3 Configuring a Samba Standalone Server
The following task shows how to configure a standalone Samba server in a small network, such as a peer-to-peer workgroup, where the server isn't required to be part of a domain.
- Install the
samba
package.Run the following command to install
samba
:sudo dnf install samba
- Make a backup copy of the Samba configuration file.
Run the following command to make a copy of the original
/etc/samba/smb.cnf
file:sudo cp /etc/samba/smb.conf /etc/samba/samba.conf.mycopy
- Edit the Samba configuration file.
Edit the
/etc/samba/smb.conf
file and configure the various sections for the services required.Note:
See The Samba Configuration File for more information on editing a Samba configuration file.
Consider the following example:
#========== Global Settings ========= [global] workgroup = EXAMPLE_WORKGROUP netbios name = Server_Netbios_Name security = user server role = standalone server passdb backend = tdbsam log file = /var/log/samba/%m log level = 1 #========== File Share ========= [shareexample] path = /srv/samba/shareexample/ read only = no
This example configures a standalone server named Server_Netbios_Name in the workgroup EXAMPLE_WORKGROUP, with the following settings:
-
server role = standalone server
The type of server. See Samba Server Roles for more information.
-
passdb backend = tdbsam
Default setting, where Samba stores user accounts in the
/var/lib/samba/private/passdb.tdb
database. -
log level = 1
Lowest level of logging.
-
log file = /var/log/samba/%m
Path to the log file. The
%m
variable is substituted with the NetBIOS name of the client machine. -
[shareexample]
Name of the share is configured as shareexample. This is the name users use to access the share.
-
read only = no
Ensures that Samba makes the shared directory writeable.
-
- Verify the Samba configuration.
Run the
testparm
command to verify the contents of the Samba configuration file, The testparm command detects invalid parameters and values and any incorrect settings such as incorrect ID mapping. If the testparm command doesn't report any problems, the Samba services successfully load the configuration that's specified in the/etc/samba/smb.conf
file. Use the testparm command every time you make a change to the Samba configuration.sudo testparm
Note:
The testparm command only tests the internal integrity of the Samba configuration file. It can't check whether configured services are available or work as expected.
- Create a Samba user.
Create a local Linux user account without a home directory (
-M
) and without a login shell (-s /sbin/nologin
):sudo useradd -M -s /sbin/nologin exampleUser
- Add the user account to the Samba database.
Run the
smbpasswd
command to generate a Samba password for the user and add it to the Samba database:sudo smbpasswd -a exampleUser New SMB password: Retype new SMB password: Added user exampleUser
- Create a group for Samba users.
Create a Linux group for the Samba user:
sudo groupadd exampleGroup
Add the user exampleUser to the group exampleGroup created in the previous step:
sudo usermod -aG exampleGroup exampleUser
- Create the share directory.
Make the share directory you referenced in
/etc/samba/smb.conf
if it doesn't already exist:sudo mkdir -p /srv/samba/shareexample/
Note:
If you run SELinux in
enforcing
mode, set thesamba_share_t
context on the directory so that SELinux allows Samba to read and write to it:sudo semanage fcontext -a -t samba_share_t "/srv/samba/shareexample(/.*)?" sudo restorecon -Rv /srv/samba/shareexample/
- Set group access to the share directory.
Set the group for the share directory to be the group you created in a previous step for the Samba users:
sudo chgrp -R exampleGroup /srv/samba/shareexample/
- Set permissions on the share directory.
The following command sets full owner and group rights to the share directory:
sudo chmod 2770 /srv/samba/shareexample/
- Configure the firewall.
Open the required ports and reload the firewall configuration using the
firewall-cmd
utility:sudo firewall-cmd --permanent --add-service=samba sudo firewall-cmd --reload
- Start the Samba service.
Enable and start the
smb
service:sudo systemctl enable --now smb