Configure a Public Share with Samba on Centos 7 Linux

A CentOS7 Linux server was used to create Samba shares so that Windows clients of a home network may back up their stuff, resulting in one share with read write access. The ultimate goal was to create a Samba share that would act as if it were one of those off-the-shelf “solutions” like a Buffalo Linkstation, where no user password is required. Just map to the share and start backing up files.

Install Samba

yum install -y samba*
mkdir /backup
chmod 777 /backup
# Not a perminant SELinux solution
chcon -t samba_share_t /backup
# Setup the firewall
firewall-cmd --permanent --add-service=samba
# Start and enable the services
systemctl enable smb.service
systemctl enable nmb.service
systemctl restart smb.service
systemctl restart nmb.service
systemctl restart firewalld
# Create a Samba user called nobody, one already exists for the OS
smbpasswd -an nobody
# Verify that nobody exists
pdbedit -L -v nobody
# Set or use to later fix permissions
chown -R nobody:nobody /backup

After Samba is installed and assuming that your share is at path /backup, edit the /etc/samba/smb.conf file to look something like this.

workgroup = HOME
server string = Backup Server Version %v
map to guest = Bad User
log file = /var/log/samba/log.%m
max log size = 50
idmap config * : backend = tdb
hosts allow = 127., 192.168.1.

comment = My backup
path = /backup
read only = No
guest ok = Yes

A quick note about the workgroup. For this server to be seen in the Windows network neighborhood, the workgroup should be the same as the rest of the network.

Use the testparam command to verify your settings. It may produce an odd message like:

rlimit_max: rlimit_max (8192) below minimum Windows limit (16384)

Using the ulimit command will verify this.

ulimit -n

To correct this, edit and append the following to the /etc/security/limits.conffile.

 * - nofile 16385

For this to take effect, close your active session windows, or if your root, this can take effect immediately with the following command.

ulimit -n 16385

For those willing to use SELinux, here are the appropriate commands to make this a more perminant solution that will survive a relabel..

yum install -y policycoreutils*
semanage fcontext -a -t samba_share_t '/nas(/.*)?'
restorecon -RFvv /nas

Use ls -Z to verifiy that the settings had taken.

ls -Z /backup