Differences
This shows you the differences between two versions of the page.
linux_wiki:smb_provide_network_shares_to_specific_clients [2016/10/02 22:34] billdozor [Client Install and Config] |
linux_wiki:smb_provide_network_shares_to_specific_clients [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== SMB Provide Network Shares To Specific Clients ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Installing and configuring SMB (Samba) shares. | ||
- | |||
- | \\ | ||
- | Access in general | ||
- | * A Linux user account must exist for each user that needs to access a samba share | ||
- | * The Linux user will need proper access permissions to files/ | ||
- | * A Samba user also must exist. | ||
- | * Samba users are mapped to Linux users | ||
- | * The Samba user will be given access at the samba share level | ||
- | * Typically, this is done by giving directories permissions at the group level, and adding the Linux users to the group. | ||
- | * Then, give that group access at the samba share level. | ||
- | |||
- | ---- | ||
- | |||
- | ====== Server Install and Config ====== | ||
- | |||
- | Install required packages | ||
- | <code bash> | ||
- | yum install samba samba-client | ||
- | </ | ||
- | |||
- | \\ | ||
- | Enable and start the service | ||
- | <code bash> | ||
- | systemctl enable smb | ||
- | systemctl start smb | ||
- | </ | ||
- | |||
- | \\ | ||
- | Firewall: Open for the service | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-service=samba | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | \\ | ||
- | Create directory to share | ||
- | <code bash> | ||
- | mkdir / | ||
- | </ | ||
- | |||
- | \\ | ||
- | Directory permissions | ||
- | <code bash> | ||
- | chmod 777 / | ||
- | </ | ||
- | |||
- | \\ | ||
- | SELinux: Set file context on the samba share directory | ||
- | <code bash> | ||
- | semanage fcontext -at samba_share_t "/ | ||
- | restorecon -Rv / | ||
- | </ | ||
- | |||
- | \\ | ||
- | Create a Linux user that will be used for samba only (so no login shell needed) | ||
- | <code bash> | ||
- | useradd -s / | ||
- | </ | ||
- | * Note: It doesn' | ||
- | |||
- | \\ | ||
- | Set samba password for user1 (different from system password) | ||
- | <code bash> | ||
- | smbpasswd -a user1 | ||
- | </ | ||
- | |||
- | \\ | ||
- | SELinux: Find samba boolean settings | ||
- | <code bash> | ||
- | getsebool -a | grep samba_export | ||
- | getsebool -a | grep samba_share_nfs | ||
- | </ | ||
- | |||
- | \\ | ||
- | SELinux: Turn boolean samba settings on | ||
- | <code bash> | ||
- | setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 samba_share_nfs=1 | ||
- | </ | ||
- | * -P -> permanent | ||
- | |||
- | \\ | ||
- | Edit samba configuration file | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | [global] | ||
- | Workgroup = MYLABSERVER | ||
- | server string = 192.168.1.200 | ||
- | hosts allow = 127. 192.168.1.10 | ||
- | interfaces = lo eth0 192.168.1 | ||
- | passdb backend = smbpasswd | ||
- | security = user | ||
- | log file = / | ||
- | max log size = 5000 | ||
- | |||
- | [sambashare_public] | ||
- | comment = / | ||
- | browsable = yes | ||
- | path = / | ||
- | public = yes | ||
- | valid users = user1 | ||
- | write list = user1 | ||
- | writable = yes | ||
- | </ | ||
- | * [global] -> global samba settings | ||
- | * Workgroup | ||
- | * server string | ||
- | * hosts allow -> Hosts that are allowed to access | ||
- | * interfaces | ||
- | * passdb backend | ||
- | * security | ||
- | * [sambashare_public] | ||
- | * comment -> Can be anything descriptive | ||
- | * browsable | ||
- | * path -> file system path | ||
- | * public | ||
- | * valid users -> users that can access | ||
- | * write list -> users that can write to the share | ||
- | * writable | ||
- | |||
- | \\ | ||
- | Test samba config syntax | ||
- | <code bash> | ||
- | testparm | ||
- | </ | ||
- | |||
- | \\ | ||
- | Display information from SAM (samba) database | ||
- | <code bash> | ||
- | pdbedit -Lv | ||
- | </ | ||
- | |||
- | \\ | ||
- | Restart the samba service | ||
- | <code bash> | ||
- | systemctl restart smb | ||
- | </ | ||
- | |||
- | \\ | ||
- | Test the samba share | ||
- | <code bash> | ||
- | smbclient -L //localhost -U user1 | ||
- | </ | ||
- | * Enter samba password (not system) when prompted | ||
- | |||
- | ---- | ||
- | |||
- | ====== Client Install and Config ====== | ||
- | |||
- | Install required packages | ||
- | <code bash> | ||
- | yum install samba samba-client cifs-utils | ||
- | </ | ||
- | |||
- | \\ | ||
- | List samba server' | ||
- | <code bash> | ||
- | smbclient -L // | ||
- | </ | ||
- | |||
- | \\ | ||
- | Create a local location to mount the remote samba share | ||
- | <code bash> | ||
- | mkdir /sharedrive | ||
- | </ | ||
- | |||
- | \\ | ||
- | Mount temporarily | ||
- | <code bash> | ||
- | mount // | ||
- | </ | ||
- | |||
- | \\ | ||
- | Mount persistently: | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | username=user1 | ||
- | password=password | ||
- | </ | ||
- | |||
- | \\ | ||
- | Ensure restrictive permissions | ||
- | <code bash> | ||
- | chown root:root / | ||
- | chmod 400 / | ||
- | </ | ||
- | |||
- | \\ | ||
- | Mount persistently: | ||
- | <code bash> | ||
- | vim /etc/fstab | ||
- | |||
- | // | ||
- | </ | ||
- | |||
- | ---- | ||