Installing Samba 3 on CentOS
This tutorial should work on any distro based on RedHat, but I have only tested it on CentOS 6.4.
You will need to run the commands as root.
Installing
You would normally use Samba when you are serving files to Windows-based computers. For Linux or OSX machines, there are better/easier ways to share files.
This tutorial will be setting up classic Samba shares in a standalone role. All the commands are run as root.
You will need to run this in a terminal install the samba packages:
yum install samba
You will be prompted to confirm the download and once that is completed, the installation of Samba will begin. After the installation is complete, you will be back to a shell prompt.
By default Samba is not started automatically at boot. You can set it to start automatically on boot by running this command:
chkconfig --level 345 smb on chkconfig --level 345 nmb on
Do not forget to allow TCP ports 139 and 445 as well as UDP ports 137 and 138 through your firewall:
iptables -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT iptables -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT iptables -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 -j ACCEPT iptables -A INPUT -p tcp -m tcp -s 192.168.0.0/24 --dport 445 -j ACCEPT
By default, SELinux will disallow the samba daemons (smb and nmb respectively) access to any folder, so you will need to tag the folders you wish to share as samba shares:
chcon -R -t samba_share_t /path/to/shared/folder/
For more information about that, check out this page.
Configuring
Once the installation is complete, you should be able to see your new samba server on the network, providing you have something set up to provide name resolution. I use DNSMasq for local name resolution, and it works very well on a small network.
In order to access the shares on your new samba server, you must create samba users and set samba passwords for each of them.
Note: You need to have a local user in order to add a local samba user using the following method.
You can create a local user by using the adduser command like so:
adduser username
In order to create a local samba user, you need to run the following command: Replace username with the username of the account you want to set a password for.
smbpasswd -a username
Now that you have a user that can access the samba server, you can configure your shares. In order to do this you must add your share definitions to /etc/samba/smb.conf; you can do this with nano, or whatever text editor you prefer, or even use something like Webmin or Zentyal. Those are just a couple of the GUI tools around, you can find a list of some more of them here.
You can find a full list of parameters here.
Here is a list of some of the valid settings for the share definitions:
| Parameter | Description | Syntax |
|---|---|---|
| browseable | Defines if the share is shown or not. Default is yes. |
browseable = yes | no |
| hide dot files | Hide or show hidden files (those starting with a dot) Default is yes. |
hide dot files = yes | no |
| path | The path to the folder you want to share. | path = /path/to/folder |
| create mask | Default is 0664. | create mask = 0664 |
| directory mask | Default is 0775 | directory mask = 0775 |
| force group | Changes the default group for all users connected to the share. Disabled by default. |
force group = group |
| force user | Changes the default user for all users connecting to the share. Disabled by default. |
force user = username |
| guest ok | Allows guest access. Default is no. |
guest ok = yes | no |
| valid users | Which users are allowed to connect to the share. All users are allowed by default. |
valid users = username, @group |
| invalid users | Which users are not allowed to connect to the share. All users are allowed by default. |
invalid users = username, @group |
| read only | Makes a share read only. The default is yes. |
read only = yes | no |
| writeable | Makes a share read/write. The default is no. |
writeable = yes | no |
| read list | List of users or groups that are only allowed read access to a share. It is not used by default. |
read list = username, @group |
| write list | List of users or groups that are only allowed write access to a share. It is not used by default. |
write list = username, @group |
Here is what one of my share definitions looks like:
[Charles]
invalid users = htpc
create mask = 660
path = /media/data/charles
write list = charles
directory mask = 770
Whenever you make a change to smb.conf, be sure to run testparm to ensure that there are no syntax errors in your smb.conf file.
testparm -s /etc/samba/smb.conf
If you make a change to smb.conf, you will also have to restart the smbd and nmbd services for the changes to take effect.
service smb restart service nmb restart
Once you have your share definitions set up, you will be good to go.