Skip to content

EL7 Samba CIFS Server

Samba is an open source suite of tools that implement CIFS/SMB filesharing and MS Active Directory via BSD and GNU/Linux

INSTALLATION

    sudo yum install samba samba-client
    sudo systemctl enable smb
    sudo systemctl enable nmb
    sudo firewall-cmd --permanent --add-service=samba
    sudo firewall-cmd --reload

CONFIGURATION - [GLOBAL] SECTION

Make all changes to /etc/samba/smb.conf unless otherwise stated.

The line numbers are roughly where the existing parameter should be found. Not necessarily a guarantee for cross EL platforms to be exact, as Red Hat and Oracle do tweak things to suit their customer service departments' ease.

  • line 66 : add

    min protocol = SMB2
    unix charset = UTF-8
    dos charset = CP932
    
  • There was a zero-day that forced the Samba team to disable UNIX symlinks from being followed properly.  To enable them, add right under the above entries, the following:

    follow symlinks = yes
    wide links = yes
    unix extensions = no
    
  • line 90 : change this to be your workgroup or homegroup and your server netbios name respectively.

    workgroup = SCHOTTY
    netbios name = schotty
    
  • line 96 : uncomment and change IP address to be your appropriate subnet.  This would be appropriate for 192.168.0.0/16

    hosts allow = 192.168.0.0/16
    
  • Line 126: add ( no auth )

    security = user
    passdb backend = tdbsam
    map to guest = Bad User
    

Jump to end of file and add this if you wish to have a free for all folder.  This is where you will put all your share directives.  You can, of course,disable the existing ones or modify them appropriately too.  For the following example there is also the need for a guest linux account that needs to be made.  Edit the commands as needed, including adding any groups that the user needs to be in.

  • Samba guest account creation:
    useradd -c "Samba Guest User" -d /dev/null -s /bin/false sambaguest
    passwd sambaguest
    usermod -G smb_share_groups sambaguest
    

CONFIGURATION - [SHARE] SECTION

  • Sample share section:

    [Public]                    # any name you like
    path = /path/to/share      # Path to the shared directory
    writable = yes             # Is writable
    guest ok = yes             # Enable guest (smbuser not needed)
    guest only = yes           # guest only
    create mode = 0777         # Default file permissions
    directory mode = 0777      # Default directory permissions
    guest account = sambaguest # Our linux system guest acct
    available = yes            # Is available
    browsable = yes            # Is browseable
    public = yes               # Is public
    
  • Now, if you are using SELinux, there will be issues if you are using a share that hasn't had the permissions set correctly.  Exectute the last two commands for each successive share that you have.

    sudo setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
    sudo getsebool -a | grep samba_export
    sudo semanage fcontext -a -t samba_share_t "/SHARENAME(/.*)?"
    sudo restorecon /SHARENAME
    
  • Reload services:

    sudo systemctl restart smb
    sudo systemctl restart nmb