Table of Contents

Install SAMBA

This page shows how to setup a SAMBA server on CentOS 6 x86_64.

I have noticed that whenever I setup a Linux SAMBA server that already has an DNS entry on the Domain Server, you can't 'browse' to the server in Windows. The solution is to set the machine up with an IP and name that haven't been used in AD before.

Prerequisites

You must have a CentOS machine already set up in accordance with the the “Install CentOS 6” guide.

File Server

This section shows how to setup a fully open file share where anyone can read/write/create/delete files.

The following commands must be run as root.

Install Samba 

yum -y install samba

Setup the share directory. If you are using a different disk, now is the time to set this up. 

mkdir -p /data/samba/wikifiles
chmod -R 777 /data/samba/wikifiles
semanage fcontext -a -t samba_share_t '/data/samba/wikifiles(/.*)?'
restorecon -R /data/samba/wikifiles

Edit the config file after making a backup 

cd /etc/samba
cp smb.conf smb.conf.original

cat > /etc/samba/smb.conf <<'END_OF_TEXT'
[global]
        unix charset = UTF-8
        dos charset = CP932
        workgroup = EXAMPLE-DOMAIN
        netbios name = PRINTER
        server string = Samba Server Version %v
        interfaces = lo eth0 172.16.0.0/24
        hosts allow = hosts allow = 127. 172.16.
        log file = /var/log/samba/log.%m
        max log size = 50
        security = share
        passdb backend = tdbsam
        load printers = yes
        cups options = raw
[homes]
        comment = Home Directories
        browseable = no
        writable = yes
;       valid users = %S
;       valid users = MYDOMAIN\%S

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes

[docgen]
   path = /opt/test
   writable = yes
   guest ok = yes
   guest only = yes
   create mode = 0777
   directory mode = 0777
   share modes = yes
END_OF_TEXT

Start the services 

service smb start
service nmb start

Ensure they start on boot 

chkconfig smb on
chkconfig nmb on

Open the firewall 

iptables -I INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
iptables -I INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

service iptables save
service iptables restart
cat >> /etc/init.d/samba <<'END_OF_TEXT'
#!/bin/bash
# chkconfig: 2345 95 20

case $1 in
start)
service smb start
service nmb start
;;
stop)
service smb stop
service nmb stop
;;
restart)
service smb restart
service nmb restart
;;
  *)
echo "Usage: samba {start|stop|restart}"
exit 1
esac
exit 0
END_OF_TEXT
chmod u+x /etc/init.d/samba
service samba restart

=Old Notes= Old notes from Ben's time at IBM 

mount -t cifs -o username=HURMQNT\stafford,password=$CIFS_PASSWORD        //moondisc/mqsiout_s000_x86l /cmvc/mqsi/output/S000/x86_linux_2
mount -t cifs -o username=HURMQNT\stafford,password=******** //moondisc/mqsiout_s000_x86l /cmvc/mqsi/output/S000/x86_linux_2



mount -t cifs -o username=HURMQNT\\stafford,password=$CIFS_PASSWORD //moondisc/mqsiout_s000_x86l /cmvc/mqsi/output/S000/x86_linux_2
mount -t cifs -o username=HURMQNT\\stafford,password=$CIFS_PASSWORD //moondisc/mqsiout_s700_x86l /cmvc/mqsi/output/S000/x86_linux_2

umount /cmvc/mqsi/output/S000/x86_linux_2

mount -t cifs -o username=HURMQNT\\stafford,password=$CIFS_PASSWORD //moondisc/mqsiout_t700_x86l /cmvc/mqsi/output/T800/x86_linux_2

Samba access group MQSIGEN on Moondisc//moondisc/mqsiout_t700_x86l

END_OF_TEXT</code> 

chmod u+x /etc/init.d/samba
service samba restart
chkconfig samba on
net ads join -U administrator

