How to Install Samba4 on CentOS 7 for File Sharing on Windows

In our last article, we showed how to install Samba4 on Ubuntu for basic file sharing between Ubuntu systems and Windows machines. Where we looked at configuring anonymous (unsecure) as well as secure file sharing.

Here, we will describe how to install and configure Samba4 on CentOS 7 (also works on RHEL 7) for basic file sharing between other Linux systems and Windows machines.

Important: Starting from version 4.0, Samba can run as an Active Directory (AD) domain controller (DC). We suggest you read through our special series on setting up Samba4 Active Directory Domain Controller, which includes critical topics for Ubuntu, CentOS, and Windows.

Install Samba4 in CentOS 7

1. First install Samba4 and required packages from the default CentOS repositories using the yum package manager tool as shown.

# yum install samba samba-client samba-common
Install Samba4 on CentOS 7

Install Samba4 on CentOS 7

2. After installing the samba packages, enable samba services to be allowed through system firewall with these commands.

# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload
Open Samba on Firewalld

Open Samba on Firewalld

Check Windows Machine Workgroup Settings

3. Before you proceed to configure samba, make sure the Windows machine is in the same workgroup to be configured on the CentOS server.

There are two possible ways to view the Windows machine workgroup settings:

  • Right clicking on “This PC” or “My Computer” → PropertiesAdvanced system settingsComputer Name.
Check Windows WorkGroup

Check Windows WorkGroup

  • Alternatively, open the cmd prompt and run the following command, then look for “workstation domain” in the output as shown below.
>net config workstation
Verify Windows WorkGroup

Verify Windows WorkGroup

Configuring Samba4 on CentOS 7

4. The main samba configuration file is /etc/samba/smb.conf, the original file comes with pre-configuration settings which explain various configuration directives to guide you.

But, before configuring samba, I suggest you to take a backup of the default file like this.

# cp /etc/samba/smb.conf /etc/samba/smb.conf.orig

Then, proceed to configure samba for anonymous and secure file sharing services as explained below.

Samba4 Anonymous File Sharing

5. First create the shared directory where the files will be stored on the server and set the appropriate permissions on the directory.

# mkdir -p /srv/samba/anonymous
# chmod -R 0775 /srv/samba/anonymous
# chown -R nobody:nobody /srv/samba/anonymous

Also, you need to change the SELinux security context for the samba shared directory as follows.

# chcon -t samba_share_t /srv/samba/anonymous
Create Samba Shared Directory

Create Samba Shared Directory

6. Next, open the samba configuration file for editing, where you can modify/add the sections below with the corresponding directives.

# vi /etc/samba/smb.conf
Samba Configuration Settings
[global]
	workgroup = WORKGROUP
	netbios name = centos
	security = user
[Anonymous]
	comment = Anonymous File Server Share
	path = /srv/samba/anonymous
	browsable =yes
	writable = yes
	guest ok = yes
	read only = no
	force user = nobody

7. Now verify current samba settings by running the command below.

# testparm
Verify Samba Current Configuration Settings
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Anonymous]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
	netbios name = centos
	printcap name = cups
	security = USER
	idmap config * : backend = tdb
	cups options = raw
[homes]
	comment = Home Directories
	browseable = No
	inherit acls = Yes
	read only = No
	valid users = %S %D%w%S
[printers]
	comment = All Printers
	path = /var/tmp
	browseable = No
	printable = Yes
	create mask = 0600
[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	create mask = 0664
	directory mask = 0775
	write list = root
[Anonymous]
 	comment = Anonymous File Server Share
	path = /srv/samba/anonymous
	force user = nobody
	guest ok = Yes
	read only = No

8. Finally, start and enable samba services to start automatically at next boot and also apply the above changes to take effect.

