http://www.oracle-base.com/articles/linux/linux-samba-configuration.php
Installation
The Samba service is installed from a Yum repository using the following command.
# yum install samba
Turn on the Samba server and make sure it starts automatically on reboot.
# service smb start # chkconfig smb on
Samba is configured by altering the contents of the “/etc/samba/smb.conf” and “/etc/samba/smbusers” files. Configuration changes have to be followed by a reload or a restart of the smb service.
Firewall
If you are using the Linux firewall, you need to open ports 139 and 445 specifically. The Samba documentation suggest opening 3 additional ports also. Assuming you are using a firewall setup file, as described here, you can include the following additions to the INPUT chain.
# Open ports for SAMBA. iptables -A INPUT -p tcp --dport 135 -j ACCEPT iptables -A INPUT -p tcp --dport 137 -j ACCEPT iptables -A INPUT -p tcp --dport 138 -j ACCEPT iptables -A INPUT -p tcp --dport 139 -j ACCEPT iptables -A INPUT -p tcp --dport 445 -j ACCEPT
SELinux
Install SELinux tools
# yum provides /usr/sbin/semanage # yum -y install policycoreutils-python
If you are using SELinux, you will need to consider the following points.
The SELinux booleans associated with the Samba service are displayed using the getsebool
command.
# getsebool -a | grep samba samba_create_home_dirs --> off samba_domain_controller --> off samba_enable_home_dirs --> off samba_export_all_ro --> off samba_export_all_rw --> off samba_run_unconfined --> off samba_share_fusefs --> off samba_share_nfs --> off sanlock_use_samba --> off use_samba_home_dirs --> off virt_use_samba --> off #
The setsebool
command is used to set a specific boolean value.
# setsebool use_samba_home_dirs on # setsebool use_samba_home_dirs off
The samba_share_t
context should be assigned to all content.
# semanage fcontext -a -t samba_share_t "/u01(/.*)?" # restorecon -F -R -v /u01
You can check the current context setting on files and directories using the “ls -alZ” command.
More information on SELinux can be found here.
Create Network Shares for Group Collaboration
This section describes the steps necessary to create Samba shares suitable for group collaboration.
Create a group that will act as the owner of the shared files.
# groupadd developers
Create some users that are assigned to the “developers” group.
# useradd dev1 -G developers # passwd dev1 # password set to dev1 # id dev1 uid=501(dev1) gid=504(dev1) groups=504(dev1),506(developers) # # useradd dev2 -G developers # passwd dev2 # password set to dev2 # id dev2 uid=502(dev2) gid=505(dev2) groups=505(dev2),506(developers) #
Set the Samba password for the users.
# smbpasswd -a dev1 New SMB password: Retype new SMB password: Added user dev1. # # smbpasswd -a dev2 New SMB password: Retype new SMB password: Added user dev2. #
Create a directory to own the shared files, making sure its group is set correctly. The permissions are set to “g+rwx” (0770), since the group is the defining factor in accessing data in this directory.
# mkdir /developers_dir # chgrp developers /developers_dir # chmod g+s /developers_dir # chmod -R 770 /developers_dir
Add the following share into the “/etc/samba/smb.conf” file. Notice the 0770 permissions again, so users don’t accidentally create files that can’t be amended by other members of the group.
Create Network Shares
Shares are created by editing the “/etc/samba/smb.conf” file. In RHEL5 and Fedora distributions you can use a GUI tool called system-config-samba
, but this has been removed from RHEL6.
The “/etc/samba/smb.conf” file contains an example share definition towards the bottom of the file. The “;” characters are comments.
[benkel] path = /media/benkel force group = benkel valid users = @benkel create mask = 0775 force create mode = 660 write list = @benkel browseable = yes hosts allow 192.168.178.*
Mount from Mac OS X
cd /Users/userdir/ mkdir -p mountpoint mount -t smbfs //smbuser:smbpass@smbhost/benkel /Users/userdir/mountpoint