CentOS 6.8安裝samba__CentOS

系統：CentOS 6.8
selinux：關閉
iptables：開啟

samba服務需求：
使用使用者名稱/密碼登陸，有讀寫權限。

SELinux設定

# setenforce 0# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

iptables設定（可參考 http://man.linuxde.net/iptables）

# iptables -I INPUT 5 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT# iptables -I INPUT 5 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT# iptables -I INPUT 5 -p udp -m udp --dport 137 -j ACCEPT# iptables -I INPUT 5 -p udp -m udp --dport 138 -j ACCEPT# iptables-save > /home/iptables.save# iptables-restore </home/iptables.save# iptables -L -n

為避免iptables規則重啟服務或機器後防火牆規則恢複為預設，修改iptables設定檔

# cat /etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall# Manual customization of this file is not recommended.*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT-A INPUT -p udp -m udp --dport 138 -j ACCEPT-A INPUT -p udp -m udp --dport 137 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT

samba服務安裝

# yum -y install samba samba-client samba-common已安裝:  samba.x86_64 0:3.6.23-45.el6_9                  samba-client.x86_64 0:3.6.23-45.el6_9            samba-common.x86_64 0:3.6.23-45.el6_9          作為依賴被安裝:  samba-winbind.x86_64 0:3.6.23-45.el6_9      samba-winbind-clients.x86_64 0:3.6.23-45.el6_9

為samba服務建立使用者、屬組以及修改許可權（samba家目錄:/home/samba，使用者名稱:smb，屬組:smb）;設定開機啟動服務

# groupadd smb# useradd smb -d /home/smb/ -g smb -s /sbin/nologin# chown -R smb:smb /home/smb/# smbpasswd -a smb# chkconfig nmb on# chkconfig smb on

啟動服務

# /etc/init.d/smb start# /etc/init.d/nmb start# ss -tnl|grep :139LISTEN     0      50                        *:139                      *:*     LISTEN     0      50                       :::139                     :::* # ss -tnl|grep :445LISTEN     0      50                        *:445                      *:*     LISTEN     0      50                       :::445                     :::*

驗證

最後附上smb.conf檔案

# cat /etc/samba/smb.conf|grep -v "#"[global]    workgroup = MYGROUP    server string = Samba Server Version %v;   netbios name = MYSERVER;   interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ;   hosts allow = 127. 192.168.12. 192.168.13.    log file = /var/log/samba/log.%m    max log size = 50    security = user    passdb backend = tdbsam;   security = domain;   passdb backend = tdbsam;   realm = MY_REALM;   password server = <NT-Server-Name>;   security = user;   passdb backend = tdbsam;   domain master = yes ;   domain logons = yes;   logon script = %m.bat;   logon script = %u.bat;   logon path = \\%L\Profiles\%u;   logon path =          ;   add user script = /usr/sbin/useradd "%u" -n -g users;   add group script = /usr/sbin/groupadd "%g";   add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u";   delete user script = /usr/sbin/userdel "%u";   delete user from group script = /usr/sbin/userdel "%u" "%g";   delete group script = /usr/sbin/groupdel "%g";   local master = no;   os level = 33;   preferred master = yes;   wins support = yes;   wins server = w.x.y.z;   wins proxy = yes;   dns proxy = yes    load printers = yes    cups options = raw;   printcap name = /etc/printcap;   printcap name = lpstat;   printing = cups;   map archive = no;   map hidden = no;   map read only = no;   map system = no;   store dos attributes = yes[homes]    comment = Home Directories    browseable = no    writable = yes;   valid users = %S;   valid users = MYDOMAIN\%S[printers]    comment = All Printers    path = /var/spool/samba    browseable = no    guest ok = no    writable = no    printable = yes;   [netlogon];   comment = Network Logon Service;   path = /var/lib/samba/netlogon;   guest ok = yes;   writable = no;   share modes = no;   [Profiles];   path = /var/lib/samba/profiles;   browseable = no;   guest ok = yes;   [public];   comment = Public Stuff;   path = /home/samba;   public = yes;   writable = yes;   printable = no;   write list = +staff