Note: This is an RHCE 7 exam objective.

Configuration Procedure

Install the Samba packages:

# yum groupinstall -y "file-server"
# yum install -y samba-client samba-winbind

Create a new /etc/samba/smb.conf file and add the following lines (for a workgroup named MYGROUP, a server called MYSERVER, a local network with IP addresses in 192.168.1.0/24, a user named user01 and a share called shared):

workgroup = MYGROUP
server string = Samba Server Version %v
netbios name = MYSERVER
interfaces = lo eth0 192.168.1.0/24
hosts allow = 127. 192.168.1.
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
[shared]
comment = Shared directory
browseable = yes
path = /shared
valid users = user01
writable = yes

Note: with “passdb backend = tdbsam“, passwords are stored in the /var/lib/samba/private/passdb.tdb file.

Check the syntax of the configuration file:

# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[shared]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
    workgroup = MYGROUP
    netbios name = MYSERVER
    server string = Samba Server Version %v
    interfaces = lo, eth0, 192.168.1.0/24
    log file = /var/log/samba/log.%m
    max log size = 50
    idmap config * : backend = tdb
    hosts allow = 127., 192.168.1.

[shared]
    comment = Shared directory
    path = /shared
    valid users = user01
    read only = No

Create the shared directory:

# mkdir /shared

Give full access rights to the new directory:

# chmod 777 /shared

Create a file inside called test:

# echo "This is a test." > /shared/test

Set up the correct SELinux context:

# yum install -y setroubleshoot-server
# semanage fcontext -a -t samba_share_t "/shared(/.*)?"
# restorecon -R /shared

Add the new service to the firewall:

# firewall-cmd --permanent --add-service=samba

Reload the firewall configuration:

# firewall-cmd --reload

Activate the Samba services at boot:

# systemctl enable smb
# systemctl enable nmb
# systemctl enable winbind

Start the Samba services:

# systemctl start smb
# systemctl start nmb
# systemctl start winbind

Create the samba user user01 with the password pass:

# useradd -s /sbin/nologin user01
# smbpasswd -a user01
New SMB password: pass
Retype new SMB password: pass
Added user user01.

Check the configuration:

# smbclient //localhost/shared -U user01%pass
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
  .                                   D        0  Sun Aug  3 00:19:00 2014
  ..                                  D        0  Sat Aug  2 23:16:27 2014
  test                                N        0  Sun Aug  3 00:15:20 2014

        47356 blocks of size 65536. 26414 blocks available

Additional Resources

Useful information about SELinux and Samba is available in the RHEL 7 SELinux User’s and Administrator’s Guide. Fedora documentation‘s got a chapter about Configuring Samba. You can also read the Samba Howto. The learnitguide website provides a tutorial about Configuring a Samba server on RHEL 7. The Lisenet website offers a tutorial about Setting up a Samba Server with SELinux on RHEL 7.

Beyond the exam objectives, atLinux.conf.au 2017, Andrew Bartlett gaves a presentation about the status of Samba (34min/2017). The Howtoforge website provides a tutorial about Installing a Samba 4 Domain Controller on CentOS 7.