Configuration of samba on RHEL 8

Steps for configuration of samba on RHEL 8

Samba provides server and client software to allow file sharing between Linux and Windows machines

Installation of Samba

The following two daemon will be installed

  • smb – daemon which take care of performing the actual transfer and the sharing operation
  • nmb – daemon which take care of NetBIOS name resolutions, and allow resources to appear when browsing the network on Windows
sudo dnf install samba samba-client
#Enable and start smb & nmb services 
sudo systemctl enable --now {smb,nmb}

Allow samba in FirewallD

To list all the ports no defined in Samba service in FirewallD

sudo firewall-cmd --info-service samba
samba
  ports: 137/udp 138/udp 139/tcp 445/tcp
  protocols:
  source-ports:
  modules: netbios-ns
  destination:
  includes:

Allow Samba service

sudo firewall-cmd --permanent --add-service=samba
# Reload Firewalld
sudo firewall-cmd --reload 

Verify Samba service is added successfully

sudo firewall-cmd --list-services
cockpit dhcpv6-client samba samba-client ssh

Disable SELinux

Disabled SELinux and reboot system for now

sudo vi /etc/selinux/config
	SELINUX=disabled

User account to access to Samba Share

Assign Samba password to existing users’ account

If you do not set Samba user passwords, users will not be able to access their shares.

sudo smbpasswd -a kwyong
	New SMB password:
    Retype new SMB password:
    Forcing Primary Group to 'Domain Users' for kwyong
    Forcing Primary Group to 'Domain Users' for kwyong
    Added user kwyong.

New Users & Groups

Create a new user called smb with

  • -m – Create Home Directory
  • -G – Add user to Group
  • -s – Set login shell as bash
# New Group
sudo groupadd smbaccess
# Add User to Group 
usermod [-g] [GroupName] [UserName]

# New User with Password
sudo useradd -m smb -G smbaccess -s /usr/bin/bash
sudo passwd smb 

Verify the new users is member of smbaccess group

# List user's group membership
id smb
	uid=1002(smb) gid=1003(smb) groups=1003(smb),1002(smbaccess)
# List members of this group
getent group smbaccess
	smbaccess:x:1002:kwyong,sambauser

Group permission for Share Folder

# New Directory
mkdir /mnt/share
# Change Group ownership to smbaccess
sudo chgrp smbaccess share
# Full access permission for smbaccess
sudo chmod g=rwx /mnt/share

New SMB Share

Modify /etc/samba/smb.conf

# Global Option 
[global]
	workgroup = SAMBA # Change from samba to WORKGROUP
	
#New Share 
[SHARE]
	path = /mnt/share
	guest ok = no
	writable = yes
	valid users = @smbaccess #Access for Group

# User's Home Directory will be mapped automatically
[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

Monitoring

Check Samba connection status and kill the session with sudo kill PID (if required)

[kwyong@rhel samba]$ sudo smbstatus

Samba version 4.10.4
PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing
----------------------------------------------------------------------------------------------------------------------------------------
7647    kwyong       kwyong       192.168.1.232 (ipv4:192.168.1.232:56462)  SMB3_11           -                    partial(AES-128-CMAC)

Service      pid     Machine       Connected at                     Encryption   Signing
---------------------------------------------------------------------------------------------
IPC$         7647    192.168.1.232 Tue Mar 31 10:54:04 AM 2020 +08  -            -
kwyong       7647    192.168.1.232 Tue Mar 31 10:54:06 AM 2020 +08  -            -
RHEL         7647    192.168.1.232 Tue Mar 31 10:54:09 AM 2020 +08  -            -

Locked files:
Pid          User(ID)   DenyMode   Access      R/W        Oplock           SharePath   Name   Time
--------------------------------------------------------------------------------------------------
7647         1001       DENY_NONE  0x100081    RDONLY     NONE             /home/kwyong   .   Tue Mar 31 10:54:05 2020
7647         1001       DENY_NONE  0x100081    RDONLY     NONE             /mnt/rhel   .   Tue Mar 31 10:54:08 2020

Location of log file

sudo tail -f 10 /var/log/samba/log.smbd
Scroll to Top