RHEL7: Provide SMB network shares to specific clients.

Share this link

Note: This is an RHCE 7 exam objective.

Configuration Procedure

Install the Samba packages:

# yum groupinstall -y "file-server"
# yum install -y samba-client samba-winbind

Create a new /etc/samba/smb.conf file and add the following lines (for a workgroup named MYGROUP, a server called MYSERVER, a local network with IP addresses in 192.168.1.0/24, a user named user01 and a share called shared):

workgroup = MYGROUP
server string = Samba Server Version %v
netbios name = MYSERVER
interfaces = lo eth0 192.168.1.0/24
hosts allow = 127. 192.168.1.
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
[shared]
comment = Shared directory
browseable = yes
path = /shared
valid users = user01
writable = yes

Note: with “passdb backend = tdbsam“, passwords are stored in the /var/lib/samba/private/passdb.tdb file.

Check the syntax of the configuration file:

# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[shared]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
    workgroup = MYGROUP
    netbios name = MYSERVER
    server string = Samba Server Version %v
    interfaces = lo, eth0, 192.168.1.0/24
    log file = /var/log/samba/log.%m
    max log size = 50
    idmap config * : backend = tdb
    hosts allow = 127., 192.168.1.

[shared]
    comment = Shared directory
    path = /shared
    valid users = user01
    read only = No

Create the shared directory:

# mkdir /shared

Give full access rights to the new directory:

# chmod 777 /shared

Create a file inside called test:

# echo "This is a test." > /shared/test

Set up the correct SELinux context:

# yum install -y setroubleshoot-server
# semanage fcontext -a -t samba_share_t "/shared(/.*)?"
# restorecon -R /shared

Add the new service to the firewall:

# firewall-cmd --permanent --add-service=samba

Reload the firewall configuration:

# firewall-cmd --reload

Activate the Samba services at boot:

# systemctl enable smb
# systemctl enable nmb
# systemctl enable winbind

Start the Samba services:

# systemctl start smb
# systemctl start nmb
# systemctl start winbind

Create the samba user user01 with the password pass:

# useradd -s /sbin/nologin user01
# smbpasswd -a user01
New SMB password: pass
Retype new SMB password: pass
Added user user01.

Check the configuration:

# smbclient //localhost/shared -U user01%pass
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
  .                                   D        0  Sun Aug  3 00:19:00 2014
  ..                                  D        0  Sat Aug  2 23:16:27 2014
  test                                N        0  Sun Aug  3 00:15:20 2014

        47356 blocks of size 65536. 26414 blocks available

Additional Resources

Useful information about SELinux and Samba is available in the RHEL 7 SELinux User’s and Administrator’s Guide.
Fedora documentation‘s got a chapter about Configuring Samba.
You can also read the Samba Howto.
The learnitguide website provides a tutorial about Configuring a Samba server on RHEL 7.
The Lisenet website offers a tutorial about Setting up a Samba Server with SELinux on RHEL 7.

Beyond the exam objectives, at Linux.conf.au 2017, Andrew Bartlett gaves a presentation about the status of Samba (34min/2017).
The Howtoforge website provides a tutorial about Installing a Samba 4 Domain Controller on CentOS 7.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Leave a Reply

37 Comments on "RHEL7: Provide SMB network shares to specific clients."

Notify of
Sort by:   newest | oldest
redhat0329
Member
redhat0329
workgroup = MYGROUP server string = Samba Server Version %v netbios name = MYSERVER interfaces = lo eth0 192.168.1.0/24 hosts allow = 127. 192.168.1. log file = /var/log/samba/log.%m max log size = 50 security = user passdb backend = tdbsam [shared] comment = Shared directory browseable = yes path = /shared valid users = user01 writable = yes Hi CertDepot, On hosts allow, ip 127. 192.168.1. shouldn’t have any space (correct value is 127.192.168.1). We’ll I have just copied/pasted it on /etc/samba/smb.conf file as instructed and changed only interfaces based on my test server. I’ve got an error message while… Read more »
Gjorgi
Member
Gjorgi

All went well till the very last step where I need to test configuration. I never get to the smb prompt. At smbclient //localhost/shares -U user01%pass, I get response:
Domain=[SAMBAGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME

Years ago, I got to deal with a Samba setup and there were few pretty miserable failures despite following official docs of the day, I didn’t have high expectations while following this guide and my suspicions were correct: Samba is still miserable.

Gjorgi
Member
Gjorgi

Resolved. It was a stanza in the smb.conf. Instead of substituting [shared] with my own custom samba share I created, I went on and copied [shared]. When I put [my_custom_share] as a stanza, I got to the smb prompt.

beginner
Member
beginner

Hi Guys, this is a great tutorial. Thanks for putting it together. I have a question about the client side. Is there a _netdev option that is needed if I were to add samba in to the fstab? I’ve been looking for examples online with little luck. I was assuming that if you used the cifs mount type it would know to about the network dependency.

mohit.3616
Member
mohit.3616

How can I connect linux to Windows?

kkroopani
Member
kkroopani

I am getting permission denied when I login from client, does anyone know why?

mount -v -t cifs //192.168.2.27/home /mnt/smbshr/ -o username=smbuser
Password for smbuser@//192.168.2.27/home: ********

group = MYGROUP
server string = Samba Server AKA Linux-server %v
interfaces = lo eth0 192.168.2.0/24
idmap config * : backend = tdb
hosts allow = 127. 192.168.2.

[home]
comment = homedir
path = /home
valid users = MYDOMAIN\%S
read only = No

Lisenet
Member

I’m able to mount the share by using your configuration above ensuring the home directory of my Samba user is created.

What’s the home directory for the user smbuser that you use? It must exist on the Samba server.

kkroopani
Member
kkroopani

/home/smbuser

brucemzn
Member
brucemzn

SELinux is preventing you from accessing the share. Inform SELinux of the custom changes. Use the following command.

# semanage fcontext –a –t samba_share_t “/home/smbuser(/.*)?”
# restorecon –R –v /home/smbuser

Tarlan
Member
Tarlan

Hi guys,

Is Kerberized Samba Shares providing RHCE exam ?

alexritm
Member
alexritm

local users or LDAP users should be granted access to the share? so, is it necessary to tune “passdb backend” option?

bsteiner36
Member
bsteiner36

Anyone have issues where the user id’s on the server and the client are mismatched and it causes issues with mounting or having correct permissions?
server1 passwd tom:1001:1001
server2 passwd tom:1002:1002

Lisenet
Member

What issues does it cause?

bsteiner36
Member
bsteiner36

For example
Server1 passwd tom:1001:1001 , larry1002:1002
Server2 passwd larry:1001:1001 , tom:1002:1002

When I log into server2 with the mounted share as tom it shows larry has privileges and vice versa.

hunter86_bg
Member
This is a completely natural behaviour. With Samba you have 2 control mechanisms: 1) Linux File System ACLs -> useless if the UID/GID of users do not match on different machines , but a great way to control in a LDAP environment.You need the “inherit acls = yes” option. 2) SAMBA control mechanism via “read list =” , “write list =” ,”valid users =” ,etc. If you rely on samba – you should set file system permissions to 777 ,as any user/group who has wrong UID/GID will be treated as “others”. I’d recommend you to use the second one –… Read more »
Lisenet
Member

You beat me to it. Exactly the point I wanted to make.

bsteiner36
Member
bsteiner36

Makes perfect sense. I guess I wasn’t aware that the write list and read list were separate from the file system permissions. I tested this and it works great. Thank you for the explanation.

Sam
Member
Sam

The SElinux configuration could be an issue as well. Double check these settings.

samuel.sappa
Member
samuel.sappa

hi CertDepot,
In my lab I found that share name must be same with the dir name we shared. Is normal behavior in samba (I’m using VirtualBox for my lab)?

Thanks for your info

hunter86_bg
Member

I had exported shares with different name (for example folder “/data” with exportname “//sambaserver/guestzone”) without a problem.

Sam
Member
Sam

I agree with hunter86_bg. I only got that issue when I got typos. Else check the version of the current Operating System, try update!

hunter86_bg
Member

I’ve done Samba with dir name different from share even in RHEL 7.0 during my prep for RHCE. It’s most probably a typo or SELinux.

samuel.sappa
Member
samuel.sappa

Thank you for explanation guys, yep it’s working recently using different both the shared dir and shared name. Maybe typo,space,SELinux or something like that
I’m now preparing to retake the RHCE exam next month.
God help me pass this one, though exam indeed

samuel.sappa
Member
samuel.sappa
It’s weird now it won’t work again here’s my smb.conf: 1.—-share name different with path— [model] path = /sharedsmb valid users = susan writable = yes browseable = yes using this configuration when I mount from client I got mount.cifs kernel mount options: ip=192.168.14.4,unc=\server1sharedsmb,user=susan,pass=******** Retrying with upper case share name mount.cifs kernel mount options: ip=192.168.14.4,unc=\SERVER1SHAREDSMB,user=susan,pass=******** mount error(6): No such device or address but when I’m using this —-share name and path using same name— [sharedsmb] path = /sharedsmb valid users = susan writable = yes browseable = yes it’s working. But I’m in doubt with this configuration. When I’m going… Read more »
samuel.sappa
Member
samuel.sappa
Now I’m find out what’s wrong, from the client side when we want to mount to server we must mount using the share name not the dir name (we shared) in my case when I want to mount configuration I must use mount -o username=susan //server1/model all this time when mounting to server I was using the dir name, that’s why if I make the share name and dir the same it work whsen not it won’t, because I’m mounting using the shared dir not the name of share maybe Certdepot already wrote it but I did not pay attention… Read more »
Sam
Member
Sam

There is a method to scan the target server for shared directories.
I am a little rusty on this one, you will need to check out the man pages

smbclient -L localhost
smbtree

hope this helps

sasaman344
Member
sasaman344

Hi Everyone,

If you have encountered the “NT_STATUS_LOGON_FAILURE” error when you try to connect to your share, that basically means that the samba service is trying to contact a domain controller, which in my case – did not exist.

Hence, You need to remove the following lines from your “smb.conf” file:
security = user
workgroup = WORKGROUP

And it would work perfectly!

BTW, Certdepot your site is awesome and very helpful!
Taking the exam on the 25th this month.

wpDiscuz

RHCSA7: Task of the day

Allowed time: 10 minutes.
Create two new user accounts "steve" and "oliver".
Create a group "team". Create a directory "shared".
All files put into the "shared" directory by "steve" or "oliver" should belong to the "team" group and be only visible by them.

RHCE7: Task of the day

Allowed time: 10 minutes.
Configure a httpd server that executes a Perl script in the /var/www/cgi-bin directory displaying "Hello!".

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...