Samba is a software package that enables you to share files, printers, and other common resources across a network. It is an invaluable tool for any working environment. One of the most common ways to share file resources across a heterogeneous network (meaning different computer systems such as Windows and Linux) is to install and configure Samba as a standalone file server to provide basic file-sharing services through user level security with the use of the system user's home directories. Standalone servers are configured to provide local authentication and access control to all the resources they maintain. All in all, every administrator knows that Samba remains a very popular open source distribution, and it is the purpose of this recipe to show you how to deliver an instant approach to file sharing that provides the seamless integration of any number of users on any type of modern computer across your entire working environment.
To complete this recipe, you will require a working installation of the CentOS 7 operating system with root privileges, a console-based text editor of your choice, and a connection to the Internet in order to facilitate the download of additional packages. It is expected that your server will use a static IP address.
Samba is not installed by default, and for this reason we will begin by downloading and installing the required packages.
root
and type the following command in order to install the required packages:yum install samba samba-client samba-common
mv /etc/samba/smb.conf /etc/samba/smb.conf.BAK
vi /etc/samba/smb.conf
[global] unix charset = UTF-8 dos charset = CP932 workgroup = <WORKGROUP_NAME> server string = <MY_SERVERS_NAME> netbios name = <MY_SERVERS_NAME> dns proxy = no wins support = no interfaces = 127.0.0.0/8 XXX.XXX.XXX.XXX/24 <NETWORK_NAME> bind interfaces only = no log file = /var/log/samba/log.%m max log size = 1000 syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d
WORKGROUP_NAME
is the name of the Windows workgroup. Use the standard Windows name WORKGROUP
if you don't have this value. MY_SERVERS_NAME
refers to the name of your server. In most situations, this could be in the form of FILESERVER
or SERVER1
and so on. XXX.XXX.XXX.XXX/XX
refers to the primary network address that your Samba service is operating at, for example, 192.168.1.0/24
. NETWORK_NAME
refers to the name of your Ethernet interface. This could be enp0s8
.
security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Entersnews*spassword:* %n *Retypesnews*spassword:* %n *passwordsupdatedssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = no
domain master = no local master = no preferred master = no os level = 8
[homes] comment = Home Directories browseable = no writable = yes valid users = %S create mask =0755 directory mask =0755
testparm
john
, to the Samba user management system (this is for testing later; change it appropriately to a user name on your system):smbpasswd -a john
firewall-cmd --permanent --add-service=samba && firewall-cmd --reload
setsebool -P samba_enable_home_dirs on
samba
and nmb
services will start up during the boot process and start them right away:systemctl enable smb && systemctl enable nmb systemctl start smb && systemctl start nmb
It was the purpose of this recipe to install Samba and configure its file sharing services, thus providing full connectivity across all modern computer systems in your network.
So, what did we learn from this experience?
Having installed the necessary packages, we renamed the originally installed configuration file to have a backup in place if anything broke later, and then we began setting up Samba from scratch, starting with an empty smb.conf
configuration file. Having opened this new file, we began with the global configuration options; the first step was to declare compatibility with Unicode-based character sets. You will need to be aware that the values can vary as a result of your circumstances and network. Read more at man smb.conf
.
Having done this, we then proceeded to confirm the name of our workgroup and server, disable WINS, establish a Samba log file, and register the network interface. Then, we elected the following standalone options by choosing a user-based security option, password encryption, and a tdbsam
database backend. The preferred mode of security is user-level security, and using this approach implies that each share can be assigned to a specific user. Therefore, when a user requests a connection for a share, Samba authenticates this request by validating the given username and password with the authorized users in the configuration file and the Samba database. Next, we added the master
information. In the case of a mixed operating system environment, a known conflict will result when a single client attempts to become the master browser. This situation may not disrupt the file-sharing service as a whole, but it will give rise to a potential issue being recorded by the Samba log files. So by configuring the samba server to not assert itself as the master browser, you will be able to reduce the chance of such issues being reported. So, having completed these steps, the recipe then considered the main task of enabling the homes
directory file-sharing. Of course, you can experiment with the options shown, but this simple set of instructions not only ensures that valid users will be able to access their home directory with the relevant read/write permissions, but also, by setting the browseable
flag to no
, you will be able to hide the home directory from public view and achieve a greater degree of privacy for the user concerned. In our setup, Samba works with your Linux system users, but you should remember that any existing or new user is not added automatically to Samba and must be added manually using smbpasswd -a
.
So, having saved your new configuration file, we tested its correctness using the testparm
program and opened the Samba related incoming ports in firewalld using the samba
service. The next step was to ensure that Samba and its related processes would be made available during the boot process using systemctl
. Samba requires two primary processes in order to work correctly: smbd
and nmbd
. Beginning with smbd
, it is the role of this service to provide file-sharing, printing services, user authentication, and resource locking to Windows-based clients using the SMB (or CIFS) protocol. At the same time, it is the role of the nmbd
service to listen, understand, and reply to the NetBIOS name service's requests.
Consequently, our final task was to start both the Samba service (smb
) and the associated NetBIOS service (nmb
).
You now know how incredibly simple Samba is to install, configure, and maintain. There is always more to learn, and yet this simple introduction has served to illustrate Samba's relative ease of use and the simplicity of its syntax. It has delivered a solution that has the ability to support a wide variety of different needs and a range of different computer systems, one that will fulfill your file-sharing requirements for many years to come.
You can test our Samba server configuration from any client in your network that can ping the server. If it is a windows-based client, open the Windows Explorer address bar and use the following syntax: \<ip address of the Samba server><linux username>
. For example, we use \192.168.1.10john
(on successfully connecting to it, you need to enter your Samba username's password). On any Linux client system, (the package, samba-client
, needs to be installed on CentOS 7) to list all the available shares of an NFS server, use the following line:
smbclient -L <hostname or IP address of NFS server> -U <username>
In our example, we would use the following:
smbclient -L 192.168.1.10 -U john
To test, mount a share (this requires the cifs-utils
package on CentOS 7) with the following syntax:
mount -t cifs //<ip address of the Samba server>/<linux username> <local mount point> -o "username=<linux username>"
In our example, we would use the following:
mkdir /mnt/samba-share mount -t cifs //192.168.1.10/john /mnt/samba-share -o "username=john"
You can also put this import in the /etc/fstab
file for permanent mounting using the following syntax:
//<server>/<share> <mount point> cifs <list of options> 0 0
for example:
For example, add the following line to the file:
//192.168.1.10/john /mnt/samba-share cifs username=john,password=xyz 0 0
If you don't want to use passwords in plaintext in this file, read the section about credentials using man mount.cifs
, then create a credentials file and protect it with chmod 600
in your home directory so that no other person can read it.
Here in this chapter, we showed you how to configure Samba as a standalone server and enable home directories, and how to connect to it from a client to get you started. But Samba can do so much more! It can provide printing services or act as a complete domain controller. If you want to learn more, feel free to visit https://www.packtpub.com/ to learn more about other available material.