Samba Server Installation and Configuration on CentOS 7

Samba Server Installation and Configuration on CentOS 7

Samba Server Installation and Configuration on CentOS 7

This tutorial explains how to configure a Samba server on CentOS 7 with anonymous & secured samba shares. Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients like Windows. Samba is freely available, unlike other SMB/CIFS implementations, and allows for interoperability between Linux/Unix servers and Windows-based clients.eval(ez_write_tag([[728,90],’howtoforge_com-box-3′,’ezslot_6′,106,’0′,’0′]));

1 Preliminary Note

I have a fresh installed CentOS 7 server, on which I am going to install the samba server. Off-course you need to have one windows machine to check the samba server that must be reachable with the CentOS 7 server. My Centos 7 server have hostname server1.example.com & IP as 192.168.0.100
eval(ez_write_tag([[580,400],’howtoforge_com-medrectangle-3′,’ezslot_2′,121,’0′,’0′]));

Note:

  • The Windows machine must be on same workgroup. To check the value in windows machine run the command at cmd prompt
net config workstation

It will be like this:

Windows logon domain name

Your windows machine must be at same Workstation domain as in CentOS 7.0 server, i.e. WORKGROUP in my case.

  • To make the Windows machine reachable in Windows proceed like this. In the run terminal & add  the entry of your server IP address:
notepad C:\Windows\System32\drivers\etc\hosts

In my case it was like this, just save the values.

[...]
192.168.0.100 server1.example.com centos

2 Anonymous Samba sharing

First I will explain the methodology to install Samba with an anonymous share. To install the Samba software, run:

yum install samba samba-client samba-common

It will install the current Samba version from the CentOS software repository.eval(ez_write_tag([[580,400],’howtoforge_com-medrectangle-4′,’ezslot_1′,108,’0′,’0′]));

Now to configure samba, edit the file /etc/samba/smb.conf. Before making changes, I will make the backup of original file as  /etc/samba/smb.conf.bak

cp -pf /etc/samba/smb.conf /etc/samba/smb.conf.bak

As I want to start with an empty file, I’ll use the cat command to empty smb.conf. That’s faster than deleting all the lines in vi.

cat /dev/null > /etc/samba/smb.conf

Further, give the entries like this

vi /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = centos
security = user
map to guest = bad user
dns proxy = no
#============================ Share Definitions ============================== 
[Anonymous]
path = /samba/anonymous
browsable =yes
writable = yes
guest ok = yes
read only = no

 

mkdir -p /samba/anonymous
systemctl enable smb.service
systemctl enable nmb.service
systemctl restart smb.service
systemctl restart nmb.service

Further CentOS 7 Firewall-cmd will block the samba access, to get rid of that we will run:

firewall-cmd --permanent --zone=public --add-service=samba
[[email protected] ~]# firewall-cmd --permanent --zone=public --add-service=samba
success
[[email protected] ~]#

 Finally, reload the firewall to apply the changes.

firewall-cmd --reload
[[email protected] ~]# firewall-cmd --reload
success
[[email protected] ~]#

Now you can access the Centos 7 share in Windows as follows. Go to the Run prompt and type \\centos:

\\centos

Open Samba Share in Windows

From a Windows machine, just browse the folder and try to create a text file, but you will get an error of permission denied.

Browse folder shared with Samba on Windows

Test anonymous access to Samba share

Check the permission of the shared folder.

ls -l

drwxr-xr-x. 2 root root 6 Jul 17 13:41 anonymous
[[email protected] samba]#

To allow access by the anonymous user, set the permissions as follows:

cd /samba
chmod -R 0755 anonymous/
chown -R nobody:nobody anonymous/
ls -l anonymous/
total 0
drwxr-xr-x. 2 nobody nobody 6 Jul 17 13:41 anonymous
[[email protected] samba]#

Further, we need to allow the SELinux for the samba configuration as follows:

chcon -t samba_share_t anonymous/

Now the anonymous user can browse & create the folder contents.

Folder access by anonymous user

You can cross check the content at the server also.

ls -l anonymous/
total 0
-rwxr--r--. 1 nobody nobody 0 Jul 17 16:05 anonymous.txt
[[email protected] samba]#

3. Secured samba server

Therefore, I will create a group smbgrp & user srijan to access the samba server with proper authentication.

groupadd smbgrp
useradd srijan -G smbgrp
smbpasswd -a srijan
[[email protected] samba]# smbpasswd -a srijan
New SMB password:<--yoursambapassword
Retype new SMB password:<--yoursambapassword
Added user srijan.
[[email protected] samba]# 
    

Now create a folder with the name secured in the /samba folder and give permissions like this:

mkdir -p /samba/secured

Again we will have to allow to listen through SELinux:

cd /samba
chmod -R 0777 secured/
chcon -t samba_share_t secured/

Again edit the configuration file as :

vi /etc/samba/smb.conf

[...]
[secured] path = /samba/secured valid users = @smbgrp guest ok = no writable = yes browsable = yes
systemctl restart smb.service
systemctl restart nmb.service

Further, check the settings as follows:

testparm
[[email protected] samba]# testparm 
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[Anonymous]"
Processing section "[secured]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions <--ENTER

[global]
	netbios name = CENTOS
	server string = Samba Server %v
	map to guest = Bad User
	dns proxy = No
	idmap config * : backend = tdb

[Anonymous]
	path = /samba/anonymous
	read only = No
	guest ok = Yes

[secured]
	path = /samba/secured
	valid users = @smbgrp
	read only = No
[[email protected] samba]# 

Now at windows machine check the folder now with the proper credentials

Secured Samba access by password

You will again face the issue of permissions to give write permission to the user srijan do:

cd /samba
chown -R srijan:smbgrp secured/

Now samba users have the permissions to write into the folder. Cheers, you have done with samba server in CentOS 7 🙂

Folder Listing from Samba share on Windows

About the Author

Leave a Reply