Setting Up Samba and Configure FirewallD and SELinux to Allow File Sharing on Linux/Windows Clients – Part 6

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Gabriel Cánepa

Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

27 Responses

  1. Santanu says:

    Could you help me to configure ready only samba but some user will be get read write access.
    and also help me how to configure multi path NFS server. pls pls pls

  2. Brian L Simonin says:

    I believe you should not be setting samba_export_all_ro and samba_export_all_rw to 1. This will allow Samba to access system files in an RO/RW mode outside of the /finance directory.

    All that is needed is:

    # semanage fcontext –at samba_share_t "/finance(/.*)?"
    # restorecon /finance
    

    samba_export_all_ro:

    Export any file or directory, allowing read-only permissions. This allows files and directories that are not labeled with the samba_share_t type to be shared through Samba. When the samba_export_all_ro Boolean is on, but the samba_export_all_rw Boolean is off, write access to Samba shares is denied, even if write access is configured in /etc/samba/smb.conf, as well as Linux permissions allowing write access.

    samba_export_all_rw
    :

    Export any file or directory, allowing read and write permissions. This allows files and directories that are not labeled with the samba_share_t type to be exported through Samba. Permissions in /etc/samba/smb.conf and Linux permissions must be configured to allow write access.

  3. pradeep says:

    Now i want to create a centralized file share server for 20 users, the each users has each folder and each folder has 10gb the users access only respective folder with credential how to do that.

    server: centos 7
    service: samba
    client os: windows
    client users:20
    
  4. arun says:

    Hi,

    thanks for your notes. i got the output from following your instructions.

    but i have problem in understanding below selinux parameter, could you please explain that ?

    semanage fcontext –at samba_share_t "/finance(/.*)?"
    
  5. cesar says:

    fix permissions on new directories:
    force directory mode = 0770
    directory mask = 0770

  6. Seun says:

    Never mind Gabriel. I got it right now. Before now, I used sudo to do everything. But then I redid it in root account and thins worked fine

  7. Seun says:

    Thank you Gabriel for such nice tutorial. I hope you can still respond to my question. I followed those steps precisely and got this error on client side:

    [email protected]:~$ sudo mount //192.168.1.100/home/seun/finance /media/samba -o user=tosin
    Password for [email protected]//192.168.1.100/home/seun/finance: *****
    Retrying with upper case share name
    mount error(6): No such device or address
    Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

    [email protected]:~$ smbclient -L 192.168.1.100
    WARNING: The “syslog” option is deprecated
    Enter sam’s password:
    session setup failed: NT_STATUS_LOGON_FAILURE
    [email protected]:~$

    I also got access denied error on windows 7 client too.

    • Gabriel A. Cánepa says:

      @Seun,
      This is an authentication error. Make sure you’re using the password created using smbpasswd, and not your Linux credentials.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.