内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
风哥提示:
本文档详细介绍Samba文件共享服务器的安装、配置和管理方法。
Part01-Samba安装
1.1 安装Samba服务
$ sudo dnf install -y samba samba-client
Last metadata expiration check: 0:45:23 ago on Thu 03 Apr 2026 23:25:15 AM CST.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
samba x86_64 4.18.6-101.el9 appstream 1.0 M
samba-client x86_64 4.18.6-101.el9 appstream 200 k
Transaction Summary
================================================================================
Install 2 Packages
Total download size: 1.2 M
Installed size: 3.0 M
Downloading Packages:
(1/2): samba-4.18.6-101.el9.x86_64.rpm 1.0 MB/s | 1.0 MB 00:01
(2/2): samba-client-4.18.6-101.el9.x86_64.rpm 200 kB/s | 200 kB 00:01
——————————————————————————–
Total 1.2 MB/s | 1.2 M 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : samba-client-4.18.6-101.el9.x86_64 1/2
Installing : samba-4.18.6-101.el9.x86_64 2/2
Running scriptlet: samba-4.18.6-101.el9.x86_64 2/2
Verifying : samba-4.18.6-101.el9.x86_64 1/2
Verifying : samba-client-4.18.6-101.el9.x86_64 2/2
Installed:
samba-4.18.6-101.el9.x86_64
samba-client-4.18.6-101.el9.x86_64
Complete!
# 启动Samba服务
$ sudo systemctl start smb nmb
# 设置开机自启动
$ sudo systemctl enable smb nmb
Created symlink /etc/systemd/system/multi-user.target.wants/smb.service → /usr/lib/systemd/system/smb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/nmb.service → /usr/lib/systemd/system/nmb.service.
# 查看服务状态
$ sudo systemctl status smb
● smb.service – Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; preset: disabled)
Active: active (running) since Thu 2026-04-03 23:25:00 CST; 10s ago
Process: 12370 ExecStartPre=/usr/bin/testparm -s (code=exited, status=0/SUCCESS)
Main PID: 12371 (smbd)
Status: “smbd: ready to serve connections…”
Tasks: 3 (limit: 49152)
Memory: 5.5M
CPU: 50ms
CGroup: /system.slice/smb.service
├─12371 /usr/sbin/smbd –foreground –no-process-group
├─12372 /usr/sbin/smbd –foreground –no-process-group
└─12373 /usr/sbin/smbd –foreground –no-process-group
Apr 03 23:25:00 rhel10 systemd[1]: Starting Samba SMB Daemon…
Apr 03 23:25:00 rhel10 smbd[12370]: Processing section “[homes]”
Apr 03 23:25:00 rhel10 smbd[12370]: Processing section “[printers]”
Apr 03 23:25:00 rhel10 smbd[12370]: Processing section “[print$]”
Apr 03 23:25:00 rhel10 systemd[1]: Started Samba SMB Daemon.
# 配置防火墙
$ sudo firewall-cmd –permanent –add-service=samba
success
$ sudo firewall-cmd –reload
success
# 测试配置
$ testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
Part02-Samba配置文件
2.1 配置smb.conf
$ sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
# 编辑配置文件
$ sudo tee /etc/samba/smb.conf << EOF
[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = rhel10
security = user
passdb backend = tdbsam
log file = /var/log/samba/log.%m
max log size = 50
log level = 1
hosts allow = 192.168.1. 127.
hosts deny = ALL
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mask = 0644
directory mask = 0755
[share]
comment = Public Share
path = /data/share
browseable = yes
writable = yes
guest ok = yes
read only = no
create mask = 0644
directory mask = 0755
force user = nobody
force group = nobody
[private]
comment = Private Share
path = /data/private
browseable = yes
writable = yes
valid users = @smbgroup
create mask = 0660
directory mask = 0770
force group = smbgroup
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
EOF
# 创建共享目录
$ sudo mkdir -p /data/share
$ sudo mkdir -p /data/private
# 设置权限
$ sudo chmod 777 /data/share
$ sudo chmod 770 /data/private
# 创建用户组
$ sudo groupadd smbgroup
# 设置目录所有者
$ sudo chown root:smbgroup /data/private
# 检查配置
$ sudo testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_STANDALONE
# 重启服务
$ sudo systemctl restart smb nmb
Part03-Samba用户管理
3.1 创建Samba用户
$ sudo useradd -m -s /bin/bash user1
$ sudo passwd user1
Changing password for user user1.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
# 添加到Samba组
$ sudo usermod -aG smbgroup user1
# 创建Samba密码
$ sudo smbpasswd -a user1
New SMB password:
Retype new SMB password:
Added user user1.
# 启用用户
$ sudo smbpasswd -e user1
Enabled user user1.
