SMB: Provide network shares to specific clients.

Install the Samba package group:

# yum groupinstall -y "CIFS file server"

Create a new /etc/samba/smb.conf file and add the following lines (for a workgroup named MYGROUP, a server called MYSERVER, a local network with IP addresses in 192.168.1.0/24, a user named user01 and a share called shared):

workgroup = MYGROUP
server string = Samba Server Version %v
netbios name = MYSERVER
interfaces = lo eth0 192.168.1.0/24
hosts allow = 127. 192.168.1.
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
[shared]
comment = Shared directory
browseable = yes
path = /shared
valid users = user01
writable = yes

Note: with “passdb backend = tdbsam“, passwords are stored in the /var/lib/samba/private/passdb.tdb file.

Check the syntax of the configuration file:

# testparm

Create the shared directory:

# mkdir /shared

Set up the correct SELinux type:

# yum install -y setroubleshoot-server
# semanage fcontext -a -t samba_share_t "/shared(/.*)?"
# restorecon -r /shared

Add the following new rules to the firewall:

# iptables -I INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
# iptables -I INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

Save the firewall configuration:

# service iptables save

Activate Samba services at boot:

# chkconfig smb on
# chkconfig nmb on
# chkconfig winbind on

Start Samba services:

# service smb start
# service nmb start
# service winbind start

Create the samba user user01 with the password pass:

# useradd -s /sbin/nologin user01
# smbpasswd -a user01

Check the configuration:

# yum install -y samba-client
# smbclient //localhost/shared -U user01%pass