当前位置：首页 > news >正文

AlmaLinux9.5安装samba实现与Windows文件共享笔记250214

news 2025/8/22 2:37:49

Fedora41安装samba实现与Windows文件共享笔记241202

步骤:

安装samba, 并启用 smb , nmb 服务

切换阿里源(可选)

###    备份 /etc/yum.repos.d 文件夹
tempUri=/etc/yum.repos.d ;    sudo cp -a $tempUri  $tempUri.$(date +%0y%0m%0d%0H%0M%0Sns%0N).bak
sed -e 's|^mirrorlist=|#mirrorlist=|g' \-e 's|^# baseurl=https://repo.almalinux.org|baseurl=https://mirrors.aliyun.com|g' \-i.bak \/etc/yum.repos.d/almalinux*.repo
sudo dnf makecache

安装 samba

sudo dnf update
sudo dnf install samba -y

启用启动 smb, nmb

sudo systemctl enable --now smb nmb

等效

sudo systemctl enable smb nmb
sudo systemctl start smb nmb

在Ubuntu24.04下,smb和smbd通用, nmb和nmbd通用, CentOS,Alma,Rocky 只能用smb和nmb, Ubuntu18.04只能用nmbd和smbd

设置 /etc/samba/smb.conf

备份 /etc/samba/smb.conf

tempSmbDotConfUri=/etc/samba/smb.conf ;    sudo cp -a ${tempSmbDotConfUri} ${tempSmbDotConfUri}.$(date +%0y%0m%0d_%0H%0M%0S_ns%0N).bak

用 vi 编辑 /etc/samba/smb.conf

sudo vi /etc/samba/smb.conf

将 [global] 的 workgrop 设为 workgroup

[global]workgroup = workgroupsecurity = user

不替换, 保留为: workgroup = SAMBA 也能连通

设置共享目录, 这里设置了根目录, 在底部加入
开头可以有空格或制表符,也可以没有, 等号之间可以有空格,也可以没有

开头单 tab 版

[RootFolder]path = /comment = 根文件夹public = yesread only = nowritable = yesavailable = yesbrowseable = yesguest ok = yes#forceuser = root#forcegroup = rootcreate mask = 0777directory mask = 0777[RootHomeFolder]path = /rootcomment = root用户文件夹public = yesread only = nowritable = yesavailable = yesbrowseable = yesguest ok = yes#forceuser = root#forcegroup = rootcreate mask = 0777directory mask = 0777

开头四空格版

### 四空格版
[RootFolder]path = /comment = 根文件夹public = yesread only = nowritable = yesavailable = yesbrowseable = yesguest ok = yesforceuser = rootforcegroup = rootcreate mask = 0777directory mask = 0777[RootHomeFolder]path = /rootcomment = root用户文件夹public = yesread only = nowritable = yesavailable = yesbrowseable = yesguest ok = yesforceuser = rootforcegroup = rootcreate mask = 0777directory mask = 0777

查看 /etc/samba/smb.conf

sudo cat /etc/samba/smb.conf

将系统用户添加到samba的用户,并单独设置samba的密码,独立于系统密码
```
sudo smbpasswd -a root
```
查看samba的用户
```
sudo pdbedit -L
```
重启 smb, nmb 服务
```
sudo systemctl restart smb nmb smb nmb
```

关闭禁用防火墙或者开启端口

关闭禁用防火墙

sudo systemctl stop firewalld ; sudo systemctl disable firewalld

或者开启端口

查看firewall默认的zone,
一般CentOS是public, Fedora是FedoraWorkstation
```
sudo firewall-cmd --get-default-zone
```
查看活跃的zone, 一般就是默认zone
```
sudo firewall-cmd --get-active-zones
```

开放445端口的tcp
fedora41的默认zone是: FedoraWorkstation

sudo firewall-cmd --zone=FedoraWorkstation  --add-port=445/tcp --permanent
sudo firewall-cmd --reload

自动通过 $(sudo firewall-cmd --get-default-zone) 获取默认zone

sudo firewall-cmd --zone=$(sudo firewall-cmd --get-default-zone) --add-port=445/tcp --permanent
sudo firewall-cmd --reload

开放139端口的tcp

sudo firewall-cmd --zone=$(sudo firewall-cmd --get-default-zone) --add-port=139/tcp --permanent
sudo firewall-cmd --reload

开放138端口的udp

sudo firewall-cmd --zone=$(sudo firewall-cmd --get-default-zone) --add-port=138/udp --permanent
sudo firewall-cmd --reload

开放137端口udp

sudo firewall-cmd --zone=$(sudo firewall-cmd --get-default-zone) --add-port=137/udp --permanent
sudo firewall-cmd --reload

开放137,138的udp, 139,445的tcp

sudo firewall-cmd --zone=$(sudo firewall-cmd --get-default-zone) --add-port=137/udp --permanent
sudo firewall-cmd --zone=$(sudo firewall-cmd --get-default-zone) --add-port=138/udp --permanent
sudo firewall-cmd --zone=$(sudo firewall-cmd --get-default-zone) --add-port=139/tcp --permanent
sudo firewall-cmd --zone=$(sudo firewall-cmd --get-default-zone) --add-port=445/tcp --permanent
sudo firewall-cmd --reload
sudo systemctl restart firewalld

查看开放的端口 firewall-cmd --list-ports
```
sudo firewall-cmd --list-ports
```
- 查看 public 的 zone 开放的端口 firewall-cmd --list-ports --zone=public
```
sudo firewall-cmd --list-ports --zone=public
```
  如何查看firewall开放了哪些端口笔记241129

