RHEL6 – Quick and Easy Samba Configuration Guide

Space ghostAccording to Samba.org , "Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients." Bottom line, samba allows you to share files and directories via Linux and access them on a Windows machine.

Lets walk through a senario where are ultimate goal is to get samba configured quickly and easily. We are not shooting for best practices here.  That being said., lets say you are asked to create a CIFS share with the following information. The share that we create must be writable by members of the sambausers group. Other users can only have read access.

  • Workgroup: Workgroup1
  • Linux Group: sambausers
  • CIFS Share Name: /share/samba

Installing Samba

Ok Lets get started by installing samba and configuring it to start at boot, then lets start it up.

# yum install samba samba-doc samba-client

# chkconfig smb on && service smb start

Configuring Firewall

There are two ways to do this. You can either do this via the command line, or do this via the system-config-firewall gui. In this instance I am going to do this the quick and dirty way, as our goal here is to get samba up and running quickly. So i launch system-config-firewall gui and select the box next t0 samba to enable access, then save and reload.

Note that these are the lines that  are added to /etc/sysconfig/iptables.

-A INPUT -m state –state NEW -m udp -p udp –dport 137 -j ACCEPT
-A INPUT -m state –state NEW -m udp -p udp –dport 138 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 139 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 445 -j ACCEPT

Create Users and Shares

Now its time to add the Linux group sambausers. Note that the -r option below adds sambausers as a system group.

# groupadd -r sambausers

Now lets create a user named "myuser" and stick him in the sambausers group.

# useradd -s /bin/nologin -G sambausers myuser

Once thats done lets create a samba password for "myuser". Lets use "mypassword" as the samba password

# smbpasswd -a myuser

Now lets create our share and change group ownership to sambausers.

# mkdir -p /share/samba

# chgrp sambausers /share/samba

Now set the setgid bit to ensure that all files created in /share/samba inherit the GID of sambausers.

# chmod 2775 /share/samba

Configure SELinux

Set SELinux context, public_content_t on /share. This will allow you to share files anonymously.

# semanage fcontext -a -t public_content_t '/share(/.*)?'

Set SELInux context, samba_share_t on /share/samba. This allows samba to share this directory. By default SELinux is only configured to allow home directories to be shared via samba right out of the box.

# semanage fcontext -a -t samba_share_t '/share/samba(/.*)?'

Now apply the two semanage commands with restorecon.

# restorecon -vvFR /shared

Editing the SMB.conf

Ok, now we need to actually configure samba. So modify or confirm the following in /etc/samba/smb.conf. Note that each and every one of the configuration items below is documented in the smb.conf

First set the workgroup as seen below

workgroup = workgroup1

Then create the directive to share our directory of /share/samba.

[samba]
        path = /share/samba
        write list = @sambausers
        read only = yes
        guest ok = no

Testing our Configs

Holy Crap, we finally made it. Now lets test with the smbclient command

# smbclient -L localhost -U myuser

This shows us that our share, called samba, does in fact exist.

Sharename       Type      Comment
        ———       —-      ——-
        samba           Disk     

Now lets connect.

#smbclient //localhost/samba -U myuser

Once connected lets put and touch a few files

smb: \> mkdir testing

smb: \> put /etc/hosts hosts

Awesome, I can see the share, I can access it and I can create files. Mission accomplished.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s