client software to interoperate with Windows machines
samba-domainjoin-gui.x86_64 : Domainjoin GUI
samba-winbind-devel.i686 : Developer tools for the winbind library
samba-winbind-devel.x86_64 : Developer tools for the winbind library
samba4.x86_64 : Server and Client software to interoperate with Windows machines
samba4-dc.x86_64 : AD Domain Controller placeholder package.
samba4-dc-libs.x86_64 : AD Domain Controller libraries placeholder package.
samba4-pidl.x86_64 : Perl IDL compiler
2. 安裝 Samba 4
# yum install -y samba4[@more@]3. 修改 /etc/samba/smb.conf 設定檔
# cat /etc/samba/smb.conf | grep -E -v ‘^#|^;’
[global]
workgroup = HOME
server string = Samba Server Version %v
# log files split per-machine:
log file = /var/log/samba/log.%m
# maximum size of 50KB per log file, then rotate:
max log size = 50
security = user
passdb backend = tdbsam
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775
veto files=/.*/
4. 測試設定檔
# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section “[homes]”
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = HOME
server string = Samba Server Version %v
security = USER
log file = /var/log/samba/log.%m
max log size = 50
idmap config * : backend = tdb
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
directory mask = 0775
veto files = /.*/
browseable = No
5. 建立使用者 Samba 密碼
# /usr/bin/pdbedit -a t850008
new password:
retype new password:
Unix username: t850008
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1562595748-815096285-1647261660-1000
Primary Group SID: S-1-5-21-1562595748-815096285-1647261660-513
Full Name:
Home Directory: \localhostt850008
HomeDir Drive:
Logon Script:
Profile Path: \localhostt850008profile
Domain: LOCALHOST
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Wed, 29 Jun 2016 09:06:19 CST
Password can change: Wed, 29 Jun 2016 09:06:19 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
6. SELinux 在 Samba Server 上的設定
# setsebool -P samba_enable_home_dirs on
# chcon -R -t samba_share_t /home/homework
# chcon -R -t samba_share_t /home/share
7. 啟動 Samba Server
# /etc/init.d/smb start
# /etc/init.d/nmb start
8. 檢查 Samba Server 是否有正常啟動
# netstat -an | grep -E ‘:137|:138|:139|:445’
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 :::445 :::* LISTEN
tcp 0 0 :::139 :::* LISTEN
udp 0 0 0.0.0.0:137 0.0.0.0:*
udp 0 0 0.0.0.0:138 0.0.0.0:*
9. 設定開機時啟動 Samba Server
# chkconfig –level 3 smb on
# chkconfig –level 3 nmb on
10. 防火牆上的設定
防火牆設定 設定內部網路 IP 192.168.1.0/24
# iptables -A INPUT -s 192.168.1.0/24 -m state –state NEW -m udp -p udp –dport 137 -j ACCEPT
# iptables -A INPUT -s 192.168.1.0/24 -m state –state NEW -m udp -p udp –dport 138 -j ACCEPT
# iptables -A INPUT -s 192.168.1.0/24 -m state –state NEW -m tcp -p tcp –dport 139 -j ACCEPT
# iptables -A INPUT -s 192.168.1.0/24 -m state –state NEW -m tcp -p tcp –dport 445 -j ACCEPT
# iptables -A INPUT -s 192.168.1.0/24 -m state –state NEW -m udp -p udp –dport 445 -j ACCEPT