Linux 명령어 | 그밖에 | Samba 설치 및 사용

리눅스에서 사용할 수 있는 Samba는 특정 디렉토리를 지정하여 다른 OS와 공유할 수 있게끔 해주는 프로그램이다.

윈도우의 경우 간편하게 작업그룹(WORK GROUP)간의 디렉토리 공유등을 할 수 있는 반면에 리눅스의 경우 NFS나 Samba를 이용하여 디렉토리를 타 OS와 공유하여 사용할 수 있다.

운영중인 서버중에 백업서버처럼 사용하는 서버가 있는데, 기존에는 필요할때만 FTP로 접속하여 파일을 보관하였다.

하지만 서비스중인 프로그램, 로그 등의 2차 백업을 위하여 해당 백업서버에 추가 백업을 진행하기로 결정하였고 이에 백업 서버에 Samba를 설치하여 각 서비스 서버에서 공유된 디렉토리를 Mount 하여 자동으로 백업되게끔 구성하였다.

오늘은 리눅스에 Samba를 설치하고 다른 OS에서 Mount 하여 사용하는 방법에 대해 알아보자.

Samba 서버 설치하기

Samba 패키지 설치

$yum install -y samba 


$ vi /etc/samba/smb.conf

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
# For a step to step guide on installing, configuring and using samba, 
# read the Samba-HOWTO-Collection. This may be obtained from:
# Many working examples of smb.conf files can be found in the 
# Samba-Guide which is generated daily and can be downloaded from: 
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors. 
# If you want to use the useradd/groupadd family of binaries please run:
# setsebool -P samba_domain_controller on
# If you want to share home directories via samba please run:
# setsebool -P samba_enable_home_dirs on
# If you create a new directory you want to share you should mark it as
# "samba_share_t" so that selinux will let you write into it.
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
# Use ls -ldZ /path to see which context a directory has
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#======================= Global Settings =====================================
# ----------------------- Network Related Options -------------------------
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
# server string is the equivalent of the NT Description field
# netbios name can be used to specify a server name not tied to the hostname
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
    workgroup = MYGROUP    // 윈도우에서 공유될 workgroup 명
    server string = Samba Server Version %v        // 공유될 서버 이름
;    netbios name = MYSERVER
;    interfaces = lo eth0 
    hosts allow = 127. 192.168.12. 192.168.13.
    // 허용 ip 또는 ip 대역을 지정
# --------------------------- Logging Options -----------------------------
# Log File let you specify where to put logs and how to split them up.
# Max Log Size let you specify the max size log files should reach
    # logs split per machine
    log file = /var/log/samba/log.%m
    # max 50KB per log file, then rotate
    max log size = 50
# ----------------------- Standalone Server Options ------------------------
# Scurity can be set to user, share(deprecated) or server(deprecated)
# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.

    security = user        //리눅스 계정 ID로 접속 가능(share : 사용자 인증없이 모두 접속 가능)
    passdb backend = tdbsam

# ----------------------- Domain Members Options ------------------------
# Security must be set to domain or ads
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
;    security = domain
;    passdb backend = tdbsam
;    realm = MY_REALM

;    password server = <NT-Server-Name>

# ----------------------- Domain Controller Options ------------------------
# Security must be set to user for domain controllers
# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
# Domain Logons let Samba be a domain logon server for Windows workstations. 
# Logon Scrpit let yuou specify a script to be run at login time on the client
# You need to provide it in a share called NETLOGON
# Logon Path let you specify where user profiles are stored (UNC path)
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
;    security = user
;    passdb backend = tdbsam
;    domain master = yes 
;    domain logons = yes
    # the login script name depends on the machine name
;    logon script = %m.bat
    # the login script name depends on the unix user used
;    logon script = %u.bat
;    logon path = \\%L\Profiles\%u
    # disables profiles support by specifing an empty path
;    logon path =          
;    add user script = /usr/sbin/useradd "%u" -n -g users
;    add group script = /usr/sbin/groupadd "%g"
;    add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
;    delete user script = /usr/sbin/userdel "%u"
;    delete user from group script = /usr/sbin/userdel "%u" "%g"
;    delete group script = /usr/sbin/groupdel "%g"
# ----------------------- Browser Control Options ----------------------------
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;    local master = no
;    os level = 33
;    preferred master = yes
#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
# - WINS Proxy: Tells Samba to answer name resolution queries on
#   behalf of a non WINS capable client, for this to work there must be
#   at least one    WINS Server on the network. The default is NO.
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.
;    wins support = yes
;    wins server = w.x.y.z
;    wins proxy = yes
;    dns proxy = yes
# --------------------------- Printing Options -----------------------------
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
# Printcap Name let you specify an alternative printcap file
# You can choose a non default printing system using the Printing option
    load printers = yes
    cups options = raw

