In this article, I will explain how to setup SAMBA in Red Hat Servers followed by how to access the samba shared files from the Windows client system.
1. With the help of the SAMBA Program, you can configure Linux server for files and printer sharing with the Microsoft Windows Client.SAMBA uses the TCP/IP Protocol for sharing the data between the cross-platform servers.
2. If you want to use Linux as a file server in a windows network, then you must have to know how to configure the SAMBA in Linux. Both Windows and Linux servers use different filesystems, It is impossible to create a Linux file server just by granting the windows clients/users to access the Linux File/Directories.
3. Windows server/system would not be able to access the data/files in the Linux Directories. So many differences are there between Windows and Linux file systems, Let me tell you one example,
Windows filenames are not Case sensitive whereas Linux filenames are case-sensitive, In windows data.txt and Data.txt are the same file, In Linux, both the files are different individual files.
4. Windows uses the CIFS(Common Internet File System) protocol for the sharing and this protocol is developed from the Server Message Block(SMB) protocol.
5.SAMBA is implemented by these two Protocols SMB&CIFS
6. Linux Doesn’t have SMB support by default, this is why SAMBA is required here, So SAMBA just imitates the behavior of windows file server by configuring the SMB protocol, when you run the SAMBA on the Linux Server, the Windows servers on the network can able to see the Linux server.
RPM’s Required to Configure SAMBA:
Before we configure SAMBA in Linux Server, let me show you what all are the rpm’s required to implement SAMBA.
1.samba = This rpm needed for SAMBA server
2.samba-client = Needed for samba client
3.samba-common = This rpm includes all the samba commands needed to configure SAMA in Linux.
4.samba-winbind = This rpm establish the connection between windows and Linux servers
5.samba-domain-join-GUI = To connect the Linux users with windows domains and workgroup
6.samba-doc = Contains SAMBA help documents
Configure SAMBA in Linux:
First check the following packages are already installed or not, if it is not installed, install it
Check the Required Samba Packages are already installed or not by using the following command,
#rpm -qa samba
#rpm -qa samba-common
#rpm -qa samba-wi*
As you can see from the above output all the required packages are installed.
Services Needed to configure SAMBA
smb = Important service for providing authorization and authentication for file sharing between the windows and Linux.
nmb = This service understands and replies to NetBIOS name service requests to those produced by the windows server.
winbind = This service is needed for host and username resolution
Note: smb&nmb services are mandatory and winbind is an optional service.
Check the status of each service by running the following command,
#service smb status
#service nmb status
#service samba-winbind status
As you can see from the above output, both the services are stopped, Now bring the service online by using the following command,
#service smb start
#service nmb start
Check the status again,
#service smb status
#service nmb status
As you can see from the above output, both the samba services now brought it back to online.
Now make these service online always when the Linux server is booted next time by using the following command,
#chkconfig smb on
#chkconfig nmb on
From now onwards, whenever the server enters the run level,3 or 5 the above services will come to online automatically.
Create new samba users from Linux server
Create a password for both the users,i.e don’t create a password for users to access the local system,
you need to create a samba password for these users, so that these users can access only the samba services
To create a samba password and add the users to samba database
#smbpasswd -a <user>
#smbpasswd -a nirmal
#smbpasswd -a jaslyn
Create a directory and assign full permission, so that other users can read or write the contents from the directory. By default, other users don’t have write access to the directory created by the root user.
#chmod 777 /data
#touch f1 f2 f3
As you can see from the above output, a directory with the name data has been created with full permission.
Now open the samba configuration file and put the shared data details,
Scroll down to the workgroup directory value and mention your workgroup name
Note: Make sure you have created the same workgroup on windows system also.
Now, look for the shared definition variable and mention the directory details along with the permissions.
browsable = yes/No you can Limit the users to his own home directory.
You no need to mention the home directory details here, since the samba reads the user home directory details from the /etc/passwd file.
Now save and exit from the samba configuration file
To check whether you have mentioned all the details correctly inside the samba configuration file, run the command “testparm” , if any invalid entries are present it prints the error details on your screen.
As you can see from the above screenshot, everything so far configured properly, press the enter button to see the output,
From the above output, the testparm command didn’t find any errors inside the samba configuration file, we have successfully applied all the needed parameters inside the samba configuration file.
Now restart the samba services to take effect
#service smb restart
#service nmb restart
In this Lab, I will disable the firewall and SELinux security features, so that I will not block the access.
Note: If you have Enabled Firewall and SELinux Security, At the end of this article I have explained what are all the policies we need it to enable from firewall and SELinux.
To stop the firewall services:
#service iptables stop
#service iptables save
As you can see from the above output, firewall services have been stopped successfully.
To stop the SELinux features:
Check the workgroup name from the windows server
As you can see from the above output, windows client system is on the same workgroup LINUXVASANTH as Linux server has.
If you see here different workgroup name then change it to LINUXVASANTH.
Check the connectivity from windows client system:
Linux server IP= 192.168.1.253
As you can see from the above output Linux server is communicating from the windows system.
Now try to connect to the Linux server from windows system to access the samba shared resources as below,
Now Login as samba user(nirmal)
Now the user(nirmal) will be logged in his home directory path as below,
That’s it…Now we have successfully configured Windows system as a client system of SAMBA
Now try to edit some files from the shared directory “data”, Let me edit the file “f1” from this directory
Since I have given full permission to the /data directory, samba users can write all the files from the /data directory.
Check the /data directory from Linux server whether the appended content is updated on Linux server samba shared directory file f1,
We have successfully configured the SAMBA in Linux server and also verified the access from the client windows system.
The PORTS and BOOLEAN Needs to be Enable if Firewall and SELinux security features are Enabled:
Allow SAMBA through firewall (i.e iptables)
The following port Numbers are used by the SAMBA
PORT 137 = UDP NetBIOS name service (WINSthe )
PORT 138 = DBP NetBIOS Datagram
PORT 139 = TCP (Windows File and Printer sharing)
PORT 445 = Microsooft DS-Active Directory,shares
PORT 445 = Microsoft DS SMB file sharing (UDP)
To allow Firewall for SAMBA ,Add the Following Rules in iptables,
#iptables -A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
Restart the iptables services to make the changes update
#service iptables restart
#service iptables save
Allow SAMBA through SElinux
In Linux SELinux security features by default, it denies access to any shared resources, You need to enable some couple of booleans from SELinux security
1.samba_enable_home_dirs = Enable the sharing of home directories
2.samba_export_all_ro = Enable read-only access
3.samba_export_all_rw = Enable read and write access
4.samba_share_t_Default = SAMBA could share
#chcon -R -t samba_share_t /data
Always mention the directory name you would like to give access from SELinux, otherwise, it would be a security risk.
I hope you have enjoyed this article, if it was please share it with your friends, hit the Subscribe button below and be sure to share among with your friends.
If you found this article useful, Kindly Subscribe here 👉 Click this link to Subscribe
For More Videos Subscribe My Youtube Channel https://youtu.be/A7a72pmPa5o