====== SMB Provide Network Shares To Specific Clients ======
**General Information**
Installing and configuring SMB (Samba) shares.
\\
Access in general
* A Linux user account must exist for each user that needs to access a samba share
* The Linux user will need proper access permissions to files/directories
* A Samba user also must exist.
* Samba users are mapped to Linux users
* The Samba user will be given access at the samba share level
* Typically, this is done by giving directories permissions at the group level, and adding the Linux users to the group.
* Then, give that group access at the samba share level.
----
====== Lab Setup ======
The following virtual machines will be used:
* server1.example.com (192.168.1.150) -> Perform all SMB client tests from here
* server2.example.com (192.168.1.151) -> Install the Samba Server here
----
====== Server Install and Config ======
Install required packages
yum install samba samba-client
\\
Enable and start the service
systemctl enable smb
systemctl start smb
\\
Firewall: Open for the service
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload
\\
Create directory to share
mkdir /sambashare_public
\\
Directory permissions
chmod 777 /sambashare_public
\\
SELinux: Set file context on the samba share directory
semanage fcontext -at samba_share_t "/sambashare_public(/.*)?"
restorecon -Rv /sambashare_public
\\
Create a Linux user that will be used for samba only (so no login shell needed)
useradd -s /sbin/nologin user1
* Note: It doesn't have to be a user with no login shell, but it is recommended.
\\
Set samba password for user1 (different from system password)
smbpasswd -a user1
\\
SELinux: Find samba boolean settings
getsebool -a | grep samba
\\
SELinux: Turn boolean samba settings on
setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 samba_share_nfs=1
* -P -> permanent
\\
Edit samba configuration file (Example)
vim /etc/samba/smb.conf
# Only listing items to change/add
[global]
# add hosts allow if needing to limit host access by IP
hosts allow = 127. 192.168.1.10
# add interfaces to limit where it is listening
interfaces = lo eth0 192.168.1
# create new share; base off of other default entries
[sambashare_public]
comment = /sambashare_public
browsable = yes
path = /sambashare_public
public = yes
valid users = user1
write list = user1
writable = yes
* [global] -> global samba settings
* hosts allow -> Hosts that are allowed to access
* interfaces -> samba binds to these interfaces or IPs
* [sambashare_public] -> Share name
* comment -> Can be anything descriptive
* browsable -> Can browse shares
* path -> file system path
* public -> publicly available
* valid users -> users that can access
* write list -> users that can write to the share
* writable -> enable write to the share
\\
**Config File Help**vim /etc/samba/smb.conf.example
And
man smb.conf
\\
[Optional] Test samba config syntax
testparm
\\
[Optional] Display information from SAM (samba) database
pdbedit -Lv
\\
Restart the samba service
systemctl restart smb
\\
Test the samba share
smbclient -L //localhost -U user1
* Enter samba password (not system) when prompted
----
====== Client Install and Config ======
Install required packages
yum install samba-client cifs-utils
\\
Create the same user on the client that will own the shareuseradd -s /sbin/nologin user1
\\
List samba server's shares
smbclient -L //192.168.1.200/sambashare -U user1
\\
Create a local location to mount the remote samba share
mkdir /sharedrive
\\
Mount persistently: Create credentials file
vim /root/.sharedcreds
username=user1
password=password
\\
Mount persistently: Ensure restrictive permissions
chown root:root /root/.sharedcreds
chmod 400 /root/.sharedcreds
\\
Mount persistently: Edit fstab
vim /etc/fstab
//192.168.1.200/sambashare /sharedrive cifs _netdev,rw,credentials=/root/.sharedcreds,uid=1004,gid=1004 0 0
\\
Mount persistently: mount all
mount -a
----