In this tutorial we will learn, how to install and setup samba server ( file sharing server ) on CentOS 7 and RHEL 7 (Red Hat Enterprise Linux 7) . Samba server is popularly use for file and printer server and now a days it is also used as domain controller in network (like Windows Active Directory).

Project URL : http://www.samba.org/

Introduction of Samba

With arrival of Samba version 3, the definition of Samba server is changed. Now we call samba is a free software suite licensed under GNU General Public License version 3. It is populalry used for file and print services for all clients using the SMB/CIFS protocol.From Samba version 3, we can integrate with a Windows Server domain, either as a Primary Domain Controller (PDC) or as a domain member. It can also be part of an Active Directory domain.

We will follow almost same steps as we did in our previous post on “How to install and configure samba server in CentOS 6.3“. In CentOS 7 / RHEL 7 , a few steps are changed because of some introuction of new commands and unavailabilty of packages in minimal installed Operating System but logically everything is same.

Scenario: We will shared a directory called sharedrepo where we will permit user called test and group called staff, can access the shared directory from Samba server and can read write the files or directory.

Details of Samba server on which practical applied

Operating System : CentOS 7
Arch : x86_64
Samba Version : Samba 4.1.1 (Default from CentOS repo)
Kernel Versio : 3.10.0-123.el7.x86_64
IP Address : 192.168.56.102
Network Subnet : 192.168.56.0/24 or can be written also as 192.168.56.0/255.255.255.0

NOTE: CentOS 7 is installed with minimal packages (minimal installed)

Samba Server port numbers

137/tcp
137/udp
138/tcp
138/udp
139/udp
139/udp
445/tcp
445/udp

Daemon used in Samba server

Samba services are implemented as two daemons:
1. smbd, It provides the file and printer sharing services.
2. nmbd It provides the NetBIOS-to-IP-address name service. NetBIOS over TCP/IP requires some method for mapping NetBIOS computer names to the IP addresses of a TCP/IP network.

How to install and configure samba server

Step 1 : Use yum command to install samba packages

(a) policycoreutils-python = For semanage command (Read semanage command not found)
(b) samba-client : For smbpasswd (Read smbpasswd command not found)

(c) cups-libs : For printer service

(d) samba and samba-commons : For Samba server

yum install -y samba samba-commons cups-libs policycoreutils-python samba-client

Step 2: create a directory

Create a directory called sharedrepo in / (main root) . This directory will be shared with clients.

mkdir /sharedrepo

Step 3: Add a new group or can use existing group

To provide access on shared directory,Here we are adding new group called staff.

groupadd staff

Step 4: Change the group and permission of sharing folder
Here we are using /sharedrepo in samba server, hence group and permission are changing for this directory.

chgrp -R staff /sharedrepo
chmod -R 777 /sharedrepo

Step 5: Change the selinux security context
Change the selinux security context on sharing directory and set the selinux boolean value for samba.
You can skip this step in case you disable selinux on system.

chcon -R -t samba_share_t /sharedrepo/
semanage fcontext -a -t samba_share_t /sharedrepo/
setsebool -P samba_enable_home_dirs on

Step 6: create user, add into group and set samba password
create user and add them in group called staff. And set the samba password for this user.

useradd test
usermod -G staff test
smbpasswd -a test

Step 7: Edit /etc/samba/smb.conf file

First take backup of /etc/samba/smb.conf file then edit the smb.conf file.

cd /etc/samba/
cp -p smb.conf smb.conf.orig

And add the below given contents in last line of /etc/samba/smb.conf file.

vi /etc/samba/smb.conf
[sharedrepo]
comment = shared-directory
path = /sharedrepo
public = no
valid users = test, @staff
writable = yes
browseable = yes
create mask = 0765

Step 8: Allow network to connect with Samba Server

Edit these lines in /etc/samba/smb.conf . To allow network to reach samba server.

1.interfaces = Change the value of 192.168.56.0/24 with your subnet. And change the ethernet value which is in used by your system and which you want to allow for traffic.
2. hosts allow = 192.168.56. is for subnet .Same rule applied to 127. which is for loopback.

interfaces = lo enp0s8 192.168.56.00/24
hosts allow = 127. 192.168.56.

Note: For windows users,if your all PC in your network are using different WORKGROUP name edit the given below line in smb.conf with your workgroup name. Windows system bydefault uses the WORKGROUP as WORKGROUP. Try first without changing the WORKGROUP name,if required do the changes.

workgroup = MYGROUP

Step 9 : Add services in /etc/services files

vi /etc/services
 
netbios-ns	137/tcp	# netbios name service
netbios-ns	137/udp	# netbios name service
netbios-dgm	138/tcp	# netbios datagram service
netbios-dgm	138/udp	# netbios datagram service
netbios-ssn	139/tcp	# netbios session service
netbios-ssn	139/udp	# netbios session service

Step 11: Now start the smb and nmb services.

systemctl start smb.service
systemctl start nmb.service

Step 11 : Enable smb and nmb service at booting of system

systemctl enable smb.service
systemctl enable nmb.service

Below given section is referece:

[root@localhost ~]# systemctl enable nmb.service
ln -s '/usr/lib/systemd/system/nmb.service' '/etc/systemd/system/multi-user.target.wants/nmb.service'
[root@localhost ~]# 
[root@localhost ~]# systemctl enable smb.service
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
[root@localhost ~]#

Step 12 : Add firewalld rule to allow samba

In RHEL 7/ CentOS 7, firewalld is shipped by default. Now onwards we recommend you to use firewalld instead of iptables.

Here, we are allowing source network 192.168.56.0/24 to connect to samba service, whereas in logging samba prefix is used.

Adding permanent firewalld rule

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.56.0/24" service name="samba" log prefix="samba" level="info" limit value="1/m" accept'

Now reload firewalld

firewall-cmd --reload

Note: firewalld service must be runnig for above procedure. To start firewalld use systemd command i.e systemctl start firewalld.service

How to connect to Samba Server

1. Windows :

In Windows Operatig System, open the run by pressing in combination of Start key + r. Then type in this format \ip-address-of-samba-servershared-Direcory-name

\192.168.56.102sharedrepo

Give username and password when it will ask.

2. Linux :

smbclient must be installed on system .

(A) List the shared files or directory available in samba server

smbclient -L \192.168.56.102 -U test 

In above command,
-L = For listing shared objects.
Samba Server IP Address = 192.168.56.102
User Name = test

Below given is sample output

sharad@linuxworld:~$ smbclient -L \192.168.56.102 -U test
Enter test's password: 
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

	Sharename       Type      Comment
	---------       ----      -------
	IPC$            IPC       IPC Service (Samba Server Version 4.1.1)
	sharedrepo      Disk      shared-directory
	test            Disk      Home Directories
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

	Server               Comment
	---------            -------
	LOCALHOST            Samba Server Version 4.1.1

	Workgroup            Master
	---------            -------
	MYGROUP              LOCALHOST
sharad@linuxworld:~$

(B) Access using smb console

smbclient //192.168.56.102/sharedrepo -U test

After login, you will get smb console. You can use get and put command for getting/putting the file. There are other commands you can use also.

Sample output

sharad@linuxworld:~$ smbclient //192.168.56.102/sharedrepo -U test
Enter test's password: 
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: > 
smb: > help
?              allinfo        altname        archive        backup         
blocksize      cancel         case_sensitive cd             chmod          
chown          close          del            dir            du             
echo           exit           get            getfacl        geteas         
hardlink       help           history        iosize         lcd            
link           lock           lowercase      ls             l              
mask           md             mget           mkdir          more           
mput           newer          notify         open           posix          
posix_encrypt  posix_open     posix_mkdir    posix_rmdir    posix_unlink   
print          prompt         put            pwd            q              
queue          quit           readlink       rd             recurse        
reget          rename         reput          rm             rmdir          
showacls       setea          setmode        stat           symlink        
tar            tarmode        timeout        translate      unlock         
volume         vuid           wdel           logon          listconnect    
showconnect    tcon           tdis           tid            logoff         
..             !              
smb: > 

(C) Mount the samba shared directory
Mount the samba shared directory in machine , your system must support cifs file system

mount -t cifs //192.168.56.102/sharedrepo -o username=test /mnt/

In Ubuntu, Click on dash home and simply access the samba server

smb://192.168.56.102/

See the sample screenshot of dash home.
dash home ubuntu

Read this fantastic detail written on Ubuntu site : Samba/SambaClientGuide

Read Some More Articles

15 Comments

  1. On step 9, it should be

    netbios-ssn 139/tcp
    netbios-ssn 139/udp

    You have both of them on udp.
    Same thing on “Samba Server port numbers” section.

  2. [root@localhost media]# mount -t cifs //192.168.174.132/finance -o username=user1 /media/samba/
    Password for user1@//192.168.174.132/finance: ****
    mount error(13): Permission denied
    Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

  3. Tras seguir lo indicado aca, no me dejaba escribir en la carpeta compartida, en 7, hay que validar el Selinux y habiiltar el contexto para comparticion, en este caso

    # semanage fcontext -a -t public_content_rw_t ’/sharedrepo(/.*)?’
    # restorecon -R -v /sharedrepo
    # setsebool -P allow_smbd_anon_write 1

    fyi…

    1. Thank You Katya,

      I would like to translate your spanish words and I believe rest commands part ,everyone can understand.

      “Tras seguir lo indicado aca, no me dejaba escribir en la carpeta compartida, en 7, hay que validar el Selinux y habiiltar el contexto para comparticion, en este caso”

      Thank you for comment, it is helpful 🙂

      Regards
      Sharad

  4. Hi thanks a Lott for such articles..

    Love to see more articles coming in this website..

    If possible can u upload some real time production oriented article

    But I will visit every time your website..

  5. Well, everything is fine on the Linux side regarding sharing my stuff CentOS to Fedora and Linux Mint, but i cant get access with my shitty Windows 10 !!!

    error msg “The specified network password is not correct” WTF!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.