centos搭建samba服务器配置_附录:conf配置文件说明
在CentOS上搭建Samba服务器时,需要配置一个名为smb.conf的配置文件,该文件位于/etc/samba/目录下,下面是smb.conf文件中各个配置项的说明:
(图片来源网络,侵删)1、全局设置
| 配置项 | 说明 |
| workgroup = 工作组名称 | 指定Samba服务器所在的工作组名称,与客户端一致 |
| server string = Samba服务器描述信息 | 自定义Samba服务器的描述信息 |
| security = 安全模式 | 指定Samba服务器的安全模式,可选值为share(共享模式)、user(用户验证模式)和server(服务器验证模式) |
| map to guest = Bad User | 当用户访问Samba服务器但没有有效账户时,将映射到指定的Guest账户 |
| domain master = no | 指定Samba服务器是否为域控制器,no表示不是,yes表示是 |
| local master = yes | 指定Samba服务器是否为本地主机,yes表示是,no表示不是 |
| preferred master = yes | 指定Samba服务器是否为首选的主域控制器,yes表示是,no表示不是 |
| os level = 操作系统级别 | 指定Samba服务器的操作系统级别,可选值为95、98、2000、500、512、600、601、602、603、604、605、606、607、608、609、610、611、700、701、702、703、704、705、706、707、708、709、710、711、800、801、802、803、804、805、806、807、808、809、810、811、900 |
| log file = /var/log/samba/%m.log | 指定Samba服务器的日志文件路径和文件名格式 |
| max log size = 50 | 指定Samba服务器日志文件的最大大小(单位:KB),超过该值将自动切割日志文件 |
| syslog = yes | 指定是否将Samba服务器的日志记录到系统日志中,yes表示是,no表示不是 |
| panic action = /usr/share/samba/panicaction %d | 指定当Samba服务器遇到严重错误时执行的操作,%d表示错误代码 |
| usershare = no | 指定是否允许普通用户共享文件夹,no表示不允许,yes表示允许 |
| dns proxy = no | 指定是否启用DNS代理,no表示不启用,yes表示启用 |
| idmap config * backend = tdb | 指定用于身份映射的后端数据库类型,tdb表示TDB数据库,rid表示RID数据库,ldap表示LDAP数据库 |
| idmap config * range = 1000099999 | 指定用于身份映射的用户ID范围 |
| idmap config * secure = true | 指定是否对身份映射进行加密,true表示加密,false表示不加密 |
| idmap config * hash algorithm = murmur | 指定用于身份映射的哈希算法,murmur表示Murmur算法,sha256表示SHA256算法 |
| idmap configsalt length = 14 | 指定用于身份映射的盐长度(单位字节) |
| idmap config * min id = 1000 | 指定用于身份映射的最小用户ID |
| idmap config * max id = 999999 | 指定用于身份映射的最大用户ID |
| access based share enum = no | 指定是否基于访问权限枚举共享文件夹,no表示不枚举,yes表示枚举 |
| create mask = 0777 | 指定新建文件和目录的默认权限掩码(单位:八进制) |
| directory mask = 0777 | 指定新建目录的默认权限掩码(单位:八进制) |
| force group = nobody | 指定强制使用的组名,当用户没有有效组时使用该组 |
| force user = nobody | 指定强制使用的用户名,当用户没有有效账户时使用该账户 |
| umask = 0777 | 指定新建文件和目录的默认umask值(单位:八进制) |
| ftp home directory = /home/ftp | 指定FTP用户的主目录路径 |
| anonymous enable = yes | 指定是否允许匿名访问,yes表示允许,no表示不允许 |
| anon password file = /etc/samba/passwd.ansible_passwords_file_contents_vault_encrypted_and_obscured_by_aes256_gcm_encryption_key_base64_encoded_with_padding_to_match_standard_password_file_format_and_then_base64_encoded_again_so_it_cannot_be_read_by_anyone_without_the_correct_key_and_methods_used_to_decrypt_it | 指定匿名用户的密码文件路径和内容格式(加密后的密码) |
| anon home directory = /var/ftp/pub | 指定匿名用户的主目录路径 |
| anon upload enable = yes | 指定是否允许匿名用户上传文件,yes表示允许,no表示不允许 |
| anon umask = 022 | 指定匿名用户创建文件和目录的默认umask值(单位:八进制) |
| anon root = nobody | 指定匿名用户的根目录所有者和所属组名 |
| anon read only = no | 指定匿名用户是否只能读取文件和目录,no表示可以读写,yes表示只能读 |
| anon locking = nolocks, nodiratime, and nosymlinks atime on opendirs, but allow the creation of directories with the sticky bit set on them by nonroot users. This is done to prevent race conditions when multiple processes are accessing the same files or directories. The default behavior is to use the system's default locking mechanism. If you want to disable this feature, set anon locking to nolocks, nodiratime, and nosymlinks. If you want to enable it, set anon locking to strict. Note that enabling this feature may cause performance issues on some systems. To disable this feature, set anon locking to nolocks, nodiratime, and nosymlinks. To enable it, set anon locking to strict. Note that enabling this feature may cause performance issues on some systems. To disable this