# systemctl enable smb.service
# systemctl enable nmb.service
# systemctl start smb.service
# systemctl start nmb.service

Testing Anonymous Samba File Sharing

9. Now on the Windows machine, open “Network” from a Windows Explorer window, then click on the CentOS host, or else try to access the server using its IP address (use ifconfig command to get IP address).

e.g. \192.168.43.168.
Shared Network Hosts

Shared Network Hosts

10. Next, open the Anonymous directory and try to add files in there to share with other users.

Samba Anonymous Share

Samba Anonymous Share

Add Files to Samba Anonymous Share

Add Files to Samba Anonymous Share

Setup Samba4 Secure File Sharing

11. First start by creating a samba system group, then add users to the group and set a password for each user like so.

# groupadd smbgrp
# usermod tecmint -aG smbgrp
# smbpasswd -a tecmint

12. Then create a secure directory where the shared files will be kept and set the appropriate permissions on the directory with SELinux security context for the samba.

# mkdir -p /srv/samba/secure
# chmod -R 0770 /srv/samba/secure
# chown -R root:smbgrp /srv/samba/secure
# chcon -t samba_share_t /srv/samba/secure

13. Next open the configuration file for editing and modify/add the section below with the corresponding directives.

# vi /etc/samba/smb.conf
Samba Secure Configuration Settings
[Secure]
	comment = Secure File Server Share
	path =  /srv/samba/secure
	valid users = @smbgrp
	guest ok = no
	writable = yes
	browsable = yes

14. Again, verify the samba configuration settings by running the following command.

$ testparm
Verify Secure Configuration Settings
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Anonymous]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
	netbios name = centos
	printcap name = cups
	security = USER
	idmap config * : backend = tdb
	cups options = raw
[homes]
	comment = Home Directories
	browseable = No
	inherit acls = Yes
	read only = No
	valid users = %S %D%w%S
[printers]
	comment = All Printers
	path = /var/tmp
	browseable = No
	printable = Yes
	create mask = 0600
[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	create mask = 0664
	directory mask = 0775
	write list = root
[Anonymous]
 	comment = Anonymous File Server Share
	path = /srv/samba/anonymous
	force user = nobody
	guest ok = Yes
	read only = No
[Secure]
	comment = Secure File Server Share
	path = /srv/samba/secure
	read only = No
	valid users = @smbgrp

15. Restart Samba services to apply the changes.

# systemctl restart smb.service
# systemctl restart nmb.service

Testing Secure Samba File Sharing

16. Go to Windows machine, open “Network” from a Windows Explorer window, then click on the CentOS host, or else try to access the server using its IP address.

e.g. \192.168.43.168.

You’ll be asked to provide your username and password to login the CentOS server. Once you have entered the credentials, click OK.

Samba Secure Login

Samba Secure Login

17. Once you successfully login, you will see all the samba shared directories. Now securely share some files with other permitted users on the network by dropping them in Secure directory.

Samba Secure Share Directory

Samba Secure Share Directory

You can also check out these useful articles concerning Samba file sharing on a network.

  1. How to Mount/Unmount Local and Network (Samba & NFS) Filesystems in Linux
  2. Using ACLs (Access Control Lists) and Mounting Samba / NFS Shares
  3. How to Fix SambaCry Vulnerability (CVE-2017-7494) in Linux Systems

In this guide, we showed you how to setup Samba4 for anonymous and secure file sharing between CentOS and other Linux systems as well as Windows machines. Share any thoughts with us via the comment section below.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

46 Responses

  1. Bheesham says:

    What is the reason for writing SeLinux context on the directory if the Selinux is disabled?

    Without Selinux context, samba public share does not work. It does not allow anonymous user to write files in the share

  2. Spandan Pradhan says:

    chcon: can’t apply partial context to unlabeled file ‘/srv/samba/anonymous/

    On point 4. i got stuck.

    • Adrian says:
      # setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
      # getsebool –a | grep samba_export
      # semanage fcontext –at samba_share_t “/finance(/.*)?”
      # restorecon /finance
      

      This is an example from the previous link. Study this and set as it should be for anonymous users.

      For example:

      # semanage fcontext –at samba_share_t “/anonymous(/.*)?”
      
  3. vinit says:

    (16. Go to Windows machine, open “Network” from a Windows Explorer window, then click on the CentOS host or else try to access the server using its IP address.) Followed all the steps but unable to find CentOS host in the network, it’s not there.

  4. Adrian says:

    I can access the Anonymous folder and write files there, but I am unable to get the access to the secure folder. It asks me for the login and password, but when I put the same credentials, which I had to use during the connection with the samba first time, when I put my own IP like you advised in the tutorial I am unable to get there.

