【NAS】Samba基于security=user的用户访问

    xiaoxiao2021-12-14  22

    基于参数Security= User,即用户需要登录认证才能访问共享资源,这种模式应该如何配置呢?

     

    1     服务器端配置

    1.1     系统用户管理

    创建用户:

    [root@node1 ~]# useradd -d /home/smbuser1 -msmbuser1

    [root@node1 ~]# ls /home/

    smbuser1

    [root@node1 ~]#

    设置密码(可以不做)

    [root@node1 ~]# passwd smbuser1

    Changing password for user smbuser1.

    New password:

    BAD PASSWORD: The password contains the user namein some form

    Retype new password:

    passwd: all authentication tokens updatedsuccessfully.

    [root@node1 ~]#

     

    1.2     SMB用户管理

    添加SMB用户系统中

    [root@node1 ~]# smbpasswd -a smbuser1

    New SMB password:

    Retype new SMB password:

    Added user smbuser1.

    [root@node1 ~]#

     

    1.3     配置文件

    1.3.1  配置参数

    源码如下:

    #======================= Global Settings=====================================

    [global]

    # ----------------------- Network-Related Options-------------------------

        workgroup= MYGROUP

        serverstring = Samba Server Version %v

    # --------------------------- Logging Options-----------------------------

        log file =/var/log/samba/log.%m

        max logsize = 51200

    # ----------------------- Standalone Server Options------------------------

        security =user

        passdbbackend = tdbsam

    # ----------------------- Domain Members Options------------------------

    # ----------------------- Domain Controller Options------------------------

    # ----------------------- Browser Control Options----------------------------

    #----------------------------- Name Resolution-------------------------------

    # --------------------------- Printing Options-----------------------------

        load printers= yes

        cupsoptions = raw

    # --------------------------- File System Options---------------------------

    #============================ Share Definitions==============================

    [yysmb01]

        comment =yynfs01

        path =/mnt/hyyfs/nfs01

        createmask = 0664

        directorymask = 0775

        writeable= no

        validusers = nisuser01,nisuser02,nisuser03,smbuser1

        write list= nisuser02,smbuser1

    [yysmb02]

        comment =yynfs02

        path =/mnt/hyyfs/nfs02

        writeable= yes

        public =yes

        guest ok =yes

    1.3.2  检查配置参数

    使用testparm -v检测配置文件的正确性

    [root@node1 mnt]# testparm -v

    Load smb config files from /etc/samba/smb.conf

    rlimit_max: increasing rlimit_max (1024) to minimumWindows limit (16384)

    Processing section "[homes]"

    Processing section "[printers]"

    Processing section "[yysmb01]"

    Processing section "[yysmb02]"

    Loaded services file OK.

    Server role: ROLE_STANDALONE

     

    Press enter to see a dump of your servicedefinitions

     

    1.3.3  开放权限

    开放权限

     

    1.4     服务管理

    服务器端需要为smbuser1开放权限。在服务器端执行如下设置:

    [root@node1 ~]# chown smbuser1:smbuser1 /mnt/hyyfs/nfs01/-R

     

     

    2     Client端

    服务器端设置了Security = User,即用户需要登录认证才能访问共享资源。

    [root@node2 ~]# mount -tcifs //192.168.192.91/yysmb01 /mnt/nfs/ -o username=smbuser1,password=smbuser1

    [root@node2 ~]# df -h |grep yysmb01

    //192.168.192.91/yysmb01   60G 532M   60G   1% /mnt/nfs

    [root@node2 ~]#

    BUT:权限不足

    [root@node2 nfs]# mkdir 11

    mkdir: cannot create directory ‘11’: Permissiondenied

    [root@node2 nfs]# touch 111

    touch: cannot touch ‘111’: Permission denied

    [root@node2 nfs]#

    原因在于服务器端没有为smbuser1开放权限。在服务器端执行如下设置:

    [root@node1 ~]# chown smbuser1:smbuser1 /mnt/hyyfs/nfs01/-R

     

    ---轻轻地我走了,正如我轻轻地来---

     

    转载请注明原文地址: https://ju.6miu.com/read-968693.html

    最新回复(0)