DokuWiki » Infrastructure » Operating System » CentOS 7

h1. Install Procedure for samba

h2. Requirements

To install samba you will need the following:

* a installed and supported operating system (e.g. CentOS 7.x)

* root-access

* a fast internet connection

h2. Preliminary Note

this is based on http://jehurst.wordpress.com/2011/01/17/rhel-6-for-the-clueless-samba-server/

I’ve found a couple of tutorials on Samba, but neither one had all the right information. After fighting with it a bit, this is what I did to get it working.

h2. Install 

Install Samba by logging into a Terminal as root:

<pre><code class="bash">

yum install samba

</code></pre>

if you want to have access to samba-shares you also want to

<pre><code class="bash">

yum install samba-client

</code></pre>

h2. Setup 

h3. Setup SeLinux

If SeLinux is active, then it might be necessary to set some samba-related variables depending on the share-location.

This and more information can be found at http://selinuxproject.org/page/SambaRecipes

<pre><code class="bash">

setsebool -P samba_domain_controller on

</code></pre>

The @samba_export_all@ Flag will allow to share any folder on the machine, use with care.

<pre><code class="bash">

setsebool -P samba_export_all_rw=1

</code></pre>

<pre><code class="bash">

setsebool -P samba_enable_home_dirs=1

</code></pre>

h3. Setup a shared directory

Create shared directory; I used /home/shared:

<pre><code class="bash">

mkdir /home/shared

chmod a+w /home/shared

chcon -t samba_share_t /home/shared

</code></pre>

That last line insures the SELinux security system knows to allow outside systems to poke around in that folder. Now anyone using this computer can move files in and out of the folder, as well as the Samba users.

h3. Setup a samba user

Add a Samba user. This is a different task than simply adding a user account. There is a GUI tool for adding Linux user accounts to the machine for them to use the computer itself. However, Samba users must be handled differently, so that the system forces them to use the Samba server.

<pre><code class="bash">

useradd -c "Real Name" -d /home/samba-username -s /sbin/nologin samba-username

</code></pre>

That’s all one line. As usual, substitute the actual Real Name and samba-username in the command above. Then create the Samba password. Remember what we said about coming up with good passwords:

<pre><code class="bash">

smbpasswd -a samba-username

</code></pre>

It will prompt for the password, which you type in blindly:

<pre><code class="bash">

New SMB password:

Retype new SMB password:

Added user username.

</code></pre>

Edit smbusers:

<pre><code class="bash">

vim /etc/samba/smbusers

</code></pre>

This will open the default text editor. Scan down the file until you see something like this:

<pre><code class="bash">

root = administrator admin

nobody = guest pcguest smbguest

</code></pre>

Immediately below this, add a line with this format:

<pre><code class="bash">

username = samba-username

</code></pre>

so CentOS recognizes the person logging in from the Winbox by their samba-username.

h3. Setup a samba config

Then open: 

<pre><code class="bash">

vim /etc/samba/smb.conf

</code></pre>

Find the section headed '[global]'. Change the workgroup name to whatever your Windows computer will be seeking. Default is workgroup in lower case letters. You’ll need to remove the semicolon in front of the next line and provide a proper hostname for the netbios name, which would be the name you gave your RHEL computer during installation, again in lower case. Remove the semicolon from the next line and the IP address numbers from the sample; all we need are the two interfaces lo eth0. Below that is a line with hostsallow as a model. Below that, start a new line with the same indentation:

<pre><code class="bash">

hosts allow = 127. 192.168.1.

</code></pre>

The “127.” is the IP address for everything on your own machine. The other (192.168.1.) is the private LAN network I use for my home router; by leaving off the last section after the dot, it automatically includes every computer with that prefix, which is reserved for LANs.

If you want to bind to specific interfaces only you maybe want to consider

<pre><code class="bash">

interfaces = lo vboxnet0 192.168.56.1/24

bind interfaces only = yes

</code></pre>

Go all the way to the bottom of the file and add some lines. I named my shared directory “shared”. Thus, the section heading should be named the same:

<pre><code class="ini">

[shared]

path = /home/shared

writeable = yes

browseable = yes

read only = No

guest ok = Yes

public = Yes

valid users = username1 username2

create mask = 0666

directory mask = 0777

</code></pre>

if you want to have a trash-bin on the share, you might consider adding following section:

<pre><code class="bash">

vfs object = recycle

  recycle:repository = .deleted/%U

  recycle:keeptree = Yes

  recycle:touch = Yes

  recycle:versions = Yes

  recycle:maxsixe = 0

  recycle:exclude = *.tmp

  recycle:exclude_dir = /tmp

  recycle:noversions = *.bak

</code></pre>

h2. Firewall

Now change the firewall to allow Samba to get through. You can use the tool in System > Administration > Firewall. Simply scan down the list to Samba and checkmark the box. Optionally checkmark IPP printer sharing. Then hit “Apply”.

<pre><code class="bash">

firewall-config

</code></pre>

or in Textmode

<pre><code class="bash">

firewall-cmd

</code></pre>

<pre><code class="bash">

firewall-cmd --permanent --zone=public --add-service=samba

firewall-cmd --reload

</code></pre>

h2. Service

enable and start of the services with

<pre><code class="bash">

systemctl enable smb.service

systemctl enable nmb.service

systemctl restart smb.service

systemctl restart nmb.service

</code></pre>

h2. Test 

following commands might be helpful:

<pre><code class="bash">

findsmb

smbclient //host/share -U username

</code></pre>