General Information

Installing and configuring SMB (Samba) shares.

Access in general

• A Linux user account must exist for each user that needs to access a samba share
  • The Linux user will need proper access permissions to files/directories
• A Samba user also must exist.
  • Samba users are mapped to Linux users
  • The Samba user will be given access at the samba share level
• Typically, this is done by giving directories permissions at the group level, and adding the Linux users to the group.
  • Then, give that group access at the samba share level.

The following virtual machines will be used:

• server1.example.com (192.168.1.150) → Perform all SMB client tests from here
• server2.example.com (192.168.1.151) → Install the Samba Server here

Install required packages

yum install samba samba-client

Enable and start the service

systemctl enable smb
systemctl start smb

Firewall: Open for the service

firewall-cmd --permanent --add-service=samba
firewall-cmd --reload

Create directory to share

mkdir /sambashare_public

Directory permissions

chmod 777 /sambashare_public

SELinux: Set file context on the samba share directory

semanage fcontext -at samba_share_t "/sambashare_public(/.*)?"
restorecon -Rv /sambashare_public

Create a Linux user that will be used for samba only (so no login shell needed)

useradd -s /sbin/nologin user1

• Note: It doesn't have to be a user with no login shell, but it is recommended.

Set samba password for user1 (different from system password)

smbpasswd -a user1

SELinux: Find samba boolean settings

getsebool -a | grep samba

SELinux: Turn boolean samba settings on

setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 samba_share_nfs=1

• -P → permanent

Edit samba configuration file (Example)

vim /etc/samba/smb.conf
 
# Only listing items to change/add
 
[global]
# add hosts allow if needing to limit host access by IP
hosts allow = 127.  192.168.1.10
# add interfaces to limit where it is listening
interfaces = lo eth0 192.168.1
 
# create new share; base off of other default entries
[sambashare_public]
comment = /sambashare_public
browsable = yes
path = /sambashare_public
public = yes
valid users = user1
write list = user1
writable = yes

• [global] → global samba settings
  • hosts allow → Hosts that are allowed to access
  • interfaces → samba binds to these interfaces or IPs
• [sambashare_public] → Share name
  • comment → Can be anything descriptive
  • browsable → Can browse shares
  • path → file system path
  • public → publicly available
  • valid users → users that can access
  • write list → users that can write to the share
  • writable → enable write to the share

Config File Help

vim /etc/samba/smb.conf.example
And
man smb.conf

[Optional] Test samba config syntax

testparm

[Optional] Display information from SAM (samba) database

pdbedit -Lv

Restart the samba service

systemctl restart smb

Test the samba share

smbclient -L //localhost -U user1

• Enter samba password (not system) when prompted

Install required packages

yum install samba-client cifs-utils

Create the same user on the client that will own the share

useradd -s /sbin/nologin user1

List samba server's shares

smbclient -L //192.168.1.200/sambashare -U user1

Create a local location to mount the remote samba share

mkdir /sharedrive

Mount persistently: Create credentials file

vim /root/.sharedcreds
 
username=user1
password=password

Mount persistently: Ensure restrictive permissions

chown root:root /root/.sharedcreds
chmod 400 /root/.sharedcreds

Mount persistently: Edit fstab

vim /etc/fstab
 
//192.168.1.200/sambashare  /sharedrive  cifs _netdev,rw,credentials=/root/.sharedcreds,uid=1004,gid=1004  0 0

Mount persistently: mount all

mount -a