General Information

This page covers the Network Services objectives, specifically for samba (which uses the server message block protocol, or SMB).

Network Services Objectives

• Install the packages needed to provide the service
• Configure SELinux to support the service
• Use SELinux port labeling to allow services to use non-standard ports
• Configure the service to start when the system is booted
• Configure the service for basic operation
• Configure host-based and user-based security for the service

Install the service (server)

yum install samba samba-client

• samba → samba server
• samba-client → samba client utilities

Install the service (client)

yum install samba-client cifs-utils

• samba-client → samba client utilities
• cifs-utils → includes command needed to mount remote SMB shares

• Service agnostic → Ensure SELinux is running and enabled (RHCSA objective).

Configuring the <service-name> with a non standard port and allowing port access with selinux.

NOTE: “man semanage-port” has examples for allowing non-standard ports!

Check Current Service Status

systemctl status smb

• Also displays if the service is enabled or disabled

Enabling a service to start on boot

systemctl enable smb

Enable and Start the service

systemctl enable smb
systemctl start smb

Allow access through the firewall

firewall-cmd --permanent --add-service=samba
firewall-cmd --reload

Main samba config

vim /etc/samba/smb.conf
 
hosts allow = 192.168.1.

• Allows all hosts in the 192.168.1.x network
• Allow list over rides deny lists (if any and they conflict)

Main samba config

valid users = dvader, yoda
write list = dvader
read list = yoda

• valid users → allowed to login to the service
• write list → users that can write, even if the share is set to read only
• read list → users that can read