Перейти к содержанию

Lab 8: Samba

Objectives

After completing this lab, you will be able to

  • install and configure Samba
  • share files and directories between Linux systems using Samba
  • use common Samba utilities

Estimated time to complete this lab: 40 minutes

Introduction

Samba allows for file sharing and printing services between Unix/Linux and Windows systems.

Samba is an open-source “Common Internet File System” (CIFS) implementation. CIFS is also referred to as the Server Message Block (SMB), LAN manager, or NetBIOS protocol. The Samba server comprises two main daemons – smbd and nmbd.

smbd: This daemon provides file and print services to SMB clients, such as machines running various Microsoft operating systems.

nmbd: This daemon provides NETBIOS name serving and browsing support.

The exercises in this lab focus on setting up Samba as both a server and a client on a Rocky Linux server.

Exercise 1

Install Samba and configure a basic shared directory

To Install the Samba server application

  1. Use the dnf utility to install the Samba server and client package on your server. Type:
    sudo dnf install -y samba
    

To configure Samba

  1. Create a directory named samba-share under the /tmp folder to be shared. Type:

    mkdir /tmp/samba-share
    
  2. Let's create a basic Samba Configuration to share the /tmp/samba-share folder. Do this by creating a new share definition in the Samba configuration file:

    sudo tee -a /etc/samba/smb.conf << 'EOF'
    [Shared]
    path = /tmp/samba-share
    browsable = yes
    writable = yes
    EOF
    

To start and enable the Samba service

  1. Start and Enable Samba Services:

    sudo systemctl start smb nmb
    sudo systemctl enable smb nmb
    
  2. Verify the daemons used by the Samba service are running:

    sudo systemctl status smb nmb
    

Exercise 2

Samba users

An important and common administrative task for managing a Samba server is creating users and passwords for users who need to access the shared resources.

This exercise shows how to create Samba users and set up access credentials for the users.

To create a Samba user and Samba password

  1. First, create a regular system user named sambarockstar. Type:

    sudo useradd sambarockstar
    
  2. Verify that the user was properly created. Type:

    id sambarockstar
    

  3. Add the new sambarockstar system user to the Samba user database and simultaneously set a password for the Samba user:

    sudo smbpasswd -a sambarockstar
    
    When prompted, input the selected password and press ENTER after each entry.

  4. Restart Samba Services:

    sudo systemctl restart smb nmb
    

Exercise 3

Accessing Samba Share (Local test)

In this exercise, we'll try accessing the new Samba share from the same system. This means that we'll be using the same host as both a server and a client.

To install Samba client tools

  1. Install Client Utilities by running:

    sudo dnf -y install cifs-utils
    

    To create a Samba mount point

  2. Create the mount point:

    mkdir ~/samba-client
    

To mount an SMB file system locally

  1. Mount Samba Share Locally:

    sudo mount -t cifs //localhost/Shared ~/samba-client -o user=sambarockstar
    
  2. Use the mount command to list all mounted CIFS-type file systems. Type:

    mount -t cifs
    
    OUTPUT
    //localhost/Shared on ~/samba-client type cifs (rw,relatime,vers=3.1.1,cache=strict,username=sambarockstar....
    ...<SNIP>...
    

  3. Similarly, use the df command to verify that the mounted share is available. Type:

    df -t cifs
    

    OUTPUT:

    Filesystem         1K-blocks     Used Available Use% Mounted on
    //localhost/Shared  73364480 17524224  55840256  24% ~/samba-client
    

  4. Next, list the contents of the mounted share. Type:

    ls ~/samba-client
    
  5. Create a test file in Share:

    touch ~/samba-client/testfile.txt
    

Exercise 4

Modifying Share Permissions

To adjust share permissions

  1. Make the "Shared" samba share definition read-only. This can be done by changing the value of the writable parameter from yes to no in the smb.con configuration file. Let's use a sed onliner to accomplish this by running:

    sudo  sed -i'' -E \
     '/\[Shared\]/,+3 s/writable =.*$/writable = no/'  /etc/samba/smb.conf
    
  2. Restart Samba services:

    sudo systemctl restart smb nmb
    

  3. Now, test writing to the share by trying to create a file on the mounted share:

    touch ~/samba-client/testfile2.txt
    

Exercise 5

Using Samba for specific user groups

This exercise will walk through restricting access to Samba shares via a user's local group membership. This provides a convenient mechanism for making shared resources accessible only to specific user groups.

To create a new group for Samba user

  1. Use the groupadd utility to create a new system group named rockstars. We'll use this group in our example for housing system users who can access a given resource. Type:
    sudo groupadd rockstars
    
  2. Add an existing system/Samba user to the group. Type:
    sudo usermod -aG rockstars sambarockstar
    

To configure valid users in Samba configuration

  1. Use the sed utility to add new valid user parameters to the share definition in the Samba config file. Type:
    sudo sed -i '/\[Shared\]/a valid users = @sambagroup' /etc/samba/smb.conf
    
  2. Restart Samba services:
    sudo systemctl restart smb nmb
    
  3. Now test access to the share with sambarockstar and verify access.

Exercise 6

This exercise simulates a real-world scenario in which you'll act as an administrator of a client system and then test accessing the Samba service on the remote system (server HQ), to which you do not have any administrative access or privileges. As a student, you will set up a Samba client on your machine (serverXY) to access a Samba service hosted on a different machine (serverHQ). This reflects standard workplace setups.

Assumptions:

  • You do not have root access to serverHQ.
  • The Samba share on serverHQ is already set up and accessible.

To set up Samba client on serverXY

Configure your machine (serverXY) as a Samba client to access a shared directory on a separate host (serverHQ).

  1. Ensure the necessary Samba client utilities are installed on your local system. Install them if necessary by running:

    sudo dnf install samba-client cifs-utils -y
    
  2. Create a Mount Point on serverXY:

    mkdir ~/serverHQ-share
    

To mount the Samba Share from serverHQ

You will need the IP address or hostname of serverHQ, the share name, and your Samba credentials.

Replace serverHQ, sharedFolder, and yourUsername with the actual values.

```bash
sudo mount -t cifs //serverHQ/sharedFolder ~/serverHQ-share -o user=yourUsername
```

To verify and access the mounted share

  1. Check if the shared directory from serverHQ is successfully mounted on your machine:

    ls ~/serverHQ-share
    
  2. Try accessing and modifying files within the mounted share. For example, to create a new file:

    touch ~/serverHQ-share/newfile.txt
    

To unmount the remote share

Once done, unmount the share:

```bash
sudo umount ~/serverHQ-share
```

Author: Wale Soyinka

Contributors: Ganna Zhyrnova