Samba is a software package that enables you to share files, printers, and other common resources across a network. It is an invaluable tool for any working environment. One of the most common ways to share file resources across a heterogeneous network (meaning different computer systems such as Windows and Linux) is to install and configure Samba as a standalone file server to provide basic file-sharing services through user-level security with the use of the system user’s home directories. Standalone servers are configured to provide local authentication and access control to all the resources they maintain. All in all, every administrator knows that Samba remains a very popular open source distribution, and it is the purpose of this process to show you how to deliver an instant approach to file sharing that provides the seamless integration of any number of users on any type of modern computer across your entire working environment.
To Start With: What Do You Need?
To complete this process, you will require a working installation of the CentOS 7 operating system with root privileges, a console-based text editor of your choice, and a connection to the Internet in order to facilitate the download of additional packages. It is expected that your server will use a static IP address.
The Process
Samba is not installed by default, and for this reason we will begin by downloading and installing the required packages.
- To do this, log in as root and type the following command in order to install the required packages:
yum install samba samba-client samba-common - Having done this, the first step is to rename the original configuration file:
mv /etc/samba/smb.conf /etc/samba/smb.conf.BAK - Now, create a new configuration file in your preferred text editor by typing the following:
vi /etc/samba/smb.conf - Begin building your new configuration by adding the following lines, replacing the values shown with values that better represent your own needs:
[global]
unix charset = UTF-8
dos charset = CP932
workgroup = <WORKGROUP_NAME>
server string = <MY_SERVERS_NAME>
netbios name = <MY_SERVERS_NAME>
dns proxy = no
wins support = no
interfaces = 127.0.0.0/8 XXX.XXX.XXX.XXX/24 <NETWORK_NAME>
bind interfaces only = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %dNote
WORKGROUP_NAME is the name of the Windows workgroup. Use the standard Windows name WORKGROUP if you don’t have this value. MY_SERVERS_NAME refers to the name of your server. In most situations, this could be in the form of FILESERVER or SERVER1 and so on. XXX.XXX.XXX.XXX/XX refers to the primary network address that your Samba service is operating at, for example, 192.168.1.0/24. NETWORK_NAME refers to the name of your Ethernet interface. This could be enp0s8. -
We will now configure Samba as a standalone server. To do this, simply continue to add the following lines to your main configuration file:
security = userencrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = no -
For the purpose of this process, we do not intend to configure Samba as a domain master or master browser. To do this, add the following lines:
domain master = no
local master = no
preferred master = no
os level = 8 -
We will now add support for home directory sharing by enabling valid users to access their home directories. This feature will support the appropriate read/write permissions and all folders will remain private from other users. To do this, add the following new lines:
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mask =0755
directory mask =0755 -
Save and close the file. To test the syntax of the Samba configuration file we just created, use the following:
testparm -
Now, add an existing system user, john, to the Samba user management system (this is for testing later; change it appropriately to a user name on your system):
smbpasswd -a john -
Now, save the file and close it; back on the command line, open the ports in the firewall:
firewall-cmd --permanent --add-service=samba && firewall-cmd --reload -
Configure SELinux to use the Samba home directory:
setsebool -P samba_enable_home_dirs on -
Now, ensure that the samba and nmb services will start up during the boot process and start them right away:
systemctl enable smb && systemctl enable nmb systemctl start smb && systemctl start nmb
How Does It Work?
It was the purpose of this process to install Samba and configure its file-sharing services, thus providing full connectivity across all modern computer systems in your network.
So, what did we learn from this experience?
Having installed the necessary packages, we renamed the originally installed configuration file to have a backup in place if anything broke later, and then we began setting up Samba from scratch, starting with an empty smb.conf configuration file. Having opened this new file, we began with the global configuration options; the first step was to declare compatibility with Unicode-based character sets. You will need to be aware that the values can vary as a result of your circumstances and network. Read more at man smb.conf.
