Difference between revisions of "Basic samba server configuration"

From Notes_Wiki
m
m
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
<yambe:breadcrumb>Samba server configuration | Samba</yambe:breadcrumb>
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Samba server configuration]] > [[Basic samba server configuration]]
=Basic samba server configuration=


==Disable SELinux==
==Disable SELinux==
Line 12: Line 11:




==Configure samba server==
=Configure samba server=


===Guest or anonymous access configuration===
==Guest or anonymous access configuration==
*In order to share files using "Samba server" on linux edit file '<tt>/etc/samba/smb.conf</tt>' and enter values for following parameters:
*In order to share files using "Samba server" on linux edit file '<tt>/etc/samba/smb.conf</tt>' and enter values for following parameters:
*:<pre>
*:<pre>
Line 66: Line 65:




This is very basic samba configuration. Samba can be connected to Windows domains or ldap servers. It can be used to share printers and can support very complex authentication / security settings.  For more information refer to man pages and samba3x documentation available at /usr/share/doc/samb3x-doc-&lt;version&gt;


===Samba swat web interface===


*We can also install package named 'samba3x-swat' which provides GUI interface for configuring samba server. After installing 'samba3x-swat' we need to change 'disable' to 'no' in file '/etc/xinetd.d/swat'. We also need to start xinetd service and enable it on start-up using 'service xinetd start' and 'chkconfig xinetd on' respectively.
*:Then we can open http://localhost:901/ in web browser and enter Linux root username and password to change samba configuration using samba swat interface from network.


 
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Samba server configuration]] > [[Basic samba server configuration]]
 
===Authenticating with username / password for samba share===
*Requiring username, password for file access. For authentication the 'security' parameter in global section should have value 'user' and not 'share'. 'user' is also default value for 'security' parameter in smb.conf configuration file. The password file is specified using 'passdb backend' parameter for which default value is 'smbpasswd'. If one wants we can explicity define these two default values in smb.conf file using:
*:<pre>
*:: security = user
*:: passdb backend = smbpasswd
*:</pre>
*To restrict access to a share for a particular user we can use 'valid users' configuration parameter. In this we can specify names of samba users who are allowed to access particular share. Note that this names are of 'samba' users and not of Linux users. Samba user to Linux user mapping is defined in file 'smbusers' in format
*:<pre>
*:: unix_user_name = smb_username1  smb_username2  smb_username3 ...
*:</pre>
*For example to restrict access to share named 'samba_shared' using samba username 'root' we can use
*:<pre>
*:: valid users = root
*:</pre>
*:to specify that only 'root' Linux user is allowed to access this share. Then we need to set password for samba    usernames linked with Linux user named root using '<tt>smbpasswd -a root</tt>' command.
*Note that '-a' option is required when setting password for first time to add user to smbpasswd database. In subsequent calls we can just use 'smbpasswd root' to change root password. Now use 'testparm' command to test configuration and if everything is fine then use '<tt>service smb restart</tt>' to make new settings take effect.
*Now test from a windows machine using username 'root' and password that you have set using 'smbpasswd' command.
*Now if we want a Samba user named test then we can create first Linux user named test using
*:<pre>
*:: useradd test
*:</pre>
*Change shell of user test to /sbin/nologin for security
*:<pre>
*:: usermod -s /sbin/nologin test
*:</pre>
*Then add user test to smbpasswd database using
*:<pre>
*:: smbpasswd -a test
*:</pre>
*Then we can specify '<tt>valid users=test</tt>' for shares that we want only to be accessible from user test.
 
 
This are very basic samba configuration tools. Samba can be connected to Windows domains or ldap servers. It can be used to share printers and can support very complex authentication / security settings. More can be explored by reading man pages and samba3x documentation available in /usr/share/doc/samb3x-doc-&lt;version&gt; folder.
 
 
<yambe:breadcrumb>Samba server configuration | Samba</yambe:breadcrumb>

Latest revision as of 09:38, 14 July 2022

Home > CentOS > CentOS 6.x > Samba server configuration > Basic samba server configuration

Disable SELinux

To configure samba server on Linux machine first disable SELinux. Configuration of Samba with SELinux will be explored later.


Ensure samba packages have been installed

  • Use command "rpm -qa | grep samba" to see which packages related to Samba are installed on current machine. At least samba-client and samba-common should be installed if you want to connect to Samba shares of Windows XP machines. For Windows 7 or Windows server 2008 one needs to upgrade to samba3x packages. Again if you also want to share files then 'samba3x' package is also required along with 'samba3x-client' client package. It makes sense to download 'samba3x-doc' package so that one can refer to samba documentation as and when required.


Configure samba server

Guest or anonymous access configuration

  • In order to share files using "Samba server" on linux edit file '/etc/samba/smb.conf' and enter values for following parameters:
    workgroup = <workgroup to join>
    server string = <description of computer>
    netbios name = <name for computer>
  • You can optionally comment 'server string' using ';' or '#' if you do not want to provide any description. Except parameters
    log file
    max log size
    security
    which are defined in [global] section comment everything else. Set security to 'share' and use default values for log file and its size.
  • Create a folder which would be shared using samba. Do not create this folder in /home or in /root. You can create something like /samba_shared. Use 'chmod 755 <folder_path>'.
  • Add following lines at end of smb.conf file:
    [<share_name>]
    path=<full_path_to_folder>
    read only = yes
    guest ok = yes
  • For example:
    [samba_shared]
    path=/samba_shared
    read only = yes
    guest ok = yes
  • Then use "service smb start" to start samba service.
  • To test setup from Windows machine, go to windows machine and type "\\<IP address>" in run window. You should be able to see share with name you have specified in configuration file. You can go inside that folder without entering any username / password. But you would not be able to create any file or folder inside that share.
  • To make a writable folder first use 'chmod 777 <folder_path>' and then edit 'smb.conf' to make
    read only = no".
    Then use 'service smb restart'. Now you should be able to create files in the shared folder.
  • You can enable samba service to automatically run on start-up using 'chkconfig smb on'.
  • Note that all this is alone not enough to make samba server appear when someone uses 'View Workgroup Computers' or tries 'nmblookup domain_name'. To make samba server respond to nmb queries we need to start nmb service.
    Note that there are two services 'smb' and 'nmb'. 'smb' listens on TCP port 139 and 445 and 'nmb' listens on UDP port 137 and 138. 'smb' service is required for sharing folders and 'nmb' is required to list server along with other workgroup computers and to be able to open computer using '\\<netbios_name>' instead of IP address.
    Hence you can also use 'service nmb start' and 'chkconfig nmb on'.
  • Note that by default guest account has value nobody. That is by default samba guest users are mapped to Linux user nobody. If for some reason you want to change this then you can use configuration parameter
    guest account = <linux_user_name_to_use_for_guest_account>
    'guest ok' parameter is same as 'public' parameter and are significant only when 'security' parameter is set to value 'share'.
  • We can use command
    testparm /etc/samba/smb.conf
    to check samba configuration file for syntax errors after modifying it and before restarting smb service.


This is very basic samba configuration. Samba can be connected to Windows domains or ldap servers. It can be used to share printers and can support very complex authentication / security settings. For more information refer to man pages and samba3x documentation available at /usr/share/doc/samb3x-doc-<version>


Home > CentOS > CentOS 6.x > Samba server configuration > Basic samba server configuration