Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:smb_provide_network_shares_to_specific_clients [2016/10/02 21:50] billdozor [Server Install and Config] |
linux_wiki:smb_provide_network_shares_to_specific_clients [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 14: | Line 14: | ||
* Typically, this is done by giving directories permissions at the group level, and adding the Linux users to the group. | * Typically, this is done by giving directories permissions at the group level, and adding the Linux users to the group. | ||
* Then, give that group access at the samba share level. | * Then, give that group access at the samba share level. | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Lab Setup ====== | ||
+ | |||
+ | The following virtual machines will be used: | ||
+ | * server1.example.com (192.168.1.150) -> Perform all SMB client tests from here | ||
+ | * server2.example.com (192.168.1.151) -> Install the Samba Server here | ||
---- | ---- | ||
Line 41: | Line 49: | ||
Create directory to share | Create directory to share | ||
<code bash> | <code bash> | ||
- | mkdir /sambashare | + | mkdir /sambashare_public |
+ | </ | ||
+ | |||
+ | \\ | ||
+ | Directory permissions | ||
+ | <code bash> | ||
+ | chmod 777 / | ||
</ | </ | ||
Line 47: | Line 61: | ||
SELinux: Set file context on the samba share directory | SELinux: Set file context on the samba share directory | ||
<code bash> | <code bash> | ||
- | semanage fcontext -at samba_share_t "/sambashare(/ | + | semanage fcontext -at samba_share_t "/sambashare_public(/ |
- | restorecon -Rv /sambashare | + | restorecon -Rv /sambashare_public |
+ | </ | ||
+ | |||
+ | \\ | ||
+ | Create a Linux user that will be used for samba only (so no login shell needed) | ||
+ | <code bash> | ||
+ | useradd -s / | ||
+ | </ | ||
+ | * Note: It doesn' | ||
+ | |||
+ | \\ | ||
+ | Set samba password for user1 (different from system password) | ||
+ | <code bash> | ||
+ | smbpasswd -a user1 | ||
</ | </ | ||
Line 54: | Line 81: | ||
SELinux: Find samba boolean settings | SELinux: Find samba boolean settings | ||
<code bash> | <code bash> | ||
- | getsebool -a | grep samba_export | + | getsebool -a | grep samba |
- | getsebool -a | grep samba_share_nfs | + | |
</ | </ | ||
Line 66: | Line 92: | ||
\\ | \\ | ||
- | Edit samba configuration file | + | Edit samba configuration file (Example) |
<code bash> | <code bash> | ||
vim / | vim / | ||
+ | |||
+ | # Only listing items to change/add | ||
[global] | [global] | ||
- | Workgroup = MYLABSERVER | + | # add hosts allow if needing to limit host access by IP |
- | server string = 192.168.1.200 | + | |
hosts allow = 127. 192.168.1.10 | hosts allow = 127. 192.168.1.10 | ||
+ | # add interfaces to limit where it is listening | ||
interfaces = lo eth0 192.168.1 | interfaces = lo eth0 192.168.1 | ||
- | passdb backend = smbpasswd | ||
- | security = user | ||
- | log file = / | ||
- | max log size = 5000 | ||
- | [sambashare] | + | # create new share; base off of other default entries |
- | comment = /sambashare | + | [sambashare_public] |
+ | comment = /sambashare_public | ||
browsable = yes | browsable = yes | ||
- | path = /sambashare | + | path = /sambashare_public |
public = yes | public = yes | ||
valid users = user1 | valid users = user1 | ||
Line 90: | Line 115: | ||
</ | </ | ||
* [global] -> global samba settings | * [global] -> global samba settings | ||
- | * Workgroup | ||
- | * server string | ||
* hosts allow -> Hosts that are allowed to access | * hosts allow -> Hosts that are allowed to access | ||
* interfaces | * interfaces | ||
- | * passdb backend | + | |
- | * security | + | |
- | | + | |
* comment -> Can be anything descriptive | * comment -> Can be anything descriptive | ||
* browsable | * browsable | ||
Line 106: | Line 127: | ||
\\ | \\ | ||
- | Test samba config syntax | + | **Config File Help**<code bash>vim / |
- | <code bash> | + | And |
- | testparm | + | man smb.conf</ |
- | </ | + | |
\\ | \\ | ||
- | Set samba password for user1 (different from system password) | + | [Optional] Test samba config syntax |
<code bash> | <code bash> | ||
- | smbpasswd -a user1 | + | testparm |
</ | </ | ||
\\ | \\ | ||
- | Display information from SAM (samba) database | + | [Optional] |
<code bash> | <code bash> | ||
pdbedit -Lv | pdbedit -Lv | ||
Line 142: | Line 162: | ||
Install required packages | Install required packages | ||
<code bash> | <code bash> | ||
- | yum install | + | yum install samba-client cifs-utils |
</ | </ | ||
+ | |||
+ | \\ | ||
+ | Create the same user on the client that will own the share< | ||
\\ | \\ | ||
Line 155: | Line 178: | ||
<code bash> | <code bash> | ||
mkdir /sharedrive | mkdir /sharedrive | ||
- | </ | ||
- | |||
- | \\ | ||
- | Mount temporarily | ||
- | <code bash> | ||
- | mount // | ||
</ | </ | ||
Line 166: | Line 183: | ||
Mount persistently: | Mount persistently: | ||
<code bash> | <code bash> | ||
- | vim /etc/samba/ | + | vim /root/ |
username=user1 | username=user1 | ||
password=password | password=password | ||
+ | </ | ||
+ | |||
+ | \\ | ||
+ | Mount persistently: | ||
+ | <code bash> | ||
+ | chown root:root / | ||
+ | chmod 400 / | ||
</ | </ | ||
Line 177: | Line 201: | ||
vim /etc/fstab | vim /etc/fstab | ||
- | // | + | // |
+ | </ | ||
+ | |||
+ | \\ | ||
+ | Mount persistently: | ||
+ | <code bash> | ||
+ | mount -a | ||
</ | </ | ||
---- | ---- | ||