Additional
configuration for Samba Server
Creating & Managing Users &
Groups:
Step-1: Create A
Group Named “samba-users” & define a directory Named “Resources”
for sharing resources.
[root@srv1 ~]# groupadd samba-users
[root@srv1 ~]# mkdir /opt/Resources
Step-2: Create
some samba users with password & add them into “samba-users” group
also defines the “Resources” directory for those users.
[root@srv1 ~]# useradd –g samba-users –d
/opt/Resources user1
[root@srv1 ~]# useradd –g samba-users –d
/opt/Resources user2
[root@srv1 ~]# useradd –g samba-users –d
/opt/Resources administrator
[root@srv1 ~]# smbpasswd –a user1
[root@srv1 ~]# smbpasswd –a user2
[root@srv1 ~]# smbpasswd –a administrator
Step-3: Set samba
“root” password for login as “root” user from both windows & Linux machine.
[root@srv1 ~]# smbpasswd –a root
Step-4: Assign
the appropriate permission for “Resources” directory against those
users.
[root@srv1 ~]# chown root:samba-users
/opt/Resources/
[root@srv1 ~]# chmod 750 /opt/Resources/
Step-5: Now
create some sub directory into “Resources” directory named “Documents”,
“Software”, & “Others”
[root@srv1 ~]# mkdir –p
/opt/Resources/Documents
[root@srv1 ~]# mkdir –p
/opt/Resources/Software
[root@srv1 ~]# mkdir –p /opt/Resources/Others
Step-6: Now set
the permission for those sub directories that owner can read, write &
delete but others users can not delete the files but should have read &
write permission.
[root@srv1 ~]# chown root:samba-users
/opt/Resources/Documents
[root@srv1 ~]# chown root:samba-users
/opt/Resources/Software
[root@srv1 ~]# chown root:samba-users
/opt/Resources/Others
[root@srv1 ~]# chmod 1770
/opt/Resources/Documents
[root@srv1 ~]# chmod 1770
/opt/Resources/Software
[root@srv1 ~]# chmod 1770
/opt/Resources/Others
Step-7: Now
create an anonymous accessible directory with read & write permission that
anonymous user can access this directory
[root@srv1 ~]# mkdir /opt/Public
[root@srv1 ~]# groupadd anonymous-users
[root@srv1 ~]# useradd –g anonymous-users –d
/opt/Public guest
[root@srv1 ~]# useradd –g anonymous-users –d
/opt/Public nobody
[root@srv1 ~]# chown root:anonymous-users
/opt/Public/
[root@srv1 ~]# chmod 777 /opt/Public/
Step-8: Set blank
password for anonymous users that they can access this folder without password
[root@srv1 ~]# smbpasswd –a guest
[root@srv1 ~]# smbpasswd –a nobody
Tips: [One
complication is fact that Windows encrypts user passwords differently from
Unix/Linux - it uses NTLM hash, rather than the MD5 has commonly found in
Linux. Worse still, both of these are one-way algorithms - in other words,
there's no way to decrypt the NTLM hash to get back the plaintext password and
then re-encrypt that with MD5 to compare against the Linux shadow password
file. ]