Samba file Server Installation and configuration on Centos 6.2

Samba file Server

Samba is software that can be run on a platform other than Microsoft Windows, for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems. Samba uses the TCP/IP protocol that is installed on the host server. When correctly configured, it allows that host to interact with a Microsoft Windows client or server as if it is a Windows file and print server.

From http://www.samba.org

Prerequisites

1. Disable Selinux

Selinux can be disabled temporarily or permanently

a. Temporarily

# setenforce 0

b. Permanently

Edit /etc/sysconfig/selinux and set SELINUX entry to disabled

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#     enforcing – SELinux security policy is enforced.

#     permissive – SELinux prints warnings instead of enforcing.

#     disabled – No SELinux policy is loaded.

SELINUX=disabled

# SELINUXTYPE= can take one of these two values:

#     targeted – Targeted processes are protected,

#     mls – Multi Level Security protection.

SELINUXTYPE=targeted

         This needs a server restart to take effect.

2. Disable or add rules to iptables

a. Disable iptables ( Not Recommended)

#service iptables stop

#chkconfig –level 345 iptables off {disable iptable service on server startup}

b. Add rules to allow samba ports for communication.

#  iptables -A INPUT i eth0 -p tcp -m multiport –dports 137,138,139,445 -m state –state NEW,ESTABLISHED -j ACCEPT

# service iptables save

 Installation

1. Yum install samba samba-client samba-common cups-libs.

This will install samba server and dependencies.

2. After Installation a default file configuration file will be created on /etc/samba/smb.conf.

3. Star the service and flag it for automatic restart on sever reboot.

#service smb start

#chkconfig  – -level 35 smb on

4. Now backup your original smb.conf file and we will discuss some simple to complex share definitions.

Smb.conf file is main configuration file of samba file server. The file is organised as sections & Parameters. Some default sections on a samba configuration files are

[global]

The parameters defined in global section apply to the whole server.

[homes]

The parameters defined on this section are useful for samba users connecting to their home share.

[printers]

For printers specific parameters

Now we can have look at few smb.conf files for different purposes

1. A sample smb.conf file for file sharing without username/password

a. Edit /etc/samba/smb.conf with below details(Customise according to your environment)

[global]
          workgroup = MYGROUP
server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        dns proxy = No
        cups options = raw
        security = share
        guest account = nobody
 
[homes]
        comment = Home Directories
        read only = No
        browseable = No
 [shared]
        comment = Shared Stuff
        path = /shared/
        read only = No
        guest ok = Yes

b. Create a directory shared with proper permissions.

#mkdir /shared; chmod ugo=rwx /shared

c. Use testparm command to test the configuration file. And restart the service.

d. Now you will be able to access the share from windows.

2. A fully fledged samba share server with recycle bin capabilities.

    • Samba share(public) accessible to configured users & secured using username/password
      • Create a Linux user name say user1 & add to samba users.
      • Create folder say /public which will be shared by the users.
      • Flag it with appropriate permissions so anyone with access to the share has read/write permissions.

      • Edit smb.conf with the following details

[global]

workgroup = MYGROUP

server string = Samba Server Version %v

log file = /var/log/samba/log.%m

max log size = 1000

dns proxy = No

cups options = raw

security = user

passdb backend = tdbsam

[publicshare]

comment = Public Shared stuff With username/pasword

path = /public

public = yes

writable = yes

directory mask = 0777

Smb.conf explanation

Log_file           == will create a log file under /var/log/samba/log.pcnameaccessing

max log size    ==This option (an integer in kilobytes) specifies the max size the log file should grow to. Samba periodically checks the size and if it is exceeded it will rename the file, adding a .old extension,A size of 0 means no limit.

security & passdb backend  == Backend to store user information in. New installations should use either tdbsam or ldapsam. smbpasswd is available for backwards compatibility. tdbsam requires no further configuration.

directory mask== enable to create a directory inside another user created directory(fully writable)

    • Access for the share from windows using username/password created above.

    • Samba share (sales) accessible to a group of users.
      • Create Linux users say sales1 & sales 2, create a group called sales and add the above users to the group sales. Add the users to samba
      • Make directory /sales with proper permissions and ownership (flag it with SGID bit so group of the parent directory will be inherited to files created in sales directory.

