As you may know, Samba is an open source, and free software suite that provides file and print services to the SMB/CIFS clients. It allows us to share files, folders, and printers between Linux server and Windows clients. Using Samba, we can setup a domain controller on Unix/Linux server, and integrate the Windows clients to the Domain controller.
This tutorial will describe you how to setup a basic samba server in CentOS 7 system. Also, this steps will work on RHEL 7, and Scientific Linux 7 operating systems.
Scenario
In this tutorial, I will be using two systems as described below.
Samba server:
Operating system : CentOS 7 minimal server Hostname : server.unixmen.local IP Address : 192.168.1.101/24
Samba client:
Operating system : Windows 7 Professional Hostname : client IP Address : 192.168.1.102/24
Install Samba
Check for existing samba package if any using the following commands.
rpm -qa | grep samba yum list installed | grep samba
If samba is installed, remove it using the below command:
yum remove samba*
Now, install samba using the following command.
yum install samba* -y
1. Configure a fully accessed anonymous share
Now, let us create a fully accessed anonymous share for the users. Any one can read/write in this share.
Create a directory called ‘/samba/anonymous_share’ and set full permission. You can name this share as per your liking.
mkdir -p /samba/anonymous_share chmod -R 0777 /samba/anonymous_share
Edit Samba configuration file;
vi /etc/samba/smb.conf
Find the following directives, and make the changes as shown below.
[...] ## Add the following lines under [global] section ## unix charset = UTF-8 dos charset = CP932 ## Change the to windows default workgroup ## workgroup = WORKGROUP ## Uncomment and set the IP Range ## hosts allow = 127. 192.168.1. ## Uncomment ## max protocol = SMB2 ## Uncomment, and change the value of 'Security' to 'user' ## security = user ## Add the following line ## map to guest = Bad User ## Add the following lines at the bottom ## [Anonymous share] path = /samba/anonymous_share writable = yes browsable = yes guest ok = yes guest only = yes create mode = 0777 directory mode = 0777
Start samba services, and enable them to start automatically on every reboot.
systemctl start smb systemctl start nmb systemctl enable smb systemctl enable nmb
Test the Samba server configuration
We can test the Samba server configuration syntax errors using the command ‘testparm’.
testparm
Sample Output:
Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[Anonymous share]" Loaded services file OK. WARNING: You have some share names that are longer than 12 characters. These may not be accessible to some older clients. (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.) Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] dos charset = CP932 netbios name = UNIXMEN SAMBA SERVER server string = Samba Server Version %v map to guest = Bad User log file = /var/log/samba/log.%m max log size = 50 server max protocol = SMB2 idmap config * : backend = tdb hosts allow = 127., 192.168.1. cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [Anonymous share] path = /samba/anonymous_share read only = No create mask = 0777 directory mask = 0777 guest only = Yes guest ok = Yes
If all good, you’re good to go now.
Firewall configuration
Allow Samba server default ports through firewall.
firewall-cmd --permanent --add-port=137/tcp firewall-cmd --permanent --add-port=138/tcp firewall-cmd --permanent --add-port=139/tcp firewall-cmd --permanent --add-port=445/tcp firewall-cmd --permanent --add-port=901/tcp
Restart firewall to apply the changes.
firewall-cmd --reload
SELinux Configuration
Turn the samba_enable_home_dirs Boolean on if you want to share home directories via Samba.
setsebool -P samba_enable_home_dirs on
If you create a new directory, such as a new top-level directory, label it with samba_share_t so that SELinux allows Samba to read and write to it. Do not label system directories, such as /etc/ and /home/, with samba_share_t, as such directories should already have an SELinux label.
In our case, we already have created a anonymous directory. So let us label it as shown below.
chcon -t samba_share_t /samba/anonymous_share/
If you don’t want to mess up with the SELinux, just disable it as shown below, and continue.
To disable SELinux, edit file /etc/sysconfig/selinux,
vi /etc/sysconfig/selinux
Set SELinux value to disabled.
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
Restart the server to take effect the changes.
Test Samba Shares
Now, goto any windows client system. In this example, I am using Windows 7 system.
ClickStart -> Run. Enter the samba Server IP as shown below.
![Windows 7, 1 nic, bridge, internet [Running] - Oracle VM VirtualBox_001](http://unixmen.com/wp-content/uploads/2014/09/Windows-7-1-nic-bridge-internet-Running-Oracle-VM-VirtualBox_001.png)
Now, you’ll be able to access the fully accessed samba shares.
![Windows 7, 1 nic, bridge, internet [Running] - Oracle VM VirtualBox_002](http://unixmen.com/wp-content/uploads/2014/09/Windows-7-1-nic-bridge-internet-Running-Oracle-VM-VirtualBox_002.png)
You can create, modify or delete the files/folders inside the shares. For example, let me create a sample folder called ‘unixmen’ inside the samba share folder.
![Windows 7, 1 nic, bridge, internet [Running] - Oracle VM VirtualBox_003](http://unixmen.com/wp-content/uploads/2014/09/Windows-7-1-nic-bridge-internet-Running-Oracle-VM-VirtualBox_003.png)
Check the newly created files or folders are present in the samba server
ls -l /samba/anonymous_share/
Sample Output:
total 0 drwxrwxrwx. 2 nobody nobody 6 Sep 26 17:55 unixmen
As you see in the result, the folder has been created in the /samba/anonymous/ directory.
2. Create security enabled share in samba server
What we have seen so far is creating a fully accessed samba share. Anyone can access that share folder, and can create, delete files/folders in that share.
Now, let us create a password protected samba share so that the users should enter the valid username and password to access the share folder.
Create a user called “unixmen” and a group called “smbgroup”.
useradd -s /sbin/nologin unixmen groupadd smbgroup
Assign the user unixmen to smbgroup, and set samba password to that user.
usermod -a -G smbgroup unixmen smbpasswd -a unixmen
Create a new share called “/samba/secure_share” and set the permissions to that share.
mkdir /samba/secure_share chmod -R 0755 /samba/secure_share chown -R unixmen:smbgroup /samba/secure_share
Edit samba config file;
vi /etc/samba/smb.conf
Add the below lines at the bottom of samba config file.
[secure_share] path = /samba/secure_share writable = yes browsable = yes guest ok = no valid users = @smbgroup
Test the samba configuration for any errors.
testparm
Sample output:
Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[Anonymous share]" Processing section "[secure_share]" Loaded services file OK. WARNING: You have some share names that are longer than 12 characters. These may not be accessible to some older clients. (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.) Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] dos charset = CP932 netbios name = UNIXMEN SAMBA SERVER server string = Samba Server Version %v map to guest = Bad User log file = /var/log/samba/log.%m max log size = 50 server max protocol = SMB2 idmap config * : backend = tdb hosts allow = 127., 192.168.1. cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [Anonymous share] path = /samba/anonymous_share read only = No create mask = 0777 directory mask = 0777 guest only = Yes guest ok = Yes [secure_share] path = /samba/secure_share valid users = @smbgroup read only = No
Label the /samba/secure_share/ with samba_share_t so that SELinux allows Samba to read and write to it.
chcon -t samba_share_t /samba/secure_share/
Restart samba services.
systemctl restart smb systemctl restart nmb
Test Samba shares
Now, goto windows client, check for the secured share folder.
![Windows 7, 1 nic, bridge, internet [Running] - Oracle VM VirtualBox_004](http://unixmen.com/wp-content/uploads/2014/09/Windows-7-1-nic-bridge-internet-Running-Oracle-VM-VirtualBox_004.png)
Double click to open the secured share. You’ll be asked to enter the user name and password to access the share.
![Windows 7, 1 nic, bridge, internet [Running] - Oracle VM VirtualBox_005](http://unixmen.com/wp-content/uploads/2014/09/Windows-7-1-nic-bridge-internet-Running-Oracle-VM-VirtualBox_005.png)
That’s it. Now, you can access the secured samba share folder.
![Windows 7, 1 nic, bridge, internet [Running] - Oracle VM VirtualBox_006](http://unixmen.com/wp-content/uploads/2014/09/Windows-7-1-nic-bridge-internet-Running-Oracle-VM-VirtualBox_006.png)
That’s it. Samba server is ready to use.
Cheers!