# 查看Samba用户
$ sudo pdbedit -L
user1:1000:user1
# 查看用户详细信息
$ sudo pdbedit -Lv user1
Unix username: user1
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1234567890-1234567890-1234567890-1000
Primary Group SID: S-1-5-21-1234567890-1234567890-1234567890-513
Full Name:
Home Directory: \\rhel10\user1
HomeDir Drive:
Logon Script:
Profile Path: \\rhel10\user1\profile
Domain: RHEL10
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Thu, 01 Jan 1970 08:00:00 CST
Kickoff time: Thu, 01 Jan 1970 08:00:00 CST
Password last set: Thu, 03 Apr 2026 23:30:00 CST
Password can change: Thu, 03 Apr 2026 23:30:00 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
# 删除用户
$ sudo smbpasswd -x user1
Deleted user user1.
# 禁用用户
$ sudo smbpasswd -d user1
Disabled user user1.
Part04-访问Samba共享
4.1 客户端访问
$ smbclient -L 192.168.1.100 -U user1
Password for [WORKGROUP\user1]:
Sharename Type Comment
——— —- ——-
share Disk Public Share
private Disk Private Share
IPC$ IPC IPC Service (Samba Server 4.18.6)
Reconnecting with SMB1 for workgroup listing.
Server Comment
——— ——-
RHEL10 Samba Server 4.18.6
Workgroup Master
——— ——-
WORKGROUP RHEL10
# 访问共享目录
$ smbclient //192.168.1.100/share -U user1
Password for [WORKGROUP\user1]:
Try “help” to get a list of possible commands.
smb: \> ls
. D 0 Thu Apr 3 23:30:00 2026
.. D 0 Thu Apr 3 23:30:00 2026
52403700 blocks of size 1024. 41943040 blocks available
smb: \> mkdir test
smb: \> ls
. D 0 Thu Apr 3 23:30:30 2026
.. D 0 Thu Apr 3 23:30:00 2026
test D 0 Thu Apr 3 23:30:30 2026
52403700 blocks of size 1024. 41943040 blocks available
smb: \> quit
# 挂载Samba共享
$ sudo mkdir -p /mnt/smb/share
$ sudo mount -t cifs //192.168.1.100/share /mnt/smb/share -o username=user1,password=MyPassword123
Password for user1@//192.168.1.100/share: ********
# 查看挂载
$ df -h | grep cifs
//192.168.1.100/share 50G 10G 40G 20% /mnt/smb/share
# 永久挂载
$ sudo tee -a /etc/fstab << EOF
//192.168.1.100/share /mnt/smb/share cifs username=user1,password=MyPassword123,_netdev 0 0
EOF
# 使用凭据文件
$ sudo tee /root/.smbcred << EOF
username=user1
password=MyPassword123
EOF
$ sudo chmod 600 /root/.smbcred
$ sudo tee -a /etc/fstab << EOF
//192.168.1.100/share /mnt/smb/share cifs credentials=/root/.smbcred,_netdev 0 0
EOF
Part05-Samba高级配置
5.1 配置Samba域控制器
$ sudo setsebool -P samba_export_all_rw 1
$ sudo setsebool -P samba_enable_home_dirs 1
# 配置SELinux上下文
$ sudo semanage fcontext -a -t samba_share_t “/data/share(/.*)?”
$ sudo semanage fcontext -a -t samba_share_t “/data/private(/.*)?”
$ sudo restorecon -Rv /data/
# 查看SELinux上下文
$ ls -Z /data/
unconfined_u:object_r:samba_share_t:s0 private
unconfined_u:object_r:samba_share_t:s0 share
# 配置日志轮转
$ sudo tee /etc/logrotate.d/samba << EOF
/var/log/samba/log.* {
weekly
rotate 5
compress
missingok
notifempty
create 0644 root root
postrotate
/usr/bin/systemctl reload smb.service > /dev/null 2>&1 || true
endscript
}
EOF
# 查看Samba日志
$ sudo tail -f /var/log/samba/log.smbd
[2026/04/03 23:35:00.123456, 1] ../../source3/smbd/service.c:678(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2026/04/03 23:35:00.234567, 1] ../../source3/smbd/service.c:678(make_connection_snum)
make_connection_server_info: user1 [192.168.1.10:54321] connected to share ‘share’ service ‘share’ as user ‘user1’
# 监控Samba连接
$ sudo smbstatus
Samba version 4.更多视频教程www.fgedu.net.cn18.6
PID Username Group Machine Protocol Version Encryption Signing
—————————————————————————————————————————————-
12374 user1 学习交流加群风哥QQ113257174 user1 192.168.1.10 (ipv4:192.168.1.10:54321) SMB3_11 – partial(AES-128-CMAC)
Service pid Machine Connected at Encryption Signing
———————————————————————————————
share 12374 192.168.1.10 Thu Apr 3 23:35:00 2026 CST – –
Locked files:
Pid Uid DenyMode Access R/W Oplock SharePath Name Time
————————————————————————————————–
12374 1000 DENY_NONE 0x100081 RDONLY NONE /data/share . Thu Apr 3 23:35:00 2026 CST
1. 配置合适的访问权限
2. 使用强密码保护共享
3. 启用SELinux增强安全
4. 定期检查日志文件
5. 监控Samba连接状态
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
