Use the apt-get or yum command to install Samba and CIFS.
~]# yum install samba ~]# yum install cifs-utils
By default, Samba is not configured to share a network drive. Attempting to connect to the share will produce an error.
Add the following to the global section of your /etc/samba/smb.conf file. The map to guest = bad user option is what allows the share to be mounted as a guest. Technically, the bad user option first checks to see if the username exists on the Samba server. If not, the login is treated as a guest, which allows the share to be mounted without a valid username and password.
[global] security = user passdb backend = tdbsam map to guest = bad user
Add the following to the share section of your /etc/samba/smb.conf file. Instead of user admin and group admins, you can use some other unique user and group. The idea here is to have a unique, non-root user.
[share] path = /srv/samba/share browsable = yes public = yes writeable = yes force user = admin force group = admins
Without writeable = yes, an error will appear when attemtping to create a new file or modify an existing file.
If a CUPS print server is not being used, add the following to the global section to prevent a massive number of records in the log with this message: failed to retrieve printer list nt_status_unsuccessful.
printing = bsd printcap name = /dev/null
Notice in the above example, path is /srv/samba/share. If this directory does not exist, create it.
~]# mkdir /srv/samba ~]# mkdir /srv/samba/share
Change the permission to read, write, execute for all users to the share.
~]# chmod 0777 /srv/samba/share
Set the owner and group to nobody.
~]# chown nobody.nobody /srv/samba/share
Add a file to the /srv/samba/share directory.
~]# touch /srv/samba/share/test1.txt
Ensure Samba is enabled, restart Samba, and ensure Samba is active and running.
~]# systemctl enable smb ~]# systemctl restart smb ~]# systemctl status smb
SELinux may be configured to refuse Samba connections. Use the sestatus command to ensure SELinux is enforcing.
~]# sestatus . . . Current mode: enforcing
View the SELinux label on /srv/samba/share. In this example, the output has var_t.
~]# ls -dZ /srv/samba/share drwxrwxrwx. root root unconfined_u:object_r:var_t:s0 /srv/samba/share
Turn on Samba home directories and export read/write.
~]# setsebool -P samba_enable_home_dirs on ~]# setsebool -P samba_export_all_rw on
Ensure Samba home directories and export read/write are on.
~]# /usr/sbin/getsebool -a | grep samba_enable_home_dirs. samba_enable_home_dirs --> on ~]# /usr/sbin/getsebool -a | grep samba_export_all_rw. samba_export_all_rw --> on
Use apt-get or yum to install policycoreutils-python. This package contains semanage.
~]# yum -y install policycoreutils-python
Configure SELinux to remain intact if the system is rebooted.
~]# semanage fcontext -a -t samba_share_t "/srv/samba/share(./*)?"
Updates SELinux with these changes.
~]# restorecon -R -v /srv/samba/share
View the SELinux label on /srv/samba/share. In this example, the output should now be samba_share_t instead of var_t.
~]# ls -dZ /srv/samba/share drwxrwxrwx. root root unconfined_u:object_r:samba_share_t:s0 /srv/samba/share
You can now mount the share (Linux) or map the network drive (Windows).
If using a Linux client, such as Ubuntu, add the noperm option to the mount command. The noperm option disables permissions check. If noperm is not used, permission denied will likely appear when attempting to write or save files to the share.