Here’s a tutorial that shows you how to enable Samba in CentOS 7 and create a file server with different access permissions in a networked environment.

For example, if you own CentOS server with huge storage space, you can create multiple shares and enable other networked clients to access those share remotely. The clients can be Windows, Mac OSX or other Linux machines.

Using Samba software one can provide seamless file and print services to remote clients with the host server acting as a file server. This brief tutorial is going to show you how to do it.

For this tutorial, we’re going create three separate shares with different access levels. One share will allow full access to everyone without passwords.

The second share will only allow users who are members of a particular group and the last share will allow only a single user with full permission. Our server is going to be called Srvr1 with IP address 192.168.0.1

 

  • Setting up Workgroup

The first step in the whole process is making sure that all systems share the same workgroup. The server and clients should be member of the same workgroup for this to work properly.

Step one, is to determine the workgroup name of your Windows machines. To do that, ope the command prompts and run the commands below.

net config workstation

Centos 7 samba shares

 

Take notes of the workstation domain shown on the screen. That’s the workgroup of your first Windows machine, which is the default.

Since our first windows machine is a member of the Workgroup workgroup, let’s make all of the other system a member of the same Workgroup.

The default Samba workgroup is also going to be called Workgroup.

 

  • Setting up Network/DNS

If you don’t have a Domain Name System in place, then you may skip this part. If not, then let’s create a host record for the server on each machine.

In Windows, run open the command prompt as administrator and run the commands below.

notepad C:\Windows\System32\drivers\etc\hosts

Then enter the hostname and IP address of the server and save the file. (add the line below at the end of the file and save)

192.168.0.1         srvr1.domain.com                     srvr1

 

  • Installing Samba in CentOS 7

Next, logon to your CentOS 7 server and install Samba and other samba packages. To do that, run the commands below.

yum -y install samba samba-client samba-common

After running the above commands, go and create a backup of Samba default configuration file. To do that, run the commands below.

mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

Then create a new configuration file with the information below.

vi /etc/samba/smb.conf

 

  • Samba global parameters

In the new smb.conf file, set the global parameters that will allow Samba to share it shares.
[global]

workgroup = WORKGROUP
server string = Samba Server %v
netbios name = srvr1
security = user
map to guest = bad user
dns proxy = no

 

  • First share to allow everyone access

Below the [global] parameters, add the below shares definitions that will allow everyone access to the shared directory.

 

[allaccess]
path = /samba/allaccess
browsable = yes
writable = yes
guest ok = yes
read only = no

 

The above share definition gives everyone access without prompting for passwords regardless of their group membership.

The entire file should look like this:

 

[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = srvr1
security = user
map to guest = bad user
dns proxy = no
#============================ Share Definitions ==============================
[allaccess]
path = /samba/allaccess
browsable =yes
writable = yes
guest ok = yes
read only = no

 

Save the file and restart Samba services and continue..

Next, run the commands below to create the allaccess folder that you shared above.

mkdir -p /samba/allaccess

Then enable and start Samba services using the commands below

systemctl enable smb.service
systemctl enable nmb.service
systemctl restart smb.service
systemctl restart nmb.service

 

  • Open the firewall to allow access

By default all incoming ports are denied when you installed CentOS. To allow external access to Samba in CentOS 7, you must open the firewall to allow traffic to Samba. To do that, run the commands below.

firewall-cmd --permanent --zone=public --add-service=samba

Then reload the firewall by running the commands below.

firewall-cmd --reload

Since the share above is allaccess, which means everyone should have access, let’s change the permission on the folder. To do that, run the commands below to give ownership of it to nobody.

cd /samba
chmod -R 0755 allaccess/
chown -R nobody:nobody allaccess/

 

Next, we want to allow selinux for the share folder above. To do that, run the commands below from the /samba directory.

chcon -t samba_share_t allaccess/

 

Now go to Windows machine and select Run then type the folder path to access it.

 

Creating secure folder with member only access.

The above setup allows everyone to access that folder. To allow only a select member to access the secure folder inside the allaccess folder, you’ll want to create another share like the one below.
[secured]
path = /samba/secured
valid users = @scuredgroup
guest ok = no
writable = yes
browsable = yes

Create a the new folder by running the commands below

mkdir -p /samba/secured

Then create a group name securedgroup. To create a group in Linux run the commands below.

groupadd securedgroup

Then add the user richard as a member of the group

useradd richard -G securedgroup

Do the same for all the member you want to access the secured folder. When you’re done, allow selinux for the secure folder.

chcon -t samba_share_t secured/

Change the permission to that folder to everyone who has access the read and write to it.

cd /samba
chmod -R 0777 secured/

Finally, change the owner ship of the secured group to a user and the securedgroup.

chown -R richard:securedgroup secured/

Now try to access the secured group.

Finally, add the user to Samba database by running the commands below. Do this for all users who will be accessing the secured folder.

smbpasswd -a richard

 

If you only want a single user to access a particular share, replace the @securedgroup with the user id, and only that user will access that share.

Enjoy!