Map a drive or access a CentOS Samba Share from Windows

The goal is to create a network share on a Linux server using Samba that will be available to a Windows workstation with the ability to map a drive to that Linux share. There are many, many articles with a procedure, most are dated and incomplete, however, here is a procedure that worked for this test using CentOS 5.7 and Microsoft Windows 7 from bits and pieces from several articles.

Check to see if Samba is installed.

ps ax | grep smbd

If installed, the result should resemble this.

20324 ?        Ss     0:00 smbd -D
20331 ?        S      0:00 smbd -D
20367 ?        S      0:01 smbd -D
21346 pts/1    S+     0:00 grep smbd

If not installed, install Samba

yum -y install samba
/sbin/service smb start
/sbin/chkconfig smb on
mkdir /data
mkdir /data/share
chmod 766 /data/share
mv /etc/samba/smb.conf /etc/samba/smb.conf.backup
vi /etc/samba/smb.conf

Copy the following into the smb.conf file where the section begins [global]

[global]
workgroup = workgroup
netbios name = linuxshare
security = share
load printers = no
default service = global
path = /home
available = no
encrypt passwords = yes

At the bottom of the smb.conf file, copy and paste the following.

[share]
writeable = yes
admin users = windowsuser
path = /home/share
force user = root
valid users = windowsuser
public = yes
available = yes

Create the user windowsuser, as used in this example.

/usr/sbin/useradd windowsuser
passwd windowsuser
# use the same password for both
smbpasswd -a windowsuser
/sbin/service smb restart

To delete the user, windowsuser.

/usr/sbin/userdel windowsuser
smbpasswd -x windowsuser

Use an existing user. Determine list of users on the Linux machine.

cat /etc/passwd |grep "/home"

Select the user then create a Samba password for that user as demonstrated in the step above with the smbpasswd command.

Restart smb

service smb restart

Firewall Exceptions
Samba requires four ports to be accessible. If the firewall tables do not contain the available ports, then these commands will work. Basically, each command will verify the iptables to see if the port exception exists. If it doesn’t then the exception will be appended to the iptables, else the exception will not be added.

grep -q "dport 137" /etc/sysconfig/iptables 2> /dev/null || sed -ie "/-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited/i\
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT" /etc/sysconfig/iptables
grep -q "dport 138" /etc/sysconfig/iptables 2> /dev/null || sed -ie "/-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited/i\
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT" /etc/sysconfig/iptables
grep -q "dport 139" /etc/sysconfig/iptables 2> /dev/null || sed -ie "/-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited/i\
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p tcp --dport 139 -j ACCEPT" /etc/sysconfig/iptables
grep -q "dport 445" /etc/sysconfig/iptables 2> /dev/null || sed -ie "/-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited/i\
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p tcp --dport 445 -j ACCEPT" /etc/sysconfig/iptables

Restart the firewall

service iptables restart

SELinux
Security-Enhanced Linux (“SELinux”) secures the Samba server via flexible mandatory access control. SELinux Samba policy defaults to least privilege access. Several Booleans and file contexts are available to customize the way Samba SELinux works.

This will keep permissive mode until next reboot.

setenforce 0

Since the share is in the /home folder then the following command is applicable.

setsebool -P samba_enable_home_dirs on

To see what other available values are use this command.

getsebool -a | grep samba

If sharing files or directores other than several predifined or home directories then the value samba_share_t should be used. For example:

chcon -t samba_share_t /your/path/example

Testing
To check if the share is available on localhost. Use the following command, and when prompted enter the root password.

smbclient -L localhost

To check to see if the share is available on localhost. Create a folder in /mnt like this.

mkdir /mnt/share

Then mount it.

mount.cifs //localhost/share /mnt/share

From Windows
Open Windows Explorer and type in the IP address of the Linux server and there should be a share called share. Fully accessible. If not, the following command worked within a Command Prompt box.

net use \\linuxserver\share /USER:windowsuser

When prompted type in the windowsuser account password. Then go to Windows Explorer and try again. Tested. Worked.

If Windows cannot connect to the Samba share, it may be because the smb.conf parameter fro workgroup does not match the workgroup parameter on the Windows machine. To check this setting, use the following command.

testparm -s | grep workgroup

The result will look something like this.

Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_STANDALONE
        workgroup = MYWORKGROUP

Source(s)
http://www.jonathanmanning.com/2011/04/16/how-to-install-samba-on-centos-with-batch-script-to-map-drive-on-windows/
http://www.unix.com/shell-programming-scripting/84255-adding-new-iptables.html http://nixcraft.com/networking-firewalls-security/13433-explain-selinux-setsebool-getsebool-commands.html http://wiki.linuxquestions.org/wiki/Setting_up_a_Samba_Server#Installing_the_Samba_Server http://fedoraproject.org/wiki/SELinux/samba http://danwalsh.livejournal.com/14195.html https://www.centos.org/modules/newbb/viewtopic.php?topic_id=33994
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#READONLY
http://ubuntuforums.org/showthread.php?t=1685824
http://lists.samba.org/archive/samba/2000-August/020253.html
http://www.comptechdoc.org/os/linux/manual4/sambausers.html
http://www.linuxquestions.org/linux/answers/Networking/How_to_list_all_your_USERs
http://wiki.samba.org/index.php/Samba_&_Active_Directory
http://www-01.ibm.com/support/docview.wss?uid=swg21298167