Samba.v7
From Access Information
| Installing | New Server | Mrepo | smartd | RAID | Hardening | YUM | Crontabs | LogWatch | systemctl | firewalld | CentOS 7 | |
|
Apache | Bind | Cacti | DHCP | mariadb | Samba | Sarg | Sendmail | Smokeping | Rsync | Work Apps | |
| Problems | VPN | VPN Win | Extras | Bash | MailScanner | Horde | Google CE | Wake Up | KVM | |||
| Other | Computer Lab | ISO2USB | aiContact | Google CE | Android | USB Live | SRS XML |
Contents
Samba
Turn off selinux
setenforce 0
Still seems to ne more owrk than it appears worth.
emacs /etc/selinux/config
SELINUX=disabled
Don't forget the d
YUM
yum install samba samba-client samba-common
cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
Home Directories
mkdir /home/samba mkdir /home/samba/netlogon mkdir /home/samba/shares mkdir /home/samba/shares/public mkdir /home/samba/shares/utilities mkdir /home/samba/shares/office mkdir /home/samba/shares/general mkdir /home/samba/shares/iso mkdir /home/samba/shares/school mkdir /home/samba/shares/musac mkdir /home/samba/shares/teachers mkdir /home/samba/shares/musac/MLM mkdir /home/samba/shares/gallery mkdir /home/samba/shares/newsletters chmod -R 777 /home/samba
netlogon
net use n: \\server\%SMARTLOGIN_USERNAME% echo %SMARTLOGIN_USERNAME%
Using smbclient
smbclient //192.168.7.243/Software -U administrator
To start and look in this share
smbclient -L 192.168.7.243 -U administrator
To see what this Windows PC (Server) is sharing
Mounting
Centos 6
mount -t cifs //192.168.0.252/SomeShare /mnt/SomeShare -o user=theuser,password=thepassword
Centos 7
mount -t cifs "//192.168.7.243/Survey Plans" -o username=administrator,password=passwd,\vers=3\.0 /mnt/somedir
systemctl
systemctl enable smb.service systemctl enable nmb.service systemctl restart smb.service systemctl restart nmb.service
Editing the current /etc/samba/smb.conf
Make the appropriate changes.
My Current smb.conf
[global] workgroup = WORKGROUP server string = Samba Server %v netbios name = centos security = user map to guest = bad user dns proxy = no #============================ Share Definitions ============================== [Anonymous] path = /samba/anonymous browsable =yes writable = yes guest ok = yes read only = no
[global]
workgroup = ACCESS
netbios name = teyla
server string = cat
hosts allow = 192.168.20. 127.0.0.1
interfaces = 127.0.0.1 eth0
printcap name = cups
load printers = yes
printing = cups
log file = /var/log/samba.%m
max log size = 50
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
remote browse sync = 192.168.20.3
remote announce = 192.168.20.3
local master = no
os level = 2
domain master = no
domain logons = yes
preferred master = no
time server = no
logon path = \\%L\Profiles
# logon script = %m.bat
logon script = %U.bat
# logon script = logon.bat
logon home = \\%L\%U\files
logon drive = N:
name resolve order = wins lmhosts bcast
wins support = yes
wins proxy = yes
dns proxy = yes
preserve case = yes
short preserve case = yes
pam password change = yes
obey pam restrictions = no
#used to be yes changed for v27
deadtime = 1
# Database Options
oplocks = no
kernel oplocks = no
level2 oplocks = no
blocking locks = yes
locking = yes
strict locking = no
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
# run a specific logon batch file per username
guest ok = Yes
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null -g machines -M %u
This section makes available a users "/home/user" directory to them alone. It can be mapped in their netlogon/?.bat file
[homes]
comment = home directories
read only = No
browseable = No
writable = yes
valid users = %U
create mode = 0664
directory mode = 0755
root preexec = python /var/www/inet/python/smb-logon.py %u %m
root postexec = python /var/www/inet/python/smb-logoff.py %u %m
If you are using Domain Profiles
[Profiles]
comment = Network Logon Service
# path = /home/samba/profiles
path = /home/%U/.profile
# writable = yes
browseable = no
guest ok = yes
create mode = 0600
csc policy = disable
directory mode = 0700
profile acls = yes
read only = no
The directory to find .bat files for mapping a users shares.