在Windows登录
在"文件资源管理器"输入 \\IPv4 或控制台输入 explorer \\IPv4

如果用 IPv6
Explorer文件资源管理器用 IPv6 访问局域网网络共享网上邻居 , 要将 ipv6 的地址格式进行转换:
1. 将所有 :(冒号) 替换成 -(横杆,减号,负号)
2. 在地址末尾加上 .ipv6-literal.net
```
.ipv6-literal.net
```
  例如:
```
fc00::102:2441:f
对应转换为👇
\\fc00--102-2441-f.ipv6-literal.net
```
第一次登录可能慢,甚至要多登录几次, 尝试重启AlmaLinux
登录成功后发现不能访问/root文件夹和/home下的用户文件夹, 原因是SELinux在作怪,
可以执行sudo setenforce 0,但重启会失效
```
sudo setenforce 0  # 设置为Permissive模式 重启失效
```
可用getenforce命令查看SELinux当前的执行模式。SELinux有三种执行模式：enforcing（强制模式）、permissive（宽容模式）和disabled（禁用模式）。
```
sudo getenforce
```
想要永久生效
可修改编辑/etc/selinux/config文件，将SELINUX=enforcing更改为SELINUX=permissive , 或者 SELINUX=disabled, 重启生效
用vi编辑器修改/etc/selinux/config
```
sudo vi /etc/selinux/config
```
用sed命令修改
二选一
- 设置 SELINUX=permissive
```
###  备份
tempUri=/etc/selinux/config ;    sudo cp -a  $tempUri  $tempUri.$(date +%0y%0m%0d%0H%0M%0Sns%0N).bak
###  修改
sudo sed -ie 's(^\s*SELINUX\s*=\s*enforcing$(SELINUX=permissive(g' /etc/selinux/config
```
- 设置 SELINUX=disabled
```
###  备份
tempUri=/etc/selinux/config ;    sudo cp -a  $tempUri  $tempUri.$(date +%0y%0m%0d%0H%0M%0Sns%0N).bak
###  修改
sudo sed -ie 's!^\s*SELINUX\s*=\s*enforcing$!SELINUX=disabled!g' /etc/selinux/config
```
查看/etc/selinux/config
```
sudo cat /etc/selinux/config
```
重启
```
sudo systemctl reboot
```
SELinux的 getenforce setenforce 配置文件/etc/selinux/config的 SELINUX和SELINUXTYPE

一气呵成

#!/bin/bash
###    安装samba
sudo yum install samba -y
###    备份samba配置文件
tempSmbDotConfUri=/etc/samba/smb.conf ;    sudo cp -a ${tempSmbDotConfUri} ${tempSmbDotConfUri}.$(date +%0y%0m%0d_%0H%0M%0S_ns%0N).bak
###    修改samba配置文件
sudo sed -ri 's/workgroup\s*=.*$/workgroup=WORKGROUP/g' /etc/samba/smb.confecho '[RootFolder]path = /comment = 根文件夹public = yesread only = nowritable = yesavailable = yesbrowseable = yesguest ok = yes#forceuser = root#forcegroup = rootcreate mask = 0777directory mask = 0777[RootHomeFolder]path = /rootcomment = root用户文件夹public = yesread only = nowritable = yesavailable = yesbrowseable = yesguest ok = yes#forceuser = root#forcegroup = rootcreate mask = 0777directory mask = 0777[samba]path = /home/sambacomment = samba用户文件夹public = yesread only = nowritable = yesavailable = yesbrowseable = yesguest ok = yes#forceuser = samba#forcegroup = sambacreate mask = 0777directory mask = 0777[smbpasswd]path = /home/smbpasswdcomment = smbpasswd用户文件夹public = yesread only = nowritable = yesavailable = yesbrowseable = yesguest ok = yes#forceuser = smbpasswd#forcegroup = smbpasswdcreate mask = 0777directory mask = 0777[pdbedit]path = /home/pdbeditcomment = pdbedit用户文件夹public = yesread only = nowritable = yesavailable = yesbrowseable = yesguest ok = yes#forceuser = pdbedit#forcegroup = pdbeditcreate mask = 0777directory mask = 0777'  >>  /etc/samba/smb.conf###    启用启动samba服务
sudo systemctl enable --now smb nmb###    配置防火墙
sudo firewall-cmd --zone=$(sudo firewall-cmd --get-default-zone) --add-port=137/udp --permanent
sudo firewall-cmd --zone=$(sudo firewall-cmd --get-default-zone) --add-port=138/udp --permanent
sudo firewall-cmd --zone=$(sudo firewall-cmd --get-default-zone) --add-port=139/tcp --permanent
sudo firewall-cmd --zone=$(sudo firewall-cmd --get-default-zone) --add-port=445/tcp --permanent
sudo firewall-cmd --reload
sudo systemctl restart firewalld###    配置SeLinux
sudo setenforce 0  # 设置为Permissive模式 重启失效
###  备份
tempUri=/etc/selinux/config ;    sudo cp -a  $tempUri  $tempUri.$(date +%0y%0m%0d%0H%0M%0Sns%0N).bak
###  修改
sudo sed -ie 's(^\s*SELINUX\s*=\s*enforcing$(SELINUX=permissive(g' /etc/selinux/configsudo useradd samba
sudo smbpasswd -a samba