How to Install and Configure Samba on CentOS 8
In this tutorial, we’re going to learn how to install and configure a samba server on CentOS 8/RHEL8 to share files on the local network. Samba is a free and open-source SMB/CIFS protocol implementation for Unix and Linux that allows for file and print sharing between Linux, Windows and macOS machines in a local area network.
Samba is usually installed and run on Linux. It comprises several programs that serve different but related purposes, the most important two of which are:
- smbd: provides SMB/CIFS service (file sharing and printing), can also act as a Windows domain controller.
- nmbd: This daemon provides NetBIOS name service, listens for name-server requests. It also allows the Samba server to be found by other computers on the network.
1. Install Samba Server
By default, the Samba package is available in the CentOS default repository. You can install it with the following command:
# dnf install samba samba-common samba-client -y
start the SMB service and enable it to start after system reboot with the following command:
# systemctl start smb.service # systemctl enable smb.service # systemctl start nmb.service # systemctl enable nmb.service
You can now verify the Samba service with the following command:
# systemctl status smb
You should get the following output:
smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2020-03-02 23:03:30 EST; 8s ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Main PID: 2072 (smbd) Status: "smbd: ready to serve connections..." Tasks: 4 (limit: 25028) Memory: 33.8M CGroup: /system.slice/smb.service ??2072 /usr/sbin/smbd --foreground --no-process-group ??2074 /usr/sbin/smbd --foreground --no-process-group ??2075 /usr/sbin/smbd --foreground --no-process-group ??2076 /usr/sbin/smbd --foreground --no-process-group
To check your Samba version, run
# smbd --version
Run the following command to open the above ports in the firewall.
# firewall-cmd --permanent --add-service=samba
Reload firwall daemon for the change the take effect.
# systemctl reload firewalld
2. Create a Public Share with Samba
In this section, we will create a public share with Samba so everyone can access the public share directory without a password.
Create a Public Share Directory
First, create a shared folder named public and also create two files inside the public directory:
# mkdir -p /samba/share/public # touch /samba/share/public/file1.txt # touch /samba/share/public/file2.txt
Next, assign the necessary permissions and ownership with the following command:
# chmod -R 0755 /samba/share/ # chmod -R 0755 /samba/share/public # chown -R nobody:nobody /samba/share # chown -R nobody:nobody /samba/share/public # chcon -t samba_share_t /samba/share/public
Next, you will need to configure Samba to share a public directory.
First, create a backup copy of
/etc/samba/smb.conf file with the following command:
# mv /etc/samba/smb.conf /etc/samba/smb.bak
Next, create a new Samba configuration file:
# vi /etc/samba/smb.conf
Add the following lines:
[global] workgroup = WORKGROUP server string = Samba Server %v netbios name = samba-server security = user map to guest = bad user dns proxy = no [Public] path = /samba/share/public browsable =yes writable = yes guest ok = yes read only = no
Save and close the file. Then, restart Samba service to apply the changes:
# systemctl restart smb
Next, test the Samba configuration with the following command:
You should see the following output:
Load smb config files from /etc/samba/smb.conf Loaded services file OK. Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters [global] dns proxy = No map to guest = Bad User netbios name = SAMBA-SERVER security = USER server string = Samba Server %v idmap config * : backend = tdb [Public] guest ok = Yes path = /samba/share/public read only = No
Next, set the proper SELinux boolean and security context values on share directory with the following command:
# setsebool -P samba_export_all_ro=1 samba_export_all_rw=1 # semanage fcontext -a -t samba_share_t "/samba/share/public(/.*)?" # restorecon /samba/share/public
3. Access Samba Share from Windows
Access Samba Share Path
Now open Run prompt by pressing win + r key on your keyboard then type \\IP and press enter key.
You will see Anonymous folder like below
Now you can add files/folders in this folder to share with other users.
Create samba secure share
Create a secured share on the server where only allowed user can login and set appropriate permissions on it and allow SELINUX for the samba configuration.
Create group for samba users
# groupadd securedgroup
Create samba user with securedgroup
# useradd demo -G securedgroup
Add user to samba database and set its password
# smbpasswd -a demo
Now create secure share folder for samba users and set necessary permissions.
mkdir -p /srv/samba/secured chmod -R 0770 /srv/samba/secured chcon -t samba_share_t /srv/samba/secured chown -R root:securedgroup /srv/samba/secured/
Now add following lines in samba configuration file.
# vi /etc/samba/smb.conf
[secured] path = /srv/samba/secured valid users = @securedgroup guest ok = no writable = yes browsable = yes
Then restart samba
# systemctl restart smb.service
Now access secured share from Windows
Now you can access the RHEL 8 secured folder from windows, open Run prompt by pressing win + r key on your keyboard
Then type \\SAMBA-SERVER-IP and press enter key.
My samba server IP is 192.168.130.152 so i will use \\192.168.1.200
Now Click on secured folder and it will ask you to enter samba user login details to access the folder.
You will see secured folder like below, Now you can add files/folders in this folder to share with other samba users.
4. Access Samba Share from Ubuntu
I am going to use Ubuntu to access RHEL 8 Samba secure share.
Login to Ubuntu, open terminal and run below command.
First install samba client
# apt-get install samba-client -y
Now use below command to verify Samba Share is accessible.
# smbclient --user=demo -L //192.168.1.200
smbclient –user=samba-username -L //Samba-Server-IP
# smbclient //192.168.1.200/secured -U demo
In this tutorial we saw how to install samba on a RHEL 8 / CentOS 8 system. We also saw how to share a directory, allowing access to guests or restricting it to authenticated users. We also saw how to configure the firewall in order for the share to be accessible from other machines on the network.
Finally, we saw how to perform the needed changes in order to have a working samba setup with SELinux in “enforcing” mode.