Build RAID5, LVM, and SAMBA server (5) on CentOS 7 -- set up SAMBA Server

Build RAID5, LVM, and SAMBA server (5) on CentOS 7 -- set up SAMBA Server

Build RAID5, LVM, and SAMBA server (5) on CentOS 7 -- set up SAMBA Server

6. Set up a SAMBA Server
6.1. Preparations
The task in this section is to configure the SAMBA service, share the/home/shared directory, so that the specified Windows user can remotely access the sharing.
First, run the yum command on CentOS to install the SAMBA service:

yum install samba

After the installation, run the systemctl command to start the samba daemon processes (smb and nmb.

Figure 37 start SAMBA

6.2. Modify the smb. conf file
Modify the/etc/smb. conf file, including:

Modify the hosts allow attribute and set the IP address segment of the accessible remote computer. In this example, the local machine, 192.168.0 network segment (physical network IP segment), and 192.168.40 network segment (Virtual Machine network segment) are allowed ):

hosts allow = 127. 192.168.0. 192.168.40.

Modify the NETBIOS Name of the SAMBA server to MYSMBSVR:

netbios name = MYSMBSVR

Modify the name of the shared WORKGROUP to WORKGROUP:

workgroup = WORKGROUP

Because the SAMBA server in this example runs as an independent server, set the security Attribute to user and use user identity authentication:

security = userpassdb backend = tdbsam

Add users allowed to access the SAMBA Service

pdbedit –a kingfox

Figure 38 Add a SAMBA user

Note: The user added by pdbedit must be an existing user in the system; otherwise, the system rejects the user addition:

Figure 39 adding a SAMBA User Failed

Create a shared directory under the/home directory, name it shared, and modify/etc/samba/smb. in the [public] section of conf, cancel all comments in this section and set the path attribute value to/home/shared. The configuration of smb. conf is as follows:

Figure 40 main configurations of smb. conf

Save smb. conf. Next, run the testparm command to check whether the preceding settings are correct:

Figure 41 use testparm to test cmb. conf

6.3. Adjust the Firewall
Open services and ports related to samba and samba-client in the firewall:

Figure 42 configure a firewall

Also available commands:

firewall-cmd --permanent --zone=public --add-service=samba

And

firewall-cmd --reload

Complete the firewall adjustment. The first command adds the samba service to the permanent effective policy of the public area of the firewall, and the second command is to reload the firewall policy for the first command to take effect.
So far, the samba service has been set up. Use the systemctl restart smb command to restart the smb and nmb services.

6.4 configure the SAMBA service to start automatically

systemctl enable smb nmb

Figure 43 configure the SAMBA service to start automatically

So far, the SAMBA service has been configured.

6.5. Adjust SELinux policy
If SELinux is not disabled, the client can browse the shared folder, but cannot write to it. Run the setenforce permissive command to disable SELinux. After this command is executed, SELinux will issue a series of warnings when it encounters behavior, but will not actually block it according to the policy.
However, the setenforce command is only valid temporarily. After the system is restarted, SELinux is automatically enabled. To permanently disable SELinnux, edit the/etc/selinux/config file as follows:

Figure 44 disable SELinux

However, disabling SELinux will result in reduced security, which is not a desirable method. You should adjust various policies to allow SELinux to access SAMBA.

Now restore the original SELinux settings and run the following command:

chcon -t samba_share_t shared/ -R

The chcon command is used to change the SELinux security label of a file or directory. Before executing this command, the security label of the/home/shared directory is root_t (created by the root user ), after executing this command, run the ls-Zd shared command to check that the SELinux security label of the/home/shared directory is changed to samba_assist_t, which ensures the system security, the SAMBA access channel is also available.

If you run the setsebool-Psamba_enable_home_dirs on command, the access permission of the user's home directory is also opened.

6.6. Test the samba Service

First, copy some files to the/home/shared directory.

1) test in linux:
Run the following command on the terminal:

smbclient //localhost/public –U kingfox

After entering the password of the kingfox user, a prompt is displayed, indicating that the SAMBA service can be connected.
Run the ls command at the smb: \> prompt. You can see the file list in the/home/shared directory:

Figure 45 connect to SAMBA

This test can be performed either locally on the SAMBA server or on another Linux terminal, with the same effect.
2) test in Windows:
Open "Network neighbors" in the resource manager, wait patiently for a few seconds, you will find that the SAMBA server name set earlier appears in the network neighbors or network folder MYSMBSVR:

Figure 46 network folder in Windows 7

Double-click MYSMBSVR to view the Shared Folder:

Figure 47 browse Shared Folders

Double-click the public directory to view the files and read and write the files. As we logged on with a kingfox user just now, we can still access the contents of kingfox's home directory on the CentOS virtual machine.