linux_wiki:smb_provide_network_shares_to_specific_clients

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:smb_provide_network_shares_to_specific_clients [2016/10/02 22:34]
billdozor [Client Install and Config] 		linux_wiki:smb_provide_network_shares_to_specific_clients [2019/05/25 23:50]
Line 1: Line 1:
-====== SMB Provide Network Shares To Specific Clients ====== 
- 
-**General Information** 
- 
-Installing and configuring SMB (Samba) shares. 
- 
-\\ 
-Access in general 
-  * A Linux user account must exist for each user that needs to access a samba share 
-    * The Linux user will need proper access permissions to files/directories 
-  * A Samba user also must exist. 
-    * Samba users are mapped to Linux users 
-    * The Samba user will be given access at the samba share level 
-  * Typically, this is done by giving directories permissions at the group level, and adding the Linux users to the group.  
-    * Then, give that group access at the samba share level. 
- 
----- 
- 
-====== Server Install and Config ====== 
- 
-Install required packages 
-<code bash> 
-yum install samba samba-client 
-</code> 
- 
-\\ 
-Enable and start the service 
-<code bash> 
-systemctl enable smb 
-systemctl start smb 
-</code> 
- 
-\\ 
-Firewall: Open for the service 
-<code bash> 
-firewall-cmd --permanent --add-service=samba 
-firewall-cmd --reload 
-</code> 
- 
-\\ 
-Create directory to share 
-<code bash> 
-mkdir /sambashare_public 
-</code> 
- 
-\\ 
-Directory permissions 
-<code bash> 
-chmod 777 /sambashare_public 
-</code> 
- 
-\\ 
-SELinux: Set file context on the samba share directory 
-<code bash> 
-semanage fcontext -at samba_share_t "/sambashare_public(/.*)?" 
-restorecon -Rv /sambashare_public 
-</code> 
- 
-\\ 
-Create a Linux user that will be used for samba only (so no login shell needed) 
-<code bash> 
-useradd -s /sbin/nologin user1 
-</code> 
-  * Note: It doesn't have to be a user with no login shell, but it is recommended. 
- 
-\\ 
-Set samba password for user1 (different from system password) 
-<code bash> 
-smbpasswd -a user1 
-</code> 
- 
-\\ 
-SELinux: Find samba boolean settings 
-<code bash> 
-getsebool -a | grep samba_export 
-getsebool -a | grep samba_share_nfs 
-</code> 
- 
-\\ 
-SELinux: Turn boolean samba settings on 
-<code bash> 
-setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 samba_share_nfs=1 
-</code> 
-  * -P -> permanent 
- 
-\\ 
-Edit samba configuration file 
-<code bash> 
-vim /etc/samba/smb.conf 
- 
-[global] 
-Workgroup = MYLABSERVER 
-server string = 192.168.1.200 
-hosts allow = 127.  192.168.1.10 
-interfaces = lo eth0 192.168.1 
-passdb backend = smbpasswd 
-security = user 
-log file = /var/log/samba/%m.log 
-max log size = 5000 
- 
-[sambashare_public] 
-comment = /sambashare_public 
-browsable = yes 
-path = /sambashare_public 
-public = yes 
-valid users = user1 
-write list = user1 
-writable = yes 
-</code> 
-  * [global] -> global samba settings 
-    * Workgroup  -> Can be domain or should match Windows workgroup if needing to share with Windows systems 
-    * server string  -> IP of the samba server itself 
-    * hosts allow  -> Hosts that are allowed to access 
-    * interfaces  -> samba binds to these interfaces or IPs 
-    * passdb backend  -> password to backend database (for users enabled) 
-    * security  -> user security set 
-  * [sambashare_public]  -> Share name 
-    * comment -> Can be anything descriptive 
-    * browsable  -> Can browse shares 
-    * path  -> file system path 
-    * public  -> publicly available 
-    * valid users  -> users that can access 
-    * write list  -> users that can write to the share 
-    * writable  -> enable write to the share 
- 
-\\ 
-Test samba config syntax 
-<code bash> 
-testparm 
-</code> 
- 
-\\ 
-Display information from SAM (samba) database 
-<code bash> 
-pdbedit -Lv 
-</code> 
- 
-\\ 
-Restart the samba service 
-<code bash> 
-systemctl restart smb 
-</code> 
- 
-\\ 
-Test the samba share 
-<code bash> 
-smbclient -L //localhost -U user1 
-</code> 
-  * Enter samba password (not system) when prompted 
- 
----- 
- 
-====== Client Install and Config ====== 
- 
-Install required packages 
-<code bash> 
-yum install samba samba-client cifs-utils 
-</code> 
- 
-\\ 
-List samba server's shares 
-<code bash> 
-smbclient -L //192.168.1.200/sambashare -U user1 
-</code> 
- 
-\\ 
-Create a local location to mount the remote samba share 
-<code bash> 
-mkdir /sharedrive 
-</code> 
- 
-\\ 
-Mount temporarily 
-<code bash> 
-mount //192.168.1.200/sambashare /sharedrive -t cifs -o username=user1,uid=1004,gid=1004 
-</code> 
- 
-\\ 
-Mount persistently: Create credentials file 
-<code bash> 
-vim /root/.sharedcreds 
- 
-username=user1 
-password=password 
-</code> 
- 
-\\ 
-Ensure restrictive permissions 
-<code bash> 
-chown root:root /root/.sharedcreds 
-chmod 400 /root/.sharedcreds 
-</code> 
- 
-\\ 
-Mount persistently: Edit fstab 
-<code bash> 
-vim /etc/fstab 
- 
-//192.168.1.200/sambashare  /sharedrive  cifs rw,credentials=/root/.sharedcreds,uid=1004,gid=1004  0 0 
-</code> 
- 
----- 
  
  • linux_wiki/smb_provide_network_shares_to_specific_clients.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)