====== CIFS Windows Shares ======

**General Information**

Creating Samba server file shares (CIFS) and mounting CIFS shares on Linux.

**Checklist**
  * Distro(s): Enterprise Linux 6/7

----

====== Samba (CIFS) Server Setup ======

  * Install the service<code bash>yum install samba samba-client</code>

  * Enable and Start the service<code bash>systemctl enable smb
systemctl start smb</code>

  * Create a samba user and password<code bash>smbpasswd -a sambauser1</code>


===== Samba Config =====

Settings to configure globally and at the share level

/etc/samba/smb.conf<code bash>
[global]
dns proxy = no
server string = Samba Server %v

min protocol = SMB2
max protocol = SMB3

workgroup = WORKGROUP
log file = /var/log/samba/%m.log
max log size = 50

##-- Security --##
# Only allow the 192.168.1.* network globally to any share
hosts allow = 192.168.1.
security = user
passdb backend = tdbsam
encrypt passwords = yes
client plaintext auth = no

#-- server signing mandatory : Resolves Security Scanners finding SMB Password Encryption Not Required --#
server signing = mandatory

#-- smb encrypt: Requires Win8/10/Server2012 or newer clients due to smbv3 --#
#smb encrypt = mandatory

[share_name]
path = /path_to_share
valid users = sambauser1, sambauser2
browsable = yes
guest ok = no
read only = yes
#- Allow only hosts on certain networks only (192.168.1.*) for this share-#
hosts allow = 192.168.1. 127.0.0.1
</code>

\\
**Config File Help**
<code bash>
vim /etc/samba/smb.conf.example
And
man smb.conf
</code>

\\
[Optional] Test samba config syntax
<code bash>
testparm
</code>

\\
Restart the samba service
<code bash>
systemctl restart smb
</code>

\\
Test the samba share
<code bash>
smbclient -L //localhost -U sambauser1
</code>
  * Enter samba password (not system) when prompted

----

====== CIFS Client Setup ======

  - Install Packages<code bash>yum install -y cifs-utils samba-client</code>
   - List remote shares<code bash>smbclient -L <remote-cifs-server></code>
   - Create local directory structure to mount the shares in<code bash>mkdir -p /data/shared/<cifs-share-name></code>
   - Create root ssh directory if it does not exist<code bash>mkdir /root/.ssh
chmod 700 /root/.ssh</code>
   - Create the CIFS credentials file<code>touch /root/.ssh/.<cifs-share-name>
chmod 600 /root/.ssh/.<cifs-share-name></code>
   - Edit the credentials file, add share's user/pass/domain<code>vim /root/.ssh/.<cifs-share-name>

username=<user>
password=<password_here>
domain=<domain></code>
  - Create persistent CIFS mount in /etc/fstab<code bash>vim /etc/fstab
//<remote-cifs-server>/<sharename> /data/shared/<cifs-share-name>  cifs  auto,credentials=/root/.ssh/.<cifs-share-name>,_netdev,uid=<user>,gid=<users>,rw  0 0</code>
  - Mount the share<code bash>mount -a</code>

----