Samba is available from the standard CentOS repositories. To install it on your CentOS system run the following command:
sudo yum install samba samba-client
Once the installation is completed, start the Samba services and enable them to start automatically on system boot:
sudo systemctl start smb.service
sudo systemctl start nmb.service
sudo systemctl enable smb.service
sudo systemctl enable nmb.service
smbd service provides file sharing and printing services and listens on TCP ports 139 and 445. The
nmbd service provides NetBIOS over IP naming services to clients and listens on UDP port 137.
For easier maintainability and flexibility instead of using the standard home directories (
/home/user) all Samba directories and data will be located in the
Start by creating the
sudo mkdir /samba
Create a new group named
sambashare. Later we will add all Samba users to this group.
sudo groupadd sambashare
/samba directory group ownership to
sudo chgrp sambashare /samba
Samba uses Linux users and group permission system but it has its own authentication mechanism separate from the standard Linux authentication. We will create the users using the standard Linux
useradd tool and then set the user password with the
To create a new user named
josh, use the following command:
sudo useradd -M -d /samba/josh -s /usr/sbin/nologin -G sambashare josh
useradd options have the following meanings:
-M-do not create the user’s home directory. We’ll manually create this directory.
-d /samba/josh- set the user’s home directory to
-s /usr/sbin/nologin- disable shell access for this user.
-G sambashare- add the user to the
Create the user’s home directory and set the directory ownership to user
josh and group
sudo mkdir /samba/josh
sudo chown josh:sambashare /samba/josh
The following command will add the setgid bit to the
/samba/josh directory so the newly created files in this directory will inherit the group of the parent directory. This way, no matter which user creates a new file, the file will have group-owner of
sambashare. For example, if you don’t set the directory’s permissions to
2770 and the
sadmin user creates a new file the user
josh will not be able to read/write to this file.
sudo chmod 2770 /samba/josh
josh user account to the Samba database by setting the user password:
sudo smbpasswd -a josh
You will be prompted to enter and confirm the user password.
New SMB password: Retype new SMB password: Added user josh.
Once the password is set, enable the Samba account by typing:
sudo smbpasswd -e josh
Enabled user josh.
To create another user repeat the same process as when creating the user
Next, let’s create a user and group
sadmin. All members of this group will have administrative permissions. Later if you want to grant administrative permissions to another user simply add that user to the
sadmin group .
Create the administrative user by typing:
sudo useradd -M -d /samba/users -s /usr/sbin/nologin -G sambashare sadmin
The command above will also create a group
sadmin and add the user to both
Set a password and enable the user:
sudo smbpasswd -a sadmin
sudo smbpasswd -e sadmin
Next, create the
Users share directory:
sudo mkdir /samba/users
Set the directory ownership to user
sadmin and group
sudo chown sadmin:sambashare /samba/users
This directory will be accessible by all authenticated users. The following command configures write/read access to members of the
sambashare group in the
sudo chmod 2770 /samba/users
Open the Samba configuration file and append the sections:
sudo nano /etc/samba/smb.conf
[users] path = /samba/users browseable = yes read only = no force create mode = 0660 force directory mode = 2770 valid users = @sambashare @sadmin [josh] path = /samba/josh browseable = no read only = no force create mode = 0660 force directory mode = 2770 valid users = josh @sadmin
The options have the following meanings:
[josh]- The names of the shares that you will use when logging in.
path- The path to the share.
browseable- Whether the share should be listed in the available shares list. By setting to
noother users will not be able to see the share.
read only- Whether the users specified in the
valid userslist are able to write to this share.
force create mode- Sets the permissions for the newly created files in this share.
force directory mode- Sets the permissions for the newly created directories in this share.
valid users- A list of users and groups that are allowed to access the share. Groups are prefixed with the
For more information about available options see the Samba configuration file documentation page.
Once done, restart the Samba services with:
sudo systemctl restart smb.service
sudo systemctl restart nmb.service
In the following sections, we will show you how to connect to a Samba share from Linux, macOS and Windows clients
Open SAMBA for IP_address1
iptables -A INPUT -p tcp -s IP_address1 --dport 139 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s IP_address1 --dport 445 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s IP_address1 --dport 137 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s IP_address1 --dport 138 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
Open SSH for IP_address2
iptables -A INPUT -p tcp -s IP_address2 --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT