Configuring Samba in Centos7 with multiuser support

Task: Samba

You are required to share /share_data with samba in server1. The service should be accessible to 192.168.122.0/24 subnet only. In desktop1 share mount the share in /smbshare folder permanently. Only user shiba and users in sales group should be able to access the share and only shiba should be able to write to the share. Share name should be myshare and set workgroup to myworkgrop.


In server1:

  1. install samba package
    yum -y install samba samba-client
  2. add service to startup
    systemctl enable smb nmb
  3. add configuration for share
    vi /etc/samba/smb.conf
    #in [global] section, find workgroup and replace existing name with myworkgroup
    workgroup=myworkgroup
    [myshare]
    path=/share_data
    writeable=no #it is default so you can avoid it
    valid users = shiba @sales
    write list = shiba
    hosts allow = 192.168.122.
  4. create /share_data directory for sharing
    mkdir /share_data
  5. start service
    systemctl start smb nmb
  6. set selinux file context
    semanage fcontext -a -t samba_share_t “/share_data(/.*)?”
  7. if sales group doesn’t exist, create it.
    useradd shiba
    groupadd sales
    useradd -G sales user1
    useradd user2
    chown shiba.sales /share_data
    chmod 2755 /share_data
  8. Add users to samba
    smbpasswd -a shiba
    <give password twice, say userpass>
    smbpasswd -a user1
    <give password twice, say userpass>
    smbpasswd -a user2
    <give password twice, say userpass>
  9. Add service to firewalld
    firewall-cmd –add-service=samba –permanent
    firewall-cmd –reload

 

In desktop1:

  1. install samba-client and cifs-utils
    yum -y samba-client cifs-utils
  2. Query for share in server
    smbclient -L server1 #or give ipaddress of server, as a result you shoud see list of samba share in the server
    <you will be asked for password> just press enter
  3. create /smbshare
    mkdir /smbshare
  4. try mounting:
    mount -o username=shiba,password=userpass //server1/myshare /smbshare
    #if successful, add to fstab
    echo “//server1/myshare /smbshare cifs defaults,username=shiba,password=userpass 0 0″ >> /etc/fstab
  5. to verify if the user can write or not, create a file in /smbshare, if successful shiba user has wirte access:
    touch /smbshare/test.txt
  6. unmount /smbshare and try mounting with user1 who is a mermber of sales group. mount using credintial file (use for practicing alternative)
    umount /smbshare
    echo “username=user1″ > /root/user1.txt
    echo “password=userpass” >> /root/user1.txt
    mount -o credentials=/root/user1.txt //server1/myshare /smbshare
  7. After successful mount of the share, try to write using:
    touch /user1/test1.txt #it should fail, as @sales group have read-only access, but it is not included in write list.
  8. try unmount and mount again using user2. You should not be able to mount the share, as user2 is not in valid users
    echo “username=user2″ > /root/user2.txt
    echo “password=userpass” >> /root/user2.txt
    mount -o credentials=/root/users2.txt //server1/myshare /smbshare

Alternative option (using multiuser option, newly added to Centos/EL7):

In Desktop 1 mouting with multiuser option.

  1. install samba-client and cifs-utils
    yum -y samba-client cifs-utils
  2. Query for smb share in server1
    smbclient -L server1 #or give ipaddress of server, as a result you shoud see list of samba share in the server
    <you will be asked for password> just press enter
  3. create /smbshare
    mkdir /smbshare
  4. try mounting:
    mount -o sec=ntlmssp,multiuser,username=shiba,password=userpass //server1/myshare /smbshare
    #if successful, add to fstab
    echo “//server1/myshare /smbshare cifs multiuser,sec=ntlmssp,defaults,username=shiba,password=userpass 0 0″ >> /etc/fstab
  5. To verify if the user can write or not, create a file in /smbshare, if successful shiba user has write access. switch to user shiba (for mounting with shiba, do same to other users). if user shiba doesn’t exist in your system, you can add it.
    useradd shiba
    su – shiba
    cifscreds add server1
    echo “shiba is writing to the file” /smbshare/test.txt
    # go to your server and verify ownership, the file created should be owned by shiba in server1.
  6. unmount /smbshare and try mounting with user1 who is a mermber of sales group. mount using credintial file (use for practicing alternative)
    umount /smbshare
    echo “username=user1″ > /root/user1.txt
    echo “password=userpass” >> /root/user1.txt
    mount -o sec=ntlmssp,multiuser,credentials=/root/user1.txt //server1/myshare /smbshare
  7. after successful mount of the share, try to write using:
    touch /user1/test1.txt
    Note:it should fail, as @sales group have read-only access, but it is not included in write list.
  8. Try unmount and mount again using user2. You should not be able to mount the share, as user2 is not in valid users.
    echo “username=user2″ > /root/user2.txt
    echo “password=userpass” >> /root/user2.txt
    mount -o sec=ntlmssp,multiuser,credentials=/root/users2.txt //server1/myshare /smbshare

Leave a Reply

Your email address will not be published.


8 × = fifty six

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Recent Posts
Recent Comments
    Archives
    Categories
    Updates on Recent activieies
    Meta