Friday, 8 July 2011

SMB -- Provide network shares to specific clients

The crux of this objective lies with the /etc/samba/smb.conf file, which is where all the samba (smb shares are configured).

In order to install samba, just issue the following command:
yum install samba -y
You will need to open the firewall for ports 139 & 445 (don't forget to save it):
iptables -I INPUT -p tcp --dport 139 -j ACCEPT
iptables -I INPUT -p tcp --dport 445 -j ACCEPT
Make sure that samba starts with the system:
chkconfig smb on
chkconfig nmb on
There are a few SELinux settings related to samba(default settings):
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
use_samba_home_dirs --> off
virt_use_samba --> off
Note, that there is a bit off information regarding SELinux contexts on the samba config file.

You can now start samba with:
service smb start; service nmb start
Let's get back to the objective, say you want to create a share called myshare to all clients in your network, you'll need to edit /etc/samba/smb.con like this:
[myshare]
        comment=A share for me
        path = /myshareddirectory
        browseable = yes
        writable = no
        valid users=myuser
        hosts allow = 192.168.1. 10.168.1.65
        hosts deny = 192.168.1.33
This share will be available to all hosts in 192.168.1.0, except for 33 and also to 10.168.1.65.
You'll need to set the following SELinux setting to allow to list the files:
setsebool -P samba_export_all_ro 1
and if you want to set the share as writable, you'll also need this:
setsebool -P samba_export_all_rw 1
Remember to change the security context type of your shared directory, in my case:
chcon -t samba_share_t /myshareddirectory
You need to add the samba user myuser:
smbpasswd -a myuser
You can now,assuming that your server is 192.168.1.64, finally, mount the share with (you might need to install cifs-utils):
mount.cifs //192.168.1.64/myshare /test -o user=myuser

No comments:

Post a Comment