This is an old revision of the document!
SMB Provide Network Shares To Specific Clients
General Information
Installing and configuring SMB (Samba) shares.
Access in general
- A Linux user account must exist for each user that needs to access a samba share
- The Linux user will need proper access permissions to files/directories
- A Samba user also must exist.
- Samba users are mapped to Linux users
- The Samba user will be given access at the samba share level
- Typically, this is done by giving directories permissions at the group level, and adding the Linux users to the group.
- Then, give that group access at the samba share level.
Server Install and Config
Install required packages
yum install samba samba-client
Enable and start the service
systemctl enable smb
systemctl start smb
Firewall: Open for the service
firewall-cmd --permanent --add-service=samba firewall-cmd --reload
Create directory to share
mkdir /sambashare
SELinux: Set file context on the samba share directory
semanage fcontext -at samba_share_t "/sambashare(/.*)?" restorecon -Rv /sambashare
SELinux: Find samba boolean settings
getsebool -a | grep samba_export getsebool -a | grep samba_share_nfs
SELinux: Turn boolean samba settings on
setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 samba_share_nfs=1
- -P → permanent
Edit samba configuration file
vim /etc/samba/smb.conf [global] Workgroup = MYLABSERVER server string = 192.168.1.200 hosts allow = 127. 192.168.1.10 interfaces = lo eth0 192.168.1 passdb backend = smbpasswd security = user log file = /var/log/samba/%m.log max log size = 5000 [sambashare] comment = /sambashare browsable = yes path = /sambashare public = yes valid users = user1 write list = user1 writable = yes
- [global] → global samba settings
- Workgroup → Can be domain or should match Windows workgroup if needing to share with Windows systems
- server string → IP of the samba server itself
- hosts allow → Hosts that are allowed to access
- interfaces → samba binds to these interfaces or IPs
- passdb backend → password to backend database (for users enabled)
- security → user security set
- [sambashare] → Share name
- comment → Can be anything descriptive
- browsable → Can browse shares
- path → file system path
- public → publicly available
- valid users → users that can access
- write list → users that can write to the share
- writable → enable write to the share
Test samba config syntax
testparm
Set samba password for user1 (different from system password)
smbpasswd -a user1
Display information from SAM (samba) database
pdbedit -Lv
Restart the samba service
systemctl restart smb
Test the samba share
smbclient -L //localhost -U user1
- Enter samba password (not system) when prompted
Client Install and Config
Install required packages
yum install samba samba-client cifs-utils
List samba server's shares
smbclient -L //192.168.1.200/sambashare -U user1
Create a local location to mount the remote samba share
mkdir /sharedrive
Mount temporarily
mount //192.168.1.200/sambashare /sharedrive -t cifs -o username=user1,uid=1004,gid=1004
Mount persistently: Create credentials file
vim /etc/samba/.sharedcreds username=user1 password=password
Mount persistently: Edit fstab
vim /etc/fstab //192.168.1.200/sambashare /sharedrive cifs rw,credentials=/etc/samba/.sharedcreds,uid=1004,gid=1004 0 0