====== Network Services Overview SMB ======
**General Information**
This page covers the Network Services objectives, specifically for samba (which uses the server message block protocol, or SMB).
**Network Services Objectives**
* Install the packages needed to provide the service
* Configure SELinux to support the service
* Use SELinux port labeling to allow services to use non-standard ports
* Configure the service to start when the system is booted
* Configure the service for basic operation
* Configure host-based and user-based security for the service
----
====== Lab Setup ======
The following virtual machines will be used:
* server1.example.com (192.168.1.150) -> Perform all SMB client tests from here
* server2.example.com (192.168.1.151) -> Install the Samba Server here
----
====== Install the packages needed to provide the service ======
Install the service (server)
yum install samba samba-client
* samba -> samba server
* samba-client -> samba client utilities
Install the service (client)
yum install samba-client cifs-utils
* samba-client -> samba client utilities
* cifs-utils -> includes command needed to mount remote SMB shares
----
====== Configure SELinux to support the service ======
* Service agnostic -> [[linux_wiki:set_enforcing_and_permissive_modes_for_selinux|Ensure SELinux is running and enabled (RHCSA objective)]].
* **IMPORTANT**: View all label types# Install package
yum install setools-console
# View all label types
seinfo -t
# Find Samba/SMB types
seinfo -t | grep samba
seinfo -t | grep smb
----
====== Use SELinux port labeling to allow services to use non-standard ports ======
Configuring the with a non standard port and allowing port access with selinux.
**NOTE**: "man semanage-port" has examples for allowing non-standard ports!
----
====== Configure the service to start when the system is booted ======
Check Current Service Status
systemctl status smb
* Also displays if the service is enabled or disabled
\\
Enabling a service to start on boot
systemctl enable smb
----
====== Configure the service for basic operation ======
Enable and Start the service
systemctl enable smb
systemctl start smb
----
====== Configure host-based and user-based security for the service ======
===== Firewall =====
Allow access through the firewall
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload
===== Host Based =====
Main samba config
vim /etc/samba/smb.conf
[global]
hosts allow = 192.168.1.
* Allows all hosts in the 192.168.1.x network
* Allow list over rides deny lists (if any and they conflict)
===== User Based =====
Main samba config
vim /etc/samba/smb.conf
[share]
valid users = dvader, yoda
write list = dvader
read list = yoda
* valid users -> allowed to login to the service
* write list -> users that can write, even if the share is set to read only
* read list -> users that can read
----