Samba
is an open source software suite that provides file, directory and
printer sharing between SMB/CIFS clients. In this tutorial we will
explain how to configure SAMBA server.
First
we will configure SAMBA server for anonymous file sharing and then we
will configure authenticated SAMBA share.
In
this tutorial, we will use following two machines.
| Server: 192.168.0.154 Operating System: CentOS 6.0 |
| Client: 192.168.0.110 Operatin System: Windows XP |
-Install Samba packages
on linux
[root@sambaserver ~]# yum install samba* -y
|
-Start necessary
services on server.
Necessary services
required for SAMBA are as follows:
| Service | Daemons | Description | |
| Required | smb | smbd | (SMB/CIFS Server) main samba service which provide user authentication and authorization and file and printer sharing |
| Required | nmb | nmbd | (NetBIOS name server) Resources browsing |
| Optional | winbind | winbindd | For host and user name resolution |
/etc/init.d/smb start
/etc/init.d/nmb start
chkconfig smb on
chkconfig nmb on
|
-Configure full access
anonymous share
Create a directory for
sharing purpose '/share' and provide full access to directory.
[root@sambaserver ~]# mkdir /share
|
[root@sambaserver ~]# chmod -R 0777 /share/
|
Edit following lines in
/etc/samba/smb.conf
vi /etc/samba/smb.conf
## At around Line no 75, find 'workgroup' option and set workgroup to a value in which clients #systems are present. We have set following value to windows default workgroup ##
workgroup = WORKGROUP
## At around Line no 81, find 'hosts allow' option and Uncomment and set the IP Range ##
hosts allow = 127. 192.168.1.
## At around Line 100, find security option and set no authentication ##
security = share
## Add the following lines at the bottom ##
[myshare]
path = /share
writable = yes
browsable = yes
guest ok = yes
guest only = yes
create mode = 0777
directory mode = 0777
- Test the SAMBA server for configuration using
command 'testparam' .
It
will list out all the shares from SAMBA configuration file.
-
Open ports and allow SAMBA connections in firewall.
SAMBA
used following ports.
| Port 137 | UDP NetBIOS name service (WINS) |
| Port 138 | UDP NetBIOS datagram |
| Port 139 | TCP NetBIOS Session (TCP), Windows File and Printer Sharing |
| Port 445 | Microsoft-DS Active Directory, Windows shares (TCP) |
| Port 445 | Microsoft-DS SMB file sharing (UDP) |
Open
mentioned ports in firewall. On CentOS system, we can allow
connections on above port by following command.
| #iptables -A INPUT -m state --state NEW -m udp -p udp --dport
137 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT #iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT #iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT |
-Restart iptables
service
service iptables restart
|
-Disable
SElinux on server or allow SAMBA sharing in selinux.
In
this tutorial we have disabled selinux on server but you can allow
SAMBA sharing by following options in selinux.
To disable SElinux, edit file vi /etc/sysconfig/selinux and disable selinux. Server will require reboot after disabling selinux.
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
-
Allow following options of SAMBA in SElinux.
| samba_enable_home_dirs | Enables the sharing of home directories |
| samba_export_all_ro | Enable read-only access to any directory |
| samba_export_all_rw | Sets up read/write access to any directory |
| samba_share_t Default file | which Samba can share |
Access SAMBA share from
client side.
-
Go to Start --> CMD and enter SAMBA server IP.
-Go to my network places
and access samba share. In our caes, it will be 'myshare'.
II] Configure authenticated SAMBA share.
- Create a user and group. Add created user to a group and set SMB
password for user.
useradd smbtestuser
groupadd smbgroup
usermod -a -G smbgroup smbtestuser
smbpasswd -a smbtestuser
New SMB password:
Retype new SMB password:
Added user smbtestuser
|
- Create a shared directory and set permissions to that directory.
mkdir /secure/
chmod -R 0755 /secure
chown -R smbtestuser:smbgroup /secure/
|
- Edit smb.conf file and create entry for secure share.
vi
/etc/samba/smb.conf
Change
parameter 'security = share' to 'security = user'
in smb.conf file at around line 100.
Security
= user
[mysecureshare] path = /secure writable = yes browsable = yes guest ok = no valid users = @smbgroup |
- Test configuration by command 'testparam'.
- Restart SAMBA services.
/etc/init.d/smb restart
/etc/init.d/nmb restart
|
- You can access secure share by same steps mentioned above. Provide
username and password for SAMBA user at the promt.
No comments:
Post a Comment