Show What is Samba?Samba is a free and open-source software that allows files to be shared across Windows and Linux systems simply and easily. To be exact, it is an open-source implementation of the SMB/CIFS protocol. The (SMB) Server Message Block Protocol is a client-server communication protocol that is used for sharing access to files, printers, serial ports, and other resources on a network. The (CIFS) Common Internet File System Protocol is a dialect of the SMB protocol. A collection of message bundles that describes a distinct variant of a protocol is called a dialect. Briefly, when using Samba, we can share files and printing services, use authentication and authorization, name resolution, and service announcements between Linux/Unix servers and Windows clients. There are five basic tasks that can be accomplished using Samba.
Samba can also function as both a domain controller or as a regular domain member. This option makes Samba almost a must-have if you have a blended networking environment containing both Windows and Linux computers. Prerequisites
Installation of Samba on CentOS 7As installations on CentOS and other RedHat based distributions are mostly managed best using the yum tool, we’ll be using it to install Samba on our CentOS 7 and to get our system up to date. Firstly let’s remove all packages that might still be cached in our system. To clean all the cached files from any enabled repository at once, we’ll use the following command.
Next, let’s ensure all our system packages are updated. We are using the -y flag to auto-confirm on any prompts.
Now, we can move on to the Samba installation. Samba can be easily installed with the following command. Notice how we are using the -y flag once again to auto-confirm the installation prompts.
Yum, being such a great tool, will automatically install any dependencies needed for Samba. At the end of the installation output, you should see something similar to this output.
As soon as the installation is completed, we can check our Samba version.
Configuring SambaAfter we install Samba, we will need to configure it to conform to our set up and standards. Before we start with Samba configuration on our Linux machine, we’ll need to verify the workgroup on our Windows computer. To do this, you can right-click on “This PC” or “My Computer” → Properties → Advanced System Settings → Computer Name which will show you the following window with the data we need Alternatively, you can run cmd (from the Windows start box) and run the following command. This command will display the information we need about the workstation domain. You see something like this.
Now that we have information about our Windows computer’s workgroup, we can move on to the Samba configuration on our Linux system. The Samba configuration file can be found at /etc/samba/smb.conf. Before we make any changes, please make sure to create a backup copy of the original configuration file. To create a backup of our original configuration file smb.conf, we’ll use the following command to create a backup copy called smb.conf_orig.
Now we are fully prepared for editing. We’ll start by configuring Samba for anonymous file-sharing services. In this share, any user will be able to read or write. We’ll start by creating a directory called “anonymous_shared_directory” where our files will be stored.
Next, we need to apply the appropriate permissions on our directory.
In case you are using SELinux like we are, you will need to change the SELinux security context for the samba shared directory.
Next, to make the changes needed in our configuration file, we will need to open the /etc/samba/smb.conf file with preferred CLI text editor (Nano or Vim).
Now we’ll configure our anonymous share by adding and editing the following directives
Our Samba configuration file should now look like this.
Next, don't forget to save the changes made and close the text editor. To verify our current samba settings, we’ll run the following command.
Now, press enter to see a dump of your service definitions. Before we continue starting the Samba service, we’ll need to configure our firewall to work with it. Samba will need the following ports open to operate correctly.
Other ports:
How we open these ports for the Samba services will depend on the type of firewall you have on your Linux server. Since most of our Linux servers use the csf firewall, we’ll start by configuring the csf.conf file. Let's open our csf configuration file with your chosen text editor.
Now, make sure to add the ports to the appropriate section.
Finally, save the changes and reload the firewall rules. In case you are running the firewalld service, simply add the service using the following command.
Now, reload the firewalld service.
Lastly, let’s start the Samba services and ensure that it is started automatically on system boot. Samba uses two system services to operate: the smb.service and nmb.service. The smbd service implements a file sharing and printing service which listens on ports 139 and 445. The nmbd service implements the NetBIOS over IP naming services to clients and listens on port 137. Let’s start both with the following commands
To make sure those services are started automatically on system boot, we need to enable them
To test our newly implemented anonymous share, we will go to our Windows computer and click Start -> Run, and we are going to input are server IP address like so. Next, press OK and our Anonymous directory will be shown in our file explorer. Now, double-click to access the directory, and then right-click to create a new text document. Choose a file name and then save it. We will name our file testfile for this purpose. Once the file is created, let’s make sure it’s available on our Linux machine as well
As we have learned how to configure Samba to use an anonymous share, let’s move on to a secure one. This type of share requires a username and a password for access, so we’re going to need to create a user/group of users that are allowed to access our share. Once we have a group for our Samba users we can easily assign any needed privileges to all of them at once. To create a new group we’ll use the following command
We have now successfully created a group for our users called “sambausergroup”. Let’s move on and create our user as well. We’ll name it “newtestuser” and we’ll assign it to our group in a single command along with denying him shell access (as it’s not needed for Samba share or a password for it), this way we ensure a bit more security). Samba user accounts are separate from system accounts,so our user, to which we intended to grant privileges only for Samba, will not require shell access/password. However, if you decide to combine, you can install “samba-winbind” package which is used to sync system users and passwords with the samba user database among other features. To add our user we’ll use the following command
Notice how we used -s flag to deny our user shell access and then we used a second flag -g to assign it to our group. There is one more thing our user will need to access our share and that's a password so let create a Samba access password for him.
Our samba users for this password protected share will now need a place to store their files so we need to create a directory for them.This one will be called “password_protected_directory”
Users from group we created “sambausergroup”,will need permissions to read,write and execute files in this directory so we’ll grant them those with the following command.
And we’ll need to apply SELinux security context on this one as well
We can now move on to configuration for this share. Open samba configuration file and add the setting for our private share
Full configuration file will now look like the following
Once the changes are saved let’s test our configuration with “testparm” command.
Just before we test our new share let’s restart the Samba services to make sure the changes we made are in effect.
Accessing Samba Linux Files on WindowsFor testing, let’s connect from our Windows computer again and click on Start -> Run and input our server IP \\serverIP ->Okay And now, we’ll have both directories available, our Anonymous directory and our Password protected directory Double-click on our Password Protected directory will open up the following prompt where we’ll need to input our “newtestuser” credentials. To make sure everything is working as it’s supposed to let’s create a new directory in our Password Protected one. This one will be named “test_directory” for this purpose. And finally let’s confirm the existence of our directory from our Linux machine.
ConclusionSamba is very flexible. You can connect to Samba from Linux, Windows, or macOS. You can also configure and use it to access a printer connected to a Windows system from Linux and vice versa, or it can be set as Active Directory Domain Controller to integrate a Linux server. Since setting up Samba is fast and easy, it is worth considering if you want easy file sharing across mixed networking environments with Windows and Linux machines. |