CentOS7 Samba How To
CentOS7 Samba How To
This tutorial will describe you how to setup a basic Samba server in a CentOS 7 system. These steps
will work on RHEL 7 and Scientific Linux 7 (and other Red Hat-based Linux distributions.)
Installation
The easiest part of this how to will be the actual installation. To install samba run the following
command:
yum install samba samba-client samba-common
Configuration files are typically located in the /etc directory, and Samba is no exception - its main
configuration file, smb.conf, is located in /etc/samba. It is generally considered to be a best
practice to back up the original configuration file before modifying it, so it can be reverted to the
original in case of a mistake or error. Let's back it up now.
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
OR
cp /etc/samba/smb.conf /etc/samba/smb.conf.orig
CentOS 7 Samba Guide Page 2 of 11
[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = YOURHOSTNAME
security = user
map to guest = bad user
dns proxy = no
These global settings are required. Beneath them we can list our shares. To start, we will create a share
accessible to all users – even unauthenticated ones. This share is akin to anonymous uploading with
FTP.
[all]
path = /samba/all
browseable = yes
writeable = yes
guest ok = yes
read only = no
Adding shares with user access control is very similar, with an additional requirement that we need to
create a group that is allowed to access the share, and add our user to it. In this example we will name
our secured share 'restricted' and create a group with the same name on our host. Note that the group
name does not have to match the share name, it is just convenient to do so in many cases.
[restricted]
path = /samba/restricted
valid users = @restricted
guest ok = no
writable = yes
browseable = yes
CentOS 7 Samba Guide Page 3 of 11
User permissions
Now we must create the directories we specified in our configuration file, namely /samba/all and
/samba/restricted. For the all share, we want it to be globally accessible by unauthenticated users, and
these users should be able to write. For the restricted share, we must create the restricted group,
add a user to that group, and add the user to the Samba database.
mkdir -p /samba/all
mkdir -p /samba/restricted
groupadd restricted
usermod -a -G restricted username
cd /samba
chmod -R 1777 all
chmod -R 0775 restricted
chown -R nobody:nobody all
chown -R username:restricted restricted
smbpasswd -a username
SELinux
chcon -t samba_share_t all
chcon -t samba_share_t restricted
Scenario
In this tutorial, I will be using two systems as described below.
Samba server:
Operating system: CentOS 7
Hostname : server.unixmen.local
IP Address : 192.168.1.101/24
Samba client:
Operating system : Windows 7 Professional
Hostname : client
IP Address : 192.168.1.102/24
Check for existing samba package if any using the following commands.
Create a directory called /samba/anonymous_share and set full permission. You can name this
share as per your liking.
mkdir -p /samba/anonymous_share
chmod -R 1777 /samba/anonymous_share
vi /etc/samba/smb.conf
CentOS 7 Samba Guide Page 5 of 11
Find the following directives, and make the changes as shown below.
[...]
## Uncomment ##
max protocol = SMB2
Start Samba services, and enable them to start automatically on every reboot.
testparm
CentOS 7 Samba Guide Page 6 of 11
Sample Output:
[global]
dos charset = CP932
netbios name = UNIXMEN SAMBA SERVER
server string = Samba Server Version %v
map to guest = Bad User
log file = /var/log/samba/log.%m
max log size = 50
server max protocol = SMB2
idmap config * : backend = tdb
hosts allow = 127., 192.168.1.
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No
[Anonymous share]
path = /samba/anonymous_share
read only = No
create mask = 0777
directory mask = 0777
guest only = Yes
guest ok = Yes
CentOS 7 Samba Guide Page 7 of 11
SELinux Configuration
Turn the samba_enable_home_dirs Boolean on if you want to share home directories via Samba.
setsebool -P samba_enable_home_dirs on
If you create a new directory, such as a new top-level directory, label it with samba_share_t so that
SELinux allows Samba to read and write to it. Do not label system directories, such as /etc/ and
/home/, with samba_share_t, as such directories should already have an SELinux label.
In our case, we already have created an anonymous directory. So let us label it as shown below.
If you don’t want to mess with SELinux, just disable it as shown below, and continue.
vi /etc/sysconfig/selinux
Click Start -> Run. Enter the Samba server IP in UNC format as shown below.
\\192.168.0.101
You can create, modify or delete the files/folders inside the share.
CentOS 7 Samba Guide Page 8 of 11
On Linux, check the newly-created files or folders are present in the Samba server:
ls -l /samba/anonymous_share/
Now, let us create a password-protected Samba share so that the users should enter a valid username
and password to access the share folder.
Assign the user smbuser to smbgroup, and set the Samba password for that user.
Create a new share called “/samba/secure_share” and set the permissions to that share.
mkdir /samba/secure_share
chmod -R 0755 /samba/secure_share
chown -R smbuser:smbgroup /samba/secure_share
vi /etc/samba/smb.conf
Add the following lines at the bottom of the Samba configuration file:
[secure_share]
path = /samba/secure_share
writable = yes
browsable = yes
guest ok = no
valid users = @smbgroup
testparm
CentOS 7 Samba Guide Page 9 of 11
Sample output:
[global]
dos charset = CP932
netbios name = UNIXMEN SAMBA SERVER
server string = Samba Server Version %v
map to guest = Bad User
log file = /var/log/samba/log.%m
max log size = 50
server max protocol = SMB2
idmap config * : backend = tdb
hosts allow = 127., 192.168.1.
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No
[Anonymous share]
path = /samba/anonymous_share
read only = No
create mask = 0777
directory mask = 0777
guest only = Yes
guest ok = Yes
[secure_share]
path = /samba/secure_share
valid users = @smbgroup
read only = No
CentOS 7 Samba Guide Page 10 of 11
Fix permissions on the secured folder that allows all members of the smbgroup to read and write, and
restricts access to group members only:
To make the Linux machine reachable in Windows by name, add the entry of your server IP address to
the hosts file:
notepad C:\Windows\System32\drivers\etc\hosts
Double click to open the secured share. You’ll be asked to enter the user name and password to access
the share.
That’s it. Now, you can access the secured samba share folder.
CentOS 7 Samba Guide Page 11 of 11
Bibliography
https://my.esecuredata.com/index.php?/knowledgebase/article/56/install-and-configure-samba-centos-7
https://www.unixmen.com/install-configure-samba-server-centos-7/
https://www.tecmint.com/install-samba4-on-centos-7-for-file-sharing-on-windows/
https://www.howtoforge.com/samba-server-installation-and-configuration-on-centos-7
https://lintut.com/easy-samba-installation-on-rhel-centos-7/