# 1.2 配置 Samba 域成员服务器

## 环境介绍

|      角色      |          操作系统          |     主机名    |       IP地址      |       DNS       |
| :----------: | :--------------------: | :--------: | :-------------: | :-------------: |
| 域控制器\&DNS服务器 | Windows Server 2012 R2 |            | 192.168.100.254 |    127.0.0.1    |
|    域成员服务器    |         RHEL 8         | FileServer |  192.168.100.2  | 192.168.100.254 |

## （1）设置静态IP和DNS

```sh
# nmtui
```

## （2）设置主机名

```bash
# hostnamectl set-hostname  FileServer
```

## （3）配置本地YUM源

```bash
# mkdir  /media/cdrom
# mount /dev/cdrom /media/cdrom
# vim /etc/yum.repos.d/rhel8.repo
[BaseOS]
name=BaseOS
baseurl=file:///media/cdrom/BaseOS
enabled=1
gpgcheck=0
[AppStream]
name=AppStream
baseurl=file:///media/cdrom/AppStream
enabled=1
gpgcheck=0

# vim /etc/fstab 
/dev/cdrom /media/cdrom iso9660 defaults 0 0 
```

## （4）安装SAMBA

```bash
# dnf repolist
# yum install realmd oddjob-mkhomedir oddjob samba-winbind-clients samba-winbind samba-common-tools samba-winbind-krb5-locator
# yum install samba
```

## （5）查看磁盘空间

<pre class="language-bash"><code class="lang-bash"><strong># df -h
</strong></code></pre>

## （6）配置共享目录

1. 配置共享目录

```
# mkdir /home/itshare
# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
# realm join --membership-software=samba --client-software=winbind vekea.com
# systemctl status winbind
# systemctl status smb
# systemctl enable --now smb
# getent passwd "vekea.com\administrator
# wbinfo -u
# getent passwd "vekea\administrator
# chown "vekea\administrator":"vekea\Domain Users" /home/itshare
# kinit administrator@vekea.com
# wbinfo --all-domains
# chmod -Rf 0750 /home/itshare/
```

2. 配置  `/etc/samba/smb.conf` 文件

```
# vim /etc/samba/smb.conf
[global]
kerberos method = secrets and keytab
template homedir = /home/%U@%D
workgroup = VEKEA
template shell = /bin/bash
security = ads
realm = VEKEA.COM
idmap config VEKEA : range = 2000000-2999999
idmap config VEKEA : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb
winbind use default domain = no
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum groups = no
winbind enum users = no

[itshare]
comment = itshare
        path = /home/itshare
        read only = no
        force group = "vekea\Domain Users"
        directory mode = 0770
        force directory mode = 0770
        create mode = 0750
        force create mode = 0750
```

3. 验证 `/etc/samba/smb.conf` 文件

```
# testparm 
```

4. 启动和检查相关服务

```
# systemctl start firewalld.service
# systemctl status winbind
# systemctl restart smb
# systemctl enable --now smb
```

5. 使用 wbinfo 工具

* 列出域用户

```
# wbinfo -u
```

* 列出域用户组

```
# wbinfo -g
```

## （7）防火墙配置

```
# firewall-cmd --permanent  --add-service=samba --zone=public //永久开放samba服务
# firewall-cmd --reload  //刷新防火墙规则
# firewall-cmd --list-services  //查看开放的服务
```

或

```bash
//开放 TCP 445 端口
# firewall-cmd --permanent --add-port=445/tcp
 
//开放 UDP 137 和 UDP 138 端口
# firewall-cmd --permanent --add-port=137/udp
# firewall-cmd --permanent --add-port=138/udp
 
//重新加载防火墙规则使之生效
# firewall-cmd --reload
```

## （8）SELinux配置

```
# semanage fcontext -a -t samba_share_t /home/itshare
# restorecon -Rv /home/itshare/
```

## （9）客户端测试

```sh
\\192.168.100.254
```