Serving Windows shares with Samba

In this recipe, you will learn how to serve a Windows share from a CentOS system using Samba. Like NFS, a Windows share is a directory on a remote server that a client may access to store files. Samba is a server that understands the SMB protocol used by Windows so that it can export directories that a Windows client can mount.

Getting ready

This recipe requires a CentOS system with a working network connection. You'll also need administrative privileges provided by logging in with the root account.

The name of your Windows workgroup is needed to configure Samba properly. Before you begin, on your Windows system in your network, run net config workstation and record the Workstation domain value:

net config workstation displays information about the Windows system's workgroup and domain

How to do it...

Follow these steps to set up Samba to share directories with Windows systems:

1. Install the samba package:

   yum install samba
   

2. Create a dedicated group for Samba users:

   groupadd smbgroup
   

3. Create the directory which will serve as the root of the file share. Set its group ownership to the new Samba users group:

   mkdir -m 770 /var/sambashare
   chgrp smbgroup /var/sambashare
   

4. Open Samba's configuration file using your text editor:

   vi /etc/samba/smb.conf
   

5. Update the workgroup parameter in the [global] section to match the Windows workgroup name. Feel free to review the other parameters in the configuration file as each is clearly documented with helpful comments:

   Workgroup = WORKGROUP
   

6. At the end of the configuration file, add the following content:

   [share]
   path = /var/sambashare
   guest ok = no
   valid users = @smbgroup
   writable = yes create mask = 0755 
   

7. Save your changes and close the file.
8. Start the necessary services and register them so that they will start when the server boots:

   systemctl start smb nmb
   systemctl enable smb nmb
   

9. Open ports 137-139 and 445 to allow the network traffic:

   firewall-cmd --permanent --zone public --add-service samba
   firewall-cmd --reload
   

10. For each user who will connect to the share, assign them to the users group and register the password they will use:

    usermod -a -G smbgroup tboronczyk
    smbpasswd -a tboronczyk
    

How it works...

In this recipe, you learned how to install and configure Samba to share a directory which a Windows client can access.

We started by doing a bit of research using the net config command to discover the Windows workgroup that our client belongs to. This is important because two systems on the same network but identifying themselves as part of different workgroups will not be able to communicate with one another. In the example, the workgroup's name was simply WORKGROUP.

Next, we installed the samba package and created a special group named smbgroup. We'll configure Samba so that any user account on the CentOS system will be able to access the share as long as it's assigned to the smbgroup group. Then we created the directory we would be sharing and set its group ownership to the new group.

We then edited Samba's configuration file, specifying the name of the Windows workgroup we looked up earlier for the workgroup value, and added a section to define the new share. We restricted the share so that only authenticated users belonging to smbgroup can access it by setting guest ok to no and valid users to @smbgroup. The writable entry allows users to create and update files on the share (otherwise the files would be read-only), and the create mask entry was used to specify the default file permissions that new files will be assigned in the Linux filesystem. The name share within brackets not only starts that configuration section but also serves as the name the share will be exported as (that is, \\192.168.56.100\share). You can export multiple shares as long as each name is distinct.

For each user account that will be used to connect to the share, we made sure it belonged to the smbgroup and used the smbpasswd command to specify a password the account would use to authenticate its SMB sessions. This password is maintained separately from the system's credentials and is valid only for authenticating to Samba, so a password different from the account's login password should be chosen.

Managing Samba users is done using smbpasswd. The -a flag adds an entry in Samba's account database, and we can delete a user from the database using the -x flag:

smbpasswd -x tboronczyk

On the Windows system, you can use the net use command to map the remote share to a drive letter. Once it's mapped, the drive appears in the list of available drives:

net use Z: \\192.168.56.100\share /USER:tboronczyk

Alternatively, you can map the drive through the Windows GUI, navigating through Computer | Map network drive | Map network drive in File Explorer while the This PC bookmark is selected:

The Samba share is available as a network mapped drive

See also

For more information on working with Samba, refer to the following resources:

• The smb.conf manual page (man 5 smb.conf)
• Using Samba on CentOS With Windows 7/8 (https://rcollier.me/2013/07/30/using-samba-on-centos-with-windows-78/)
• Install And Configure Samba Server In CentOS 7 (http://www.unixmen.com/install-configure-samba-server-centos-7)