LINUX-
35 CONFIGURING SAMBA (RHEL-7)-P2
In
last post, we configured samba successfully in Linux**
๐๐ Really…??
Got
it, I said configured successfully, though its different thing that our
configuration was not successful.
๐ ๐
I know … I know … what you’re thinking.
Let’s
make it simple.
Everything
was correct, we tested it by “testparm” as well.
Even
we are able to check the mount as well.
# smbclient //localhost/samba-share-test -U sambatest%redhat
Domain=[MYGROUP]
OS=[Unix] Server=[Samba 4.1.1]
smb: \>
Till
now everything is OK, but when we try to “ls”, we are getting
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*
smb: \>
And
when we try to access it from “Windows” machine we are getting
GREAT…
so we have two problems now,
1 * Unable to access shared dir by samba within Linux
2 * Unable to access shared dir from windows
** Possible
reasons for first problem can be SELINUX, because selinux is responsible to
secure inside access.
** Possible
reasons for second problem can be FIREWALLD, because firewalld is responsible
to secure inside from outside access.
Let’s
work on them one by one,
SELINUX AND SAMBA,
[root@rhel7-server ~]# getenforce status
Enforcing
[root@rhel7-server ~]# setenforce permissive
[root@rhel7-server ~]# getenforce status
Permissive
Is it
done…?
Let’s
check,
# smbclient //localhost/samba-share-test -U sambatest%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0
Sun Aug 5 12:51:32 2018
.. D 0
Sun Aug 5 12:51:32 2018
47960 blocks of size 262144. 20682 blocks available
smb: \> pwd
Current
directory is \\localhost\samba-share-test\
smb: \>
Yes,
it’s done.
Though we are able to access now, but need to allow properly.
[root@rhel7-server ~]# chcon -t samba_share_t /samba-share-test
**If
the shared directory will only be accessed through Samba, then it should be
labeled “samba_share_t”, which gives Samba read and write access.
[root@rhel7-server ~]# vi /etc/sysconfig/selinux
#
This file controls the state of SELinux on the system.
#
SELINUX= can take one of these three values:
# enforcing - SELinux security policy is
enforced.
# permissive - SELinux prints warnings instead
of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing รงรง
#
SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are
protected,
# minimum - Modification of targeted policy.
Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Change enforcing to
permissive
#
This file controls the state of SELinux on the system.
#
SELINUX= can take one of these three values:
# enforcing - SELinux security policy is
enforced.
# permissive - SELinux prints warnings
instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive รงรง
After altering this
parameter, system needs a reboot to apply the effect permanently.
OK,
first prob is resolved. Let’s move to second problem.
FIREWALLD AND SAMBA,
First check the firewall
status,
[root@rhel7-server ~]# firewall-cmd --state
running
Now check the default zone,
[root@rhel7-server ~]# firewall-cmd --get-default-zone
public
Now check everything
configured/allowed by “public” zone,
[root@rhel7-server ~]# firewall-cmd --list-all --zone=public
public (default, active)
interfaces:
eth0 eth1
sources:
services:
dhcpv6-client http https nfs ssh
ports:
443/tcp 3000-4000/udp 80/tcp 6000-6010/tcp 177/udp 3000-4000/tcp
masquerade:
no
forward-ports:
icmp-blocks:
rich rules:
See,
there is no samba allowed by firewall.
Let’s configure firewalld to
allow samba.
[root@rhel7-server ~]# firewall-cmd --get-services |grep samba
amanda-client bacula bacula-client dhcp dhcpv6
dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec
kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs
ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius
rpc-bind samba samba-client
smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https
Fine,
samba is present as a service.
Add samba as permanent
service in default zone,
[root@rhel7-server ~]# firewall-cmd --add-service=samba --permanent
Success
Reload the firewall to apply
new changes,
[root@rhel7-server ~]# firewall-cmd --reload
Success
Check samba in list of
active services,
[root@rhel7-server ~]# firewall-cmd --list-services
dhcpv6-client
http https nfs samba ssh
Now
let’s check finally,
**IF WE CONFIGURE FIREWALLD
BEFORE SELINUX THEN WE GET FOLLOWING ERROR,
BUT NOW WE CONFIGURED BOTH
SELINUX AND FIREWALLD, SO
Let's check whether we have write access to this or not.
Now,
all set.
Really ๐๐….
OK, not really…. There is something
that I don’t want to show.
What’s that…? It’s user’s
home directory. And I don’t want to show it,
It’s
ok, that you don’t want to show, but what is workaround?
Edit smb.conf, go to [homes]
section,
[root@rhel7-server ~]# vi /etc/samba/smb.conf
[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
available = no # รงรง Add this line
Restart services,
[root@rhel7-server ~]# systemctl restart nmb
[root@rhel7-server ~]# systemctl restart smb
And
try again,
Great……
Let’s
configure samba as anonymous user.
[root@rhel7-server
~]# mkdir /anonymous-samba
[root@rhel7-server
~]# chmod -R 777 /anonymous-samba
[root@rhel7-server
~]# vi /etc/samba/smb.conf
[anonymous-samba]
path
= /anonymous-samba
browsable
=yes
writable
= yes
guest
ok = yes
guest
only = yes
[root@rhel7-server
~]# chcon -t samba_share_t /anonymous-samba
[root@rhel7-server
~]# systemctl restart nmb
[root@rhel7-server
~]# systemctl restart smb
Now check it from windows, it will not ask any password.
Though its easy but better to stick with password authentication.
No comments:
Post a Comment