How to Install and Configure Samba on CentOS

By /
How to configure Samba on Centos

Samba is an open-source software suite that provides file and print services to SMB/CIFS clients. It is a re-implementation of the SMB (Server Message Block) and CIFS (Common Internet File System) protocols and allows Linux and Unix-based systems to share files and printers with Windows clients and servers.

This tutorial will install Samba on CentOs and configure the Samba server to share files across various operating Systems.

Also read: How to Setup and Mount Samba Share on Windows

Prerequisites for Installing Samba on CentOS

Before installing and configuring Samba, it is important to check if it is already installed on your system. You can do this by running the command

smbd -V

When you run the command smbd -V in the terminal, the version number of the currently installed Samba daemon will be displayed. This can be useful in determining whether or not Samba is already installed on the system and, if so, which version is currently being used.

Image 20
The output returned by the system when Samba Daemon is not installed
  • We also have to ensure that the system user has root access.
  • Next, it is recommended to update the system by running yum update. This will ensure that all of the necessary dependencies are up to date.
Image 21
Running yum update to check if packages are up to date

Installing Samba on CentOS

We have successfully checked off the prerequisites for installing the Samba Server. Let’s go ahead and execute the following command to install the Samba server,

dnf install samba samba-common samba-client

If your system doesn’t have dnf preinstalled can use yum,

To install the dependencies required for Samba, including the samba, samba-common and samba-client packages by running the command 

yum install samba samba-common samba-client
Image 22
Output after installing the Samba and its dependencies

Starting the Samba Server Services

Let’s start the samba services and enable them to start automatically on system boot,

sudo systemctl start smb.service
sudo systemctl enable smb.service
sudo systemctl start nmb.service
sudo systemctl enable nmb.service

The smbd (Samba daemon) service provides file and print-sharing services to clients using the SMB/CIFS protocol. It runs as a daemon on the server and listens for incoming connections on TCP ports 139 and 445. When a client connects to the server, the smbd service handles requests, such as providing access to files and directories or printing documents. The smbd service also handles authentication, authorization, and access control for the clients connecting to the server.

The nmbd (NetBIOS name server daemon) service provides NetBIOS over IP naming services to clients. It also runs as a daemon on the server and listens for incoming connections on UDP port 137. The nmbd service allows clients to resolve NetBIOS names to IP addresses, which is essential for SMB/CIFS networking. It also allows clients to find and browse network resources, such as shared files and printers, by broadcasting NetBIOS name queries on the local network.

Together, smbd and nmbd services allow a Linux or Unix system to act as a file and print server for Windows clients and to participate in a Windows network browsing environment. They enable Windows clients to access files, directories, and printers on the Linux/Unix server as if it were a Windows server. The smbd service provides the actual file and print-sharing functionality. In contrast, the nmbd service provides the necessary naming and browsing services for the clients to locate and access the shared resources.

Image 24
Starting the Samba Server Services

Setting Up a Firewall to Allow Samba Services to Run

To allow clients to access the file and print-sharing services provided by Samba, you need to configure your firewall to open the necessary ports.

The first step is to run the following command:

firewall-cmd --permanent --zone=public --add-service=samba

This command tells the firewall to add the “samba” service to the “public” zone permanently. This means that the changes will persist across reboots of the system. The “samba” service is a predefined service in the firewall that opens the necessary ports for Samba, including TCP ports 139 and 445 for SMB/CIFS file and print sharing and UDP port 137 for NetBIOS name resolution.

The second command is:

firewall-cmd --zone=public --add-service=samba

This command tells the firewall to add the “samba” service to the “public” zone in a temporary way. This means that the changes will not persist across reboots of the system.

Both commands ensure that the firewall is configured to allow access to the Samba services by clients on the public network. The firewall will now allow incoming connections on the necessary ports for SMB/CIFS file and print sharing and NetBIOS name resolution, allowing clients to connect to the Samba server and access shared files and printers.

It is important to note that if you are using a different firewall software than firewalld, the commands and configurations may be different.

