1. 安裝相關套件
sudo dnf upgrade sudo dnf install samba其中,libnss-winbind 可讓 Linux 解析 Windows 的主機名。
2. 相關設定檔
2.1. smb.conf
/etc/samba/smb.conf2.1.1. 一般使用者「家」目錄設定
[global]
workgroup = WORKGROUP
server string = Samba Server Version %v
netbios name = CY
security = user
passdb backend = tdbsam
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = Yes
read only = No
inherit acls = Yes
3. 資源管理
3.1. 新增使用者
sudo pdbedit -a -u user_name其中,user_name為你要給定的使用者帳號名稱。
實作範例:
cy@cy:~$ sudo pdbedit -a -u cy retype new password: Unix username: cy NT username: Account Flags: [U ] User SID: S-1-5-21-3922602909-3884501703-394166850-1000 Primary Group SID: S-1-5-21-3922602909-3884501703-394166850-513 Full Name: CY Home Directory: \\CY\cy HomeDir Drive: Logon Script: Profile Path: \\CY\cykuo\profile Domain: CY Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 三, 06 2月 2036 23:06:39 CST Kickoff time: 三, 06 2月 2036 23:06:39 CST Password last set: 三, 03 11月 2021 20:14:20 CST Password can change: 三, 03 11月 2021 20:14:20 CST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
4. 測試
4.1. 測試 smb.conf 設定是否正確
testparm實作範例:
cy@cy:~$ testparm
Load smb config files from /etc/samba/smb.conf
lpcfg_do_global_parameter: WARNING: The "encrypt passwords" option is deprecated
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
security = USER
server string = Samba Server Version %v
idmap config * : backend = tdb
[homes]
comment = Home Directories
inherit acls = Yes
read only = No
valid users = %S %D%w%S
5. 安全設定
5.1. 防火牆
firewall-cmd --get-active-zones sudo firewall-cmd --permanent --zone=FedoraWorkstation --add-service=samba sudo firewall-cmd --reload
5.2. Selinux
setsebool -P samba_enable_home_dirs=1
6. 服務管理
systemctl status smb.service nmb.service systemctl restart smb.service nmb.service systemctl enable smb.service nmb.service
沒有留言:
張貼留言