;    printcap name = /etc/printcap
    #obtain list of printers automatically on SystemV
;    printcap name = lpstat
;    printing = cups

# --------------------------- Filesystem Options ---------------------------
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares

;    map archive = no
;    map hidden = no
;    map read only = no
;    map system = no
;    store dos attributes = yes

#============================ Share Definitions ==============================

    comment = Test
    path = /data/sambaDir    // 공유 디렉토리
    browseable = no
    writable = yes        // 읽고 쓰기 허용 옵션
    valid users = tour    // 특정 계정에 대해서만 공유 허용

    comment = Home Directories
    browseable = no
    writable = yes
;    valid users = %S
;    valid users = MYDOMAIN\%S
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    writable = no
    printable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
;    [netlogon]
;    comment = Network Logon Service
;    path = /var/lib/samba/netlogon
;    guest ok = yes
;    writable = no
;    share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;    [Profiles]
;    path = /var/lib/samba/profiles
;    browseable = no
;    guest ok = yes
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;    [public]
;    comment = Public Stuff
;    path = /home/samba
;    public = yes
;    writable = yes
;    printable = no
;    write list = +staff

Samba 서비스 시작/종료/재시작

Samba 시작

$ service smb start
SMB서비스를 시작하고 있습니다:                             [  OK  ]

Samba 종료

$ service smb stop
SMB 서비스를 종료함:                                       [  OK  ]

Samba 재시작

$ service smb restart
SMB서비스를 시작하고 있습니다:                             [  OK  ]
SMB 서비스를 종료함:                                       [  OK  ]

로그인 계정의 패스워드 지정

접속방식을 sercurity = user로 지정했을경우에, 리눅스 계정과는 별도로 Samba 패스워드를 등록해야 한다.

tour 계정의 패스워드 지정

$ smbpasswd -a tour

tour 계정의 samba 계정 삭제

$ smbpasswd -x tour

tour 계정의 samba 사용을 중지

$ smbpasswd -d tour

iptables 방화벽 규칙 추가(iptables 이용시)

iptables 설정파일 열기

$ vi /etc/sysconfig/iptables

해당내용 추가 후 저장

-A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

iptables 재시작

$ service iptables restart
iptables: 체인을 ACCEPT 규칙으로 설정 중:  filter          [  OK  ]
iptables: 방화벽 규칙을 지웁니다:                          [  OK  ]
iptables: 모듈을 언로드하는 중:                            [  OK  ]
iptables: 방화벽 규칙 적용 중:                             [  OK  ]

Samba 디렉토리 마운트하기

디렉토리 생성

$ cd /mnt
$ mkdir sambaDir

디렉토리 마운트하기

// Samba 서버의 ip(과 공유 디렉토리, 그리고 마운트될 디렉토리를 지정
$ mount -t cifs -o username=tour // /mnt/sambaDir

부팅시 Samba디렉토리 마운트 하기

$ vi /etc/fstab 

// 아래내용 추가
//   /mnt/sambaDir      cifs    username='tour',password='abcd!@'   0 0

**TIP) ** 일반 사용자 계정으로 마운트시에는 다음과 같이 사용자의 uid, gid를 추가하면 된다

tour 계정 uid 확인 (tour 계정 로그인 상태에서…)

$ id
uid=500(tour) gid=500(tour) groups=500(tour)

tour 계정으로 마운트(root 계정 로그인 상태에서)

$ mount -t cifs -o username=tour,uid=500,gid=500 // /mnt/sambaDir 

fstab에도 uid,gid 추가

//   /mnt/sambaDir     cifs    username='tour',password='abcd!@',uid=500,gid=500   0 0 
  • 마운트 확인후 공유된 디렉토리에 파일 생성 또는 디렉토리 만들기 등을 통해 정상적으로 생성이 되는지 확인한다.
    만약 “허가 권한” 등과 같이 오류가 나올때는 Samba 서버의 Selinux가 켜져 있는지 확인한 후 Selinux를 끈 후 테스트해 본다.

Selinux 끄기 (Samba 서버에서)

$ setenforce 0