Image 25
Configure the firewall to open the necessary ports

Creating the Samba Share Directory and Adding Users

In order to create a structured and maintainable Samba setup, all Samba directories and data will be located in the /samba directory. To start, the following commands are used to create the /samba directory and set the necessary permissions:

  1. sudo mkdir /samba – This command creates the /samba directory on the system.
  2. sudo groupadd sambashare – This command creates a new group called sambashare.
  3. sudo chgrp sambashare /samba – This command changes the group ownership of the /samba directory to the newly created sambashare group.
Image 27
create the /samba directory and set the necessary permissions:

Samba uses Linux users and group permission systems, but it has an authentication mechanism separate from the standard Linux authentication. Therefore, to create Samba users, we will first create regular Linux users using the standard Linux useradd tool and then set the user passwords with the smbpasswd utility.

In this example, we will create two types of users:

  • A regular user named reg-user will have access to its private file share.
  • An administrative user named samba-admin with read and write access to all shares on the Samba server.

1. Creating a Regular User

To create a new user named ‘reg-user’, use the following command:

sudo useradd -M -d /samba/reg-user -s /usr/sbin/nologin -G sambashare reg-user

Here’s an explanation of what the above flags and commands do,

  • -M : Do not create the user’s home directory. We will manually create this directory.
  • -d /samba/reg-user: Set the user’s home directory to /samba/reg-user.
  • -s /usr/sbin/nologin: Disable shell access for this user.
  • -G sambashare: Add the user to the sambashare group.

The follow chown command will create the reg-user’s home directory and set the directory ownership to user reg-user and group sambashare:

sudo mkdir /samba/reg-user
sudo chown reg-user:sambashare /samba/reg-user

The following command is used to add the setgid bit to the /samba/reg-user directory so that newly created files in this directory will inherit the group of the parent directory. This way, no matter which user creates a new file, the file will have the group-owner of sambashare.

sudo chmod 2770 /samba/reg-user

To add the josh user account to the Samba database and set the user password, use the following command: 

sudo smbpasswd -a reg-user

You will be prompted to enter and confirm the user password.

Once the password is set, enable the Samba account by using the command: 

sudo smbpasswd -e reg-user

2. Creating an Administrative User

The process of creating the administrative user, samba-admin, is similar. To create the administrative user, type:

sudo useradd -M -d /samba/users -s /usr/sbin/nologin -G sambashare samba-admin

The command above will also create a group sadmin and add the user to both sadmin and sambashare groups.

To set a password and enable the sadmin user, use the following commands:

sudo smbpasswd -e samba-admin

3. Create the Users Share Directory

sudo mkdir /samba/users

Set the directory ownership to user sadmin and group sambashare:

sudo chown sadmin:sambashare /samba/users

This directory will be accessible to all authenticated users.

The following command is used to configure write/read access to members of the sambashare group in the /samba/users directory:

sudo chmod 2770 /samba/users

Configuring Samba Server

After creating the samba share directory, it is necessary to edit the smb.conf file to configure shares, users, and permissions. smb.conf is the configuration file of Samba. The smb.conf file is typically located in the /etc/samba directory.

But before we start editing the configuration file, let’s take a backup of it,

mv /etc/samba/smb.conf /etc/samba/smb.con.bak
Image 26
backing up the samba config file

You can configure shares by adding a section to the smb.conf file in the format:

[users]
    path = /samba/users
    browseable = yes
    read only = no
    force create mode = 0660
    force directory mode = 2770
    valid users = @sambashare @samba-admin

[josh]
    path = /samba/reg-user
    browseable = no
    read only = no
    force create mode = 0660
    force directory mode = 2770
    valid users = reg-user @samba-admin

Now, we save and exit the configuration file.

Now that the configuration file has been saved let us restart the services,

sudo systemctl restart smb.service
sudo systemctl restart nmb.service

Conclusion

That’s Now that we have set up the Samba Server, all we need to do is to connect to the Samba Server. Do read up on connecting to samba server.