How to Install Samba4 on CentOS 7 for File Sharing on Windows

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

37 Responses

  1. Adrian says:

    I can access the Anonymous folder and write files there, but I am unable to get the access to the secure folder. It asks me for the login and password, but when I put the same credentials, which I had to use during the connection with the samba first time, when I put my own IP like you advised in the tutorial I am unable to get there.

    I added user to the smbgrp. Is this a problem with Windows 10?

    • Adrian says:

      Hello,

      I solved issues. First I have set up samba using this tutorial:

      But this is a tutorial for setting up samba as a DC (domain controller). I removed samba, and purged it in CentOS (I know how to do that manually, so I did not damage anything). Then I installed everything from the scratch following your tutorial. Everything is working as I expected. Thank you very much. By the way I improved a little bit my samba global settings searching about the security and here I will present how it looks like now.

      [global]
              dns forwarder = 150.10.0.1
              netbios name = SAMBA
              realm = EXAMPLE.COM
              workgroup = WORKGROUP
              security = user
              encrypt passwords = true
              smb encrypt= required
              passdb backend = tdbsam
              cups options = raw
              printcap name = cups
              invalid users = root bin daemon adm sync shutdown halt mail news uucp operator
              invalid groups = root sudo wheel
              unix charset = UTF-8
              dos charset = CP932
              protocol = SMB3
              map to guest = bad user
              panic action = /usr/share/samba/panic-action %d
              log file = /var/log/samba/log.%m
              max log size = 10000
              hosts allow = 127.0.0.1 192.168.0.0/24
              hosts deny = 0.0.0.0/0
      

      I changed realm name, because I do not want to public information. And I allow connections only from my internal network, but if I remove last two lines it connects properly from every single computer in the world. I also have found ports which samba uses and opened them.

      • Protocol UDP – ports 137 and 138 for NetBIOS names services
      • Protocol TCP – port 139 for Netbios session
      • Protocol Microsoft-dn TCP – port 445 for Samba server

      In CentOS it should be added like this way:

      # firewall-cmd --zone=public --add-service=samba --permanent
      # firewall-cmd --zone=public --add-port=135/tcp --permanent
      # firewall-cmd --zone=public --add-port=137/udp --permanent
      # firewall-cmd --zone=public --add-port=138/udp --permanent
      # firewall-cmd --zone=public --add-port=139/tcp --permanent
      

      If you want to use LDAP, Kerberos, kpasswd and dns for Domain Controler add:

      # firewall-cmd --zone=public --add-service=dns --permanent
      # firewall-cmd --zone=public --add-service=kerberos --permanent
      # firewall-cmd --zone=public --add-service=kpasswd --permanent
      # firewall-cmd --zone=public --add-service=ldap --permanent
      # firewall-cmd --zone=public --add-service=ldaps --permanent
      
  2. Adrian says:

    usermod tecmint -aG smbgrp should be usermod -aG smbgrp tecmint.

  3. Rahul says:

    Apart from Bob’s solution to add ‘map to guest = bad user‘ (I had to add it to [global] actually) I also had to follow steps to enable ‘guest logins‘ in the Local Group Policy Editor in Windows 10 to be able to successfully access the ‘Anonymous‘ share.

    This link provides details on how to enable it for Windows 10 and Windows 7

    https://support.microsoft.com/en-in/help/4046019/guest-access-in-smb2-disabled-by-default-in-windows-10-and-windows-ser

  4. Ardian says:

    Hi,

    My nessus scanner said, my samba has “LDAP NULL BASE Search Access”. How to solved this findings?

    Thanks,

  5. Paul says:

    Aaron, maybe this is a clue. I noticed the testparm produces different text than the smb.conf file.

    Here it is:

    smb.conf-
    [Anonymous]
    	comment = Anonymous File Server Share
    	path = /srv/samba/anonymous
    	browsable = yes
    	writable = yes
    	guest ok = yes
    	read only = no
    	force user = nobody
    	account = nobody
    
    testparm-
    [Anonymous]
    	comment = Anonymous File Server Share
    	force user = nobody
    	guest ok = Yes
    	path = /srv/samba/anonymous
    	read only = No
    
  6. Paul says:

    Thank you for the article. My problem is: a dialog pops up “Windows Security”, “Enter your password to connect to: CENTOS” I have found the cryptic network password under Control Panel\Network and Internet\HomeGroup\View and print your home group password.

  7. Man says:

    sorry admin

    I still cannot figure out the sharing without password even I had follow your step. it still asking me username and password.

Leave a Reply to Paul Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.