Samba与squid
一、SambaSamba是SMB的一种实现方法,主要用来实现Linux系统的文件和打印服务。Linux用户通过配置使用Samba服务器可以实现与Windows
用户的资源共享。守护进程smbd和nmbd是Samba的核心,在全部时间内运行。nmbd程序使得通过企图计算机可以浏览Linux服务器。
1、Samba的安装
我们只通过yum安装
# yum install -y samba 2、Samba配置
# vim /etc/samba/smb.conf
# Samba的全局配置
#======================= Global Settings =====================================
# 网络的相关选项
# ----------------------- Network Related Options -------------------------
workgroup = WORKGROUP
server string = Samba Server Version %v
; netbios name = MYSERVER
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.
# 日志选项
# --------------------------- Logging Options -----------------------------
log file = /var/log/samba/log.%m
max log size = 50
# 独立服务器选项
# ----------------------- Standalone Server Options ------------------------
; security = user
; passdb backend = tdbsam
# 域成员选项
# ----------------------- Domain Members Options ------------------------
; security = domain
; passdb backend = tdbsam
; realm = MY_REALM
; password server =
# 域控制选项
# ----------------------- Domain Controller Options ------------------------
; security = user
; passdb backend = tdbsam
; domain master = yes
; domain logons = yes
; logon script = %m.bat
; logon script = %u.bat
; logon path = \\%L\Profiles\%u
; logon path =
; add user script = /usr/sbin/useradd "%u" -n -g users
; add group script = /usr/sbin/groupadd "%g"
; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
; delete user script = /usr/sbin/userdel "%u"
; delete user from group script = /usr/sbin/userdel "%u" "%g"
; delete group script = /usr/sbin/groupdel "%g"
# 浏览器控制选项
# ----------------------- Browser Control Options ----------------------------
; local master = no
; os level = 33
; preferred master = yes
# 名字解析
#----------------------------- Name Resolution -------------------------------
; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
; dns proxy = yes
# 打印选项
# --------------------------- Printing Options -----------------------------
load printers = yes
cups options = raw
; printcap name = /etc/printcap
; printcap name = lpstat
; printing = cups
# 文件系统选项
# --------------------------- Filesystem Options ---------------------------
; map archive = no
; map hidden = no
; map read only = no
; map system = no
; store dos attributes = yes
# 定义共享选项
#============================ Share Definitions ==============================
comment = Home Directories
browseable = no
writable = yes
valid users = %S
valid users = MYDOMAIN\%S
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
;
; comment = Network Logon Service
; path = /var/lib/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no
;
; path = /var/lib/samba/profiles
; browseable = no
; guest ok = yes
;
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff
案例一:不需密码的分享 (security = share, 纯测试)
# 编辑Samba配置
# vim /etc/samba/smb.conf
# workgroup 修改为 windows同一工作组
workgroup = WORKGROUP
server string = Samba Server Version %v
.......................................................
# 共享模式有user,share,server,domain
# security = user #这里指定samba的安全等级。关于安全等级有四种:
# share:用户不需要账户及密码即可登录samba服务器
# user:由提供服务的samba服务器负责检查账户及密码(默认)
# server:检查账户及密码的工作由另一台windows或samba服务器负责
# domain:指定windows域控制服务器来验证用户的账户及密码。
security = user 改为 security = share
.......................................................
# 共享模块的配置
comment = Home Directories
# 共享的地址
path = /data/samba
browseable = yes
public = yes
writable = no
# 创建共享目录
# mkdir -p /data/samba
# chmod 777 !$
chmod 777 /data/samba
# 对smb配置检测
# testparm -v
# 启动samba服务
# /etc/init.d/smb start
启动 SMB 服务: [确定]
# 设置开机启动
# chkconfig --list |grep smb
smb 0:关闭1:关闭2:关闭3:关闭4:关闭5:关闭6:关闭
# chkconfig --level 3 smb on
# chkconfig --list |grep smb
smb 0:关闭1:关闭2:关闭3:启用4:关闭5:关闭6:关闭
# service smb start
启动 SMB 服务: [确定]
# 注:iptables 与 selinux
windows 测试
在windows 中资源管理器输入samba服务器IP地址
如下图:
http://s3.运维网.com/wyfs02/M02/6D/8B/wKioL1Vmc-LSKwPKAADrXhw0NAE938.jpg
在这里我们看到了share,这个就是我们之前在smb.conf配置的共享模块名字,接下来我在里服务器上编辑一个文件,看看能否在windows客户端看见
# vim /data/samba/test.txt
测试
http://s3.运维网.com/wyfs02/M02/6D/8B/wKioL1VmdRGyW_25AAGkcXIWQg8468.jpg
在Linux系统测试
# 在linux系统中需要安装samba-client
# yum install -y samba-client
# 命令smbclient
# 选项:-L :仅查阅后面接的主机所提供分享的目录资源;
# -U :以后面接的这个账号来尝试取得该主机的可使用资源
# smbclient -L 192.168.0.175
Enter root's password:
Domain= OS= Server=
Sharename Type Comment
--------- ---- -------
share Disk Home Directories
IPC$ IPC IPC Service (Samba Server Version 3.6.23-14.el6_6)
Domain= OS= Server=
Server Comment
--------- -------
Workgroup Master
--------- -------
# 挂载samba共享目录
# mount -t cifs //192.168.0.175/share /mnt
案例二:使用账户密码登录,访问
# 修改配置文件包含以下内容
# vim /etc/samba/smb.conf
workgroup = WORKGROUP
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
# 主要修改这里
security = user
passdb backend = tdbsam
load printers = yes
cups options = raw
# 共享的模块名
# 对共享目录的描述
comment = Home Directories
# 共享的实际目录
path = /data
browseable = yes
public = yes
writable = yes
# 先创建用户
# useradd testuser_1
# useradd testuser_2
# 为samba添加系统账号
# pdbedit命令选项:
# -a 创建用户
# -u 指定用户
# -x 删除用户
# -L 列出所有用户
# -v 详细的信息
# pdbedit -a testuser_1
new password:
retype new password:
.................以下省略................
