Wednesday 1 April 2015

Install and Configure Samba server on linux



Samba is an open source software suite that provides file, directory and printer sharing between SMB/CIFS clients. In this tutorial we will explain how to configure SAMBA server.

First we will configure SAMBA server for anonymous file sharing and then we will configure authenticated SAMBA share.

In this tutorial, we will use following two machines.

Server: 192.168.0.154
Operating System: CentOS 6.0



Client: 192.168.0.110
Operatin System: Windows XP


-Install Samba packages on linux

[root@sambaserver ~]# yum install samba* -y

-Start necessary services on server.

Necessary services required for SAMBA are as follows:


Service Daemons Description
Required smb smbd (SMB/CIFS Server) main samba service which provide user authentication and authorization and file and printer sharing
Required nmb nmbd (NetBIOS name server) Resources browsing
Optional winbind winbindd For host and user name resolution


/etc/init.d/smb start

/etc/init.d/nmb start

chkconfig smb on

chkconfig nmb on

-Configure full access anonymous share

Create a directory for sharing purpose '/share' and provide full access to directory.

[root@sambaserver ~]# mkdir  /share
[root@sambaserver ~]# chmod -R 0777 /share/

Edit following lines in /etc/samba/smb.conf

 vi /etc/samba/smb.conf
## At around Line no 75, find 'workgroup' option and set workgroup to a value in which clients #systems are present. We have set following value to windows default workgroup ##
workgroup = WORKGROUP
## At around Line no 81, find 'hosts allow' option and Uncomment and set the IP Range ##
hosts allow = 127. 192.168.1.
## At around Line 100, find security option and set no authentication ##
security = share
## Add the following lines at the bottom ##
[myshare]
path = /share
writable = yes
browsable = yes
guest ok = yes
guest only = yes
create mode = 0777
directory mode = 0777
- Test the SAMBA server for configuration using command 'testparam' .

It will list out all the shares from SAMBA configuration file.

- Open ports and allow SAMBA connections in firewall.

SAMBA used following ports.

Port 137 UDP NetBIOS name service (WINS)
Port 138 UDP NetBIOS datagram
Port 139 TCP NetBIOS Session (TCP), Windows File and Printer Sharing
Port 445 Microsoft-DS Active Directory, Windows shares (TCP)
Port 445 Microsoft-DS SMB file sharing (UDP)

Open mentioned ports in firewall. On CentOS system, we can allow connections on above port by following command.

#iptables -A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

-Restart iptables service

service iptables restart

-Disable SElinux on server or allow SAMBA sharing in selinux.

In this tutorial we have disabled selinux on server but you can allow SAMBA sharing by following options in selinux.

To disable SElinux, edit file vi /etc/sysconfig/selinux and disable selinux. Server will require reboot after disabling selinux.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

- Allow following options of SAMBA in SElinux.

samba_enable_home_dirs Enables the sharing of home directories
samba_export_all_ro Enable read-only access to any directory
samba_export_all_rw Sets up read/write access to any directory
samba_share_t Default file which Samba can share


Access SAMBA share from client side.

- Go to Start --> CMD and enter SAMBA server IP.



-Go to my network places and access samba share. In our caes, it will be 'myshare'.





II] Configure authenticated SAMBA share.

- Create a user and group. Add created user to a group and set SMB password for user.

useradd smbtestuser
groupadd smbgroup
usermod -a -G smbgroup smbtestuser
smbpasswd -a smbtestuser
        
        New SMB password:
        Retype new SMB password:
        Added user smbtestuser



- Create a shared directory and set permissions to that directory.

mkdir /secure/
chmod -R 0755 /secure
chown -R smbtestuser:smbgroup /secure/





- Edit smb.conf file and create entry for secure share.

vi /etc/samba/smb.conf

Change parameter 'security = share' to 'security = user' in smb.conf file at around line 100.

Security = user


[mysecureshare]
path = /secure
writable = yes
browsable = yes
guest ok = no
valid users = @smbgroup



- Test configuration by command 'testparam'.

- Restart SAMBA services.

/etc/init.d/smb restart
/etc/init.d/nmb restart


- You can access secure share by same steps mentioned above. Provide username and password for SAMBA user at the promt.

No comments:

Post a Comment