Contact for queries :

Login

  UpComing Live WebEx Workshop Series

Samba Server configuration in Linux

As a Linux administrator, when you think Windows, you should also think Samba. Samba is a great technology that you can run on Linux allowing you to communicate and interact with Windows servers and clients.
A Samba server can host Windows shares, act as a print server, and in some more advanced cases
act as a backup domain controller for Windows domains.

Task 1: Installing Samba Services

Samba, which uses the CIFS/SMB protocol, is commonly brought up when you want Linux and Windows machines to be able to share files together. Aside from the file sharing uses, Samba also has some built-in functionality to run as a member server on a Windows domain, print server, or file server.
Let’s get started with the setup.
Step 1. Install the required packages for Samba:

# yum install –y samba samba-common samba-client

Step 2. Verify the package installation:

# rpm -qa | grep samba
samba-client-3.5.4-68.el6.x86_64
samba-3.5.4-68.el6.x86_64
samba-winbind-clients-3.5.4-68.el6.x86_64
samba-common-3.5.4-68.el6.x86_64

Step 3. Enable the service to start during boot:

# chkconfig smb on

Step 4. Verify that the service is set to start on boot:

# chkconfig smb –list
smb 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Task 2 : Configuring Samba Services

If you have never worked with Samba before, the number of options can seem overwhelming.
First, let’s look at the two services responsible for running Samba:

  • smbd Samba server daemon
  • nmbd NetBIOS service daemon

There are also a handful of config files:

  • /etc/samba/smb.conf Contains the main config file
  • /etc/samba/smbusers Maps Samba and Red Hat users
  • /etc/samba/smbpasswd Contains Samba user passwords

I’m sure you could have guessed by now that no service this complex comes without a group of management commands as well:

  • mount.cifs Mounts a Samba resource without root privileges
  • smbclient Connects to a Samba resource
  • smbpasswd Configures Samba users and passwords
  • smbstatus Displays the status of Samba connections
  • testparm Tests the syntax of the main config file for issues
  • umount.cifs Unmounts a Samba resource without root privileges

Now that you are completely overwhelmed with config files and commands, let’s take a step back and see what these things are actually used for. You need to edit the main config file to set up the Samba server and directories that you’d like to make into Samba shares.
Here is a sample /etc/samba/smb.conf config file you can use (just read through it for now):

# cat /etc/samba/smb.conf
### Global Data Section ###
[global]
### Define our workgroup and hostname information ###
workgroup = INET
server string = My Samba Server
netbios name = RHEL01
### Define the log file and its size ###
log file = /var/log/samba/%m.log
max log size = 50
### Use a local password file (/etc/samba/smbpasswd) ###
security = user
passdb backend = tdbsam
### Define printer settings ###
load printers = yes
printcap name = /etc/printcap
cups options = raw
### Samba Share for Company Data ###
[company_data]
### Define a comment for the share ###
comment = Directory for all employees within the company
### Allow users to access the share and define its location ###
browseable = yes
path = /opt/company_data
### Make the share writable and define access for valid users ###
valid users = user01
writable = yes
### Share for Samba printers ###
[printers]
### Define a comment for the share ###
comment = All Printers
Allow users to access the share and define its location ###
browseable = no
path = /var/spool/samba
### Set permissions and user access ###
guest ok = no
writable = no
printable = yes

 
To set up the file, do the following:
Step 1. Make a backup of the main config file so you can review the comments in it later:

# cp /etc/samba/smb.conf /etc/samba/smb.bk

Step 2. Copy the sample file provided here into a new main config file:

# nano /etc/samba/smb.conf

Step 3. Save the file and exit. Now you need to check that the config file has no syntax errors by using the testparm command:

Syntax: testparm [options] <config file> [hostname] [host IP]
Options:
-s Suppresses the prompt
-v Provides verbose output (shows the default options)

Check the syntax of the config file:

# testparm
Load smb config files from /etc/samba/smb.conf
Processing section “[company_data]”
Processing section “[printers]”
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
workgroup = INET
netbios name = RHEL01
server string = My Samba Server
log file = /var/log/samba/%m.log
max log size = 50
printcap name = /etc/printcap
cups options = raw
[company_data]
comment = Directory for all employees within the company
path = /opt/company_data
valid users = user01
read only = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

There are no errors in the output shown here, but you can see the global options displayed, including the different shares that are accessible to users. Before you can start connecting clients, however, you also need to create Samba users because they are separate from system users.
You can use the smbpasswd command to create a new Samba user.

Syntax: smbpasswd [options] [user]
Options:
-a Adds a user

-d Disables a user

-e Enables a user

-x Deletes a user

Note: Because you have specified to use the tdbsm back end, any user that you want to create for Samba must have an account locally on the Samba server.
Step 1. Create your first Samba user:

# smbpasswd -a user01
New SMB password:
Retype new SMB password:
Added user user01.

Step 2. Verify that the user was created successfully by using the pdbedit command:

# pdbedit -w -L
user01:501:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:17601CAE62CBC5D649CF7D1
951C42806:[
U ]:LCT-4D498DE8:

At this point, everything should be in place for your Samba server. You just need to make sure that the directories you specified to be a Samba share exists.
Step 1. If you haven’t done so already, start the Samba service:

# service smb start
Starting SMB services: [ OK ]

Step 2. Verify that the service is running:
# service smb status
smbd (pid 3145) is running…
SELinux and Firewall Configuration
 

Task 3: Configuring Firewall ports to allow smb traffic in Linux

If you are accustomed to Windows systems, you should already know what ports you need to open on the firewall.
Step 1. Use the iptables command to create your firewall rules:

# iptables -I INPUT 5 -p tcp -m tcp –dport 137 -j ACCEPT
# iptables -I INPUT 5 -p udp -m udp –dport 138 -j ACCEPT
# iptables -I INPUT 5 -p udp -m udp –dport 139 -j ACCEPT
# iptables -I INPUT 5 -p tcp -m tcp –dport 445 -j ACCEPT

Step 2. Save the rules you just created:

# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

Step 3. Restart the firewall service for the changes to take effect:

# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]

These four ports are very common to Windows administrators, as they are heavily used in Windows environments.
 

November 15, 2015

0 responses on "Samba Server configuration in Linux"

Leave a Message

Your email address will not be published. Required fields are marked *

About iGURKUL

IGURKUL I.T. Training Hub offering various Career Certification courses in Computer Networking, Unix, Linux, Cloud Computing and DevOps Technologies. With its rich experience in IT training service sector, iGURKUL has been able to set Industry best practices in IT Training for the past five years.

In Past five years, more than 5000 professionals have been trained by iGURKUL for System administration, Cloud Computing and DevOps Skill set through our Online Training portal www.unixadminschool.com. And , each day , more than 10000 working professionals from all over the globe visiting our knowledge base www.unixadminschool.com/blog for the best practices and Knowledge learning.

top
copyright protected - 2011 © igurkul I.T. solutions. All rights reserved.