http://www.oracle-base.com/articles/linux/linux-samba-configuration.php
Installation
The Samba service is installed from a Yum repository using the following command.
# yum install samba
Turn on the Samba server and make sure it starts automatically on reboot.
# service smb start
# chkconfig smb on
Samba is configured by altering the contents of the “/etc/samba/smb.conf” and “/etc/samba/smbusers” files. Configuration changes have to be followed by a reload or a restart of the smb service.
Firewall
If you are using the Linux firewall, you need to open ports 139 and 445 specifically. The Samba documentation suggest opening 3 additional ports also. Assuming you are using a firewall setup file, as described here, you can include the following additions to the INPUT chain.
# Open ports for SAMBA.
iptables -A INPUT -p tcp --dport 135 -j ACCEPT
iptables -A INPUT -p tcp --dport 137 -j ACCEPT
iptables -A INPUT -p tcp --dport 138 -j ACCEPT
iptables -A INPUT -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -p tcp --dport 445 -j ACCEPT
SELinux
Install SELinux tools
# yum provides /usr/sbin/semanage
# yum -y install policycoreutils-python
If you are using SELinux, you will need to consider the following points.
The SELinux booleans associated with the Samba service are displayed using the getsebool
command.
# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off
#
The setsebool
command is used to set a specific boolean value.
# setsebool use_samba_home_dirs on
# setsebool use_samba_home_dirs off
The samba_share_t
context should be assigned to all content.
# semanage fcontext -a -t samba_share_t "/u01(/.*)?"
# restorecon -F -R -v /u01
You can check the current context setting on files and directories using the “ls -alZ” command.
More information on SELinux can be found here.
Create Network Shares for Group Collaboration
This section describes the steps necessary to create Samba shares suitable for group collaboration.
Create a group that will act as the owner of the shared files.
# groupadd developers
Create some users that are assigned to the “developers” group.
# useradd dev1 -G developers
# passwd dev1 # password set to dev1
# id dev1
uid=501(dev1) gid=504(dev1) groups=504(dev1),506(developers)
#
# useradd dev2 -G developers
# passwd dev2 # password set to dev2
# id dev2
uid=502(dev2) gid=505(dev2) groups=505(dev2),506(developers)
#
Set the Samba password for the users.
# smbpasswd -a dev1
New SMB password:
Retype new SMB password:
Added user dev1.
#
# smbpasswd -a dev2
New SMB password:
Retype new SMB password:
Added user dev2.
#
Create a directory to own the shared files, making sure its group is set correctly. The permissions are set to “g+rwx” (0770), since the group is the defining factor in accessing data in this directory.
# mkdir /developers_dir
# chgrp developers /developers_dir
# chmod g+s /developers_dir
# chmod -R 770 /developers_dir
Add the following share into the “/etc/samba/smb.conf” file. Notice the 0770 permissions again, so users don’t accidentally create files that can’t be amended by other members of the group.
Create Network Shares
Shares are created by editing the “/etc/samba/smb.conf” file. In RHEL5 and Fedora distributions you can use a GUI tool called system-config-samba
, but this has been removed from RHEL6.
The “/etc/samba/smb.conf” file contains an example share definition towards the bottom of the file. The “;” characters are comments.
[benkel]
path = /media/benkel
force group = benkel
valid users = @benkel
create mask = 0775
force create mode = 660
write list = @benkel
browseable = yes
hosts allow 192.168.178.*
Mount from Mac OS X
cd /Users/userdir/
mkdir -p mountpoint
mount -t smbfs //smbuser:smbpass@smbhost/benkel /Users/userdir/mountpoint
Permanent Mount from Mac OS X
Create a Permanent SMB Mount in OSX (Updated)