3 Configuring a Samba Standalone Server

The following task shows how to configure a standalone Samba server in a small network, such as a peer-to-peer workgroup, where the server isn't required to be part of a domain.

  1. Install the samba package.

    Run the following command to install samba:

    sudo dnf install samba
  2. Make a backup copy of the Samba configuration file.

    Run the following command to make a copy of the original /etc/samba/smb.cnf file:

    sudo cp /etc/samba/smb.conf /etc/samba/samba.conf.mycopy
  3. Edit the Samba configuration file.

    Edit the /etc/samba/smb.conf file and configure the various sections for the services required.

    Note:

    See The Samba Configuration File for more information on editing a Samba configuration file.

    Consider the following example:

    #========== Global Settings =========
    [global]
    
    workgroup = EXAMPLE_WORKGROUP
    netbios name = Server_Netbios_Name
    
    security = user
    server role = standalone server
    passdb backend = tdbsam
    log file = /var/log/samba/%m
    log level = 1
    
    #========== File Share =========
    
    [shareexample]
    path = /srv/samba/shareexample/
    read only = no

    This example configures a standalone server named Server_Netbios_Name in the workgroup EXAMPLE_WORKGROUP, with the following settings:

    • server role = standalone server

      The type of server. See Samba Server Roles for more information.

    • passdb backend = tdbsam

      Default setting, where Samba stores user accounts in the /var/lib/samba/private/passdb.tdb database.

    • log level = 1

      Lowest level of logging.

    • log file = /var/log/samba/%m

      Path to the log file. The %m variable is substituted with the NetBIOS name of the client machine.

    • [shareexample]

      Name of the share is configured as shareexample. This is the name users use to access the share.

    • read only = no

      Ensures that Samba makes the shared directory writeable.

  4. Verify the Samba configuration.

    Run the testparm command to verify the contents of the Samba configuration file, The testparm command detects invalid parameters and values and any incorrect settings such as incorrect ID mapping. If the testparm command doesn't report any problems, the Samba services successfully load the configuration that's specified in the /etc/samba/smb.conf file. Use the testparm command every time you make a change to the Samba configuration.

    sudo testparm

    Note:

    The testparm command only tests the internal integrity of the Samba configuration file. It can't check whether configured services are available or work as expected.

  5. Create a Samba user.

    Create a local Linux user account without a home directory (-M) and without a login shell (-s /sbin/nologin):

    sudo useradd -M -s /sbin/nologin exampleUser
  6. Add the user account to the Samba database.

    Run the smbpasswd command to generate a Samba password for the user and add it to the Samba database:

    sudo smbpasswd -a exampleUser
    New SMB password: 
    Retype new SMB password: 
    Added user exampleUser                
  7. Create a group for Samba users.

    Create a Linux group for the Samba user:

    sudo groupadd exampleGroup

    Add the user exampleUser to the group exampleGroup created in the previous step:

    sudo usermod -aG exampleGroup exampleUser
  8. Create the share directory.

    Make the share directory you referenced in /etc/samba/smb.conf if it doesn't already exist:

    sudo mkdir -p /srv/samba/shareexample/ 

    Note:

    If you run SELinux in enforcing mode, set the samba_share_t context on the directory so that SELinux allows Samba to read and write to it:

    sudo semanage fcontext -a -t samba_share_t "/srv/samba/shareexample(/.*)?"
    sudo restorecon -Rv /srv/samba/shareexample/
  9. Set group access to the share directory.

    Set the group for the share directory to be the group you created in a previous step for the Samba users:

    sudo chgrp -R exampleGroup /srv/samba/shareexample/
  10. Set permissions on the share directory.

    The following command sets full owner and group rights to the share directory:

    sudo chmod 2770 /srv/samba/shareexample/
  11. Configure the firewall.

    Open the required ports and reload the firewall configuration using the firewall-cmd utility:

    sudo firewall-cmd --permanent --add-service=samba
    sudo firewall-cmd --reload             
  12. Start the Samba service.

    Enable and start the smb service:

    sudo systemctl enable --now smb