You must installs below packages in
order to configure as samba server
yum
install cups-libs samba samba-common
Initially you must allow firewall to
access to samba server. Below ports should be allowed. In my server I
have used iptables as firewall so below rules will allow the samba
from firewall
-A
INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport
137 -j ACCEPT
-A
INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport
138 -j ACCEPT
-A
INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport
139 -j ACCEPT
-A
INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport
445 -j ACCEPT
you can restrict by source IP from
better security.
Then you need to concern about SeLinux
values. Since if you not enable boolean value then even home
directory not be able to share.
setsebool -P samba_enable_home_dirs on
setsebool -P samba_domain_controller on
If you want to share files/directories other than home directories or
standard directory. You should label these files/directories as
samba_share_t. For example if you created the directory
/home/fileserver, you can label the directory and its contents with
the chcon tool.
# chcon -R -t samba_share_t /home/fileserver
# chcon -R -t samba_share_t /home/fileserver
To make this label permanent issue the
below commands.
# semanage fcontext -a -t
samba_share_t ’/home/fileserver(/.*)?’
# restorecon -R -v /home/fileserver
# restorecon -R -v /home/fileserver
There are two booleans that you can set
to allow the sharing of standard directories. If you want to share
any standard directory read/only you can set the boolean
samba_export_all_ro.
# setsebool -P samba_export_all_ro 1
This boolean will allow Samba to read every file on the system.Similarly if you want to share all files and directories via Samba, you set the samba_export_all_rw
# setsebool -P samba_export_all_rw 1
This boolean would allow Samba to read and write every file on your system. So a compromised Samba server would be very dangerous.
# setsebool -P samba_export_all_ro 1
This boolean will allow Samba to read every file on the system.Similarly if you want to share all files and directories via Samba, you set the samba_export_all_rw
# setsebool -P samba_export_all_rw 1
This boolean would allow Samba to read and write every file on your system. So a compromised Samba server would be very dangerous.
for more details please refer below
link :
Then you need to configure the smb.conf
file as you want.
I have configured home and other shared
directories and my configuration file should be as below.
[Common]
comment
= All Users
path
= /home/common
valid
users =@users
force
group = users
create
mask = 0765
directory
mask = 0775
writable
= yes
If you need to enable home directories
that users can read and write to it below entry should be included.
[homes] comment = Home Directories browseable = no valid users = %S writable = yes create mask = 0700 directory mask = 0700
Now add the user to the Samba user database:
smbpasswd -a tom
No comments:
Post a Comment