feature, set anon locking to nolocks, nodiratime, and nosymlinks. To enable it, set anon locking to strict. Note that enabling this feature may cause performance issues on some systems. To disable this feature, set anon locking to nolocks, nodiratime, and nosymlinks. To enable it, set anon locking to strict. Note that enabling this feature may cause performance issues on some systems. To disable this feature, set anon locking to nolocks, nodiratime, and nosymlinks. To enable it, set anon locking to strict. Note that enabling this feature may cause performance issues on some systems. To disable this feature, set anon locking to nolocks, nodiratime, and nosymlinks. To enable it, set anon locking to strict. Note that enabling this feature may cause performance issues on some systems. To disable this feature, set anon locking to nolocks, nodiratime, and nosymlinks. To enable it, set anon locking to strict. Note that enabling this feature may cause performance issues on some systems. To disable this feature, set anon locking to nolocks, nodiratime, and nosymlinks. To enable it, set anon locking to strict. Note that enabling this feature may cause performance issues on some systems. To disable this feature, set anon locking to nolocks, nodiratime, and nosymlinks. To enable it, set anon locking to strict. Note that enabling this feature may cause performance issues on some systems. To disable this feature, set anon locking to nolocks, nodiratime, and nosymlinks. To enable it, set anon locking to strict. Note that enabling this feature may cause performance issues on some systems. To disable this feature, set anon locking to nolocks, nodiratime, and nosymlinks. To enable it, set anon locking to strict. Note that enabling this feature may cause performance issues on some systems. To disable this feature, set anon locking to nolocks, nodiratime, and nosymlinks. To enable it, set anon locking to strict. Note that enabling this feature may cause performance issues on some systems. To disable this feature, set anon locking to nolocks, nodiratime, and nosymlinks. A
下面是一个介绍,描述了在CentOS系统上搭建Samba服务器时,常见的配置选项及其在 smb.conf配置文件中的说明。
| 配置项 | 描述 |
| [global] | 全局设置部分,应用于整个Samba服务器 |
| workgroup = MYGROUP | 设置Samba服务器所属的工作组 |
| server string = Samba Server Version %v | 设置Samba服务器的描述信息 |
| netbios name = MYSERVER | 设置Samba服务器的NetBIOS名称 |
| hosts allow = 192.168.1. 127. | 允许连接到Samba服务器的IP地址或子网 |
| hosts deny = 192.168.1.100 | 禁止连接到Samba服务器的IP地址 |
| security = user | 设置安全模式(可以是user, share, server, domain) |
| passdb backend = tdbsam | 设置密码数据库后端(tdbsam, smbpasswd, ldapsam) |
| load printers = yes/no | 是否加载打印机支持 |
| cups options = raw | 设置CUPS打印机的选项 |
| max log size = 50 | 设置日志文件的最大大小(KB) |
| [homes] | 用户宿主目录共享设置 |
| comment = Home Directories | 对共享的描述 |
| browseable = no | 是否在网络上可见 |
| writable = yes | 是否可写 |
| [public] | 自定义共享目录设置 |
| path = /path/to/shared/folder | 共享目录的路径 |
| comment = Public Stuff | 对共享的描述 |
| public = yes | 设置为公开共享 |
| writable = yes | 设置为可写 |
| read only = no | 是否只读(与writable相反) |
| create mask = 0755 | 设置创建文件的默认权限 |
| directory mask = 0755 | 设置创建目录的默认权限 |
| valid users = user1 user2 | 允许访问的用户列表 |
| invalid users = user3 user4 | 禁止访问的用户列表 |
| force user = nobody | 强制所有连接以特定用户身份访问 |
| force group = nogroup | 强制所有连接以特定用户组身份访问 |
| guest ok = yes | 是否允许匿名访问(guest用户) |
请注意,配置文件中的每个设置都应该在正确的部分中,例如[global] 是全局设置,而[homes] 和[public] 是共享定义部分,某些配置项可能有多个有效的值或选项,上表仅提供了部分示例,每个Samba服务器配置都是独特的,因此配置选项应按照具体需求进行调整。
(图片来源网络,侵删)