I needed to have an anonymous share setup for access by some Windows workstations on a secure network. The key to this is “security = share” in the global config of the smb.conf file, because “security = user” always prompted for a windows password no matter what I did even if I added the user using smbpasswd -a. Hopefully this will get you up and running with samba in no time.

INSTALL FROM SOURCE
I installed Samba from source by doing the following:

#wget http://www.samba.org/samba/ftp/samba-latest.tar.gz
#tar xvzf samba-latest.tar.gz
#cd samba-3.5.7 (or whatever version is the latest)
#cd source3
# ./configure –with-smbmount –with-ads –with-ldap

(if you get configure: error: ldap.h is needed for LDAP support
You need the openldap-devel package for ldap.h (yum –y install openldap-devel)

#make install

This creates directories in /usr/local/samba

To start Samba
/usr/local/samba/sbin/smbd –D
/usr/local/samba/sbin/nmbd –D

It installs all the files in /usr/local/samba by default.
The smb.conf needs to be in /usr/local/samba/lib.
Other files like smbclient and smbstatus are in the bin directory.

To start it automatically at startup edit the /etc/rc.d/rc.local file and enter the following at the end:
echo “Starting smbd…”
/usr/local/samba/sbin/smbd -D
echo “Starting nmbd…”
/usr/local/samba/sbin/nmbd -D

Here’s a simple smb.conf I have setup for sharing the /tmp directory. I grabbed part of it from an example in the untarred and unzipped directory I created above after downloading samba from samba.org. Just do a “find /root -name smb.conf*” to find example samba config files and copy it over to the /usr/local/samba/lib directory and modify it to suit your needs.

[global]
workgroup = SAMBA
security = share
debug level = 5

[cd1]
path = /mnt/cd1
public = yes

[cd2]
path = /mnt/cd2
public = yes

[media]
path = /media
public = yes

[tmp]
path = /tmp
guest only = yes
public = yes
read only = no

A good resource is here.

I also was having a problem connecting at first to the share from linux and windows. This was because of SELINUX. You need to allow smb if you have this installed. I have a writeup on this here:

You should look into setting up domain security or something more secure than share security, for this writing, if you needed something quick and dirty this should work.

Another thing you may need to do is to enable samba in your IPTables if your firewall is blocking ports 137-139. Here’s the entries in my iptables (/etc/sysconfig/iptables)to allow this.

-A INPUT -m state –state NEW -m udp -p udp –dport 137 -j ACCEPT
-A INPUT -m state –state NEW -m udp -p udp –dport 138 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 139 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 445 -j ACCEPT

Hope this helps someone out.

Advertisements