      • Edit smb.conf with the following details

[sales]

comment = Sales Shared Stuff

path = /sales

public = yes

writable = yes

write list = +sales

create mask = 0774

directory mask = 0775

Smb.conf explanation

write list == This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only option is set to. The list can include group names using the +group syntax.(In older Samba version syntax was @groupname)

  • Access for the share from windows using username/password created above.

Sales1

  • SGID permission inherited from Parent directory & directory mask variable in action.

  • Samba home share for each user.

Edit smb.conf with the following details

[homes]

comment = Home Directories

read only = No

browseable = No

  • Access for the home share from windows using username/password .

  • Recycle bin capabilities on public share.

Recycle bin is a nice feature in samba, which helps to retrieve user deleted files very easily. By configuring this option the deleted files are actually moved rather than deleted to a directory specified at smb.conf.

    • Make a directory say sambadeleted and flag with proper permission.
    • Edit smb.conf file with following details.

[publicshare]

comment = Public Shared stuff With username/pasword

path = /public

public = yes

writable = yes

directory mask = 0777

#######Enabling Recycle Bin on samba

vfs object = recycle

recycle:repository = /sambadeleted/%U

recycle:versions = Yes

recycle:keeptree = Yes

recycle:touch = Yes

recycle:maxsize = 0

recycle:exclude = *.tmp

recycle:exclude_dir = /tmp

Smb.conf explanation

recycle:keeptree==preserve directory structure.

recycle:touch== Specifies whether a file’s access date should be updated when the file is moved to the repository.

recycle:maxsize== This option (an integer in kilobytes) specifies the max size the recycled file,A size of 0 means no limit

recycle:repository== . sambadeleted /%U

This specifies where the deleted files will be stored. Therefore anything that is deleted is moved to the directory /sambadeleted. The %U variable is the username of the person currently browsing the share. So for every user that deletes a file there is a directory with their username containing all the files they have deleted.

Refer the link for more details: http://www.samba.org/samba/docs/man/manpages-3/vfs_recycle.8.html

For example:

  • Map the publicshare using lib and sandy as username and create folders createdbylib & createdbysandy respectively. Drop some files in the folders.

  • Delete the folders from the shares(lib can delete folder created by sandy & sandy  can delete folder created by lib)
  • Now check the /sambadeleted directory from server to verify recycle bin functionality

Note : /sambadeleted directory should be created prior and should have proper write permissions for all users

  • The screen shot shows the files in public share and in folders (createdbylib & createdbysandy).
  • Lists the sambadeleted directory which is empty. Then we delete the directories using lib and sandy mapped shares.
  • Lists samabadeleted folder once again. Now we can see the files deleted by users are moved to the recycle folder under the username directory.

Complete smb.conf file

Samba Swat

Samba swat allows a Samba administrator to configure the complex smb.conf file via a Web browser. Samba swat is a xinetd service which is relatively simple to configure.

Prerequisites

    1. Allow swat default port 901 through IPTABLES

# iptables -A INPUT -p tcp –dport  901 -j ACCEPT

Installation & Configuration

    1. Install samba-swat and xinetd rpms.

# yum install samba-swat xinetd

2. Edit /etc/xinetd.d/swat with following details

service swat
{
port            = 901
socket_type     = stream
wait            = no
only_from       = 127.0.0.1 10.0.0.0/24 192.168.10.0/24 ##the networks from you need to access swat page
user            = root
server          = /usr/sbin/swat
log_on_failure  += USERID
disable         = no
}

3. Star the service and flag it for automatic restart on sever reboot.

# service xinetd start

#chkconfig –add 35 xinetd

4. Point the browser to IP address or FQDN of samba server at port 901 and provide servers username/password as credentials.

Samba useful Information’s.

Refer to

  1.  http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-samba-daemons.html
  2. http://www.linuxmanpages.com/man7/samba.7.php
About these ads

Posted on November 19, 2012, in Cent OS and tagged , , , , , . Bookmark the permalink. 1 Comment.

  1. I certainly cherish this post. I’ve been looking all excess for this! Acknowledge goodness I initiate it on Bing. You retain made my date! Acknowledges afresh! “All that is gold does not sparkle hardly total those that expatiate are missing.” by J. R. R. Tolkien.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 306 other followers

%d bloggers like this: