How to install and configure samba server in CentOS 6.3

How to install and configure samba server in CentOS 6.3

Introduction: Samba is a free software re-implementation of the SMB/CIFS networking protocol, originally developed by Andrew Tridgell. As of version 3, Samba provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain, either as a Primary Domain Controller (PDC) or as a domain member. It can also be part of an Active Directory domain.

Samba runs on most Unix and Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple’s Mac OS X Server (which was added to the Mac OS X client in version 10.2). Samba is standard on nearly all distributions of Linux and is commonly included as a basic system service on other Unix-based operating systems as well. Samba is released under the GNU General Public License. The name Samba comes from SMB (Server Message Block), the name of the standard protocol used by the Microsoft Windows network file system.
Reference from : http://en.wikipedia.org/wiki/Samba_%28software%29

Scenario: We will shared directory where permitted user/group can access the shared directory and read write the files or dir.

Practical Applied on:

Operating System: CentOS release 6.3 (Final)
Packages: On Samba Version 3.5
samba-winbind-clients-3.5.10-125.el6.i686
samba-3.5.10-125.el6.i686
samba-common-3.5.10-125.el6.i686
Kernel information: Linux 2.6.32-279.el6.i686 #1 SMP / i686 i686 i386 GNU/Linux

Samba Server uses the following port no. :

137/tcp
137/udp
138/tcp
138/udp
139/udp
139/udp
445/tcp
445/udp

Daemon name : smb and nmb
Samba services are implemented as two daemons:
smbd, which provides the file and printer sharing services, and
nmbd, which provides the NetBIOS-to-IP-address name service. NetBIOS over TCP/IP requires some method for mapping NetBIOS computer names to the IP addresses of a TCP/IP network.

How to install and configure samba server:

Step 1: Install through yum command. cups-libs is for printer.

yum install -y samba samba-commons cups-libs

Step 2: create a directory which you would like to share

mkdir /sharedrepo

Step 3: Add a new group or you can use existing group to provide access on shared directory,Here I am adding new group called staff.

groupadd staff

Step 4: Change the group and permission of sharing folder

chgrp -R staff /sharedrepo
chmod -R 777 /sharedrepo

Step 5: Change the selinux security context on sharing directory and set the selinux boolean value for samba .
You can skip this step if selinux has permissive or disabled status. (use sestatus command to check selinux status)

chcon -R -t samba_share_t /sharedrepo/
semanage fcontext -a -t samba_share_t /sharedrepo/
setsebool -P samba_enable_home_dirs on

Step 6: create user and add them in group called staff. And set the samba password for this user.

useradd test
usermod -G staff test
smbpasswd -a test

Step 7: Take backup of /etc/samba/smb.conf file then edit the smb.conf file. And add the given parameter in last line of /etc/samba/smb.conf file

cd /etc/samba/
cp -p smb.conf smb.conf.orig

vi /etc/samba/smb.conf

	[sharedrepo]
	comment = shared-directory
	path = /sharedrepo
	public = no
	valid users = test, @staff
	writable = yes
	browseable = yes
	create mask = 0765

Step 8: Edit these lines in /etc/samba/smb.conf . To allow network to reach samba server.
Change the value of 192.168.56.0/24 with your subnet. And change the ethernet value which is in used by your system and which you want to allow for traffic.
In second line ,192.168.56. is for subnet .Same rule applied to 127. which is for loopback.

	interfaces = lo eth0 eth1 192.168.56.0/24 
	hosts allow = 127. 192.168.56.

Note: Mainly for windows users,if your all PC in your network are using different WORKGROUP name edit the given below line in smb.conf with your workgroup name. Windows system bydefault uses the WORKGROUP as WORKGROUP. Try first without changing the WORKGROUP name,if required do the change.

 workgroup = MYGROUP

Step 9 : Add services in /etc/services files

vi /etc/services

netbios-ns	137/tcp			# netbios name service
netbios-ns	137/udp			# netbios name service
netbios-dgm	138/tcp			# netbios datagram service
netbios-dgm	138/udp			# netbios datagram service
netbios-ssn	139/udp			# netbios session service
netbios-ssn	139/udp			# netbios session service

Step 10: Add iptables rule in samba server for port no. 137,138.139 and 445. Edit /etc/sysconfig/iptables file
Note: If in your network iptables service is stopped or there is no rule set up.Kindly skip this step.
Change the 192.168.56.0/24 value with you network subnet.

[root@localhost ~]#  vi /etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Sun Feb 17 19:36:23 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [199:25862]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -s 192.168.56.0/24 -m state --state NEW -p tcp --dport 137 -j ACCEPT
-A INPUT -s 192.168.56.0/24 -m state --state NEW -p tcp --dport 138 -j ACCEPT
-A INPUT -s 192.168.56.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPT
-A INPUT -s 192.168.56.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A INPUT -j REJECT --reject-with icmp-port-unreachable 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT
# Completed on Sun Feb 17 19:36:23 2013
[root@localhost ~]# 

Now restart the iptable

[root@localhost ~]# /etc/init.d/iptables restart

Check the iptable is it implemented or not

[root@localhost ~]#iptables -nL

Step 11: Now start the smb and nmb services.

/etc/init.d/smb start
/etc/init.d/nmb start

To smb and nmb services should be started at the time of boot or reboot.Use chkconfig command

# chkconfig smb on
# chkconfig nmb on

chkconfig --list | egrep "smb|nmb"
nmb 0:off 1:off 2:on 3:on 4:on 5:on 6:off
smb 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Step 12: Now we will test samba from linux and windows machine

Windows User:

Open the Run and type \\ip-address-of-samba-server\shared-Direcory-name
 for eg. \\192.168.56.101\sharedrepo.
 Give username and password. (password which you set with the help of smbpasswd command)

Linux Users: smbclient must be installed in system .

To check the list of shared objects in samba server.Use the command
smbclient -L \\ipaddress-samba-server -U username (press enter, and give samba password of the user)

To access through smb console : Use the command

smbclient //ip-samba-server/sharedDirectory -U username

After getting console you can use get and put command to get the data and put the data in shared dir.
Like the given below eg,

linux@tuxworld:~$ smbclient //192.168.56.101/sharedrepo -U redtest
Enter redtest's password: 
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.10-125.el6]
smb: \> ls
  .                                   D        0  Sun Feb 17 10:50:01 2013
  ..                                 DR        0  Sun Feb 17 22:38:55 2013
  Untitled Folder                     D        0  Sun Feb 17 19:45:51 2013

		50553 blocks of size 262144. 44708 blocks available
smb: \> help
?              allinfo        altname        archive        blocksize      
cancel         case_sensitive cd             chmod          chown          
close          del            dir            du             echo           
exit           get            getfacl        geteas         hardlink       
help           history        iosize         lcd            link           
lock           lowercase      ls             l              mask           
md             mget           mkdir          more           mput           
newer          open           posix          posix_encrypt  posix_open     
posix_mkdir    posix_rmdir    posix_unlink   print          prompt         
put            pwd            q              queue          quit           
readlink       rd             recurse        reget          rename         
reput          rm             rmdir          showacls       setea          
setmode        stat           symlink        tar            tarmode        
translate      unlock         volume         vuid           wdel           
logon          listconnect    showconnect    ..             !              
smb: \> 

To mount the samba shared directory in machine your system must support cifs file system.

mount -t cifs //samba-server-ipaddress/shared-directory-name -o username=USERNAME /mnt/

In ubuntu:
From Dash home write the command smb://ipaddr-samba-server/shared-directory

Or take reference from https://help.ubuntu.com/community/Samba/SambaClientGuide

Comments

  1. CReed says

    Very good article for anyone with minimal linux experience to get a samba server up with minimal fuss. Bookmarked. Thanks for posting it.

  2. Francis Trujillo says

    Don’t forget to have your service at reboot. By the way, GREAT job! :-)

    $ sudo chkconfig smb on
    $ sudo chkconfig nmb on

    $ sudo chkconfig | egrep “smb|nmb”
    nmb 0:off 1:off 2:on 3:on 4:on 5:on 6:off
    smb 0:off 1:off 2:on 3:on 4:on 5:on 6:off

  3. gigirock says

    mmmh, lost some minutes to understand that in iptables you must accpet also UDP for each port….don’t forget it !

Leave a Reply

Your email address will not be published. Required fields are marked *