{"id":275,"date":"2025-06-12T23:42:40","date_gmt":"2025-06-12T15:42:40","guid":{"rendered":"https:\/\/qkd.koudaipc.com\/?p=275"},"modified":"2026-01-27T09:34:04","modified_gmt":"2026-01-27T01:34:04","slug":"%e5%9c%a8-kpcos-%e7%82%8e%e5%b8%9d-1-01-%e4%b8%ad%e5%bc%80%e5%90%af-samba-%e6%9c%8d%e5%8a%a1","status":"publish","type":"post","link":"https:\/\/qkd.koudaipc.com\/en\/2025\/06\/12\/%e5%9c%a8-kpcos-%e7%82%8e%e5%b8%9d-1-01-%e4%b8%ad%e5%bc%80%e5%90%af-samba-%e6%9c%8d%e5%8a%a1\/","title":{"rendered":"\u5728 KPCOS\/\u708e\u5e1d 1.01 \u4e2d\u5f00\u542f Samba \u670d\u52a1"},"content":{"rendered":"<p>\u5728 KPCOS\/\u708e\u5e1d 1.01 \u4e2d\u5f00\u542f Samba \u670d\u52a1\u7684\u6b65\u9aa4\u5982\u4e0b\uff0c\u5305\u542b\u5173\u952e\u914d\u7f6e\u4f18\u5316\u548c\u5b89\u5168\u8bbe\u7f6e\uff1a<\/p>\n<hr \/>\n<h3>1. <strong>\u5b89\u88c5 Samba<\/strong><\/h3>\n<pre><code class=\"language-bash\">sudo apt update\nsudo apt install samba samba-common-bin smbclient -y<\/code><\/pre>\n<hr \/>\n<h3>2. <strong>\u914d\u7f6e Samba<\/strong><\/h3>\n<h4>\u7f16\u8f91\u4e3b\u914d\u7f6e\u6587\u4ef6\uff1a<\/h4>\n<pre><code class=\"language-bash\">sudo nano \/etc\/samba\/smb.conf<\/code><\/pre>\n<h4>\u5728 &lt;code&gt;[global]&lt;\/code&gt; \u533a\u5757\u6dfb\u52a0\u4f18\u5316\u53c2\u6570\uff1a<\/h4>\n<pre><code class=\"language-ini\">[global]\n   workgroup = WORKGROUP    # \u4e0e Windows \u5de5\u4f5c\u7ec4\u4e00\u81f4\n   server string = Samba %v on Debian 12\n   security = user          # \u4f7f\u7528\u7528\u6237\u8ba4\u8bc1\n   map to guest = bad user  # \u533f\u540d\u8bbf\u95ee\u5904\u7406\n   dns proxy = no\n   log file = \/var\/log\/samba\/log.%m\n   max log size = 1000\n   server role = standalone server\n   obey pam restrictions = yes\n   unix password sync = yes\n   passwd program = \/usr\/bin\/passwd %u\n   passwd chat = *Enter\\snew\\s*\\spassword:* %n\\n *Retype\\snew\\s*\\spassword:* %n\\n *password\\supdated\\ssuccessfully* .\n   pam password change = yes\n   socket options = TCP_NODELAY SO_RCVBUF=524288 SO_SNDBUF=524288  # \u6027\u80fd\u4f18\u5316\n   min protocol = SMB2            # \u5f3a\u5236\u4f7f\u7528 SMB2+\uff08\u5b89\u5168\uff09\n   guest account = nobody<\/code><\/pre>\n<h4>\u6dfb\u52a0\u5171\u4eab\u793a\u4f8b\uff08\u6309\u9700\u4fee\u6539\uff09\uff1a<\/h4>\n<pre><code class=\"language-ini\">[SecureShare]\n   comment = Secure Shared Folder\n   path = \/srv\/samba\/secure\n   browseable = yes\n   writable = yes\n   valid users = @sambashare\n   force group = sambashare\n   create mask = 0660\n   directory mask = 2770\n   inherit permissions = yes      # \u4fdd\u6301\u6743\u9650\u4e00\u81f4\u6027\n\n[Public]\n   comment = Public Share\n   path = \/srv\/samba\/public\n   browseable = yes\n   writable = yes\n   guest ok = yes\n   guest only = yes\n   create mask = 0664\n   directory mask = 0775<\/code><\/pre>\n<hr \/>\n<h3>3. <strong>\u521b\u5efa\u76ee\u5f55\u5e76\u8bbe\u7f6e\u6743\u9650<\/strong><\/h3>\n<pre><code class=\"language-bash\"># \u5b89\u5168\u5171\u4eab\u76ee\u5f55\uff08\u9700\u8ba4\u8bc1\uff09\nsudo mkdir -p \/srv\/samba\/secure\nsudo groupadd --system sambashare\nsudo