# pdbedit -a testuser_2
new password:
retype new password:
................以下省略................
# 列出创建的samba账户
# pdbedit -L
testuser_1:500:
testuser_2:501:
# 创建共享目录,更改权限
# mkdir /data
# chmod 777 !$
chmod 777 /data
# service smb start
启动 SMB 服务: [确定] 在浏览器测试
http://s3.运维网.com/wyfs02/M00/6D/A5/wKiom1VoIL2SktPHAADeRQCZ6e4878.jpg
有时候访问不通,需要注意一下iptables和selinux
Linux端访问及使用
# 访问格式smbclient//IP/共享名 -U 用户名
# smbclient //192.168.0.132/myshare -U testuser_1
Enter testuser_1's password:
Domain= OS= Server=
smb: \> ls
. D 0Fri May 29 08:13:44 2015
.. DR 0Fri May 29 08:01:51 2015
2 D 0Fri May 29 08:13:38 2015
47077 blocks of size 262144. 39774 blocks available
smb: \>
# 挂载
# mount -t cifs //192.168.0.132/myshare /mnt -o username=testuser_1,password=123456
# 报这个错误是因为没有安装cifs-utils
mount: wrong fs type, bad option, bad superblock on //192.168.0.132/myshare,
missing codepage or helper program, or other error
(for several filesystems (e.g. nfs, cifs) you might
need a /sbin/mount. helper program)
In some cases useful info is found in syslog - try
dmesg | tailor so
# cd /mnt
# ll
总用量 0
drwxr-xr-x 2 501 501 0 5月29 08:13 2
# df -h
Filesystem SizeUsed Avail Use% Mounted on
/dev/sda3 12G2.1G8.9G19% /
tmpfs 1.9G 01.9G 0% /dev/shm
/dev/sda1 190M 45M136M25% /boot
//192.168.0.132/myshare
12G1.2G9.8G11% /mnt
二、squid
1、squid 正向代理
安装与配置
yum安装squid
squid -v 查找squid的版本与编译参数
# yum install -y squid
# 配置内容
# vim /etc/squid/squid.conf
http_port 3128
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12# RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 8080 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow all
cache_dir aufs /data/cache 1024 16 256
cache_mem 128 MB
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern \.(jpg|png|gif|mp3|xml) 1440 50% 2880 ignore-reload
refresh_pattern . 0 20% 4320
# 创建缓存目录
# mkdir -p /data/cache
# 更改权限
# chown -R squid:squid /data/cache
# 初始化数据库
# squid -z
2015/05/30 02:02:59| Creating Swap Directories
2015/05/30 02:02:59| /data/cache exists
2015/05/30 02:02:59| Making directories in /data/cache/00
2015/05/30 02:02:59| Making directories in /data/cache/01
2015/05/30 02:02:59| Making directories in /data/cache/02
2015/05/30 02:02:59| Making directories in /data/cache/03
2015/05/30 02:02:59| Making directories in /data/cache/04
2015/05/30 02:02:59| Making directories in /data/cache/05
2015/05/30 02:02:59| Making directories in /data/cache/06
2015/05/30 02:02:59| Making directories in /data/cache/07
2015/05/30 02:02:59| Making directories in /data/cache/08
2015/05/30 02:02:59| Making directories in /data/cache/09
2015/05/30 02:02:59| Making directories in /data/cache/0A
2015/05/30 02:02:59| Making directories in /data/cache/0B
2015/05/30 02:02:59| Making directories in /data/cache/0C
2015/05/30 02:02:59| Making directories in /data/cache/0D
2015/05/30 02:02:59| Making directories in /data/cache/0E
2015/05/30 02:02:59| Making directories in /data/cache/0F
# 启动squid
# /etc/init.d/squid start
正在启动 squid:. [确定]
# 检查配置文件正确性
# squid-kcheck
# 重新加载配置
# squid -k rec
# 重新启动squid
# service squid restart
停止 squid:................ [确定]
正在启动 squid:. [确定]
# 进行图片测试
# curl -xlocalhost:3128 -I http://www.xinhuanet.com/photo/titlepic/12785/127857498_1432887593222_title0h.jpg
HTTP/1.0 200 OK
Server: nginx/1.2.6
Date: Sat, 30 May 2015 02:12:52 GMT
Content-Type: image/jpeg
Content-Length: 14053
Last-Modified: Fri, 29 May 2015 08:32:43 GMT
Accept-Ranges: bytes
Powered-By-ChinaCache: HIT from 060120c3H5.4
Expires: Sat, 30 May 2015 02:17:52 GMT
Age: 211
Powered-By-ChinaCache: HIT from 010123b3H8
X-Cache: MISS from lamp
页:
[1]