Samba Server Installation and Configuration on CentOS 7
This guide explains how to configure samba server in CentOS 7 with anonymous & secured samba servers. Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. Samba is freely available, unlike other SMB/CIFS implementations, and allows for interoperability between Linux/Unix servers and Windows-based clients.
1 Preliminary Note
I have a fresh installed CentOS 7.0 server, on which I am going to install the samba server. Off-course you need to have one windows machine to check the samba server that must be reachable with the CentOS 7.0 server. My Centos 7.0 server have hostname server1.example.com & IP as 192.168.0.100
- The Windows machine must be on
sameworkgroup. To check the value in windows machine run the command at cmd prompt
net config workstation
It will be like this
- To make the windows machine reachable in windows proceed like this. In the run terminal & add the entry of your server IP address
In my case it was like this, just save the values.
192.168.0.100 server1.example.com centos
2 Anonymous samba sharing
First I will explain the methodology to install the samba with the anonymous sharing. To install samba run,
It will install samba with Version 4.1.1.
Now to configure samba edit the file /etc/samba/
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
Further give the entries like this
[global] workgroup = WORKGROUP server string = Samba Server %v netbios name = centos security = user map to guest = bad user dns proxy = no #============================ Share Definitions ============================== [Anonymous] path = /samba/anonymous browsable =yes writable = yes guest ok = yes read only = no
mkdir -p /samba/anonymous
Further CentOS 7.0 Firewall-cmd will block the samba access, to get rid of that we will run:
firewall-cmd --permanent --zone=public --add-service=samba
[root@server1 ~]# firewall-cmd --permanent --zone=public --add-service=samba success [root@server1 ~]#
[root@server1 ~]# firewall-cmd --reload success [root@server1 ~]#
Now you can access the Centos 7.0 sharing in windows as follows, go to the Run prompt and type \\centos:
From a windows machine just browse the folder and try to create a text file, but you will get an error of permission denied.
Check the permission for the shared folder.
drwxr-xr-x. 2 root root 6 Jul 17 13:41 anonymous
To allow anonymous user give the permissions as follows:
ls -l anonymous/
drwxr-xr-x. 2 nobody nobody 6 Jul 17 13:41 anonymous
Further, we need to allow the SELinux for the samba configuration as follows:
Now anonymous user can browse & create the folder contents.
You can cross check the content at server also.
ls -l anonymous/
-rwxr--r--. 1 nobody nobody 0 Jul 17 16:05 anonymous.txt
3. Secured samba server
Therefore, I will create a group
[root@server1 samba]# smbpasswd -a srijan New SMB password:<--yoursambapassword Retype new SMB password:<--yoursambapassword Added user srijan. [root@server1 samba]#
Now create the folder with the name secured in the /samba folder and give permissions like this:
mkdir -p /samba/secured
Again we will have to allow to listen through SELinux:
chcon -t samba_share_t secured/
Again edit the configuration file
[secured] path = /samba/secured valid users = @smbgrp guest ok = no writable = yes browsable = yes
Further check the settings as follows
[root@server1 samba]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[Anonymous]" Processing section "[secured]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions <--ENTER [global] netbios name = CENTOS server string = Samba Server %v map to guest = Bad User dns proxy = No idmap config * : backend = tdb [Anonymous] path = /samba/anonymous read only = No guest ok = Yes [secured] path = /samba/secured valid users = @smbgrp read only = No [root@server1 samba]#
Now at windows machine check the folder now with the proper credentials
You will again face the issue of permissions to give write permission to the user