Samba assistance for newbie

General support questions
Post Reply
Posts: 4
Joined: 2020/02/10 12:06:46

Samba assistance for newbie

Post by tallpr24 » 2020/02/10 12:38:48


I'm very new to CentOS 7 and wanted some assistance or guidance on how to get a folder on my second drive to work with samba. I have followed many guides but it seems the only folder that works is the samba folder on the root drive where centOS is installed on and not my secondary drive.
here are some of the files I have configured.

here is my smb.conf file

Last login: Fri Feb 7 14:09:34 2020 from
[root@230bupc ~]# vi /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

client use spnego principal = true
# Setting send spnego principal to yes .
# Otherwise, it will not send this principal between Samba and Windows 2008
send spnego principal = Yes
# If your Samba server only serves to Windows systems, try server signing = mandatory.
server signing = mandatory
client ntlmv2 auth = yes
client use spnego = yes
template shell = /bin/bash
winbind use default domain = Yes
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
idmap cache time = 0
# ignore syssetgroups error = No
-- INSERT --

here is my fstab file
/dev/mapper/centos-root / xfs defaults 0 0
UUID=0e93ea9a-a87b-47d1-b3de-4cc6e1a6d1b5 /boot xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
#LABEL=/userdata /userdata ext4 defaults 1 2
/dev/sda /hdd ext4 defaults,x-gvfs-show 0 0

our windows environment will only accept smb 2.0 and public folders are not allowed.

User avatar
Forum Moderator
Posts: 29467
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Samba assistance for newbie

Post by TrevorH » 2020/02/10 14:20:11

Most likely you need to read the info in /etc/samba/smb.conf.example about how to allow selinux for samba shares.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Posts: 4
Joined: 2020/02/10 12:06:46

Re: Samba assistance for newbie

Post by tallpr24 » 2020/02/10 17:08:50

selinux is dissabled. i can map to it using root, but i cannot map to it using sambauser.

Posts: 148
Joined: 2019/01/15 20:00:28

Re: Samba assistance for newbie

Post by ron7000 » 2020/02/14 18:59:19

your question motivated me to update my notes

Code: Select all



#	minimal amount needed for functioning samba
	workgroup = SAMBA
	security = user

	passdb backend = tdbsam

	load printers = no
	printing = bsd
	printcap name = /dev/null 
	disable spoolss = yes

	comment = Home Directories
	valid users = %S, %D%w%S
	browseable = No
	read only = No
	inherit acls = Yes
        create mask = 660
	directory mask = 770

	path = /scratch
	read only = No
	create mask = 660
	directory mask = 770


# must do if u want [homes] to work
# the /home folder is already labeled with samba_share_t

setsebool -P samba_enable_home_dirs on


ls -ldZ /path/to/directory


mkdir /scratch

chown owner.user /scratch

temporary:  chcon -t samba_share_t /path/to/directory

permanent:  semanage fcontext -a -t samba_share_t /scratch
            restorecon -v /scratch

# once a directory is labeled having selinux context samba_share_t
# all files/folders within inherit that label
# using chcon is temporary, will not survive a file system selinux relabel
# not that we relabel filesystems often
# setenforce 0;  # real-time turn off of selinux
#                  puts into permissive moce
#                  troubleshoot by looking in /var/log/audit/audit.log when having samba issues
# setenforce 1;  # turns selinux back on
# sestatus;      # gets current selinux status
# edit /etc/selinux/config  {not recommended, leave enabled and use setenforce 0}
#  SELINUX = {enforcing | permissive | disabled}
#  touch /.autorelabel; reboot;  # selinux will autorelabel filesystem if /.autolabel is present on boot; need to do if config is changed; can take long time
# if ever disabled then going back to permissive or enabled, must do an autorelabel.
# best to go to permissive and not disabled; permissive == disabled but throws stuff into /var/log/audit/audit.log which is useful for troubleshooting
# disabled can possible affect other programs from not working: system-config-users became problematic.

# Use the samba_export_all_ro or samba_export_all_rw Boolean to share system directories.
# To share such directories and only allow read-only permissions:
#    setsebool -P samba_export_all_ro on
# To share such directories and allow read and write permissions:
#    setsebool -P samba_export_all_rw on

systemctl enable smb.service
systemctl start smb
systemctl stop smb
remember to add firewall exception or turn firewall off
samba uses tcp: 139,445; udp: 137, 138
this is "samba" as in samba-server, and not samba-client
security = user
means user account from some client (windows) pc needs to be
the same as a local account on the linux server running samba-server;

smbpasswd -a <user>

if client account username matches existing linux account username, and the windows account password
matches the smbpasswd then access is granted; if windows pw does not match smbpasswd then a popup in windows is
presented offering a chance to enter a valid username and samba password on the linux {samba} server.
the local /etc/shadow password is completely independent of the samba pw. ... onf.5.html

Post Reply

Return to “CentOS 7 - General Support”