Skip to main content

CONFIGURING SAMBA MULTIUSERS ON CENTOS 7

This article we will be going through setting up SAMBA server with Window/Linux and Linux clients respectively. This article will definitely help you if you are called up for setting up file servers in enterprise environments where we will likely find different type of devices and operating systems .

Our current testing environment persist of 2 Centos 7 boxes and one Windows 10 machine.

SAMBA Server : 192.168.6.232
SAMBA Client (Linux) : 192.168.6.233
SAMBA Client (Windows) : 10.10.16.16

SERVER SIDE

 INSTALL PACKAGE

Firstly , we will need to install the respective package in the server side .

# yum install samba samba-client -y

START THE SAMBA SERVICE

After installing the package we will need to start up the service as well as enable the service.

# systemctl start smb
# systemctl enable smb

FIREWALLD

After starting and enabling the service we will need to add the service in the firewall . 

# firewall-cmd --add service samba --permanent
# firewall-cmd --reload

CONFIGURING SAMBA SHARE

We will need to create a folder which we want to share and also dive into the main configuration file /etc/samba/smb.conf. In this particular example we would like Harry to be given full permission where as the user Andrew to be given Read Only permission.

1.     CREATE A DIRECTORY YOU WANT TO SHARE

 # mkdir    /local

2.      CREATE MULTIPLE USER TO READ/WRITE

# useradd harry –s /sbin/nologin
# useradd andrew -s /sbin/nologin

3.      ASSIGN   SMBPASSWD TO THE USERS

# smbpasswd –a harry
New Smb Password:
Retype new Smb Password :

#smbpasswd -a andrew
New Smb Password:
Retype new Smb Password :

4.      CHANGE SELINUX SECURITY CONTEXT TO THE SHARE DIRECTORY

We will either need to disable the selinux or set the correct security context for the file to be shared in proper way otherwise selinux will prevent user from accessing the share file.

# chcon –t samba_share_t /local

5.      CHANGE THE MAIN CONFIGURATION FILE

[ ]           = Share name
comment = Brief introduction about the share optional parameter 
path =  It specifies  absolute path of the directory
browseable = If 'Yes' = visible share
                       If 'No' =  Read-write enable share
writable = If  'no' = Read only share 
                 If 'yes' =  Read-write enable share
valid users =   To allow access of the given shared directory to the specified users only
write list =      To allow write privilege to the given user only
hosts deny =   To deny access of the given folder to the specified host.
hosts allow =  To allow access of shared directory from the specified host only.
create mask = To force files to be created with

#vim /etc/samba/smb.conf

[local]
comment = my local
path = /local
browseable = yes
write list = harry
hosts allow = 192.168.6. (Overall Network)                  
hosts deny = 192.168.6.20 (Single Host)


Note: In our example Write List is only given to Harry because the user Harry is only allowed to Read/Write where as for the user Andrew we will keep it as Read Only .

6. SET ACL (for the user Harry) 
             
We have set ACL permission of rwx to the user harry for  the folder (local) .

#setfacl -m u:harry:rwx /local

                     
7.    VERIFY THE FILE IS BEING SHARED 

#smbclient -L localhost
      OR
#testparm


CLIENT SIDE (LINUX)


INSTALL THE PACKAGE

1.      You just need to install the samba-client package

# yum install samba-client
# yum install cifs-libs
      
2.  Make sure that the folder you want to share is visible

#  smbclient –L 192.168.6.232

3.  Create file for storing the username and password for samba client

# vim /root/pass.txt

username=harry
password=redhat ( write the password which you kept in the server side) (No Space)

MOUNTING THE SAMBA SHARE IN LINUX

# vim /etc/fstab
//192.168.6.232/local        /mnt    cifs    credentials=/root/pass.txt,sec=ntlmssp  0 0 

CHECK THE FOLDER

We will need to first create user harry in our client end 

# useradd harry
# passwd harry
New Password : 
Retype new Password : 

After we create a user then we will need to switch our user from root to user Harry

# su - harry

# cifscreds add 192.168.6.232

# cd /mnt

Then we can create a file inside /mnt which is the folder where we have mounted for our folder /local .

# touch file1

The file which we have recently created should have the user and group permission of the user Harry and our tasks finally gets completed .

CLIENT SIDE (WINDOWS)
The folder can also be shared in windows which we have already discussed about it earlier. In order to mount the folder in Windows PC go to MY PC and the choose Computer then map the network drive . After that we will need to assign a letter for the drive to be mapped check the box where it is written "Connect using different credentials". You can check the screenshot which I have captured below


We can create a file and check the permission for the created file in our linux server  . The file permission should belong to user Harry. 


CONCLUSION

In the above article we have discussed about how we can share folder in linux as well as windows platform using samba multiusers share. We have also learned about managing firewall, selinux as well as accessing the folder with  an particular user .

Please, feel free to drop a comment using the form below if you have any comments or suggestions.
Labels:

Comments

Post a Comment

Popular posts from this blog

SAN Switch Zoning with Brocade

Zoning in Brocade SAN Switch Let's begin with resetting the switch completely. In my environment I have two brocade SAN Switch connecting to 2 Dell R940 server configured with VMware. The SAN switch will be having connectivity between Dell Unity 500 storage and Dell R940 servers. Multipathing will be done between the server and storage with the help of SAN Switch. Multipathing, also called SAN multipathing or I/O multipathing, is the establishment of multiple physical routes between a server and the storage device that supports. It results in better fault tolerance and performance enhancement. DESIGN The idea behind zoning is that intended WWPN talk with each other . This is more like ACL in the world of Ethernet. To see the devices which are logged into the switch the following commands can be executed. SAN-A:admin> switchshow switchName: SAN-A switchType: 118.1 switchState: Online switchMode: Native switchRole: Principal switchDomain: 1 switchId: ...
Post a Comment
Read more

SSL Decryption FortiGate

  We have pretty much heard about SSL decryption and of malware hiding inside an encrypted traffic. A large amount of traffic in the internet is pretty much encrypted which basically means that bad things like malware, virus, ransomware can hide inside this encrypted traffic. If majority of these traffic are encrypted our Firewalls are not able to analyze these traffic which can easily infect our organization and the investment which we have done in these firewalls are wasted. There does come around a solution for this and as my topic suggest SSL Decryption also know as Deep Packet Inspection as by some IT folks. The image that I have attached down below clearly suggest about what I am trying to explain. Using deep packet inspection, the firewall simply decrypts the encrypted traffic happening  between client and server, inspects the content to find the threats and block them , then forwards it to the destination re-encrypting it . We will need to first setup the SSL/SSH in...
Post a Comment
Read more

Upgrade Catalyst C9500

Upgrading Catalyst 9500 series switch is relatively easy. The one that I'm going to upgrade today is on Install mode containing packages.conf file. Install mode consumes far less resources in compared to the traditional bundle mode and has some advantage like auto upgrade when configured in stacked mode. We can talk about the difference between bundle and install mode later on. Let's focus on upgrading the Catalyst 9500 switch. Switch I am trying to upgrade is in 17.03.03 which has some bugs and security vulnerabilities. I am upgrading it from 17.03.03 to 17.6.5(MD) golden image present in the cisco download site for C9500 series switch and also reading down the linked document from cisco that is what they recommend. You can have a look at it . https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/221498-recommended-releases-for-catalyst-9200-9.html We will first need to create FTP username and password in the switch. The username and password must b...
1 comment
Read more