Oracle

Home

Articles

Scripts

About

Printer Friendly

Forums

Blog

Samba

Certification

Linux
Misc

SMB

Search

Oracle 8i | Oracle 9i | Oracle 10g | Oracle 11g | Oracle 12c | Miscellaneous | PL/SQL | SQL | Oracle RAC | Oracle Apps |
Linux
Home Articles
Linux Here

Like

Tweet

Linux Samba Configuration

This article provides an introduction to Samba configuration on
Linux, with specific reference to the information needed for the
RHCE EX300 certification exam.
Remember, the exams are hands-on, so it doesn't matter
which method you use to achieve the result, so long as the end
product is correct.
Installation
Firewall
SELinux
Create Network Shares
Create Network Shares for Group Collaboration
Security
Mapping User Names
Mounting Samba Shares
Related articles.
Linux File Systems (mkfs, mount, fstab)
Linux NFS Configuration

Installation
The Samba service is installed from a Yum repository using the following command.
# yum install samba
Turn on the Samba server and make sure it starts automatically on reboot.
# service smb start
# chkconfig smb on
Samba is configured by altering the contents of the "/etc/samba/smb.conf" and "/etc/samba/smbusers" files.
Configuration changes have to be followed by a reload or a restart of the smb service.
#
#
#
#

service smb restart

# or
service smb reload
/etc/init.d/smb reload

Firewall
If you are using the Linux firewall, you need to open ports 139 and 445 specifically. The Samba documentation suggest
opening 3 additional ports also. Assuming you are using a firewall setup file, as described here, you can include the
following additions to the INPUT chain.
Translate

http://www.oracle-base.com/articles/linux/linux-samba-configuration.php

# Open ports for SAMBA.

iptables -A INPUT -p tcp
iptables -A INPUT -p tcp
iptables -A INPUT -p tcp
iptables -A INPUT -p tcp
iptables -A INPUT -p tcp

--dport
--dport
--dport
--dport
--dport

135
137
138
139
445

-j
-j
-j
-j
-j

ACCEPT
ACCEPT
ACCEPT
ACCEPT
ACCEPT

SELinux
If you are using SELinux, you will need to consider the following points.
The SELinux booleans associated with the Samba service are displayed using the getsebool command.
# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off
#
The setsebool command is used to set a specific boolean value.
# setsebool use_samba_home_dirs on
# setsebool use_samba_home_dirs off
The samba_share_t context should be assigned to all content.
# semanage fcontext -a -t samba_share_t "/u01(/.*)?"
# restorecon -F -R -v /u01
You can check the current context setting on files and directories using the "ls -alZ" command.
More information on SELinux can be found here.

Create Network Shares

Shares are created by editing the "/etc/samba/smb.conf" file. In RHEL5 and Fedora distributions you can use a GUI tool
called system-config-samba, but this has been removed from RHEL6.
The "/etc/samba/smb.conf" file contains an example share definition towards the bottom of the file. The ";" characters
are comments.
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;
[public]
;
comment = Public Stuff
;
path = /home/samba
;
public = yes
;
writable = yes
;
printable = no
;
write list = +staff
More detailed information is available using the "man smb.conf" or "info smb.conf" commands. The following
example defines a share accessible to a user called "john_doe" and members of the "developers" group.
[u01]

http://www.oracle-base.com/articles/linux/linux-samba-configuration.php

valid users = john_doe @developers

write list = john_doe @developers
path = /u01
writeable = yes
create mask = 0775
Remember to reload the configuration, or restart the smb service for the changes to take effect.
The next section shows a worked example, so this should make things a little clearer.

Create Network Shares for Group Collaboration

This section describes the steps necessary to create Samba shares suitable for group collaboration.
Create a group that will act as the owner of the shared files.
# groupadd developers
Create some users that are assigned to the "developers" group.
# useradd dev1 -G developers
# passwd dev1 # password set to dev1
# id dev1
uid=501(dev1) gid=504(dev1) groups=504(dev1),506(developers)
#
# useradd dev2 -G developers
# passwd dev2 # password set to dev2
# id dev2
uid=502(dev2) gid=505(dev2) groups=505(dev2),506(developers)
#
Set the Samba password for the users.
# smbpasswd -a dev1
New SMB password:
Retype new SMB password:
Added user dev1.
#
# smbpasswd -a dev2
New SMB password:
Retype new SMB password:
Added user dev2.
#
Create a directory to own the shared files, making sure its group is set correctly. The permissions are set to "g+rwx"
(0770), since the group is the defining factor in accessing data in this directory.
#
#
#
#

mkdir
chgrp
chmod
chmod

/developers_dir
developers /developers_dir
g+s /developers_dir
-R 770 /developers_dir

Add the following share into the "/etc/samba/smb.conf" file. Notice the 0770 permissions again, so users don't
accidentally create files that can't be amended by other members of the group.
[devshare]
browseable=yes
path = /developers_dir
force group = +developers
valid users = @developers
write list = @developers
create mask = 0770

http://www.oracle-base.com/articles/linux/linux-samba-configuration.php

force create mode = 660

Reload the Samba configuration.
# service smb reload
Reloading smb.conf file:
#

OK

From another machine, mount the share as the "dev1" user and create a file.
# mkdir -p /u01/dev1
# mount -t cifs -o rw,username=dev1,password=dev1 //192.168.0.190/devshare /u01/dev1
# echo "apples" >> /u01/dev1/test.txt
From another machine, mount the share as the "dev2" user and edit the file created previously.
# mkdir -p /u01/dev2
# mount -t cifs -o rw,username=dev2,password=dev2 //192.168.0.190/devshare /u01/dev2
# echo "oranges" >> /u01/dev2/test.txt
# cat /u01/dev2/test.txt
apples
oranges
#

Security
The basic user security model for Samba is quite simple. As shown previously, existing Linux users can be made into
Samba users by issuing the "smbpasswd -a" command. This allows shares to be made user-specific by adding the
users into the "valid users" and "write list" entries of the "/etc/samba/smb.conf" file.
In a similar manner, permissions can be at the group-level by specifying the group with a preceeding "@" symbol.
Host-level security can be controlled using the Linux Firewall, or by addition of the "hosts allow" or "hosts deny"
parameters to the share definitions on the "/etc/samba/smb.conf" file. If these settings are placed in the "[global]"
section of the file, they affect all share defintions.

Mapping User Names

The "/etc/samba/smbusers" file is used to map Samba user names to Linux user names, allowing for different naming
standards between machines running different operating systems. The default settings in the file map the common
Windows users of "admin" and "administrator" to the Linux "root" user.
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest

Mounting Samba Shares

The following links point to articles on this site about mounting Samba shares:
mount and unmount
/etc/fstab
Credentials File
For more information see:
Samba Documentation
RHEL6 Managing Confined Services : Samba
Linux man pages
RHCSA and RHCE
Linux File Systems (mkfs, mount, fstab)
Linux NFS Configuration
Hope this helps. Regards Tim...

http://www.oracle-base.com/articles/linux/linux-samba-configuration.php