Thursday, May 28, 2009

Setup Samba - Filesharing with Windows 


Setup Samba - Filesharing with Windows
If you have other Windows computers on your LAN and want to share files from Linux with them, you must setup Samba.
To setup Samba you must (1) install samba, (2) add you 'shares', (3) add users, (4) start Samba service and (5) manage security options (Firewall and SELinux).

1. Install Samba
It is best to have Samba installed in the installation process. If not < users can install using the command line:

[alex@localhost ~]$ sudo yum install samba samba-client

2. Add Shares
You must edit /etc/samba/smb.conf as root: (use nano instead of gedit if you do not have a GUI)

[alex@localhost ~]$ sudo gedit /etc/samba/smb.conf
Set your Windows Workgroup name in [global] section.
Added shares at the end of the file. Example:

   workgroup = WORKGROUP
   server string = Samba Server Version %v

# A publicly accessible directory, but read only, except for people in
# the "staff" group
 [public]
 comment = Public Stuff
 path = /home/samba
 public = yes
 writable = yes
 printable = no
 write list = +staff

 [Share]
 comment = Samba shares 
      path = /home/commons 
       read only = no 
       valid users = alex 
       create mask = 0775 
       directory mask = 0775  
#
# New additional samba shares
# 
 [mnt_local]
 comment = Local shares
 path = /mnt/local
 public = yes
 writable = yes
 browseable = yes

 [mnt_resume]
 comment = Resume partition
 path = /mnt/resume
 public = yes
 writable = yes
 browseable = yes

 [mnt_account]
 comment = Accounts partition 
    path = /mnt/account
 public = yes
 writable = yes
 browseable = yes




If 'writable' the location must be writable in Linux first. Additionally permissions must match (for example: drw-rw-rw-).
If home data (all personal files under /home/username) is to be accessible, then set 'browseable = yes' under [homes] (~line 250). This configuration file is very descriptive, read through it to get more ideas or information.

3. Add Users
To access shares, you must be a valid user. Add valid users AND passwords using the smbpasswd command.
This login name WILL be the login name and password you use from Windows to access your Linux computer. The password does NOT need to match your Linux password.

[alex@localhost ~]$ sudo smbpasswd -a alex
New SMB password:
Retype new SMB password:
account_policy_get: (warnings ignored)
Added user username.
(Note: 'alex' MUST be a valid account on the Fedora machine)

4. Start Samba Service
Run samba and check for any errors:

[alex@localhost ~]$ sudo /etc/init.d/smb start
Starting SMB services:                                     [  OK  ]
Use chkconfig or serviceconf to enable samba (smb) in both runlevels 3 and 5. This will make sure to run Samba each time Fedora boots.

[alex@localhost ~]$ /sbin/chkconfig --list smb
smb             0:off   1:off   2:off   3:off   4:off   5:off   6:off
[alex@localhost ~]$ sudo /sbin/chkconfig --level 35 smb on
[alex@localhost ~]$ /sbin/chkconfig --list smb
smb             0:off   1:off   2:off   3:on    4:off   5:on    6:off
Restart Samba for every change to users/passwords or 'smb.conf'
[alex@localhost ~]$ sudo /etc/init.d/smb restart
Shutting down SMB services:                                [  OK  ]
Starting SMB services:                                     [  OK  ]

5. Managing Security for Samba
Firewall
The Firewall will by default block Samba, to allow access run:

[alex@localhost ~]$ system-config-firewall

To allow Samba access to work through the firewall you must set 'Samba' as a 'Trusted Service' and hit 'Apply'. Alternatively if you are only using the shell and do not have access to a graphical X-server, you can run:

[alex@localhost ~]$ sudo system-config-firewall-tui

To allow Samba access to work through the firewall, use  to go to Customize. In the Trusted Services: scroll down to Samba, hit  and use  again to go to Close, then finally to OK.
SELinux
SELinux has significant control over restricting different parts of Samba. Run system-config-selinux. Please read lines #23 - #51 in /etc/samba/smb.conf for a better explanation. Alternatively, you can run:

[alex@localhost ~]$ system-config-selinux
Go to Boolean and type 'samba' in the Filter (without quotes).
The following is NOT complete and is NOT recommended but is a quick enable to allow Samba to work permissively through SELinux.
[alex@localhost ~]# sudo /usr/sbin/setsebool -P samba_export_all_rw on
Alternatively, you can ignore SELinux at this point and try to access your shares in Windows and SELinux TroubleShooter should give an automatic pop-up in GNOME explaining what is wrong. If you follow those recommendations you most likely will be more secure.
For any changes made above to the SELinux settings or smb.conf, it is recommended to restart Samba.
Top Resources

More Information
Fedora 10 - Services and Daemons in Fedora 10 
Fedora 10 Blog Entries 
Fedora Nvidia Driver Install Guide 
Fedora 9 - Personal Installation Guide 
Fedora 9 Update and Nvidia Update 
Update to RPMFusion 
Fedora Core 5 on Dell D810 Latitude Laptop 
Managing Services in Fedora 
Fedora Help Forum Posts and Threads 
Top Resources

5. Managing Security for Samba

Firewall

The Firewall will by default block Samba, to allow access run:

[mirandam@charon ~]$ system-config-firewall

To allow Samba access to work through the firewall you must set 'Samba' as a 'Trusted Service' and hit 'Apply'. Alternatively if you are only using the shell and do not have access to a graphical X-server, you can run:

[mirandam@charon ~]$ sudo system-config-firewall-tui

To allow Samba access to work through the firewall, use  to go to Customize. In the Trusted Services: scroll down to Samba, hit  and use  again to go to Close, then finally to 


OK.



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)