INSTALLATION

yum install samba samba-client
systemctl enable smb
systemctl enable nmb
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload

CONFIGURATION - [GLOBAL] SECTION

Make all changes to /etc/samba/smb.conf unless otherwise stated.

The line numbers are roughly where the existing parameter should be found.  Not necessarily a guarantee for cross EL platforms to be exact, as Red Hat and Oracle do tweak things to suit their customer service departments' ease.

  • line 66 : add
unix charset = UTF-8
dos charset = CP932
  • There was a zero-day that forced the Samba team to disable UNIX symlinks from being followed properly.  To enable them, add right under the above entries, the following:
follow symlinks = yes
wide links = yes
unix extensions = no

* line 90 : change this to be your workgroup or homegroup and your server netbios name respectively.

workgroup = SCHOTTY
netbios name = schotty

* line 96 : uncomment and change IP address to be your appropriate subnet.  This would be appropriate for 192.168.0.0/16

hosts allow = 192.168.0.0/16
  • Line 126: add ( no auth )
security = user
passdb backend = tdbsam
map to guest = Bad User

Jump to end of file and add this if you wish to have a free for all folder.  This is where you will put all your share directives.  You can, of course,disable the existing ones or modify them appropriately too.  For the following example there is also the need for a guest linux account that needs to be made.  Edit the commands as needed, including adding any groups that the user needs to be in.

  • Samba guest account creation:
useradd -c "Samba Guest User" -d /dev/null -s /bin/false sambaguest
passwd sambaguest
usermod -G smb_share_groups sambaguest

CONFIGURATION - [SHARE] SECTION

  • Sample share section:
[Public]                    # any name you like
 path = /path/to/share      # Path to the shared directory
 writable = yes             # Is writable
 guest ok = yes             # Enable guest (smbuser not needed)
 guest only = yes           # guest only
 create mode = 0777         # Default file permissions
 directory mode = 0777      # Default directory permissions
 guest account = sambaguest # Our linux system guest acct
 available = yes            # Is available
 browsable = yes            # Is browseable
 public = yes               # Is public
  • Now, if you are using SELinux, there will be issues if you are using a share that hasn't had the permissions set correctly.  Exectute the last two commands for each successive share that you have.
setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
getsebool -a | grep samba_export
semanage fcontext -a -t samba_share_t "/SHARENAME(/.*)?"
restorecon /SHARENAME
  • Reload services:
systemctl restart smb
systemctl restart nmb