日志
Linux的samba服务器设置之资源访问
||
Linux的samba服务器设置
――本文只解释一个问题点:无法访问samba资源
非图形界面下的samba服务器配置不太观――不论那种方式,对于初次配置samba的人来说都是一种挑战。
Samba的问题更多的出现在用户设置上,即使有了samba用户,smb.conf也是正确的,samba服务已打开,还是会出现无法访问的问题,根源为用户设置问题。以下为RHEL5的手册说明,根据此说明设置于RHEL5不会有问题。然而在某些系统上无法使用此方法:mksmbpasswd.sh 并不是每个系统都提供,无法用此办法生成samba的用户密码文件,通过对命令sambapasswd 的使用,发现有-a选项可增加samba用户,而这个使用是大部分系统都提供的(确切说是安装了samba后系统提供的),这就为samba的配置提供了方便。
一般的方法为:
1 用useradd 增加用户;
2 用sambapasswd –a 增加一个samba用户;
3 用sambapasswd 改变这个用户的密码(很重要!这地方容易栽);
4 修改smb.conf文件,给此用户资源;
5 service smb restart 重启服务;
6 到其它机器上试一下。
7 说明:samba用户的密码可以和系统用户的密码不一样。更高级的访问控制要用到群组。
23.2.3. Encrypted Passwords
Encrypted passwords are enabled by default because it is more secure. If encrypted passwords are not
used, plain text passwords are used, which can be intercepted by someone using a network packet
sniffer. It is recommended that encrypted passwords be used.
The Microsoft SMB Protocol originally used plain text passwords. However, Windows NT 4.0 with
Service Pack 3 or higher, Windows 98, Windows 2000, Windows ME, and Windows XP require
encrypted Samba passwords. To use Samba between a Linux system and a system running one of these
Windows operating systems, you can either edit your Windows registry to use plaintext passwords or
con[1]gure Samba on your Linux system to use encrypted passwords. If you choose to modify your
182 Chapter 23. Samba
registry, you must do so for all of your Windows machines — this is risky and may cause further
con
icts. It is recommended that you use encrypted passwords for better security.
To con[1]gure Samba to use encrypted passwords, follow these steps:
1. Create a separate password [1]le for Samba. To create one based on your existing /etc/passwd
[1]le, at a shell prompt, type the following command:
cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
If the system uses NIS, type the following command:
ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
The mksmbpasswd.sh is installed in your /usr/bin directory with the samba package.
2. Change the permissions of the Samba password [1]le so that only root has read and write permissions:
chmod 600 /etc/samba/smbpasswd
3. The does not copy user passwords to the new [1]le, and a Samba user account is not active
until a password is set for it. For higher security, it is recommended that the user's Samba
password be different from the user's system password. To set each Samba user's password, use
the following command (replace username with each user's username):
smbpasswd username
4. Encrypted passwords must be enabled. Since they are enabled by default, they do not have
to be speci[1]cally enabled in the con[1]guration [1]le. However, they can not be disabled in the
con[1]guration [1]le either. In the [1]le /etc/samba/smb.conf, verify that the following line does
not exist:
encrypt passwords = no
If it does exist but is commented out with a semi-colon (;) at the beginning of the line, then the
line is ignored, and encrypted passwords are enabled. If this line exists but is not commented
out, either remove it or comment it out.
To speci[1]cally enable encrypted passwords in the con[1]guration [1]le, add the following lines to
etc/samba/smb.conf:
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
5. Make sure the smb service is started by typing the command service smb restart at a shell
prompt.
6. If you want the smb service to start automatically, use ntsysv, chkconfig, or the Services
Con[1]guration Tool to enable it at runtime. Refer to Chapter 20 Controlling Access to Services
for details.
The pam_smbpass PAM module can be used to sync users' Samba passwords with their system
passwords when the passwd command is used. If a user invokes the passwd command, the password
he uses to log in to the Red Hat Enterprise Linux system as well as the password he must provide to
connect to a Samba share are changed.
To enable this feature, add the following line to /etc/pam.d/system-auth below the
pam_cracklib.so invocation:
password required /lib/security/pam_smbpass.so nullok use_authtok try_first_pass
EE.C
二○○九年十二月三十一日
