Linux Services Organization

Our goal, introduce Linux services to the enterprise world.
Contact us in

Linux Services Organization : Linux SAMBA Linux Server

Samba provides a stable and highly compatible file and print sharing service that allows a Linux node to act as a client, a member server, or even a Primary Domain Controller (PDC) or a member of an Active Directory (AD) service on Microsoft-based networks. Samba interacts with Microsoft's CIFS built on the Server Message Block (SMB) protocol.

Samba is installed through the samba rpms :

# yum install samba*

Samba Server

Samba is build on two daemons (smbd, nmbd) and one service (smb) which control the daemons.

The smbd server daemon provides file sharing and printing services to Windows/Linux clients. It is also responsible for user authentication, resource locking, and data sharing through the SMB protocol. The ports on which the server listens for SMB traffic are TCP ports 139 and 445. It is controlled by the smb service.

The nmbd server daemon understands and replies to NetBIOS name service requests such as those produced by SMB/CIFS in Windows systems. It also participates in the browsing protocols that make up the Windows Network Neighbourhood view. The port that the server listens to for NMB traffic is UDP port 137. The nmbd daemon is controlled by the smb service.


This is the main configuration file and is plenty of comments that explain every option. The following is a basic samba server configuration that just exports the printers and /home dir to all Windows/Linux neighbours.

# cat /etc/samba/smb.conf

# Set the workgroup name (samba domain) to RHEL6-WG.
workgroup = RHEL6-WG
server string = Samba Server Version %v

# Samba name for this server, is the name controlled by nmbd daemon
netbios name = rhel6

; interfaces = lo eth0
; hosts allow = 127. 192.168.12. 192.168.13.

# --------------------------- Logging Options -----------------------------
# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
max log size = 50

# ----------------------- Standalone Server Options ------------------------
# Use local system accounts for authentication. To create the samba user 'john'
# use the command 'smbpasswd -a john' an set the same password as on the system.
# To remove john account on samba server 'smbpasswd -x john'

security = user
passdb backend = tdbsam

# --------------------------- Printing Options -----------------------------
# Use CUPs for printing

load printers = yes
cups options = raw

; printcap name = /etc/printcap
#obtain list of printers automatically on SystemV
; printcap name = lpstat
; printing = cups

#============================ Share Definitions ==============================
# Export /home and printers

comment = Home Directories
browseable = no
writable = yes

; valid users = %S
; valid users = MYDOMAIN\%S

comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes

There is a tool that can be used to verify the smb.conf configuration : 'testparam'.

# testparm /etc/samba/smb.conf

Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Press enter to see a dump of your service definitions

workgroup = RHEL6-WG
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
cups options = raw

comment = Home Directories
read only = No
browseable = No

comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

Now samba is ready to be started.

# /etc/init.d/smb restart
# chkconfig smb on

Server Security


In order to allow samba server to work through a firewall the following ports must be open .

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT


In case that SElinux has been configured as 'enforcing' in targered mode, the following SElinux parameters must be configured to allow samba server to be executed on SElinux environment.

# setsebool -P samba_run_unconfined 1
Disables SElinux restrictions to samba.

# setsebool -P samba_enable_home_dirs 1
Allows samba to share users' home directories.

# setsebool -P samba_share_nfs 1
Allows Samba to share directories already shared via NFS.

# setsebool -P use_samba_home_dirs 1
Supports remote access to local home directories using Samba.

# chcon -R -t samba_share_t /home/share
It labels /home/share to be exported rw mode through samba on a SElinux environment. The label public_content_rw_t is also valid.

Samba Client

The following is a list of the samba client utility than can be used. For this section consider the node rhel6 ( configured as the samba server defined on 'Samba Server' section and the samba client utilities are launched from node01 ( against samba server on rhel6.


It displays the samba shares exported from a Samba server.

node01> smbclient -L -U john

Enter john's password:
Domain=[RHEL6-WG] OS=[Unix] Server=[Samba 3.5.4-68.el6]

      Sharename       Type       Comment
      ---------       ----       -------
      IPC$       IPC       IPC Service (Samba Server Version 3.5.4-68.el6)
      john       Disk       Home Directories

Domain=[RHEL6-WG] OS=[Unix] Server=[Samba 3.5.4-68.el6]

      Server       Comment
      ---------       -------

      Workgroup       Master
      ---------       -------

The samba server account 'john' generated before with the command 'smbpasswd -a john' has been used to list the samba shares. For 'john' user the share 'john' that corresponds to /home/john on rhel6 server is available.


Standard mount command can be used in order to mount remote samba shares on a client using the option '-t cifs'.

node01> mount -t cifs // /mnt -o username=john

node01> ls -lrt /mnt
total 10024
-rw-r--r--. 1 john john 10240000 Feb 22 23:08 file
-rw-r--r--. 1 john john 21820 Feb 26 13:47 install.log

Windows client

Of course a Windows node connected to the same LAN as the samba server can access to the samba server as it was a Windows node ...


1.- Through samba Windows shares can be mounted on a Linux node (true/false).

2.- Nautilius file browser can be used to access to remote samba shares (true/false).

3.- By default samba is not protected by SElinux in 'enforcing' mode with 'targered' policy (true/false).

4.- Which 'smbclient' command option can be used in order to access as user 'john' to 'public' samba share on as an FTP environment?.

5.- Which command can be used in order to mount as user 'kate' a remote samba share // on /mnt directory?.

6.- Which command can be used in order to list the samba shares exported by the samba server

7.- Which command can be used in order test the samba server configuration ?.

8.- Which SElinux boolean can be configured in order to deactivate SElinux protection to samba server?.

9.- Which samba configuration parameter must be applied on a share in order to export that share in read-write mode only to users on group 'group'?.

A - write list = .group
B - write list = @group
C - Both of them
D - None of them

10.- Which samba configuration parameter must be applied on the samba server configuration file in order to allow only access to any share only from LAN ?.

A - hosts allow=
B - hosts allow=192.168.1.
C - Both of them
D - None of them


1.- Configure samba server rhel6 ( in domain REDHAT to share homes directories in rw . Create user 'smith' and mount the /home/smith from rhel6 on node01 ( ) on /mnt directory.

2.- Share with samba on server rhel6 ( the share /storage rw to user 'cash' and ro to other valid users. The share will be available only to node01,

-- This page is part of Linux Server online tutorial --