RHCE SMB

Posted on August 10, 2015 by Freejack

RHCE Objectives: Network services

Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:

  • Install the packages needed to provide the service
  • Configure SELinux to support the service
  • Use SELinux port labeling to allow services to use non-standard ports
  • Configure the service to start when the system is booted
  • Configure the service for basic operation
  • Configure host-based and user-based security for the service
  • Provide network shares to specific clients
  • Provide network shares suitable for group collaboration.

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/sect-Managing_Confined_Services-Samba-Configuration_examples.html#sect-Managing_Confined_Services-Configuration_examples-Sharing_directories_you_create

http://www.certdepot.net/rhel7-provide-smb-network-shares/

Install is a bit more involved, at least for the testing part: yum groupinstall “file-server”, plus samba-client and samba-winbind

firewall-cmd –permanent –add-service=samba

systemctl enable smb

systemctl enable nmb

systemctl enable winbind

systemctl start smb

systemctl start nmb

systemctl start winbind

Setting it up is easy enough. in /etc/samba/smb.conf:

Uncomment ‘netbios name’
Update interfaces with interfaces on system

Everything should already be set.

Add a new shared entry at the end

Comment =
browseable = yes
path = /shared
valid users = your user
writable = yes

Done

Make the directory and set it 777 (mkdir /shared, chmod 777 /shared, touch /shared/test

The selinux part is as always the harder part.

If semanage not there, install setroubleshoot-server

semanage fcontext –list | grep samba gives you some. Set up samba_share_t for the new shared filesystem

semanage fcontext -a -t samba_share_t “/shared(/.*)?”
restorecon -R /shared

And add the user to the password file.

smbpasswd -a your user. It’ll ask for your new password.

Use smbclient to access the share //localhost/shared -U user%password

Group access is similar but a few extra options are needed for management

valid users = @group
create mode = 0660
directory mode = 0770

Change the group for /shared to group (chgrp /shared group)

This entry was posted in Computers and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *