Setup samba » Historie » Revision 2
Revision 1 (Jeremias Keihsler, 12.01.2017 12:09) → Revision 2/5 (Jeremias Keihsler, 10.07.2019 08:43)
h1. Install Procedure for samba h2. Requirements To install samba you will need the following: * a installed and supported operating system (e.g. CentOS 7.x) * root-access * a fast internet connection h2. Preliminary Note this is based on http://jehurst.wordpress.com/2011/01/17/rhel-6-for-the-clueless-samba-server/ and the samba for groups part is taken from https://www.techrepublic.com/article/how-to-set-up-samba-shares-for-groups/ I’ve found a couple of tutorials on Samba, but neither one had all the right information. After fighting with it a bit, this is what I did to get it working. h2. Install Install Samba by logging into a Terminal as root: <pre><code class="bash"> yum install samba </code></pre> if you want to have access to samba-shares you also want to <pre><code class="bash"> yum install samba-client </code></pre> h2. Setup h3. Setup SeLinux If SeLinux is active, then it might be necessary to set some samba-related variables depending on the share-location. This and more information can be found at http://selinuxproject.org/page/SambaRecipes <pre><code class="bash"> setsebool -P samba_domain_controller on </code></pre> The @samba_export_all@ Flag will allow to share any folder on the machine, use with care. <pre><code class="bash"> setsebool -P samba_export_all_rw=1 </code></pre> <pre><code class="bash"> setsebool -P samba_enable_home_dirs=1 </code></pre> h3. Setup a shared directory Create shared directory; I used /home/shared: <pre><code class="bash"> mkdir /home/shared chmod a+w /home/shared chcon -t samba_share_t /home/shared </code></pre> That last line insures the SELinux security system knows to allow outside systems to poke around in that folder. Now anyone using this computer can move files in and out of the folder, as well as the Samba users. h3. Setup a samba user Add a Samba user. This is a different task than simply adding a user account. There is a GUI tool for adding Linux user accounts to the machine for them to use the computer itself. However, Samba users must be handled differently, so that the system forces them to use the Samba server. <pre><code class="bash"> useradd -c "Real Name" -d /home/samba-username -s /sbin/nologin samba-username </code></pre> That’s all one line. As usual, substitute the actual Real Name and samba-username in the command above. Then create the Samba password. Remember what we said about coming up with good passwords: <pre><code class="bash"> smbpasswd -a samba-username </code></pre> It will prompt for the password, which you type in blindly: <pre><code class="bash"> New SMB password: Retype new SMB password: Added user username. </code></pre> Edit smbusers: <pre><code class="bash"> vim /etc/samba/smbusers </code></pre> This will open the default text editor. Scan down the file until you see something like this: <pre><code class="bash"> root = administrator admin nobody = guest pcguest smbguest </code></pre> Immediately below this, add a line with this format: <pre><code class="bash"> username = samba-username </code></pre> so CentOS recognizes the person logging in from the Winbox by their samba-username. h3. Setup a samba config Then open: <pre><code class="bash"> vim /etc/samba/smb.conf </code></pre> Find the section headed '[global]'. Change the workgroup name to whatever your Windows computer will be seeking. Default is workgroup in lower case letters. You’ll need to remove the semicolon in front of the next line and provide a proper hostname for the netbios name, which would be the name you gave your RHEL computer during installation, again in lower case. Remove the semicolon from the next line and the IP address numbers from the sample; all we need are the two interfaces lo eth0. Below that is a line with hostsallow as a model. Below that, start a new line with the same indentation: <pre><code class="bash"> hosts allow = 127. 192.168.1. </code></pre> The “127.” is the IP address for everything on your own machine. The other (192.168.1.) is the private LAN network I use for my home router; by leaving off the last section after the dot, it automatically includes every computer with that prefix, which is reserved for LANs. If you want to bind to specific interfaces only you maybe want to consider <pre><code class="bash"> interfaces = lo vboxnet0 192.168.56.1/24 bind interfaces only = yes </code></pre> Go all the way to the bottom of the file and add some lines. I named my shared directory “shared”. Thus, the section heading should be named the same: <pre><code class="ini"> [shared] path = /home/shared writeable = yes browseable = yes read only = No guest ok = Yes public = Yes valid users = username1 username2 create mask = 0666 directory mask = 0777 </code></pre> if you want to have a trash-bin on the share, you might consider adding following section: <pre><code class="bash"> vfs object = recycle recycle:repository = .deleted/%U recycle:keeptree = Yes recycle:touch = Yes recycle:versions = Yes recycle:maxsixe = 0 recycle:exclude = *.tmp recycle:exclude_dir = /tmp recycle:noversions = *.bak </code></pre> h2. Firewall Now change the firewall to allow Samba to get through. You can use the tool in System > Administration > Firewall. Simply scan down the list to Samba and checkmark the box. Optionally checkmark IPP printer sharing. Then hit “Apply”. <pre><code class="bash"> firewall-config </code></pre> or in Textmode <pre><code class="bash"> firewall-cmd </code></pre> <pre><code class="bash"> firewall-cmd --permanent --zone=public --add-service=samba firewall-cmd --reload </code></pre> h2. Service enable and start of the services with <pre><code class="bash"> systemctl enable smb.service systemctl enable nmb.service systemctl restart smb.service systemctl restart nmb.service </code></pre> h2. Test following commands might be helpful: <pre><code class="bash"> findsmb smbclient //host/share -U username </code></pre>