Yin and Yang


Installing Samba 3 on CentOS

This tutorial should work on any distro based on RedHat, but I have only tested it on CentOS 6.4.
You will need to run the commands as root.


You would normally use Samba when you are serving files to Windows-based computers. For Linux or OSX machines, there are better/easier ways to share files.

This tutorial will be setting up classic Samba shares in a standalone role. All the commands are run as root.

You will need to run this in a terminal install the samba packages:

yum install samba

You will be prompted to confirm the download and once that is completed, the installation of Samba will begin. After the installation is complete, you will be back to a shell prompt.

By default Samba is not started automatically at boot. You can set it to start automatically on boot by running this command:

chkconfig --level 345 smb on
chkconfig --level 345 nmb on

Do not forget to allow TCP ports 139 and 445 as well as UDP ports 137 and 138 through your firewall:

iptables -A INPUT -p udp -m udp -s --dport 137 -j ACCEPT
iptables -A INPUT -p udp -m udp -s --dport 138 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s --dport 445 -j ACCEPT

By default, SELinux will disallow the samba daemons (smb and nmb respectively) access to any folder, so you will need to tag the folders you wish to share as samba shares:

chcon -R -t samba_share_t /path/to/shared/folder/

For more information about that, check out this page.


Once the installation is complete, you should be able to see your new samba server on the network, providing you have something set up to provide name resolution. I use DNSMasq for local name resolution, and it works very well on a small network.

In order to access the shares on your new samba server, you must create samba users and set samba passwords for each of them.

Note: You need to have a local user in order to add a local samba user using the following method.

You can create a local user by using the adduser command like so:

adduser username

In order to create a local samba user, you need to run the following command: Replace username with the username of the account you want to set a password for.

smbpasswd -a username

Now that you have a user that can access the samba server, you can configure your shares. In order to do this you must add your share definitions to /etc/samba/smb.conf; you can do this with nano, or whatever text editor you prefer, or even use something like Webmin or Zentyal. Those are just a couple of the GUI tools around, you can find a list of some more of them here.

You can find a full list of parameters here.

Here is a list of some of the valid settings for the share definitions:

Samba Share Parameters with Syntax
Parameter Description Syntax
browseable Defines if the share is shown or not.
Default is yes.
browseable = yes | no
hide dot files Hide or show hidden files (those starting with a dot)
Default is yes.
hide dot files = yes | no
path The path to the folder you want to share. path = /path/to/folder
create mask Default is 0664. create mask = 0664
directory mask Default is 0775 directory mask = 0775
force group Changes the default group for all users connected to the share.
Disabled by default.
force group = group
force user Changes the default user for all users connecting to the share.
Disabled by default.
force user = username
guest ok Allows guest access.
Default is no.
guest ok = yes | no
valid users Which users are allowed to connect to the share.
All users are allowed by default.
valid users = username, @group
invalid users Which users are not allowed to connect to the share.
All users are allowed by default.
invalid users = username, @group
read only Makes a share read only.
The default is yes.
read only = yes | no
writeable Makes a share read/write.
The default is no.
writeable = yes | no
read list List of users or groups that are only allowed read access to a share.
It is not used by default.
read list = username, @group
write list List of users or groups that are only allowed write access to a share.
It is not used by default.
write list = username, @group

Here is what one of my share definitions looks like:

        invalid users = htpc
        create mask = 660
        path = /media/data/charles
        write list = charles
        directory mask = 770

Whenever you make a change to smb.conf, be sure to run testparm to ensure that there are no syntax errors in your smb.conf file.

testparm -s /etc/samba/smb.conf

If you make a change to smb.conf, you will also have to restart the smbd and nmbd services for the changes to take effect.

service smb restart
service nmb restart

Once you have your share definitions set up, you will be good to go.