Differences

This shows you the differences between two versions of the page.

--- linux_wiki:smb_provide_network_shares_to_specific_clients [2016/10/02 21:45]
billdozor [SMB Provide Network Shares To Specific Clients]
+++ linux_wiki:smb_provide_network_shares_to_specific_clients [2019/05/25 23:50] (current)
@@ Line 5: / Line 5: @@
 Installing and configuring SMB (Samba) shares.
+\\
 Access in general
   * A Linux user account must exist for each user that needs to access a samba share
@@ Line 11: / Line 12: @@
     * Samba users are mapped to Linux users
     * The Samba user will be given access at the samba share level
+  * Typically, this is done by giving directories permissions at the group level, and adding the Linux users to the group.
+    * Then, give that group access at the samba share level.
+----
+====== Lab Setup ======
+The following virtual machines will be used:
+  * server1.example.com (192.168.1.150) -> Perform all SMB client tests from here
+  * server2.example.com (192.168.1.151) -> Install the Samba Server here
 ----
@@ Line 38: / Line 49: @@
 Create directory to share
 <code bash>
-mkdir /sambashare
+mkdir /sambashare_public
+</code>
+\\
+Directory permissions
+<code bash>
+chmod 777 /sambashare_public
 </code>
@@ Line 44: / Line 61: @@
 SELinux: Set file context on the samba share directory
 <code bash>
-semanage fcontext -at samba_share_t "/sambashare(/.*)?"
+semanage fcontext -at samba_share_t "/sambashare_public(/.*)?"
-restorecon -Rv /sambashare
+restorecon -Rv /sambashare_public
+</code>
+\\
+Create a Linux user that will be used for samba only (so no login shell needed)
+<code bash>
+useradd -s /sbin/nologin user1
+</code>
+  * Note: It doesn't have to be a user with no login shell, but it is recommended.
+\\
+Set samba password for user1 (different from system password)
+<code bash>
+smbpasswd -a user1
 </code>
@@ Line 51: / Line 81: @@
 SELinux: Find samba boolean settings
 <code bash>
-getsebool -a | grep samba_export
+getsebool -a | grep samba
-getsebool -a | grep samba_share_nfs
 </code>
@@ Line 63: / Line 92: @@
 \\
-Edit samba configuration file
+Edit samba configuration file (Example)
 <code bash>
 vim /etc/samba/smb.conf
+# Only listing items to change/add
 [global]
-Workgroup = MYLABSERVER
+# add hosts allow if needing to limit host access by IP
-server string = 192.168.1.200
 hosts allow = 127.  192.168.1.10
+# add interfaces to limit where it is listening
 interfaces = lo eth0 192.168.1
-passdb backend = smbpasswd
-security = user
-log file = /var/log/samba/%m.log
-max log size = 5000
-[sambashare]
+# create new share; base off of other default entries
-comment = /sambashare
+[sambashare_public]
+comment = /sambashare_public
 browsable = yes
-path = /sambashare
+path = /sambashare_public
 public = yes
 valid users = user1
@@ Line 87: / Line 115: @@
 </code>
   * [global] -> global samba settings
-    * Workgroup  -> Can be domain or should match Windows workgroup if needing to share with Windows systems
-    * server string  -> IP of the samba server itself
     * hosts allow  -> Hosts that are allowed to access
     * interfaces  -> samba binds to these interfaces or IPs
-    * passdb backend  -> password to backend database (for users enabled)
+  * [sambashare_public]  -> Share name
-    * security  -> user security set
-  * [sambashare]  -> Share name
     * comment -> Can be anything descriptive
     * browsable  -> Can browse shares
@@ Line 103: / Line 127: @@
 \\
-Test samba config syntax
+**Config File Help**<code bash>vim /etc/samba/smb.conf.example
-<code bash>
+And
-testparm
+man smb.conf</code>
-</code>
 \\
-Set samba password for user1 (different from system password)
+[Optional] Test samba config syntax
 <code bash>
-smbpasswd -a user1
+testparm
 </code>
 \\
-Display information from SAM (samba) database
+[Optional] Display information from SAM (samba) database
 <code bash>
 pdbedit -Lv
 </code>
+\\
 Restart the samba service
 <code bash>
@@ Line 138: / Line 162: @@
 Install required packages
 <code bash>
-yum install samba samba-client cifs-utils
+yum install samba-client cifs-utils
 </code>
+\\
+Create the same user on the client that will own the share<code bash>useradd -s /sbin/nologin user1</code>
 \\
@@ Line 151: / Line 178: @@
 <code bash>
 mkdir /sharedrive
-</code>
-\\
-Mount temporarily
-<code bash>
-mount //192.168.1.200/sambashare /sharedrive -t cifs -o username=user1,uid=1004,gid=1004
 </code>
@@ Line 162: / Line 183: @@
 Mount persistently: Create credentials file
 <code bash>
-vim /etc/samba/.sharedcreds
+vim /root/.sharedcreds
 username=user1
 password=password
+</code>
+\\
+Mount persistently: Ensure restrictive permissions
+<code bash>
+chown root:root /root/.sharedcreds
+chmod 400 /root/.sharedcreds
 </code>
@@ Line 173: / Line 201: @@
 vim /etc/fstab
-//192.168.1.200/sambashare  /sharedrive  cifs rw,credentials=/etc/samba/.sharedcreds,uid=1004,gid=1004  0 0
+//192.168.1.200/sambashare  /sharedrive  cifs _netdev,rw,credentials=/root/.sharedcreds,uid=1004,gid=1004  0 0
+</code>
+\\
+Mount persistently: mount all
+<code bash>
+mount -a
 </code>
 ----