======Install SAMBA======
This page shows how to setup a SAMBA server on CentOS 6 x86_64.

I have noticed that whenever I setup a Linux SAMBA server that already has an DNS entry on the Domain Server, you can't 'browse' to the server in Windows. The solution is to set the machine up with an IP and name that haven't been used in AD before.

=====Prerequisites=====
You must have a CentOS machine already set up in accordance with the the "[[Install CentOS 6]]" guide.

=====File Server=====
This section shows how to setup a fully open file share where anyone can read/write/create/delete files.

The following commands must be run as root.

Install Samba
<code>yum -y install samba</code>

Setup the share directory. If you are using a different disk, now is the time to set this up.
<code>mkdir -p /data/samba/wikifiles
chmod -R 777 /data/samba/wikifiles
semanage fcontext -a -t samba_share_t '/data/samba/wikifiles(/.*)?'
restorecon -R /data/samba/wikifiles</code>

Edit the config file after making a backup
<code>cd /etc/samba
cp smb.conf smb.conf.original

cat > /etc/samba/smb.conf <<'END_OF_TEXT'
[global]
        unix charset = UTF-8
        dos charset = CP932
        workgroup = EXAMPLE-DOMAIN
        netbios name = PRINTER
        server string = Samba Server Version %v
        interfaces = lo eth0 172.16.0.0/24
        hosts allow = hosts allow = 127. 172.16.
        log file = /var/log/samba/log.%m
        max log size = 50
        security = share
        passdb backend = tdbsam
        load printers = yes
        cups options = raw
[homes]
        comment = Home Directories
        browseable = no
        writable = yes
;       valid users = %S
;       valid users = MYDOMAIN\%S

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes

[docgen]
   path = /opt/test
   writable = yes
   guest ok = yes
   guest only = yes
   create mode = 0777
   directory mode = 0777
   share modes = yes
END_OF_TEXT</code>

Start the services
<code>service smb start
service nmb start</code>

Ensure they start on boot
<code>chkconfig smb on
chkconfig nmb on</code>

Open the firewall
<code>iptables -I INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
iptables -I INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

service iptables save
service iptables restart</code>


<code>cat >> /etc/init.d/samba <<'END_OF_TEXT'
#!/bin/bash
# chkconfig: 2345 95 20

case $1 in
start)
service smb start
service nmb start
;;
stop)
service smb stop
service nmb stop
;;
restart)
service smb restart
service nmb restart
;;
  *)
echo "Usage: samba {start|stop|restart}"
exit 1
esac
exit 0
END_OF_TEXT</code>

<code>chmod u+x /etc/init.d/samba</code>
<code>service samba restart</code>
=Old Notes=
Old notes from Ben's time at IBM
<code>mount -t cifs -o username=HURMQNT\stafford,password=$CIFS_PASSWORD        //moondisc/mqsiout_s000_x86l /cmvc/mqsi/output/S000/x86_linux_2
mount -t cifs -o username=HURMQNT\stafford,password=******** //moondisc/mqsiout_s000_x86l /cmvc/mqsi/output/S000/x86_linux_2



mount -t cifs -o username=HURMQNT\\stafford,password=$CIFS_PASSWORD //moondisc/mqsiout_s000_x86l /cmvc/mqsi/output/S000/x86_linux_2
mount -t cifs -o username=HURMQNT\\stafford,password=$CIFS_PASSWORD //moondisc/mqsiout_s700_x86l /cmvc/mqsi/output/S000/x86_linux_2

umount /cmvc/mqsi/output/S000/x86_linux_2

mount -t cifs -o username=HURMQNT\\stafford,password=$CIFS_PASSWORD //moondisc/mqsiout_t700_x86l /cmvc/mqsi/output/T800/x86_linux_2

Samba access group MQSIGEN on Moondisc//moondisc/mqsiout_t700_x86l


</code>
END_OF_TEXT</code>

<code>chmod u+x /etc/init.d/samba
service samba restart
chkconfig samba on</code>