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
browseable = no
An example of shares
[utilities]
comment = utilities shares
path = /home/samba/shares/utilities
force user = root
force group = root
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
Restricted share
[restricted]
writeable = yes
path = /home/samba/shares/restricted
force directory mode = 0777
force create mode = 0777
force user = root
create mask = 0777
directory mask = 0777
comment = Restricted Office Area (private)
valid users = office,@admins
The user office has access and anyone in the admin group.
Turn off Printing
load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes
login.bat
@echo off set DOMAINSERVERNAME=servername net time /set /y \\%DOMAINSERVERNAME% echo Welcome to the ????? Domain echo . echo We will now connect a number of Drives to your Computer. echo 17.11.2014 net use h: \\%DOMAINSERVERNAME%\http net use g: \\%DOMAINSERVERNAME%\gallery net use i: \\%DOMAINSERVERNAME%\cds net use k: \\%DOMAINSERVERNAME%\iso$ net use n: \\%DOMAINSERVERNAME%\%SMARTLOGIN_USERNAME% echo %SMARTLOGIN_USERNAME% rem or rem net use n: \\%DOMAINSERVERNAME%\%USERNAME% net use o: \\%DOMAINSERVERNAME%\newsletters /user:USER PASSWD net use p: \\%DOMAINSERVERNAME%\public net use s: \\%DOMAINSERVERNAME%\students net use t: \\%DOMAINSERVERNAME%\teachers net use u: \\%DOMAINSERVERNAME%\utilities net use ping -n 1 localhost > nul
testparm
Run
testparm
Deal with any errors
rlimit_max: rlimit_max (8192) below minimum Windows limit (16384)
Edit /etc/security/limits.conf and add
* - nofile 16385
[tabs] detween items
firewalld
Test samba with
netstat -tulpn | egrep "samba|smbd|nmbd|winbind" tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 10752/smbd tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 10752/smbd tcp6 0 0 :::139 :::* LISTEN 10752/smbd tcp6 0 0 :::445 :::* LISTEN 10752/smbd udp 0 0 192.168.20.255:137 0.0.0.0:* 10745/nmbd udp 0 0 192.168.20.4:137 0.0.0.0:* 10745/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 10745/nmbd udp 0 0 192.168.20.255:138 0.0.0.0:* 10745/nmbd udp 0 0 192.168.20.4:138 0.0.0.0:* 10745/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 10745/nmbd
Add as needed.
firewall-cmd --get-active-zones firewall-cmd --get-default-zone firewall-cmd --zone=public --list-all firewall-cmd --zone=internal --list-all firewall-cmd --zone=external --list-all firewall-cmd --zone=public --add-port=137/tcp --permanent firewall-cmd --zone=public --add-port=138/tcp --permanent firewall-cmd --zone=public --add-port=139/tcp --permanent firewall-cmd --zone=public --add-port=445/tcp --permanent firewall-cmd --zone=public --add-port=137/udp --permanent firewall-cmd --zone=public --add-port=138/udp --permanent firewall-cmd --zone=internal --add-port=137/tcp --permanent firewall-cmd --zone=internal --add-port=138/tcp --permanent firewall-cmd --zone=internal --add-port=139/tcp --permanent firewall-cmd --zone=internal --add-port=445/tcp --permanent firewall-cmd --zone=internal --add-port=137/udp --permanent firewall-cmd --zone=internal --add-port=138/udp --permanent firewall-cmd --zone=external --add-port=137/tcp --permanent firewall-cmd --zone=external --add-port=138/tcp --permanent firewall-cmd --zone=external --add-port=139/tcp --permanent firewall-cmd --zone=external --add-port=445/tcp --permanent firewall-cmd --zone=external --add-port=137/udp --permanent firewall-cmd --zone=external --add-port=138/udp --permanent
Finally
systemctl restart firewalld
Creating Users
smbpasswd -a auser
- Did you find this page useful?
- Do you have an issue that you have not yet fixed?
We can do this for you.
I am available for technical support. Please follow this link. Tech Support Request.
+64-6-880-0000 : ++1-808-498-7146 : help@ai.net.nz
Getting us to help you
