How to Configure Samba File Sharing on RHEL 7
Samba is the go-to solution for integrating Linux servers into environments where Windows clients need to access shared files and printers. It implements the SMB/CIFS protocol natively on Linux, allowing RHEL 7 servers to appear as ordinary Windows file shares on the network. Whether you are setting up a simple departmental file share, migrating from a Windows file server, or enabling cross-platform collaboration, Samba provides a mature and highly configurable platform. This tutorial covers the full Samba server setup on RHEL 7 — installation, configuration, user management, SELinux configuration, firewall rules, and accessing the share from both Windows and Linux clients.
Prerequisites
- A RHEL 7 server with root or sudo access
- A Windows or Linux client on the same network
- Firewalld running on the server
- SELinux in enforcing mode (this tutorial covers SELinux configuration properly)
- A local Linux user account to be used as the Samba user
Step 1: Install Samba Packages
Install both the Samba server and the Samba client utilities. The client package provides tools like smbclient that are useful for testing.
yum install -y samba samba-client samba-commonVerify the installation:
rpm -q samba samba-clientCheck the installed version:
smbd --versionStep 2: Create the Shared Directory
Create the directory that Samba will share. For this tutorial, we will create a shared directory at /srv/samba/share:
mkdir -p /srv/samba/shareSet appropriate ownership and permissions. We will create a group sambashare and assign the directory to it:
groupadd sambashare
chown -R root:sambashare /srv/samba/share
chmod -R 0770 /srv/samba/shareStep 3: Configure /etc/samba/smb.conf
The main Samba configuration file is /etc/samba/smb.conf. It is divided into a [global] section for server-wide settings and named share sections (e.g., [share]) for individual shares. Back up the default configuration before editing:
cp /etc/samba/smb.conf /etc/samba/smb.conf.bakEdit the configuration file:
vi /etc/samba/smb.confReplace or update the file with the following configuration:
[global]
workgroup = WORKGROUP
server string = RHEL7 Samba Server %v
netbios name = rhel7server
security = user
map to guest = bad user
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 50
[share]
comment = Shared Files
path = /srv/samba/share
browseable = yes
writable = yes
read only = no
valid users = @sambashare
create mask = 0664
directory mask = 0775
force group = sambashareKey smb.conf Directives Explained
- workgroup — Must match the Windows workgroup or domain name of clients
- security = user — Clients must authenticate with a valid Samba username and password
- browseable = yes — The share will be visible when browsing the network
- valid users = @sambashare — Only members of the
sambasharegroup can access this share (prefix@denotes a group) - read only = no — Allows write access (equivalent to
writable = yes) - create mask — Permissions applied to newly created files
- directory mask — Permissions applied to newly created directories
- force group — Forces all new files to be owned by the specified group
If you want a public (guest) share with no authentication:
[public]
comment = Public Share
path = /srv/samba/public
browseable = yes
writable = yes
guest ok = yes
create mask = 0666
directory mask = 0777Step 4: Validate the Configuration with testparm
The testparm utility parses smb.conf and reports any syntax errors or deprecated options. Always run it after editing the config file:
testparmSample output:
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[share]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
Press Enter to review the full expanded configuration. If there are errors, testparm will display them clearly.
Step 5: Create a Samba User Account
Samba maintains its own password database separate from the system’s /etc/shadow. Every Samba user must already exist as a local Linux user, and then be added to the Samba database with smbpasswd.
Create the Linux user (if it does not already exist) and add it to the sambashare group:
useradd -M -s /sbin/nologin sambauser
usermod -aG sambashare sambauserThe -s /sbin/nologin flag prevents local shell login, which is a good security practice for accounts used only for file sharing. Add the user to the Samba password database and set a password:
smbpasswd -a sambauserYou will be prompted to enter and confirm the Samba password. Enable the account:
smbpasswd -e sambauserList all Samba users to verify:
pdbedit -LStep 6: Start and Enable Samba Services
Samba consists of two daemons: smb (handles SMB file sharing) and nmb (handles NetBIOS name resolution). Start and enable both:
systemctl start smb
systemctl start nmb
systemctl enable smb
systemctl enable nmbCheck their status:
systemctl status smb
systemctl status nmbRestart Samba to apply configuration changes at any time:
systemctl restart smb nmbStep 7: Configure the Firewall for Samba
Samba uses ports TCP 445 (SMB), TCP/UDP 137–139 (NetBIOS). The firewalld samba service definition covers all of these. Enable it permanently:
firewall-cmd --permanent --add-service=samba
firewall-cmd --reloadVerify the firewall rule is active:
firewall-cmd --list-servicesYou should see samba listed in the output.
Step 8: Configure SELinux for Samba
On RHEL 7 with SELinux in enforcing mode, Samba access requires correct SELinux file contexts and booleans. This is the most common source of “permission denied” errors when Samba appears correctly configured at the Unix permission level.
Set the SELinux File Context
Label the shared directory with the samba_share_t context:
semanage fcontext -a -t samba_share_t "/srv/samba/share(/.*)?"
restorecon -Rv /srv/samba/shareVerify the context was applied:
ls -ldZ /srv/samba/shareThe output should show system_u:object_r:samba_share_t:s0.
Enable SELinux Booleans for Samba
If you want to share users’ home directories via Samba, enable the appropriate boolean:
setsebool -P samba_enable_home_dirs onTo allow Samba to export any file or directory (use only when necessary and with caution):
setsebool -P samba_export_all_rw onList all Samba-related booleans and their current state:
getsebool -a | grep sambaIf you encounter access issues, check the SELinux audit log for denials:
grep samba /var/log/audit/audit.log | tail -20
sealert -a /var/log/audit/audit.logStep 9: Access the Share from Clients
From a Windows Client
Open File Explorer and type the UNC path in the address bar:
\192.168.1.100shareYou will be prompted for a username and password. Use the Samba credentials created with smbpasswd. To map the share as a persistent drive letter, right-click “This PC” and choose “Map network drive”.
From a Linux Client
Install the Samba client utilities if not already present:
yum install -y samba-client cifs-utilsList the available shares on the server:
smbclient -L //192.168.1.100 -U sambauserMount the share using the CIFS file system type:
mkdir -p /mnt/samba
mount -t cifs //192.168.1.100/share /mnt/samba -o username=sambauser,password=yourpasswordFor security, store credentials in a file instead of passing them on the command line:
cat > /etc/samba/credentials <<EOF
username=sambauser
password=yourpassword
EOF
chmod 600 /etc/samba/credentialsThen mount using the credentials file:
mount -t cifs //192.168.1.100/share /mnt/samba -o credentials=/etc/samba/credentialsAdd to /etc/fstab for persistent mounting:
//192.168.1.100/share /mnt/samba cifs credentials=/etc/samba/credentials,_netdev 0 0Conclusion
Samba on RHEL 7 provides a powerful and flexible solution for integrating Linux storage into mixed-OS environments. The combination of careful smb.conf configuration, proper Samba user management with smbpasswd, and correct SELinux labeling with samba_share_t ensures that your shares are both accessible and secure. The testparm utility is an invaluable tool for catching configuration errors before they cause runtime problems. With firewalld properly configured for the Samba service, clients on Windows and Linux can reliably connect to your RHEL 7 file server using familiar SMB/CIFS protocols.
