How to Install and Configure Samba on Linux | CentOS 7 Server
How to Install and Configure Samba on Linux | CentOS 7 Server
Samba is an open-source re-implementation of the SMB/CIFS file-sharing protocol. Server Message Block (SMB) Protocol is a file-sharing protocol over the network.
Today, we will learn how to install Samba on CentOS 7 server. We will create two users:
- User 1
- User 2
We will also create a Group:
- Group 1
Next, we will add these users to this group and open firewall settings to allow Samba Share over the server.
Step 1: Install Samba Server
So, for the test environment, we are using following servers:
- Samba / NFS server 1: CentOS 7, we will install samba on this server.
- Samba Client 1: Windows 10, we will try to access shared data from this server.
- Samba Client 2: CentOS 7, we will try to access shared data from this server.
On Samba serve 1, install following packages:
# yum update && yum upgrade
# yum install samba samba-client samba-commonStep 2: Add system users and set up permissions
We will create the users and add them to a group in order to promote group collaboration.
We will also change the permissions of the group as per our needs. For our case, we will setup as 0770. You can use the following commands:
# groupadd group1 (Add the group)
# useradd user1 (Add the first user)
# useradd user2 (Add the second user)
# usermod -a -G group1 user1 (Add the first user to the group)
# usermod -a -G group1 user2 (Add the second user to the group)
# mkdir /group-directory (Make a group directory)
# chmod 0770 /group-directory (Set permissions of the group directory)
# chgrp group1 /group-directory (Set group ownership of the group directory)Step 3: Set up Firewall Rules
In order to allow Samba share, we will have to either disable SELinux or set proper permissions to allow Samba share from the server.
Use the following commands to allow samba share:
# setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 # getsebool –a | grep samba_export # semanage fcontext –at samba_share_t "/group-directory(/.*)?" # restorecon /group-directory
Also, allow Samba traffic through firewalld:
# firewall-cmd --permanent --add-service=samba
# firewall-cmd --reloadSometimes, you might run into an error:
If firewall-cmd doesn’t work, install the firewall command on your CentOS server by running the following command:
# yum install firewalld
# systemctl enable firewalld
# systemctl start firewalld
Verify
# firewall-cmd --stateStep 4: Configure Samba Share Settings
Once the Samba is installed on your server, it creates a configuration file in /etc/samba/smb.conf. Any share from the server is defined at this location. If you want to create a share, you can add your share in that file as follows:
# nano /etc/samba/smb.conf
Add your share as follows:
[share-name]
browsable=yes
path=/group-directory
public=no
valid users=@group1
write list=@group1
writeable=yes
create mask=0770
Force create mode=0770
force group=group1Save the file and run the following command to test the share:
# testparmThis command helps us to figure out if there is an error in the share created.
Step 5: Add Samba Users
Now we are ready to add samba users who will access the samba share created in the previous step.
Samba users have to be created separately, however, in order to create samba user, a system user must exit. We already created system user in Step 2 and now we will create Samba user with the same name:
# smbpasswd -a user1
# smbpasswd -a user2You can set-up a temporary password for the users which can be changed later.
Step 6: Limit SSH access for the users
Most of the time, system administrators want to limit or block SSH access for the users to the Linux servers. That is why we configure Samba share on the servers so that they can access the shared files on the server without any need to SSH into the server.
However, if the SSH access is blocked, users cannot change their SMB password without system administrator’s help. So, a work-around to fix this issue is as follows:
- Allow SSH access to the users.
- Use ‘Force command’ for the users so that they have to change their samba password.
- Exit the server
With the above-mentioned workaround, users will be forced to execute only one command, that is, ‘smbpasswd‘ and then they will exit the server.
In order to implement the solution, go to /etc/ssh/sshd_config file, and add the following content to the file:
# nano /etc/ssh/sshd_config
Go to the last line of the file and add these lines:
AllowGroups group_name
Match Group group_name
ForceCommand smbpasswdSave and exit the file and execute the following command:
# systemctl restart sshdAccess the share from other machines over the network
Now, you are ready to access the share from client machines. It could be a Linux machine or a Windows Machine.
Accessing the share from Windows machine
- Go to File Explorer
- Click on This PC
- Click on the ‘drop-down’ menu on the top-right corner and then click on ‘Map network drive’
- Provide a shared path (\\samba-server1\share-name or \I.P address\share-name) of the server name that you created in Step 4 of the previous section and click on ‘Connect using different credentials’:
- The username will be .\user1. We used ‘.\’ before the username because we are connecting to a different server which might not be connected to the same domain as the client computer.
Accessing the share from Linux machine
- In order to access the shared samba server from a Linux machine, install samba-client and cifs-utils by using these commands:
# yum update && yum upgrade
# yum install samba samba-client samba-common cifs-utils- Next, mount the shared drives by using the following command:
# mount //samba-server1/share-name /local-folder/samba -o username=user1 password=password
OR
# mount //IP address/share-name /local-folder/samba -o username=user1 password=password- You can also add this mount permanent in your /etc/fstab file so that you don’t need to mount it daily:
# nano /etc/fstab
Add following lines to the file:
//IP Address/share-name /local-folder/samba -o username=user1 cifs,defaults 0 0
Save and Exit the File and run following command:
# mount -a