AlmaLinux8.10安装samba实现与Windows文件共享
AlmaLinux8.10安装samba实现与Windows文件共享
步骤:
-
安装samba, 并启用 smb , nmb 服务
- 切换阿里源(可选)
sudo sed -e 's|^mirrorlist=|#mirrorlist=|g' \ -e 's|^# baseurl=https://repo.almalinux.org|baseurl=https://mirrors.aliyun.com|g' \ -i.bak \ /etc/yum.repos.d/almalinux*.repo sudo dnf makecache- 安装 samba
sudo dnf update sudo dnf install samba -y- 启用启动 smb, nmb
sudo systemctl enable smb nmb sudo systemctl start smb nmb在Ubuntu24.04下,smb和smbd通用, nmb和nmbd通用, CentOS,Alma,Rocky 只能用smb和nmb, Ubuntu18.04只能用nmbd和smbd
-
设置
/etc/samba/smb.confsudo vi /etc/samba/smb.conf2.1 将
[global]的workgrop设为 workgroup[global] workgroup = workgroup security = user不替换, 保留为: workgroup = SAMBA 也能连通
2.2. 设置共享目录, 这里设置了根目录, 在底部加入
[root] path=/ workgroup=workgroup public=yes writeable = yes available = yes browseable = yes guest ok = yes forceuser = root forcegroup = root create mask = 0775 directory mask = 0775开头可以有空格或制表符,也可以没有, 等号之间可以有空格,也可以没有
开头单 tab 版[RootFolder] path = / comment = 根文件夹 public = yes read only = no writable = yes available = yes browseable = yes guest ok = yes forceuser = root forcegroup = root create mask = 0777 directory mask = 0777 [RootHomeFolder] path = /root comment = root用户文件夹 public = yes read only = no writable = yes available = yes browseable = yes guest ok = yes forceuser = root forcegroup = root create mask = 0777 directory mask = 0777开头四空格版
### 四空格版 [RootFolder] path = / comment = 根文件夹 public = yes read only = no writable = yes available = yes browseable = yes guest ok = yes forceuser = root forcegroup = root create mask = 0777 directory mask = 0777 [RootHomeFolder] path = /root comment = root用户文件夹 public = yes read only = no writable = yes available = yes browseable = yes guest ok = yes forceuser = root forcegroup = root create mask = 0777 directory mask = 0777 -
将系统用户添加到samba的用户,并单独设置samba的密码,独立于系统密码
sudo smbpasswd -a root查看samba的用户
sudo pdbedit -L -
重启 smb, nmb 服务
sudo systemctl restart smb nmb smb nmb -
关闭禁用防火墙或者开启端口
-
关闭禁用防火墙
sudo systemctl stop firewalld ; sudo systemctl disable firewalld -
或者开启端口
查看firewall默认的zone是不是publicsudo firewall-cmd --get-default-zone-
开放445端口的tcp
sudo firewall-cmd --zone=public --add-port=445/tcp --permanent sudo firewall-cmd --reload -
开放139端口的tcp
sudo firewall-cmd --zone=public --add-port=139/tcp --permanent sudo firewall-cmd --reload -
开放138端口的udp
sudo firewall-cmd --zone=public --add-port=138/udp --permanent sudo firewall-cmd --reload -
开放137端口udp
sudo firewall-cmd --zone=public --add-port=137/udp --permanent sudo firewall-cmd --reload -
开放137,138的udp, 139,445的tcp
sudo firewall-cmd --zone=public --add-port=137/udp --permanent sudo firewall-cmd --zone=public --add-port=138/udp --permanent sudo firewall-cmd --zone=public --add-port=139/tcp --permanent sudo firewall-cmd --zone=public --add-port=445/tcp --permanent sudo firewall-cmd --reload sudo systemctl restart firewalld
-
-
查看开放的端口
firewall-cmd --list-portssudo firewall-cmd --list-ports- 查看 public 的 zone 开放的端口
firewall-cmd --list-ports --zone=public
如何查看firewall开放了哪些端口 笔记241129sudo firewall-cmd --list-ports --zone=public
- 查看 public 的 zone 开放的端口
-
-
在Windows登录
在"文件资源管理器"输入\\IPv4或控制台输入explorer \\IPv4如果用 IPv6
Explorer文件资源管理器用 IPv6 访问局域网网络共享网上邻居 , 要将 ipv6 的地址格式进行转换:-
将所有
:(冒号) 替换成-(横杆,减号,负号) -
在地址末尾加上
.ipv6-literal.net.ipv6-literal.net例如:
fc00::102:2441:f 对应转换为👇 \\fc00--102-2441-f.ipv6-literal.net
-
-
第一次登录可能慢,甚至要多登录几次, 尝试重启AlmaLinux
登录成功后发现不能访问/root文件夹和/home下的用户文件夹, 原因是SELinux在作怪,
可以执行sudo setenforce 0,但重启会失效sudo setenforce 0 # 设置为Permissive模式 重启失效可用
getenforce命令查看SELinux当前的执行模式。SELinux有三种执行模式:enforcing(强制模式)、permissive(宽容模式)和disabled(禁用模式)。sudo getenforce想要永久生效
可修改编辑/etc/selinux/config文件,将SELINUX=enforcing更改为SELINUX=permissive, 或者SELINUX=disabled, 重启生效
用vi编辑器修改/etc/selinux/configsudo vi /etc/selinux/config用sed命令修改
二选一- 设置
SELINUX=permissive### 备份 tempUri=/etc/selinux/config ; sudo cp -a $tempUri $tempUri.$(date +%0y%0m%0d%0H%0M%0Sns%0N).bak ### 修改 sudo sed -ie 's(^\s*SELINUX\s*=\s*enforcing$(SELINUX=permissive(g' /etc/selinux/config - 设置
SELINUX=disabled### 备份 tempUri=/etc/selinux/config ; sudo cp -a $tempUri $tempUri.$(date +%0y%0m%0d%0H%0M%0Sns%0N).bak ### 修改 sudo sed -ie 's!^\s*SELINUX\s*=\s*enforcing$!SELINUX=disabled!g' /etc/selinux/config
查看
/etc/selinux/configsudo cat /etc/selinux/config重启
sudo systemctl rebootSELinux的 getenforce setenforce 配置文件/etc/selinux/config的 SELINUX和SELINUXTYPE
- 设置
一气呵成
#!/bin/bash
sudo yum install samba -y
sudo sed -ri 's/workgroup\s*=.*$/workgroup=WORKGROUP/g' /etc/samba/smb.conf
echo '
[RootFolder]
path = /
comment = 根文件夹
public = yes
read only = no
writable = yes
available = yes
browseable = yes
guest ok = yes
forceuser = root
#forcegroup = root
create mask = 0777
directory mask = 0777
[RootHomeFolder]
path = /root
comment = root用户文件夹
public = yes
read only = no
writable = yes
available = yes
browseable = yes
guest ok = yes
forceuser = root
#forcegroup = root
create mask = 0777
directory mask = 0777
' >> /etc/samba/smb.conf
sudo systemctl enable --now smb nmb
sudo firewall-cmd --zone=public --add-port=445/tcp --permanent
sudo firewall-cmd --reload
sudo setenforce 0 # 设置为Permissive模式 重启失效
### 备份
tempUri=/etc/selinux/config ; sudo cp -a $tempUri $tempUri.$(date +%0y%0m%0d%0H%0M%0Sns%0N).bak
### 修改
sudo sed -ie 's(^\s*SELINUX\s*=\s*enforcing$(SELINUX=permissive(g' /etc/selinux/config
sudo smbpasswd -a root