Having done this, we then proceeded to confirm the name of our workgroup and server, disable WINS, establish a Samba log file, and register the network interface. Then, we elected the following standalone options by choosing a user-based security option, password encryption, and a tdbsam database backend. The preferred mode of security is user-level security, and using this approach implies that each share can be assigned to a specific user. Therefore, when a user requests a connection for a share, Samba authenticates this request by validating the given username and password with the authorized users in the configuration file and the Samba database. Next, we added the master information. In the case of a mixed operating system environment, a known conflict will result when a single client attempts to become the master browser. This situation may not disrupt the file-sharing service as a whole, but it will give rise to a potential issue being recorded by the Samba log files. So by configuring the samba server to not assert itself as the master browser, you will be able to reduce the chance of such issues being reported. So, having completed these steps, the process then considered the main task of enabling the homes directory file-sharing. Of course, you can experiment with the options shown, but this simple set of instructions not only ensures that valid users will be able to access their home directory with the relevant read/write permissions but also, by setting the browseable flag to no, you will be able to hide the home directory from public view and achieve a greater degree of privacy for the user concerned. In our setup, Samba works with your Linux system users, but you should remember that any existing or new user is not added automatically to Samba and must be added manually using smbpasswd -a.
So, having saved your new configuration file, we tested its correctness using the testparm program and opened the Samba related incoming ports in firewalld using the samba service. The next step was to ensure that Samba and its related processes would be made available during the boot process using systemctl. Samba requires two primary processes in order to work correctly: smbd and nmbd. Beginning with smbd, it is the role of this service to provide file-sharing, printing services, user authentication, and resource locking to Windows-based clients using the SMB (or CIFS) protocol. At the same time, it is the role of the nmbd service to listen, understand, and reply to the NetBIOS name service’s requests.
Note
Samba often includes another service call named winbindd, but it has been largely ignored because the intention to provide a Windows Internet Naming Service (WINS)-based service or Active Directory authentication requires additional consideration, which is beyond the scope of this process.
Consequently, our final task was to start both the Samba service (smb) and the associated NetBIOS service (nmb).
You now know how incredibly simple Samba is to install, configure, and maintain. There is always more to learn, and yet this simple introduction has served to illustrate Samba’s relative ease of use and the simplicity of its syntax. It has delivered a solution that has the ability to support a wide variety of different needs and a range of different computer systems, one that will fulfill your file-sharing requirements for many years to come.
There's more…
You can test our Samba server configuration from any client in your network that can ping the server. If it is a Windows-based client, open the Windows Explorer address bar and use the following syntax: \\<ip address of the Samba server>\<linux username>. For example, we use \\192.168.1.10\john (on successfully connecting to it, you need to enter your Samba username’s password). On any Linux client system, (the package, samba-client, needs to be installed on CentOS 7) to list all the available shares of an NFS server, use the following line:smbclient -L <hostname or IP address of NFS server> -U <username>
In our example, we would use the following:smbclient -L 192.168.1.10 -U john
To test, mount a share (this requires the cifs-utils package on CentOS 7) with the following syntax:mount -t cifs //<ip address of the Samba server>/<linux username> <local mount point> -o "username=<linux username>"
In our example, we would use the following:mkdir /mnt/samba-share
mount -t cifs //192.168.1.10/john /mnt/samba-share -o "username=john"
You can also put this import in the /etc/fstab file for permanent mounting using the following syntax://<server>/<share> <mount point> cifs <list of options> 0 0
for example: For example, add the following line to the file://192.168.1.10/john /mnt/samba-share cifs username=john,password=xyz 0 0
If you don’t want to use passwords in plaintext in this file, read the section about credentials using man mount.cifs, then create a credentials file and protect it with chmod 600 in your home directory so that no other person can read it.
Here in this article, we showed you how to configure Samba as a standalone server and enable home directories, and how to connect to it from a client to get you started. But Samba can do so much more! It can provide printing services or act as a complete domain controller. If you want to learn more, feel free to visit https://www.packtpub.com/ to learn more about other available material.
