Set up samba share on Fedora 18

With the advent of samba4, seems a few stuff have changed (havent really gone through the changes list). Till now used to copy previous Fedora installation’s smb.conf file. However, doing the same didnt really help creating the share.

Reverting back to the original smb.conf file (ALWAYS, ALWAYS back up conf files before making any changes!), added the hostname restriction as had mentioned in one of the previous posts. Once done, added in the “Share Definitions” section shared folder information:

comment = Shared Folder
path = <location>
read only = no
; browseable = yes
guest ok = yes

This step can also be achieved using a gui tool : system-config-samba (sudo yum / dnf install system-config-samba).

Next comes SELinux policy settings. Either using the gui policycoreutils-gui (sudo yum / dnf install policycoreutils-gui) or through terminal set the following Booleans:

  • su
  • setsebool -P allow_smbd_anon_write=1

For full read / write access :

  • setsebool -P samba_export_all_rw on

For only read access :

  • setsebool -P samba_export_all_ro on

and Finally relabeling for the shared folder:

  • chcon -t samba_share_t <path_to_shared_folder>/

And we are ALMOST done. Just install samba-client and set samba password for the user:

  • smbpasswd -a <username>

Finally, restart / enable smb.service and nmb.service to ensure samba server starts at boot from next time:

  • systemctl enable smb.service
  • systemctl enable nmb.service
  • systemctl restart smb.service
  • systemctl restart nmb.service

Thats it! Enjoy samba shares on Linux and Windows from a fresh, moowing F18 system..

P.S : (1) also check if firewall allows samba connections, i.e., Firewall > Persistent Configuration > check on samba.

(2) change the permissions of the folder you want to share, i.e., chmod -R a+rwx folder_location/ .

Restrict samba share access to certain IPs / hosts

Samba provides an easy (well.. almost) way of sharing files and folders between Linux and Windows. In certain situations, it may be required that a certain system allows both write and read permissions to some folders. Now imagine a situation where the systems are in a large subnet: an unrestricted write access gives anyone on the subnet free access to your data (maybe sensitive too). Can something be done so that only certain IPs / hosts in the subnet  get access to your system?

Well, it turns out, Samba developers have given it a good thought.  First of all, edit /etc/hosts and add aliases in the following format:

IP                                alias_name

Say you added 3 aliases for 3 different hosts (alias1, alias2, alias3). This step ensures you dont have to remember the actual IP of the hosts, and those can be referred to by their alias names. Now, edit /etc/samba/smb.conf, and add the following to the [global] section:

  • hostname lookups = yes
  • hosts allow = alias1 alias2 alias3

And its done.. Restart samba server for the changes to take effect:

  • sudo systemctl restart smb.service
  • sudo systemctl nmb.service

Now only the aliased IPs will get access to your samba share, while the rest of the subnet will be blocked out!