To configure a Samba server:
Install the
samba
andsamba-winbind
packages:#
yum install samba samba-winbind
Edit
/etc/samba/smb.conf
and configure the sections to support the required services, for example:[global] security = ADS realm = MYDOM.REALM password server = krbsvr.mydom.com load printers = yes printing = cups printcap name = cups [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes printer admin = root, @ntadmins, @smbprintadm [homes] comment = User home directories valid users = @smbusers browsable = no writable = yes guest ok = no [apps] comment = Shared /usr/local/apps directory path = /usr/local/apps browsable = yes writable = no guest ok = yes
The
[global]
section contains settings for the Samba server. In this example, the server is assumed to be a member of an Active Directory (AD) domain that is running in native mode. Samba relies on tickets issued by the Kerberos server to authenticate clients who want to access local services.For more information, see Section 20.3.2, “About Samba Configuration for Windows Workgroups and Domains”.
The
[printers]
section specifies support for print services. Thepath
parameter specifies the location of a spooling directory that receives print jobs from Windows clients before submitting them to the local print spooler. Samba advertises all locally configured printers on the server.The
[homes]
section provide a personal share for each user in thesmbusers
group. The settings forbrowsable
andwritable
prevent other users from browsing home directories, while allowing full access to valid users.The [apps] section specifies a share named
apps
, which grants Windows users browsing and read-only permission to the/usr/local/apps
directory.Allow incoming TCP connections to ports 139 and 445, and incoming UDP datagrams on ports 137 and 138 from the local network:
#
iptables -I INPUT -s
\subnet_addr
/prefix_length
-p tcp-m state --state NEW -m tcp --dport 139 -j ACCEPT
#iptables -I INPUT -s
\subnet_addr
/prefix_length
-p tcp-m state --state NEW -m tcp --dport 445 -j ACCEPT
#iptables -I INPUT -s
\subnet_addr
/prefix_length
-p udp-m udp --dport 137 -j ACCEPT
#iptables -I INPUT -s
\subnet_addr
/prefix_length
-p udp-m udp --dport 138 -j ACCEPT
#service iptables save
where
subnet_addr
/
prefix_length
specifies the network address, for example192.168.2.0/24
.Add similar rules for other networks from which Samba clients can connect.
The
nmdb
daemon services NetBIOS Name Service requests on UDP port 137 and NetBIOS Datagram Service requests on UDP port 138.The
smbd
daemon services NetBIOS Session Service requests on TCP port 139 and Microsoft Directory Service requests on TCP port 445.Start the
smb
service, and configure the service to start following a system reboot:#
service smb start
#chkconfig smb on
If you change the /etc/samba/smb.conf
file
and any files that it references, the smb
service will reload its configuration automatically after a
delay of up to one minute. You can force smb
to reload its configuration by sending a
SIGHUP
signal to the service daemon:
# killall -SIGHUP smbd
Making smb
reload its configuration has no
effect on established connections. You must restart the
smb
service or the existing users of the
service must disconnect and then reconnect.
To restart the smb
service, use the following
command:
# service smb restart
For more information, see the smb.conf(5)
and
smbd(8)
manual pages and
http://www.samba.org/samba/docs/.