CentOS 6.4 Samba Standalone Server With tdbsam Backend

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Fri, 2013-03-15 13:44. :: CentOS | Samba | Storage

CentOS 6.4 Samba Standalone Server With tdbsam Backend

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Follow me on Twitter
Last edited 03/14/2013

This tutorial explains the installation of a Samba fileserver on CentOS 6.4 and how to configure it to share files over the SMB protocol as well as how to add users. Samba is configured as a standalone server, not as a domain controller. In the resulting setup, every user has his own home directory accessible via the SMB protocol and all users have a shared directory with read-/write access.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I'm using a CentOS 6.4 system here with the hostname server1.example.com and the IP address 192.168.0.100.

Please make sure that SELinux is disabled as shown in chapter 6 of this tutorial: The Perfect Server - CentOS 6.4 x86_64 (Apache2, Dovecot, ISPConfig 3)

 

2 Installing Samba

Connect to your server on the shell and install the Samba packages:

yum install cups-libs samba samba-common

Edit the smb.conf file:

vi /etc/samba/smb.conf

Make sure you see the following lines in the [global] section:

[...]
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

        security = user
        passdb backend = tdbsam
[...]

This enables Linux system users to log in to the Samba server.

Then create the system startup links for Samba and start it:

chkconfig --levels 235 smb on
/etc/init.d/smb start

 

3 Adding Samba Shares

Now I will add a share that is accessible by all users.

Create the directory for sharing the files and change the group to the users group:

mkdir -p /home/shares/allusers
chown -R root:users /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/allusers/

At the end of the file /etc/samba/smb.conf add the following lines:

vi /etc/samba/smb.conf

[...]
[allusers]
  comment = All Users
  path = /home/shares/allusers
  valid users = @users
  force group = users
  create mask = 0660
  directory mask = 0771
  writable = yes

If you want all users to be able to read and write to their home directories via Samba, add the following lines to /etc/samba/smb.conf (make sure you comment out or remove the other [homes] section in the smb.conf file!):

[...]
[homes]
   comment = Home Directories
   browseable = no
   valid users = %S
   writable = yes
   create mask = 0700
   directory mask = 0700

Now we restart Samba:

/etc/init.d/smb restart

 

4 Adding And Managing Users

In this example, I will add a user named tom. You can add as many users as you need in the same way, just replace the username tom with the desired username in the commands.

useradd tom -m -G users

Set a password for tom in the Linux system user database. If the user tom should not be able to log into the Linux system, skip this step.

passwd tom

-> Enter the password for the new user.

Now add the user to the Samba user database:

smbpasswd -a tom

-> Enter the password for the new user.

Now you should be able to log in from your Windows workstation with the file explorer (address is \\192.168.0.100 or \\192.168.0.100\tom for tom's home directory) using the username tom and the chosen password and store files on the Linux server either in tom's home directory or in the public shared directory.

 

5 Links


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by bakila (not registered) on Wed, 2013-09-11 05:16.

In centOs 6.4 if you are using samba you should allow samba protocol through firewall otherwise it won't allow you to connect to the samba server.

system-config-firewall-tui is the command.

Submitted by domaniqs (not registered) on Thu, 2013-09-05 10:54.

A very good article. It is lacking one important detail though. I would suggest to add following iptables rules in order to enable samba packets via firewall:

# iptables -A INPUT -s 192.168.0.0/24 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
# iptables -A INPUT -s 192.168.0.0/24 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
# iptables -A INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT

Otherwise samba would not be able to communicate with other PCs. Please replace IP addressing to comply with yours.

Also for SELinux, instead of disabling it, you can just follow instructions from original smb.conf file supplied with Centos 6.4, remember to change everything accordingly to your configuration:

#---------------
# SELINUX NOTES:
#
# If you want to use the useradd/groupadd family of binaries please run:
# setsebool -P samba_domain_controller on
#
# If you want to share home directories via samba please run:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba_share_t" so that selinux will let you write into it.
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#
#--------------

Submitted by Anonymous (not registered) on Tue, 2014-01-07 04:57.

 I believe this is a correction to the above;

# iptables -I INPUT -s 192.168.0.0/24 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
# iptables -I INPUT -s 192.168.0.0/24 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
# iptables -I INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT

My experience (as a complete linux noob) was that using the iptables -A added it to the end of the rules list. In my scenario (CentOS 6.5) this added it after a deny everything rule (which I believe is default behaviour) which meant that it was effectively denied anyway.