Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== SMB Provide Network Shares To Specific Clients ====== **General Information** Installing and configuring SMB (Samba) shares. \\ Access in general * A Linux user account must exist for each user that needs to access a samba share * The Linux user will need proper access permissions to files/directories * A Samba user also must exist. * Samba users are mapped to Linux users * The Samba user will be given access at the samba share level * Typically, this is done by giving directories permissions at the group level, and adding the Linux users to the group. * Then, give that group access at the samba share level. ---- ====== Lab Setup ====== The following virtual machines will be used: * server1.example.com (192.168.1.150) -> Perform all SMB client tests from here * server2.example.com (192.168.1.151) -> Install the Samba Server here ---- ====== Server Install and Config ====== Install required packages <code bash> yum install samba samba-client </code> \\ Enable and start the service <code bash> systemctl enable smb systemctl start smb </code> \\ Firewall: Open for the service <code bash> firewall-cmd --permanent --add-service=samba firewall-cmd --reload </code> \\ Create directory to share <code bash> mkdir /sambashare_public </code> \\ Directory permissions <code bash> chmod 777 /sambashare_public </code> \\ SELinux: Set file context on the samba share directory <code bash> semanage fcontext -at samba_share_t "/sambashare_public(/.*)?" restorecon -Rv /sambashare_public </code> \\ Create a Linux user that will be used for samba only (so no login shell needed) <code bash> useradd -s /sbin/nologin user1 </code> * Note: It doesn't have to be a user with no login shell, but it is recommended. \\ Set samba password for user1 (different from system password) <code bash> smbpasswd -a user1 </code> \\ SELinux: Find samba boolean settings <code bash> getsebool -a | grep samba </code> \\ SELinux: Turn boolean samba settings on <code bash> setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 samba_share_nfs=1 </code> * -P -> permanent \\ Edit samba configuration file (Example) <code bash> vim /etc/samba/smb.conf # Only listing items to change/add [global] # add hosts allow if needing to limit host access by IP hosts allow = 127. 192.168.1.10 # add interfaces to limit where it is listening interfaces = lo eth0 192.168.1 # create new share; base off of other default entries [sambashare_public] comment = /sambashare_public browsable = yes path = /sambashare_public public = yes valid users = user1 write list = user1 writable = yes </code> * [global] -> global samba settings * hosts allow -> Hosts that are allowed to access * interfaces -> samba binds to these interfaces or IPs * [sambashare_public] -> Share name * comment -> Can be anything descriptive * browsable -> Can browse shares * path -> file system path * public -> publicly available * valid users -> users that can access * write list -> users that can write to the share * writable -> enable write to the share \\ **Config File Help**<code bash>vim /etc/samba/smb.conf.example And man smb.conf</code> \\ [Optional] Test samba config syntax <code bash> testparm </code> \\ [Optional] Display information from SAM (samba) database <code bash> pdbedit -Lv </code> \\ Restart the samba service <code bash> systemctl restart smb </code> \\ Test the samba share <code bash> smbclient -L //localhost -U user1 </code> * Enter samba password (not system) when prompted ---- ====== Client Install and Config ====== Install required packages <code bash> yum install samba-client cifs-utils </code> \\ Create the same user on the client that will own the share<code bash>useradd -s /sbin/nologin user1</code> \\ List samba server's shares <code bash> smbclient -L //192.168.1.200/sambashare -U user1 </code> \\ Create a local location to mount the remote samba share <code bash> mkdir /sharedrive </code> \\ Mount persistently: Create credentials file <code bash> vim /root/.sharedcreds username=user1 password=password </code> \\ Mount persistently: Ensure restrictive permissions <code bash> chown root:root /root/.sharedcreds chmod 400 /root/.sharedcreds </code> \\ Mount persistently: Edit fstab <code bash> vim /etc/fstab //192.168.1.200/sambashare /sharedrive cifs _netdev,rw,credentials=/root/.sharedcreds,uid=1004,gid=1004 0 0 </code> \\ Mount persistently: mount all <code bash> mount -a </code> ---- linux_wiki/smb_provide_network_shares_to_specific_clients.txt Last modified: 2019/05/25 23:50(external edit)