A common way to share files across different computer systems is to install and configure Samba as a standalone file server.
Standalone servers are configured to provide local authentication and access control to all the resources they maintain.
If you are running a firewall, you will need to confirm that the firewall has been disabled, removed, or the appropriate ports are open. Similarly, if you are running SELinux, then you should confirm that it has been disabled or it is now running in permissive mode.
First download and install the necessary packages
$ sudo yum install samba samba-client samba-commmon
Now rename the original configuration file
$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
Create a new configuration file in your preferred text editor
See Vi and Vim commands
$ sudo vi/etc/samba/smb.conf
Build your new configuration by adding the following lines, substituting the values shown with your own
[global]
unix charset = UTF-8
dos charset = CP932
workgroup = <WORKGROUP_NAME>
server string = <MY_SERVERS_NAME>
176
Chapter 6
netbios name = <MY_SERVERS_NAME>
dns proxy = no
wins support = no
interfaces = 127.0.0.0/8 XXX.XXX.XXX.XXX/24 ethX
bind interfaces only = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d
MY_SERVERS_NAME refers to the name of your server. In most
situations this could be in the form of FILESERVER or SERVER1
and so on.
ethX refers to the name of your primary Ethernet interface. In
most situations this could be eth0 although here I am on wlan0.
XXX.XXX.XXX.XXX/XX refers to the primary network address.
This will be something similar to 192.168.1.100/24.
Now configure Samba as a standalone server. Continue to
add the following lines to your main configuration file
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\
spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = no
We do not want to configure Samba as a domain
master or master browser so we add the following
domain master = no
local master = no
preferred master = no
os level = 8
Now add support for home directory sharing by enabling valid users to access their home directories. This feature will support the appropriate read/write permissions and all folders will remain private from other users. Add the following.
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mask =0755
directory mask =0755
Save and close the file then enable Samba on boot.
$ sudo chkconfig smb on && chkconfig nmb on
Start the Samba server by typing as root
# service smb start && service nmb start
You can test the configuration changes by typing the following
$ testparm
Disable Printing
Samba provides support for printing by default and it will try to connect to a printer regardless as to whether a printer is connected to your server or not. So, unless you are intending to
install CUPS, you should consider disabling printer sharing in order to avoid any unnecessary error messages being recorded in the Samba logfiles.
Log in as root and open the main Samba configuration file
# vi/etc/samba/smb.conf
Scroll down to the end of the global section and comment oot the section on printer support
load printers = no
printing = bsd
printcap name = /dev/null
disablespoolss = yes
show add printer wizard = no
If using the default Samba configuration, comment out the following
;load printers = yes
;printing = cups
;printcap name = cups
182
Chapter 6
Then remove or comment out the [printers] section, like so:
;[printers]
;comment = All Printers
;path = /var/spool/samba
;browseable = no
;public = yes
;guest ok = no
;writable = no
;printable = yes
;printer admin = root
Save and close the file then restart the server
# service smb restart && service nmb restart
Relaxing the rules for SELinux
SELinux will prevent users from accessing their home directory. There is the option to disable SELinux, but if you do intend to keep this service running you will be required to relax the conditions that SELinux employs on your server.
So log in as root and check the mode by typing
# getenforce
If it is set to Enforcing, then reset it to Permissive by typing the following
# setenforce 0
Now type the following command to enable the home directories
# setsebool samba_enable_home_dirs on
In addition to this, if you are trying to enable Samba as a domain controller, use
# setsebool -P samba_domain_controller on
Remember, if SELinux is enabled and you do not execute the preceding commands, your users will continue to experience errors when trying to access the server.
Opening the firewall
If you are running IPTables, you will need to configure your firewall in order to allow access to your Samba server. To do this, log in as root and type the following commands to open ports
137, 138, 139, and 445
iptables -A INPUT -s XXX.XXX.XXX.0/24 -m state –state NEW -p udp --dport
137 -j ACCEPT
iptables -A INPUT -s XXX.XXX.XXX.0/24 -m state –state NEW -p udp --dport
138 -j ACCEPT
iptables -A INPUT -s XXX.XXX.XXX.0/24 -m state –state NEW -p tcp --dport
139 -j ACCEPT
iptables -A INPUT -s XXX.XXX.XXX.0/24 -m state –state NEW -p tcp --dport
445 -j ACCEPT
Now save your new rules by typing
# service iptables save
Restart IPTables
# service iptables restart
Assigning the master browser
In a mixed operating system environment it is not always advisable to make Samba the master browser, but it may be the case that this small addition may serve to improve the
overall performance of both CentOS and your network in general.
To do this, log in as root and open the main Samba configuration file in your favorite text editor as below.
# vi/etc/samba/smb.conf
Now scroll down to the global section and make the following changes
domain master = no
local master = yes
preferred master = yes
wins support = no
os level = 65
Save and close the file, then restart the server
# service smb restart && service nmb restart
If you have more than one Samba server running on your network, then only one server should be elected as the primary master browser and given the os level stated earlier.