[root@kvm5 ~]# yum -y install samba
[root@kvm5 ~]# mkdir /groupdir
[root@kvm5 ~]# yum provides *bin/seinfo .................... Matched from: Filename : /usr/bin/seinfo
[root@kvm5 ~]# yum install setools-console
[root@kvm5 ~]# seinfo -t | grep samba samba_secrets_t samba_spool_t samba_unconfined_script_exec_t samba_net_t samba_var_t samba_net_exec_t samba_net_tmp_t samba_unconfined_net_t samba_unconfined_script_t samba_unit_file_t sambagui_exec_t samba_share_t samba_initrc_exec_t sambagui_t samba_etc_t samba_log_t
samba_share_t
,不先查詢,使用 TAB 鍵一樣會出現提示及補齊。
[root@kvm5 ~]# semanage fcontext -a -t samba_share_t '/groupdir(/.*)?'
samba_share_t
。
[root@kvm5 ~]# restorecon -vvFR /groupdir restorecon reset /groupdir context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
[root@kvm5 ~]# vim /etc/samba/smb.conf [root@kvm5 ~]# grep '^[^#\;]' /etc/samba/smb.conf [global] workgroup = DEYUGROUP server string = Samba Server Version %v # log files split per-machine: log file = /var/log/samba/log.%m # maximum size of 50KB per log file, then rotate: max log size = 50 security = user passdb backend = tdbsam # the following login script name is determined by the machine name # (%m): # the following login script name is determined by the UNIX user used: # use an empty path to disable profile support: # various scripts can be used on a domain controller or a stand-alone # machine to add or delete corresponding UNIX accounts: load printers = yes cups options = raw # obtain a list of printers automatically on UNIX System V systems: [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [common] path = /groupdir browseable = yes #hosts allow = .deyu.wang deyu.wang hosts allow = 192.168.122.
hostname lookups = yes
設定,才能從主機名稱反查到 IP,但目前有一小問題是設定 hosts allow = .deyu.wang
允許 deyu.wang 網域的機器卻不包含 deyu.wang 本身,必須單獨再加入。
[root@kvm5 ~]# vim /etc/samba/smb.conf [root@kvm5 ~]# grep '^\[global\]' -A2 /etc/samba/smb.conf [global] hostname lookups = yes [root@kvm5 ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[common]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = DEYUGROUP server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 hostname lookups = Yes idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [common] path = /groupdir hosts allow = .deyu.wang
[root@kvm5 ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[common]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = DEYUGROUP server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [common] path = /groupdir hosts allow = 192.168.122.
[root@kvm5 ~]# yum -y install samba-client
[root@kvm5 ~]# useradd deyu1
[root@kvm5 ~]# smbpasswd -a deyu1 New SMB password: Retype new SMB password: Added user deyu1.
[root@kvm5 ~]# pdbedit -L deyu1:1000:
[root@kvm5 ~]# systemctl enable smb.service nmb.service ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service' ln -s '/usr/lib/systemd/system/nmb.service' '/etc/systemd/system/multi-user.target.wants/nmb.service'
[root@kvm5 ~]# systemctl start smb.service nmb.service
[root@kvm5 ~]# getsebool -a | grep samba samba_create_home_dirs --> off samba_domain_controller --> off samba_enable_home_dirs --> off samba_export_all_ro --> off samba_export_all_rw --> off samba_portmapper --> off samba_run_unconfined --> off samba_share_fusefs --> off samba_share_nfs --> off sanlock_use_samba --> off use_samba_home_dirs --> off virt_sandbox_use_samba --> off virt_use_samba --> off
samba_export_all_rw
布林值,允許 Samba 讀取及寫入,-P 選項設定不只現在開啟,開機時也開啟此布林值。
[root@kvm5 ~]# setsebool -P samba_export_all_rw on
samba_export_all_rw
布林值已開啟。
[root@kvm5 ~]# getsebool samba_export_all_rw samba_export_all_rw --> on
[root@kvm5 ~]# smbclient -L //kvm5.deyu.wang/common -U deyu1%123qwe Sharename Type Comment --------- ---- ------- print$ Disk Printer Drivers common Disk IPC$ IPC IPC Service (Samba 4.7.1) deyu1 Disk Home Directories Reconnecting with SMB1 for workgroup listing. Server Comment --------- ------- Workgroup Master --------- ------- DEYUGROUP KVM5