SMB Provide Network Shares To Specific Clients

General Information

Installing and configuring SMB (Samba) shares.

Access in general

  • A Linux user account must exist for each user that needs to access a samba share
    • The Linux user will need proper access permissions to files/directories
  • A Samba user also must exist.
    • Samba users are mapped to Linux users
    • The Samba user will be given access at the samba share level
  • Typically, this is done by giving directories permissions at the group level, and adding the Linux users to the group.
    • Then, give that group access at the samba share level.

Lab Setup

The following virtual machines will be used:

  • ( → Perform all SMB client tests from here
  • ( → Install the Samba Server here

Server Install and Config

Install required packages

yum install samba samba-client

Enable and start the service

systemctl enable smb
systemctl start smb

Firewall: Open for the service

firewall-cmd --permanent --add-service=samba
firewall-cmd --reload

Create directory to share

mkdir /sambashare_public

Directory permissions

chmod 777 /sambashare_public

SELinux: Set file context on the samba share directory

semanage fcontext -at samba_share_t "/sambashare_public(/.*)?"
restorecon -Rv /sambashare_public

Create a Linux user that will be used for samba only (so no login shell needed)

useradd -s /sbin/nologin user1
  • Note: It doesn't have to be a user with no login shell, but it is recommended.

Set samba password for user1 (different from system password)

smbpasswd -a user1

SELinux: Find samba boolean settings

getsebool -a | grep samba

SELinux: Turn boolean samba settings on

setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 samba_share_nfs=1
  • -P → permanent

Edit samba configuration file (Example)

vim /etc/samba/smb.conf
# Only listing items to change/add
# add hosts allow if needing to limit host access by IP
hosts allow = 127.
# add interfaces to limit where it is listening
interfaces = lo eth0 192.168.1
# create new share; base off of other default entries
comment = /sambashare_public
browsable = yes
path = /sambashare_public
public = yes
valid users = user1
write list = user1
writable = yes
  • [global] → global samba settings
    • hosts allow → Hosts that are allowed to access
    • interfaces → samba binds to these interfaces or IPs
  • [sambashare_public] → Share name
    • comment → Can be anything descriptive
    • browsable → Can browse shares
    • path → file system path
    • public → publicly available
    • valid users → users that can access
    • write list → users that can write to the share
    • writable → enable write to the share

Config File Help

vim /etc/samba/smb.conf.example
man smb.conf

[Optional] Test samba config syntax


[Optional] Display information from SAM (samba) database

pdbedit -Lv

Restart the samba service

systemctl restart smb

Test the samba share

smbclient -L //localhost -U user1
  • Enter samba password (not system) when prompted

Client Install and Config

Install required packages

yum install samba-client cifs-utils

Create the same user on the client that will own the share

useradd -s /sbin/nologin user1

List samba server's shares

smbclient -L // -U user1

Create a local location to mount the remote samba share

mkdir /sharedrive

Mount persistently: Create credentials file

vim /root/.sharedcreds

Mount persistently: Ensure restrictive permissions

chown root:root /root/.sharedcreds
chmod 400 /root/.sharedcreds

Mount persistently: Edit fstab

vim /etc/fstab
//  /sharedrive  cifs _netdev,rw,credentials=/root/.sharedcreds,uid=1004,gid=1004  0 0

Mount persistently: mount all

mount -a

  • linux_wiki/smb_provide_network_shares_to_specific_clients.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)