Samba Server:

Server Message Block (SMB) is the standard file-sharing protocol for

Microsoft windows Servers and Clients.

It can be used with Windows domain with Windows domain controller to

authenticated users.

Samba service: It is used in file sharing inside the datacenter, compatible with
Windows, and Unix Machines.

Samba Services:

 nmb is responsible of the naming as Microsoft work (used with wins

server to translate net bios names)
 smb is responsible of file sharing and authentication
 winbind is of authentication with active directory domains (natively
windows)

 samba service ports:

o 137/nmbd and 138/nmd udp
o 139/smb and 445/cifs tcp for smb service

 We have to Create the Shared directories:

 Add two groups sales and marketing:

Add the user accounts with their passwords to access the share, notice that the
accounts must be added to smbpasswd also (Samba database)

Add the accounts to the groups:

Add SELinux Context:

Samba Package Installation:

[root@srv1 ~]# dnf install samba samba-client –y
[root@srv1 ~]# cp /etc/samba/smb.conf.example /etc/samba/smb.conf
cp: overwrite '/etc/samba/smb.conf'? y
[root@srv1 ~]# vim /etc/samba/smb.conf

General Section:

workgroup = WORKGROUP ==> for windows machine to access share

server string = Network share ==> Version of Samba, hide it
netbios name = server ==> server display name in share
interfaces = lo ens160 192.168.10.25/24 ==> service listen interfaces
hosts allow = 127. 192.168.10. ==> allowed hosts to access the share
Logging Options:

The log size option will specify the maximum size of the log and it will be
rotated

Standalone Server option Section:

security = user ( anonymous or credential share)
ads (authenticate from active directory)
passdb backend = tdbsam ==> as the sam autherntication

Browser control options:

Therefore local master browser’s function is
- Provide naming service to machines in the network
- Provide the method to access any new machine in the network
local master = yes
OS level = 50
preferred master = yes

Share definition:
Private share:

[myshare] ==> what user will see

comment = welcome to my share
path = /sambashare/sales
writable = yes
write list = ali, @users, +users
vaild users = user3, @users
+groupname
==> what the user will see
==> location of the data
==> rw permission and need write list
==> users with write permission
==> @ means a group or

Note: if we use valid users we have to disable public share.

Public Share:
[public] ==> share name
comment = public share ==> what the user will see
path = /sambashare/public ==> location of the data
public = yes ==> public to all users
browseable = yes ==> can view the share content
read only =no ==> means read/write
guest account = any ==> this account must be valid
in /etc/passwd and smbpasswd utility
guest ok = yes ==> //allow anonymous user to
enter without username and password and no password is required.

Note: share name displayed in the configuration file is case sensitive [Sales]
is not the same as [sales], it can cause problems when we access the share
from smbclient tool.

Adding users to samba database

[root@srv1 ~]# smbpasswd -a user1
[root@srv1 ~]# smbpasswd -a user2
[root@srv1 ~]# smbpasswd -a user3
[root@srv1 ~]# smbpasswd -a user4

To test our configuration:

[root@server ~]#testparm

To protect our service:

Enable and start the service:

View and Login to the share:

List of users added to the samba database:

Linux Client Side:

[root@client ~]# dnf install samba-client cifs-utils -y
Create Mount Point and sharing with cifs:

To make it permanent share:

Over Windows Machine:
Windows Authentication:
To disable the caching over windows:
cmd> net use * /delete