龍之家族

設定防火牆

iptables -I INPUT 3 -s 192.168.1.0/24 -p tcp --dport 445 -j ACCEPT
iptables -I INPUT 3 -s 192.168.1.0/24 -p udp --dport 445 -j ACCEPT
iptables -I INPUT 3 -s 192.168.1.0/24 -p tcp --dport 139 -j ACCEPT
iptables -I INPUT 3 -s 192.168.1.0/24 -p udp --dport 137 -j ACCEPT
iptables -I INPUT 3 -s 192.168.1.0/24 -p udp --dport 138 -j ACCEPT
service iptables save

設定SELinux

setsebool -P samba_enable_home_dirs on
setsebool -P samba_export_all_rw

安装samba

yum install samba -y
useradd smbuser -s /sbin/nologin
useradd test -g smbuser -s /sbin/nologin
pdbedit -a test
mkdir -p /opt/share/public
chown root:smbuser /opt/share/public
chmod 770 /opt/share/public

mkdir -p /opt/share/user
chown root:smbuser /opt/share/user
chmod 770 /opt/share/user

vi /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
hosts allow = 192.168.1.
hosts deny = ALL
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam

[public]
comment = Example WordGroup share
path = /opt/share/public
valid users = @smbuser
browseable = yes
writable = yes
create mask = 0640
directory mask = 0750

[user]
comment = Example WordGroup share
path = /opt/share/user
valid users = @smbuser
browseable = yes
writable = yes
create mask = 0640
directory mask = 0750

啟動samba

service smb start

Windows 清除網芳所有記憶過的密碼

net use * /del

script

mkdir.sh
mkdir -p $1
chown root:smbuser $1
chmod 770 $1

adduser.sh
useradd $1 -g smbuser -s /sbin/nologin
mkdir -p user/$1
chown $1:smbuser user/$1
chmod 700 user/$1
pdbedit -a $1