# Check that you can resolve your domain srv record 

host -t srv _kerberos._tcp.example.com
mkdir /home/example
chmod 550 /home/example/
authconfig \
- -disablecache \
- -enablewinbind \
- -enablewinbindauth \
- -smbsecurity=ads \
- -smbworkgroup=EXAMPLE-DOMAIN \
- -smbrealm=EXAMPLE-DOMAIN.CO.UK \
- -enablewinbindusedefaultdomain \
- -winbindtemplatehomedir=/home/example/%U \
- -winbindtemplateshell=/bin/bash \
- -enablekrb5 \
- -krb5realm=EXAMPLE-DOMAIN.CO.UK \
- -enablekrb5kdcdns \
- -enablekrb5realmdns \
- -enablelocauthorize \
- -enablemkhomedir \
- -enablepamaccess \
- -updateall

Join Linux To Domain

yum install samba
iptables -I INPUT -m state - -state NEW -m udp -p udp - -dport 137 -j ACCEPT
iptables -I INPUT -m state - -state NEW -m udp -p udp - -dport 138 -j ACCEPT
iptables -I INPUT -m state - -state NEW -m tcp -p tcp - -dport 139 -j ACCEPT
iptables -I INPUT -m state - -state NEW -m tcp -p tcp - -dport 445 -j ACCEPT

service iptables save
service iptables restart
cat > /etc/init.d/samba <<'END_OF_TEXT'
#!/bin/bash
# chkconfig: 2345 95 20

case $1 in
start)
service smb start
service nmb start
service winbind start
;;
stop)
service smb stop
service nmb stop
service winbind stop
;;
restart)
service smb restart
service nmb restart
service winbind restart
;;
  *)
echo "Usage: samba {start|stop|restart}"
exit 1
esac
exit 0
END_OF_TEXT
chmod u+x /etc/init.d/samba
service samba restart
chkconfig samba on
net ads join -U administrator

# Check that you can resolve your domain srv record 

host -t srv _kerberos._tcp.example.com
mkdir /home/example
chmod 550 /home/example/
authconfig \
- -disablecache \
- -enablewinbind \
- -enablewinbindauth \
- -smbsecurity=ads \
- -smbworkgroup=EXAMPLE-DOMAIN \
- -smbrealm=EXAMPLE-DOMAIN.CO.UK \
- -enablewinbindusedefaultdomain \
- -winbindtemplatehomedir=/home/example/%U \
- -winbindtemplateshell=/bin/bash \
- -enablekrb5 \
- -krb5realm=EXAMPLE-DOMAIN.CO.UK \
- -enablekrb5kdcdns \
- -enablekrb5realmdns \
- -enablelocauthorize \
- -enablemkhomedir \
- -enablepamaccess \
- -updateall
vi /etc/samba/smb.conf
   idmap config emind:backend = rid
   idmap config emind:base_rid = 500
   idmap config emind:range = 500-1000000

   'idmap config SAMDOM:backend = ad
   'idmap config SAMDOM:schema_mode = rfc2307
   'idmap config SAMDOM:range = 500-40000
service samba restart
vi /etc/pam.d/password-auth
auth        requisite     pam_succeed_if.so user ingroup linuxusers debug
sed "s/session\ \ \ \ \ optional\ \ \ \ \ \ pam_oddjob_mkhomedir.so\ umask=\0\0\7\7/session\ \ \ \ \ required\ \ \ \ \ \ pam_mkhomedir.so\ skel=\/etc\/skel\ umask=0022/g" /etc/pam.d/password-auth

Add Samba Share

mkdir -p /data/datastore/setups
chmod -R 777 /data/datastore/setups
semanage fcontext -a -t samba_share_t '/data/datastore(/.*)?'
restorecon -R /data/datastore
[setups]
   path = /data/datastore/setups
   writable = yes
   guest ok = yes
   guest only = yes
   create mode = 0777
   directory mode = 0777
   share modes = yes
   valid users = @"EXAMPLE-DOMAIN\\IT DEPT" @"EXAMPLE-DOMAIN\\Domain Admins"
service samba restart

SMB Guest Account Local User Access

Bad config On Suse systems the Samba config file is /etc/samba/smb.conf. Add the following lines to the global section of the smb.conf file 

map to guest = Never
restrictanonymous = 2
After saving the file, restart the Samba process with the following command.
rcsmb restart