First, we must install package samba and accept all dependencies.<\/p>\n
yum install samba -y<\/pre>\nCreate user, who can access our samba secure folder:<\/p>\n
useradd -s \/sbin\/nologin user\ngroupadd smbgroup\nusermod -a -G smbgroup user\nsmbpasswd -a user<\/pre>\nThen, create a directories for samba shares. Chcon command mark our directory with label, that SELinux allows samba service to operate with this folder. Another possibility is disable SELinux, but it is not the right way \ud83d\ude42<\/p>\n
#for anonymous\nmkdir -p \/mnt\/aaa\nchmod -R 0777 \/mnt\/aaa\nchcon -t samba_share_t \/mnt\/aaa -R\nchown -R nobody:nobody \/mnt\/aaa<\/pre>\n#for another secure user\nmkdir -p \/mnt\/nfs\/kadeco\/\nchmod -R 0755 \/mnt\/nfs\/kadeco\/\nchcon -t samba_share_t \/mnt\/nfs\/kadeco\/ -R\nchown -R user:smbgroup \/mnt\/nfs\/kadeco\/\nrestorecon -R \/mnt\/nfs\/kadeco\/<\/pre>\nEdit samba config for ours anonymous and secure shares<\/p>\n
vi \/etc\/samba\/smb.conf<\/pre>\n[global]\n workgroup = home\n security = user\n passdb backend = tdbsam\n printing = cups\n printcap name = cups\n load printers = yes\n cups options = raw\n map to guest = bad user\n[Anonymous-aaa]\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 path = \/mnt\/aaa\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 writable = yes\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 browsable = yes\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 guest ok = yes\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 create mode = 0777\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 directory mode = 0777\n[kadeco]\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 path = \/mnt\/nfs\/kadeco\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 writable = yes\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 browsable = yes\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 guest ok = no\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 valid users = user\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 create mask = 0755\n directory mask = 0755\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 read only = No<\/pre>\nNow, we can see our configuration of samba by this command and test it for errors:<\/p>\n
testparm<\/pre>\nNext, if we use firewall, we must add some ports, or service for samba to allow:<\/p>\n
firewall-cmd --permanent --zone=public --add-port=137\/tcp\nfirewall-cmd --permanent --zone=public --add-port=138\/tcp\nfirewall-cmd --permanent --zone=public --add-port=139\/tcp\nfirewall-cmd --permanent --zone=public --add-port=445\/tcp\nfirewall-cmd --permanent --zone=public --add-port=901\/tcp\nfirewall-cmd --reload\nor we can use simple:\nfirewall-cmd --permanent --zone=public --add-service=samba\nfirewall-cmd --reload<\/pre>\nAnd finally, start samba services and enable it, after reboot.<\/p>\n
systemctl start smb.service\nsystemctl start nmb.service\nsystemctl enable smb.service\nsystemctl enable nmb.service<\/pre>\nA way to restart samba services:<\/p>\n
systemctl restart smb\nsystemctl restart nmb<\/pre>\nAnd now we can use our samba server. Anonymous folder, or secured folder \ud83d\ude42<\/p>\n
If you want to access some folder for read from apache, just made a selinux modify:<\/p>\n
Allow samba read\/write access everywhere:<\/p>\n
setsebool -P samba_export_all_rw 1\nor if you want to be a little more descrite about it:\nchcon -t public_content_rw_t \/mnt\/nfs\/kadeco\n2) setsebool -P allow_smbd_anon_write 1\n3) setsebool -P allow_httpd_anon_write 1\n\n<\/pre>\nThis should allow both Samaba and Apache write access to public_content_rw_t context.<\/p>\n
Status of samba we can list by this commands:<\/p>\n
smbstatus -p\n- show list of samba processes\nsmbstatus -S\n- show samba shares\nsmbstatus -L\n- show samba locks<\/pre>\nIf we need restart samba process, or restart server, we can list locked files by “smbstatus -L”. We can see, which share is locked and which specific file is accessing.<\/p>\n
Have fun<\/p>\n ","protected":false},"excerpt":{"rendered":"
First, we must install package samba and accept all dependencies. yum install samba -y Create user, who can access our samba secure folder: useradd -s \/sbin\/nologin user groupadd smbgroup usermod -a -G smbgroup user smbpasswd -a user Then, create a directories for samba shares. Chcon command mark our directory with label, that SELinux allows samba … Continue reading How to install samba server on centos 7 with and without user and password<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[3,6,36,37],"class_list":["post-180","post","type-post","status-publish","format-standard","hentry","category-centos","tag-centos","tag-firewall-cmd","tag-samba","tag-smb"],"_links":{"self":[{"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/posts\/180","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=180"}],"version-history":[{"count":4,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/posts\/180\/revisions"}],"predecessor-version":[{"id":514,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=\/wp\/v2\/posts\/180\/revisions\/514"}],"wp:attachment":[{"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gonscak.sk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}