<code>net ads join -U administrator</code>

# Check that you can resolve your domain srv record
<code>host -t srv _kerberos._tcp.example.com</code>


<code>mkdir /home/example
chmod 550 /home/example/</code>
<code>authconfig \
- -disablecache \
- -enablewinbind \
- -enablewinbindauth \
- -smbsecurity=ads \
- -smbworkgroup=EXAMPLE-DOMAIN \
- -smbrealm=EXAMPLE-DOMAIN.CO.UK \
- -enablewinbindusedefaultdomain \
- -winbindtemplatehomedir=/home/example/%U \
- -winbindtemplateshell=/bin/bash \
- -enablekrb5 \
- -krb5realm=EXAMPLE-DOMAIN.CO.UK \
- -enablekrb5kdcdns \
- -enablekrb5realmdns \
- -enablelocauthorize \
- -enablemkhomedir \
- -enablepamaccess \
- -updateall</code>
=====Join Linux To Domain=====
<code>yum install samba</code>

<code>iptables -I INPUT -m state - -state NEW -m udp -p udp - -dport 137 -j ACCEPT
iptables -I INPUT -m state - -state NEW -m udp -p udp - -dport 138 -j ACCEPT
iptables -I INPUT -m state - -state NEW -m tcp -p tcp - -dport 139 -j ACCEPT
iptables -I INPUT -m state - -state NEW -m tcp -p tcp - -dport 445 -j ACCEPT

service iptables save
service iptables restart</code>
<code>cat > /etc/init.d/samba <<'END_OF_TEXT'
#!/bin/bash
# chkconfig: 2345 95 20

case $1 in
start)
service smb start
service nmb start
service winbind start
;;
stop)
service smb stop
service nmb stop
service winbind stop
;;
restart)
service smb restart
service nmb restart
service winbind restart
;;
  *)
echo "Usage: samba {start|stop|restart}"
exit 1
esac
exit 0
END_OF_TEXT</code>

<code>chmod u+x /etc/init.d/samba
service samba restart
chkconfig samba on</code>

<code>net ads join -U administrator</code>

# Check that you can resolve your domain srv record
<code>host -t srv _kerberos._tcp.example.com</code>


<code>mkdir /home/example
chmod 550 /home/example/</code>
<code>authconfig \
- -disablecache \
- -enablewinbind \
- -enablewinbindauth \
- -smbsecurity=ads \
- -smbworkgroup=EXAMPLE-DOMAIN \
- -smbrealm=EXAMPLE-DOMAIN.CO.UK \
- -enablewinbindusedefaultdomain \
- -winbindtemplatehomedir=/home/example/%U \
- -winbindtemplateshell=/bin/bash \
- -enablekrb5 \
- -krb5realm=EXAMPLE-DOMAIN.CO.UK \
- -enablekrb5kdcdns \
- -enablekrb5realmdns \
- -enablelocauthorize \
- -enablemkhomedir \
- -enablepamaccess \
- -updateall</code>


<code>
vi /etc/samba/smb.conf
   idmap config emind:backend = rid
   idmap config emind:base_rid = 500
   idmap config emind:range = 500-1000000

   'idmap config SAMDOM:backend = ad
   'idmap config SAMDOM:schema_mode = rfc2307
   'idmap config SAMDOM:range = 500-40000
</code>
   
   
<code>service samba restart</code>
<code>vi /etc/pam.d/password-auth
auth        requisite     pam_succeed_if.so user ingroup linuxusers debug</code>










<code>sed "s/session\ \ \ \ \ optional\ \ \ \ \ \ pam_oddjob_mkhomedir.so\ umask=\0\0\7\7/session\ \ \ \ \ required\ \ \ \ \ \ pam_mkhomedir.so\ skel=\/etc\/skel\ umask=0022/g" /etc/pam.d/password-auth</code>



=====Add Samba Share=====
<code>mkdir -p /data/datastore/setups
chmod -R 777 /data/datastore/setups
semanage fcontext -a -t samba_share_t '/data/datastore(/.*)?'
restorecon -R /data/datastore</code>

<code>[setups]
   path = /data/datastore/setups
   writable = yes
   guest ok = yes
   guest only = yes
   create mode = 0777
   directory mode = 0777
   share modes = yes
   valid users = @"EXAMPLE-DOMAIN\\IT DEPT" @"EXAMPLE-DOMAIN\\Domain Admins"</code>

<code>service samba restart</code>


=====SMB Guest Account Local User Access=====
Bad config
On Suse systems the Samba config file is /etc/samba/smb.conf. Add the following lines to the global section of the smb.conf file
<code>map to guest = Never
restrictanonymous = 2
After saving the file, restart the Samba process with the following command.
rcsmb restart</code>