EL7 Samba CIFS Server
Samba is an open source suite of tools that implement CIFS/SMB filesharing and MS Active Directory via BSD and GNU/Linux
sudo yum install samba samba-client sudo systemctl enable smb sudo systemctl enable nmb sudo firewall-cmd --permanent --add-service=samba sudo firewall-cmd --reload
CONFIGURATION - [GLOBAL] SECTION
Make all changes to /etc/samba/smb.conf unless otherwise stated.
The line numbers are roughly where the existing parameter should be found. Not necessarily a guarantee for cross EL platforms to be exact, as Red Hat and Oracle do tweak things to suit their customer service departments' ease.
line 66 : add
min protocol = SMB2 unix charset = UTF-8 dos charset = CP932
There was a zero-day that forced the Samba team to disable UNIX symlinks from being followed properly. To enable them, add right under the above entries, the following:
follow symlinks = yes wide links = yes unix extensions = no
line 90 : change this to be your workgroup or homegroup and your server netbios name respectively.
workgroup = SCHOTTY netbios name = schotty
line 96 : uncomment and change IP address to be your appropriate subnet. This would be appropriate for 192.168.0.0/16
hosts allow = 192.168.0.0/16
Line 126: add ( no auth )
security = user passdb backend = tdbsam map to guest = Bad User
Jump to end of file and add this if you wish to have a free for all folder. This is where you will put all your share directives. You can, of course,disable the existing ones or modify them appropriately too. For the following example there is also the need for a guest linux account that needs to be made. Edit the commands as needed, including adding any groups that the user needs to be in.
- Samba guest account creation:
useradd -c "Samba Guest User" -d /dev/null -s /bin/false sambaguest passwd sambaguest usermod -G smb_share_groups sambaguest
CONFIGURATION - [SHARE] SECTION
Sample share section:
[Public] # any name you like path = /path/to/share # Path to the shared directory writable = yes # Is writable guest ok = yes # Enable guest (smbuser not needed) guest only = yes # guest only create mode = 0777 # Default file permissions directory mode = 0777 # Default directory permissions guest account = sambaguest # Our linux system guest acct available = yes # Is available browsable = yes # Is browseable public = yes # Is public
Now, if you are using SELinux, there will be issues if you are using a share that hasn't had the permissions set correctly. Exectute the last two commands for each successive share that you have.
sudo setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 sudo getsebool -a | grep samba_export sudo semanage fcontext -a -t samba_share_t "/SHARENAME(/.*)?" sudo restorecon /SHARENAME
sudo systemctl restart smb sudo systemctl restart nmb