chgrp sambashare \/srv\/samba\/secure\nsudo chmod 2770 \/srv\/samba\/secure  # SGID \u4fdd\u7559\u7ec4\u6743\u9650\n\n# \u516c\u5171\u76ee\u5f55\uff08\u533f\u540d\u8bbf\u95ee\uff09\nsudo mkdir -p \/srv\/samba\/public\nsudo chown nobody:nogroup \/srv\/samba\/public\nsudo chmod 2775 \/srv\/samba\/public<\/code><\/pre>\n<hr \/>\n<h3>4. <strong>\u6dfb\u52a0 Samba \u7528\u6237<\/strong><\/h3>\n<pre><code class=\"language-bash\"># \u5148\u521b\u5efa\u7cfb\u7edf\u7528\u6237\uff08\u4e0d\u521b\u5efa\u5bb6\u76ee\u5f55\uff09\nsudo useradd --system --no-create-home --shell \/usr\/sbin\/nologin username\n\n# \u6dfb\u52a0\u4e3a Samba \u7528\u6237\uff08\u9700\u4ea4\u4e92\u5f0f\u8bbe\u7f6e\u5bc6\u7801\uff09\nsudo smbpasswd -a username<\/code><\/pre>\n<blockquote>\n<p><strong>\u6ce8\u610f<\/strong>\uff1a  <\/p>\n<ul>\n<li>\u7528\u6237\u5fc5\u987b\u662f<strong>\u7cfb\u7edf\u5df2\u5b58\u5728\u7528\u6237<\/strong>  <\/li>\n<li>\u4f7f\u7528 &lt;code&gt;sudo pdbedit -L&lt;\/code&gt; \u67e5\u770b\u5df2\u6dfb\u52a0\u7528\u6237<\/li>\n<\/ul>\n<\/blockquote>\n<hr \/>\n<h3>5. <strong>\u542f\u7528\u5e76\u542f\u52a8\u670d\u52a1<\/strong><\/h3>\n<pre><code class=\"language-bash\">sudo systemctl enable --now smbd nmbd\nsudo systemctl restart smbd nmbd  # \u5e94\u7528\u914d\u7f6e\u66f4\u6539<\/code><\/pre>\n<hr \/>\n<h3>6. <strong>\u9632\u706b\u5899\u914d\u7f6e\uff08nftables\uff09<\/strong><\/h3>\n<pre><code class=\"language-bash\"># \u5141\u8bb8 Samba \u7aef\u53e3\nsudo nft add rule inet filter input tcp dport {139,445} ct state new,established accept\nsudo nft add rule inet filter input udp dport {137,138} accept\n\n# \u4fdd\u5b58\u89c4\u5219\nsudo nft list ruleset &amp;gt; \/etc\/nftables.conf<\/code><\/pre>\n<hr \/>\n<h3>7. <strong>\u5ba2\u6237\u7aef\u8bbf\u95ee\u6d4b\u8bd5<\/strong><\/h3>\n<h4>Linux \u5ba2\u6237\u7aef\uff1a<\/h4>\n<pre><code class=\"language-bash\">smbclient \/\/\u708e\u5e1d\u4e3b\u673aip\/SecureShare -U username<\/code><\/pre>\n<h4>Windows\uff1a<\/h4>\n<pre><code>\\\\\u708e\u5e1d\u4e3b\u673aip\\SecureShare<\/code><\/pre>\n<h4>macOS\uff1a<\/h4>\n<p>\u8bbf\u8fbe \u2192 \u524d\u5f80 \u2192 \u8fde\u63a5\u670d\u52a1\u5668 \u2192 \u8f93\u5165 &lt;code&gt;smb:\/\/\u708e\u5e1d\u4e3b\u673aip\/SecureShare&lt;\/code&gt;<\/p>\n<hr \/>\n<h3>8. <strong>\u9ad8\u7ea7\u914d\u7f6e<\/strong><\/h3>\n<h4>\u7ed1\u5b9a\u7279\u5b9a\u7f51\u5361\uff08\u591a\u7f51\u7edc\u73af\u5883\uff09\uff1a<\/h4>\n<pre><code class=\"language-ini\">[global]\n   interfaces = eth0 192.168.1.0\/24\n   bind interfaces only = yes<\/code><\/pre>\n<h4>\u542f\u7528 Samba \u5185\u7f6e\u7528\u6237\u7ba1\u7406\uff1a<\/h4>\n<pre><code class=\"language-bash\">sudo samba-tool user add newuser\nsudo samba-tool group addmembers &amp;quot;Domain Users&amp;quot; newuser<\/code><\/pre>\n<hr \/>\n<h3>9. <strong>\u6545\u969c\u6392\u67e5<\/strong><\/h3>\n<ol>\n<li>\n<p><strong>\u68c0\u67e5\u670d\u52a1\u72b6\u6001<\/strong>\uff1a<\/p>\n<pre><code class=\"language-bash\">sudo systemctl status smbd nmbd\nsudo journalctl -u smbd -f  # \u5b9e\u65f6\u65e5\u5fd7<\/code><\/pre>\n<\/li>\n<li>\n<p><strong>\u9a8c\u8bc1\u914d\u7f6e\u6587\u4ef6<\/strong>\uff1a<\/p>\n<pre><code