    I added user to the smbgrp. Is this a problem with Windows 10?

    • Adrian says:

      Hello,

      I solved issues. First I have set up samba using this tutorial:

      But this is a tutorial for setting up samba as a DC (domain controller). I removed samba, and purged it in CentOS (I know how to do that manually, so I did not damage anything). Then I installed everything from the scratch following your tutorial. Everything is working as I expected. Thank you very much. By the way I improved a little bit my samba global settings searching about the security and here I will present how it looks like now.

      [global]
              dns forwarder = 150.10.0.1
              netbios name = SAMBA
              realm = EXAMPLE.COM
              workgroup = WORKGROUP
              security = user
              encrypt passwords = true
              smb encrypt= required
              passdb backend = tdbsam
              cups options = raw
              printcap name = cups
              invalid users = root bin daemon adm sync shutdown halt mail news uucp operator
              invalid groups = root sudo wheel
              unix charset = UTF-8
              dos charset = CP932
              protocol = SMB3
              map to guest = bad user
              panic action = /usr/share/samba/panic-action %d
              log file = /var/log/samba/log.%m
              max log size = 10000
              hosts allow = 127.0.0.1 192.168.0.0/24
              hosts deny = 0.0.0.0/0
      

      I changed realm name, because I do not want to public information. And I allow connections only from my internal network, but if I remove last two lines it connects properly from every single computer in the world. I also have found ports which samba uses and opened them.

      • Protocol UDP – ports 137 and 138 for NetBIOS names services
      • Protocol TCP – port 139 for Netbios session
      • Protocol Microsoft-dn TCP – port 445 for Samba server

      In CentOS it should be added like this way:

      # firewall-cmd --zone=public --add-service=samba --permanent
      # firewall-cmd --zone=public --add-port=135/tcp --permanent
      # firewall-cmd --zone=public --add-port=137/udp --permanent
      # firewall-cmd --zone=public --add-port=138/udp --permanent
      # firewall-cmd --zone=public --add-port=139/tcp --permanent
      

      If you want to use LDAP, Kerberos, kpasswd and dns for Domain Controler add:

      # firewall-cmd --zone=public --add-service=dns --permanent
      # firewall-cmd --zone=public --add-service=kerberos --permanent
      # firewall-cmd --zone=public --add-service=kpasswd --permanent
      # firewall-cmd --zone=public --add-service=ldap --permanent
      # firewall-cmd --zone=public --add-service=ldaps --permanent
      
  5. Adrian says:

    usermod tecmint -aG smbgrp should be usermod -aG smbgrp tecmint.

  6. Rahul says:

    Apart from Bob’s solution to add ‘map to guest = bad user‘ (I had to add it to [global] actually) I also had to follow steps to enable ‘guest logins‘ in the Local Group Policy Editor in Windows 10 to be able to successfully access the ‘Anonymous‘ share.

    This link provides details on how to enable it for Windows 10 and Windows 7

    https://support.microsoft.com/en-in/help/4046019/guest-access-in-smb2-disabled-by-default-in-windows-10-and-windows-ser

  7. Ardian says:

    Hi,

    My nessus scanner said, my samba has “LDAP NULL BASE Search Access”. How to solved this findings?

    Thanks,

  8. Paul says:

    Aaron, maybe this is a clue. I noticed the testparm produces different text than the smb.conf file.

    Here it is:

    smb.conf-
    [Anonymous]
    	comment = Anonymous File Server Share
    	path = /srv/samba/anonymous
    	browsable = yes
    	writable = yes
    	guest ok = yes
    	read only = no
    	force user = nobody
    	account = nobody
    
    testparm-
    [Anonymous]
    	comment = Anonymous File Server Share
    	force user = nobody
    	guest ok = Yes
    	path = /srv/samba/anonymous
    	read only = No
    
  9. Paul says:

    Thank you for the article. My problem is: a dialog pops up “Windows Security”, “Enter your password to connect to: CENTOS” I have found the cryptic network password under Control Panel\Network and Internet\HomeGroup\View and print your home group password.

  10. Man says:

    sorry admin

    I still cannot figure out the sharing without password even I had follow your step. it still asking me username and password.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.