Categories

ID #1163

How do I use Samba to share folders on a Bright Head Node?

How do I share folders using Samba on a Bright Head Node?

 

Basically:  /etc/samba/smb.conf needs to be modified to add the required share, and shorewall rules should be added to allow traffic through the firewall. This can be done with the following recipes for a public share and a private share:


1. Public Share

The following configurations will allow any user to access the shared folder without authentication.

a. Install Samba server on the head node.

# yum install samba

b. Modify smb.conf:

# cat /etc/samba/smb.conf

[global]

workgroup = BCM

security = share

log file = /var/log/samba/log.%m

max log size = 50

[samba]

path = /samba

browsable = yes

read only = no

public = yes

writable = yes

available = yes

guest ok = yes

guest account = nobody

 

Note: The name of the share “[samba]” can differ from the path of the share. For example, you can use “[localstore]” as the name of the share to point to “/local/storage/samba” path:

[localstore]

path = /local/storage/samba

browsable = yes

writable = yes

c. Restart Samba service.

# service smb restart


d. Modify shorewall rules to allow Samba traffic:

# cat /etc/shorewall/rules

[...]

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

SMB(ACCEPT)    net   fw


e. Restart shorewall service.

# service shorewall restart


This way users will be able to access the /samba share on the head node without authentication.


2. Private Share

The following configurations will allow only registered users to access the shared folder with their credentials.

Please note that in order for these instructions to work, you will need to enable access to the LDAP server on port 389, which is unencrypted.

a. Enable Slapd access on TCP port 389

        Edit /etc/sysconfig/slapd and modify the SLAPD_URLS line to :
        SLAPD_URLS="ldaps:/// ldapi:/// ldap:///"
        Restart the slapd service with "service slapd restart".
  

b. Modify smb.conf:

# cat /etc/samba/smb.conf

[global]

workgroup = CM

security = user

passdb backend = ldapsam:ldap://localhost/


ldap suffix = dc=cm,dc=cluster

ldap admin dn = cn=root,dc=cm,dc=cluster

ldap group suffix = ou=Groups

ldap passwd sync = yes

ldap ssl = off

log file = /var/log/samba/log.%m

max log size = 50


[samba]

path = /samba

browsable = yes

writable = yes


c. Modify slapd.conf by adding the following lines:

# cat /cm/local/apps/openldap/etc/slapd.conf

[...]

include /cm/local/apps/openldap/etc/schema/samba.schema

[...]

access to attrs=sambaNTPassword

by self write

by anonymous auth

by * none

[...]


    the sambaNTpassword text in the preceding extract is entered literally. There is no substitution done.


d. Copy the samba schema to the expected location:

# cp /etc/openldap/schema/samba.schema /cm/local/apps/openldap/etc/schema/

e. Add the root DN password to Samba:

# smbpasswd -w <smb_password>

 

     The <smb_password>  text in the preceding extract is replaced by the password of the root DN of the LDAP server. The password can be found in cmd.conf by running:

# grep LDAPPass /cm/local/apps/cmd/etc/cmd.conf

 

f. Register existing LDAP users to Samba:
    example:

# smbpasswd -a cmsupport

New SMB password:

Retype new SMB password:

   Added user cmsupport.

 

    This needs to be done for all the users.

 

g. Restart LDAP server:

# service ldap restart


h. Restart Samba service.

# service smb restart


i. Modify shorewall rules to allow Samba traffic:

# cat /etc/shorewall/rules

[...]

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

SMB(ACCEPT)    net   fw

j. Restart shorewall service

# service shorewall restart

k. Verify you'll be able to access the samba share:

# smbclient //<hostname>/samba -U cmsupport

Enter cmsupport's password:

Domain=[CM] OS=[Unix] Server=[Samba 3.6.9-167.el6_5]

smb: \>

 

3. Private Share with Active Directory as a backend for users

a. Modify smb.conf:

[global]

workgroup = BCM

realm = BCM.LOCAL

security = ADS

 

password server = win2008.bcm.local

max disk size = 307200

 

load printers = No

printing = bsd

printcap name = /dev/null

 

#idmap config ACME: default = yes

#idmap config ACME: backend = rid

ldap suffix = dc=acme,dc=local

ldap admin dn = CN=Administrator,CN=Users,DC=bcm,DC=local

ldap passwd sync = yes

ldap ssl = off

 

log level = 3

log file = /var/log/samba/log.%m

max log size = 50

 

#username level = 2

#username map = /root/smb.map

 

[projects]

path = /projects-data

browsable = yes

writable = yes

create mask = 0644

directory mask = 0755

 

[home]

path = /home-data

browsable = yes

writable = yes

create mask = 0644

directory mask = 0775


b. save the password in secrets.tdb (assuming you have already integrated with AD).
smbpasswd -w Administrator
 
c. restart smb service and follow the steps outlined in no. 2 starting from point "h."

Tags: -

Related entries:

You cannot comment on this entry