class=\"language-bash\">sudo testparm -s  # \u68c0\u67e5\u8bed\u6cd5\u9519\u8bef<\/code><\/pre>\n<\/li>\n<li>\n<p><strong>\u6743\u9650\u95ee\u9898<\/strong>\uff1a<\/p>\n<pre><code class=\"language-bash\"># \u67e5\u770b\u76ee\u5f55 SELinux \u4e0a\u4e0b\u6587\uff08\u82e5\u542f\u7528\uff09\nls -ldZ \/srv\/samba\/secure\n# \u4e34\u65f6\u7981\u7528 ACL \u68c0\u67e5\uff08\u6d4b\u8bd5\u7528\uff09\nsudo setenforce 0<\/code><\/pre>\n<\/li>\n<li>\n<p><strong>\u7aef\u53e3\u68c0\u6d4b<\/strong>\uff1a<\/p>\n<pre><code class=\"language-bash\">sudo ss -tulpn | grep -E '139|445|137|138'<\/code><\/pre>\n<\/li>\n<\/ol>\n<hr \/>\n<h3>10. <strong>\u5b89\u5168\u52a0\u56fa\u5efa\u8bae<\/strong><\/h3>\n<ol>\n<li>\n<p><strong>\u7981\u7528 SMB1<\/strong>\uff08\u9ed8\u8ba4\u5df2\u7981\u7528\uff09\uff1a<\/p>\n<pre><code class=\"language-ini\">[global]\nserver min protocol = SMB2<\/code><\/pre>\n<\/li>\n<li>\n<p><strong>\u542f\u7528\u52a0\u5bc6\u4f20\u8f93<\/strong>\uff1a<\/p>\n<pre><code class=\"language-ini\">smb encrypt = required  # \u5f3a\u5236\u52a0\u5bc6<\/code><\/pre>\n<\/li>\n<li>\n<p><strong>\u9650\u5236\u8bbf\u95ee IP<\/strong>\uff1a<\/p>\n<pre><code class=\"language-ini\">hosts allow = 192.168.1.0\/24 127.0.0.1<\/code><\/pre>\n<\/li>\n<li>\n<p><strong>\u5b9a\u671f\u66f4\u65b0<\/strong>\uff1a<\/p>\n<pre><code class=\"language-bash\">sudo apt upgrade samba -y<\/code><\/pre>\n<\/li>\n<\/ol>\n<blockquote>\n<p><strong>\u63d0\u793a<\/strong>\uff1a\u5b8c\u6574\u914d\u7f6e\u53c2\u8003 &lt;code&gt;man smb.conf&lt;\/code&gt; \u6216\u8bbf\u95ee <a href=\"https:\/\/www.samba.org\/samba\/docs\/\">Samba \u5b98\u65b9\u6587\u6863<\/a><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>\u5728 KPCOS\/\u708e\u5e1d 1.01 \u4e2d\u5f00\u542f Samba \u670d\u52a1\u7684\u6b65\u9aa4\u5982\u4e0b\uff0c\u5305\u542b\u5173\u952e\u914d\u7f6e\u4f18\u5316\u548c\u5b89\u5168\u8bbe\u7f6e\uff1a 1. \u5b89\u88c5  [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":"","footnotes":""},"categories":[23],"tags":[],"class_list":["post-275","post","type-post","status-publish","format-standard","hentry","category-kpcos","pmpro-has-access"],"_links":{"self":[{"href":"https:\/\/qkd.koudaipc.com\/en\/wp-json\/wp\/v2\/posts\/275","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qkd.koudaipc.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qkd.koudaipc.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qkd.koudaipc.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/qkd.koudaipc.com\/en\/wp-json\/wp\/v2\/comments?post=275"}],"version-history":[{"count":2,"href":"https:\/\/qkd.koudaipc.com\/en\/wp-json\/wp\/v2\/posts\/275\/revisions"}],"predecessor-version":[{"id":406,"href":"https:\/\/qkd.koudaipc.com\/en\/wp-json\/wp\/v2\/posts\/275\/revisions\/406"}],"wp:attachment":[{"href":"https:\/\/qkd.koudaipc.com\/en\/wp-json\/wp\/v2\/media?parent=275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qkd.koudaipc.com\/en\/wp-json\/wp\/v2\/categories?post=275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qkd.koudaipc.com\/en\/wp-json\/wp\/v2\/tags?post=275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}