This is an old revision of the document!
Network Services Overview SMB
General Information
This page covers the Network Services objectives, specifically for samba (which uses the server message block protocol, or SMB).
Network Services Objectives
- Install the packages needed to provide the service
- Configure SELinux to support the service
- Use SELinux port labeling to allow services to use non-standard ports
- Configure the service to start when the system is booted
- Configure the service for basic operation
- Configure host-based and user-based security for the service
Install the packages needed to provide the service
Install the service (server)
yum install samba samba-client
- samba → samba server
- samba-client → samba client utilities
Install the service (client)
yum install samba-client cifs-utils
- samba-client → samba client utilities
- cifs-utils → includes command needed to mount remote SMB shares
Configure SELinux to support the service
- Service agnostic → Ensure SELinux is running and enabled (RHCSA objective).
Use SELinux port labeling to allow services to use non-standard ports
Configuring the <service-name> with a non standard port and allowing port access with selinux.
NOTE: “man semanage-port” has examples for allowing non-standard ports!
Configure the service to start when the system is booted
Check Current Service Status
systemctl status smb
- Also displays if the service is enabled or disabled
Enabling a service to start on boot
systemctl enable smb
Configure the service for basic operation
Enable and Start the service
systemctl enable smb
systemctl start smb
Configure host-based and user-based security for the service
Firewall
Allow access through the firewall
firewall-cmd --permanent --add-service=samba firewall-cmd --reload
Host Based
Main samba config
vim /etc/samba/smb.conf hosts allow = 192.168.1.
- Allows all hosts in the 192.168.1.x network
- Allow list over rides deny lists (if any and they conflict)
User Based
Main samba config
valid users = dvader, yoda write list = dvader read list = yoda
- valid users → allowed to login to the service
- write list → users that can write, even if the share is set to read only
- read list → users that can read