Build RAID5, LVM, and samba servers on CentOS 7 (5)--Set up a Samba server

Build RAID5, LVM, and samba servers on CentOS 7 (5)--Set up a Samba server

6. Setting up a Samba server
6.1. Preparation
The task in this section is to configure the Samba service to share the/home/shared directory so that the specified Windows user can access the share remotely.
First, run the Yum command on CentOS to install the Samba service:

Yum Install Samba

After installation, execute the SYSTEMCTL command to start the SMB and NMB two samba daemons.

Figure 37 Starting Samba

6.2. Modify the Smb.conf file
Modify the/etc/smb.conf file, including:

• Modify the hosts allow property to set the IP address segment of the remote computer that can be accessed. This example is to allow the native, 192.168.0 network segment (physical network IP segment), 192.168.40 network segment (Virtual machine network segment):

The hosts allow = 127. 192.168.0.192.168.40.

• Modify the NetBIOS name of the samba server, set to MYSMBSVR:

NetBIOS name = Mysmbsvr

• Modify the shared workgroup name, set to workgroup:

Workgroup = Workgroup

• Since the Samba server in this example is running as a standalone server, set the security attribute to user, using authentication:

Security = Userpassdb Backend = Tdbsam

• Add users who are allowed to access the Samba service

Pdbedit–a Kingfox

Figure 38 Adding a Samba user

Note: The user added by Pdbedit must be a user that already exists on the system, or the user will be denied the addition:

Figure 39 Adding a Samba user failed

• Create a directory that can be shared under the/home directory, name shared, and then modify the [public] section in/etc/samba/smb.conf, canceling all comments in this section, and setting the value of the Path property to/home/shared.
• The configuration of the smb.conf is as follows:

Figure smb.conf Main settings

• Save smb.conf. You can then use the Testparm command to check if the settings you just made are incorrect:

Figure 41 Test cmb.conf with Testparm

6.3. Adjusting the firewall
Samba, samba-client-related services and ports in the open firewall:

Figure 42 Setting up a firewall

You can also use the command:

Firewall-cmd--permanent--zone=public--add-service=samba

And

Firewall-cmd--reload

Complete the tuning of the firewall. The first command joins the Samba service into the persistent policy in the public zone of the firewall, and the second command reloads the firewall policy so that the first command takes effect.
Now that the Samba service is set up, the SMB and NMB services can be restarted with the Systemctl restart SMB command.

6.4. Configure Samba service to start automatically

Systemctl Enable SMB NMB

Figure 43 Configuring the Samba service to start automatically

At this point, the Samba service configuration is complete.

6.5. Adjust SELinux policy
If SELinux is not turned off, the client can browse to the shared folder, but it cannot write to it. Use the command Setenforce permissive to turn off SELinux. After this command is executed, SELinux emits a series of warnings when it encounters a behavior that can be acted upon, but does not really follow the policy to block it.
However, the Setenforce command only works temporarily, and when the system restarts, SELinux is automatically turned on. In order to permanently close the selinnux, you need to edit the/etc/selinux/config file, the content is modified as follows:

Figure 44 Turning off SELinux

However, turning off SELinux can lead to a reduction in security and is not a desirable option, but it should be done by adjusting various strategies to allow SELinux to release access to samba.

Now restore the original SELinux settings and then execute the command:

Chcon-t samba_share_t shared/-R

The Chcon command is used to change the SELinux security label for a file or directory, before executing this command, the security label of the/home/shared directory is root_t (which is created by the root user), and after executing this command, it can be seen with the LS–ZD shared command,/ The SELinux security label of the home/shared directory becomes samba_share_t, which ensures the security of the system and opens up the access channels for samba.

If the Setsebool-psamba_enable_home_dirs on command is executed, access to the user's home directory will also be opened.

6.6. Testing Samba Services

First, copy some files to the/home/shared directory.

1) test in a Linux environment:
To execute a command in the terminal:

Smbclient//localhost/public–u Kingfox

After entering the password for the Kingfox user, after a few seconds, a smb:\> prompt appears, under normal circumstances, indicating that the Samba service is ready to be connected.
To execute the LS command at the smb:\> prompt, you can see a list of the files listed in the/home/shared directory:

Figure 45 Connecting Samba

This test can be performed either natively on the samba server or on another Linux terminal, with the same effect.
2) test in the Windows environment:
Open My Network Places in Explorer and wait a few seconds for the name of the samba server named Mysmbsvr that appears in your network Places or "Networks" folder:

Figure the Network folder for Windows 7

You can see the shared folder inside when you double-click Mysmbsvr:

Figure 47 Browsing shared folders

Double-click the public directory to see the files and read and write the files. Because it was logged in with a Kingfox user, the contents of the home directory on the CentOS virtual machine are also accessible to kingfox.

Build RAID5, LVM, and samba servers on CentOS 7 (5)--Set up a Samba server