INSTALL AND CONFIGURE SAMBA SERVER IN CENTOS 7

Samba is an open source, and free software suite that provides file and print services to the SMB/CIFS clients. It allows us to share files, folders, and printers between Linux server and Windows clients. Using Samba, we can setup a domain controller on Unix/Linux server, and integrate the Windows clients to the Domain controller.

This tutorial will describe you how to setup a basic samba server in CentOS 7 system.

SCENARIO

In this tutorial, I will be using two systems as described below.

SAMBA SERVER:

Operating system : CentOS 7 minimal server
IP Address : 192.168.4.9/24

SAMBA CLIENT:

Operating system : Windows 7 Professional
IP Address : 192.168.4.23/24

INSTALL SAMBA

Check for existing samba package if any using the following commands.

# rpm -qa | grep samba
# yum list installed | grep samba

If samba is installed, remove it using the below command:

# yum remove samba*

Now, install samba using the following command.

# yum install samba* -y

1. CONFIGURE A FULLY ACCESSED ANONYMOUS SHARE

Now, let us create a fully accessed anonymous share for the users. Any one can read/write in this share.

Create a directory called ‘/samba/anonymous_share’ and set full permission. You can name this share as per your liking.

# mkdir -p /samba/anonymous_share
# chmod -R 0777 /samba/anonymous_share

Edit Samba configuration file;

# vi /etc/samba/smb.conf

Find the following directives, and make the changes as shown below.

[...]

## Add the following lines under [global] section ##
unix charset = UTF-8
dos charset = CP932

## Change the to windows default workgroup ##
workgroup = WORKGROUP

## Uncomment and set the IP Range ##
hosts allow = 127. 192.168.1.

## Uncomment ##
max protocol = SMB2

## Uncomment, and change the value of 'Security' to 'user' ## 
security = user

## Add the following line ##
map to guest = Bad User

## Add the following lines at the bottom ##
[Anonymous share]
path = /samba/anonymous_share
writable = yes
browsable = yes
guest ok = yes
guest only = yes
create mode = 0777
directory mode = 0777

Start samba services, and enable them to start automatically on every reboot.

systemctl start smb
systemctl start nmb
systemctl enable smb
systemctl enable nmb

TEST THE SAMBA SERVER CONFIGURATION

We can test the Samba server configuration syntax errors using the command ‘testparm’.

testparm

Sample Output:

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[Anonymous share]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
    dos charset = CP932
    netbios name = SAMBA SERVER
    server string = Samba Server Version %v
    map to guest = Bad User
    log file = /var/log/samba/log.%m
    max log size = 50
    server max protocol = SMB2
    idmap config * : backend = tdb
    hosts allow = 127., 192.168.1.
    cups options = raw

[homes]
    comment = Home Directories
    read only = No
    browseable = No

[printers]
    comment = All Printers
    path = /var/spool/samba
    printable = Yes
    print ok = Yes
    browseable = No

[Anonymous share]
    path = /samba/anonymous_share
    read only = No
    create mask = 0777
    directory mask = 0777
    guest only = Yes
    guest ok = Yes

If all good, you’re good to go now.

FIREWALL CONFIGURATION

Allow Samba server default ports through firewall.

# firewall-cmd --permanent --add-port=137/tcp
# firewall-cmd --permanent --add-port=138/tcp
# firewall-cmd --permanent --add-port=139/tcp
# firewall-cmd --permanent --add-port=445/tcp
# firewall-cmd --permanent --add-port=901/tcp

Restart firewall to apply the changes.

# firewall-cmd --reload

SELINUX CONFIGURATION

SELINUX CONFIGURATION

Turn the samba_enable_home_dirs Boolean on if you want to share home directories via Samba.

# setsebool -P samba_enable_home_dirs on

If you create a new directory, such as a new top-level directory, label it with samba_share_t so that SELinux allows Samba to read and write to it. Do not label system directories, such as /etc/ and /home/, with samba_share_t, as such directories should already have an SELinux label.

In our case, we already have created a anonymous directory. So let us label it as shown below.

# chcon -t samba_share_t /samba/anonymous_share/

Note: If you don’t want to mess up with the SELinux, just disable it as shown below, and continue.

To disable SELinux, edit file /etc/sysconfig/selinux,

# vi /etc/sysconfig/selinux

Set SELinux value to disabled.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

Restart the server to take effect the changes.

TEST SAMBA SHARES

Now, goto any windows client system. In this example, I am using Windows 7 system.

ClickStart -> Run. Enter the samba Server IP as shown below.

Windows 7, 1 nic, bridge, internet [Running] - Oracle VM VirtualBox_001

Now, you’ll be able to access the fully accessed samba shares.

Windows 7, 1 nic, bridge, internet [Running] - Oracle VM VirtualBox_002

You can create, modify or delete the files/folders inside the shares. For example, lets create a sample folder as ‘nepalisupport‘ inside the samba share folder.

samba.jpg

Check the newly created files or folders are present in the samba server

# ls -l /samba/anonymous_share/

Sample Output:

total 0
drwxrwxrwx. 2 nobody nobody 6 Sep 26 17:55 unixmen

As you see in the result, the folder has been created in the /samba/anonymous/ directory.

2. CREATE SECURITY ENABLED SHARE IN SAMBA SERVER

What we have seen so far is creating a fully accessed samba share. Anyone can access that share folder, and can create, delete files/folders in that share.

Now, let us create a password protected samba share so that the users should enter the valid username and password to access the share folder.

Create a user called “nepalisupport” and a group called “smbgroup”.

# useradd -s /sbin/nologin nepalisupport
# groupadd smbgroup

Assign the user nepalisupport to smbgroup, and set samba password to that user.

# usermod -a -G smbgroup nepalisupport
# smbpasswd -a nepalisupport

Create a new share called “/samba/secure_share” and set the permissions to that share.

# mkdir /samba/secure_share
# chmod -R 0755 /samba/secure_share
# chown -R nepalisupport:smbgroup /samba/secure_share

Edit samba config file;

# vi /etc/samba/smb.conf

Add the below lines at the bottom of samba config file.

[secure_share]
path = /samba/secure_share
writable = yes
browsable = yes
guest ok = no
valid users = @smbgroup

Test the samba configuration for any errors.

# testparm

Sample output:

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[Anonymous share]"
Processing section "[secure_share]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
    dos charset = CP932
    netbios name = UNIXMEN SAMBA SERVER
    server string = Samba Server Version %v
    map to guest = Bad User
    log file = /var/log/samba/log.%m
    max log size = 50
    server max protocol = SMB2
    idmap config * : backend = tdb
    hosts allow = 127., 192.168.1.
    cups options = raw

[homes]
    comment = Home Directories
    read only = No
    browseable = No

[printers]
    comment = All Printers
    path = /var/spool/samba
    printable = Yes
    print ok = Yes
    browseable = No

[Anonymous share]
    path = /samba/anonymous_share
    read only = No
    create mask = 0777
    directory mask = 0777
    guest only = Yes
    guest ok = Yes

[secure_share]
    path = /samba/secure_share
    valid users = @smbgroup
    read only = No

Label  the /samba/secure_share/ with samba_share_t so that SELinux allows Samba to read and write to it.

# chcon -t samba_share_t /samba/secure_share/

Restart samba services.

# systemctl restart smb
# systemctl restart nmb

TEST SAMBA SHARES

Now, goto windows client, check for the secured share folder.

Windows 7, 1 nic, bridge, internet [Running] - Oracle VM VirtualBox_004

Double click to open the secured share. You’ll be asked to enter the user name and password to access the share.

1.png

That’s it. Now, you can access the secured samba share folder.

Windows 7, 1 nic, bridge, internet [Running] - Oracle VM VirtualBox_006

That’s it. Samba server is ready to use.

Thank you.

For more reading materials please click here

Advertisements