Thursday, June 2, 2016

[Quick Install - SAMBA - RHCL/ CENTOS 7]: samba share multi user access

samba share multi user access

Creating SMB / CIFS share means it should be accessible from UNIX and Windows platforms. Samba Share user access must be identified with valid users and groups by checking their passwords then controls by comparing their access rights to the permissions on files and directories.
SMB / CIFS share features
  • Active File sharing
  • Faster data transfer in low band width network
  • Secure Data Transfer with user credential
  • Node Fault tolerance
  • Scalable
Samba Server Profile
  • Packages required: samba*
  • Port Number: 445
  • Daemon Name: smb
  • config File Location: /etc/samba/smb.conf

Let’s see how to create samba share multi user access

[root@ArkIT ~]# yum install samba*
Dependencies Resolved
======================================================================
Package Arch Version Repository Size
======================================================================
Installing:
samba x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 555 k
samba-client x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 515 k
samba-python x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 1.9 M
samba-winbind x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 438 k
samba-winbind-clients x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 120 k
samba-winbind-modules x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 100 k
Installing for dependencies:
iniparser x86_64 3.1-5.el7 ARKIT.CO.IN 14 k
pyldb x86_64 1.1.17-2.el7 ARKIT.CO.IN 36 k
python-tdb x86_64 1.3.0-1.el7 ARKIT.CO.IN 15 k
python-tevent x86_64 0.9.21-3.el7 ARKIT.CO.IN 16 k
Transaction Summary
===================================================================
Install 6 Packages (+4 Dependent packages)
Installed:
samba.x86_64 0:4.1.12-21.el7_1 samba-client.x86_64 0:4.1.12-21.el7_1 samba-python.x86_64 0:4.1.12-21.el7_1 samba-winbind.x86_64 0:4.1.12-21.el7_1
samba-winbind-clients.x86_64 0:4.1.12-21.el7_1 samba-winbind-modules.x86_64 0:4.1.12-21.el7_1
Dependency Installed:
iniparser.x86_64 0:3.1-5.el7 pyldb.x86_64 0:1.1.17-2.el7 python-tdb.x86_64 0:1.3.0-1.el7 python-tevent.x86_64 0:0.9.21-3.el7
Complete!
Now Enable and Start SMB service. Enabling service which will automatically start the smb service immediate after server reboot.
[root@server ~]# systemctl enable smb.service
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
[root@server ~]# systemctl start smb.service
[root@server ~]# systemctl status smb.service
smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled)
Active: active (running) since Sun 2016-05-29 17:55:17 IST; 9s ago
Main PID: 4065 (smbd)
Make an directory to share using SMB / CIFS
[root@server ~]# mkdir /arkit-multiuser
By default SELinux is enabled. SELinux will not allow to share directory with other network client without proper SELinux security policies
[root@server ~]# semanage fcontext -a -t samba_share_t "/arkit-multiuser(/.*)?"
[root@server ~]# restorecon -vRF /arkit-multiuser/
restorecon reset /arkit-multiuser context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
[root@server ~]# ls -ldZ /arkit-multiuser/
drwxr-xr-x. root root system_u:object_r:samba_share_t:s0 /arkit-multiuser/
SELinux context for SMB / CIFS share is samba_share_t
Enabling the firewall ports to communicate with clients
[root@server ~]# firewall-cmd --permanent --add-service=samba
success
[root@server ~]# firewall-cmd --reload
success
Adding normal users and converting them as Samba users
[root@server ~]# useradd ravi
[root@server ~]# useradd ramana
[root@server ~]# useradd srikanth
[root@server ~]# smbpasswd -a ravi
New SMB password:
Retype new SMB password:
Added user ravi.
[root@server ~]# smbpasswd -a ramana
New SMB password:
Retype new SMB password:
Added user ramana.
[root@server ~]# smbpasswd -a srikanth
New SMB password:
Retype new SMB password:
Added user srikanth.
To verify Samba user 
[root@server ~]# pdbedit -L -v ravi
Unix username: ravi
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3339526382-645010227-446471857-1000
Primary Group SID: S-1-5-21-3339526382-645010227-446471857-513
Full Name:
Home Directory: \\server\ravi
HomeDir Drive:
Logon Script:
Profile Path: \\server\ravi\profile
Domain: SERVER
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 20:36:39 IST
Kickoff time: Wed, 06 Feb 2036 20:36:39 IST
Password last set: Sun, 29 May 2016 18:07:47 IST
Password can change: Sun, 29 May 2016 18:07:47 IST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Creating common group and add user to group provide access
[root@server ~]# groupadd IT
[root@server ~]# usermod -aG IT ravi
[root@server ~]# usermod -aG IT ramana
Configuring the Samba share with multi user support. Edit the configuration file and add the configuration yet end of config file
[root@server ~]#vim /etc/samba/smb.conf
[multiuser]
comment = Information Technology Team
path = /arkit-multiuser
write list = @IT
hosts allow = 192.168.4.
Save and Exit 
That’s about server side configuration
Now client side configuration
[root@server ~]# yum install cifs-utils
Installed:
cifs-utils.x86_64 0:6.2-7.el7
Complete!
Now create an file in /root with username and password and restrict access to other user
[root@server ~]# vim /root/access
[root@server ~]# chmod 600 /root/access
[root@server ~]# ls -l /root/access
-rw-------. 1 root root 30 May 29 18:24 /root/access
[root@server ~]# cat /root/access
username=ravi
password=redhat
[root@server ~]#
Open /etc/fstab file and mount the samba share permanently 
[root@Client ~]#vim /etc/fstab
//192.168.4.20/multiuser /mnt/coss cifs,credentials=/root/access,defaults,multiuser,sec=ntlmssp 0 0
Save & Exit
[root@Client ~]# mount -a
now let login to other user and check the CIFS share visibility and access
[root@Client ~]# cifscreds add 192.168.4.20
Check using df command
That’s it. 

No comments: