samba share multi user access
In previous article we discussed about creating and configuring SMB / CIFS share with single user support which CIFS share can’t be accessed by multiple users. In this article we are going to discuss about samba share multi user access which means SMB / CIFS share can be accessed by multiple users with in the server OR from client.
Creating SMB / CIFS share means it should be accessible from UNIX and Windows platforms. Samba Share user access must be identified with valid users and groups by checking their passwords then controls by comparing their access rights to the permissions on files and directories.
SMB / CIFS share features
- Active File sharing
- Faster data transfer in low band width network
- Secure Data Transfer with user credential
- Node Fault tolerance
- Scalable
Samba Server Profile
- Packages required: samba*
- Port Number: 445
- Daemon Name: smb
- config File Location: /etc/samba/smb.conf
Let’s see how to create samba share multi user access
[root@ArkIT ~]# yum install samba* Dependencies Resolved ====================================================================== Package Arch Version Repository Size ====================================================================== Installing: samba x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 555 k samba-client x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 515 k samba-python x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 1.9 M samba-winbind x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 438 k samba-winbind-clients x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 120 k samba-winbind-modules x86_64 4.1.12-21.el7_1 ARKIT.CO.IN 100 k Installing for dependencies: iniparser x86_64 3.1-5.el7 ARKIT.CO.IN 14 k pyldb x86_64 1.1.17-2.el7 ARKIT.CO.IN 36 k python-tdb x86_64 1.3.0-1.el7 ARKIT.CO.IN 15 k python-tevent x86_64 0.9.21-3.el7 ARKIT.CO.IN 16 k Transaction Summary =================================================================== Install 6 Packages (+4 Dependent packages) Installed: samba.x86_64 0:4.1.12-21.el7_1 samba-client.x86_64 0:4.1.12-21.el7_1 samba-python.x86_64 0:4.1.12-21.el7_1 samba-winbind.x86_64 0:4.1.12-21.el7_1 samba-winbind-clients.x86_64 0:4.1.12-21.el7_1 samba-winbind-modules.x86_64 0:4.1.12-21.el7_1 Dependency Installed: iniparser.x86_64 0:3.1-5.el7 pyldb.x86_64 0:1.1.17-2.el7 python-tdb.x86_64 0:1.3.0-1.el7 python-tevent.x86_64 0:0.9.21-3.el7 Complete!
Now Enable and Start SMB service. Enabling service which will automatically start the smb service immediate after server reboot.
[root@server ~]# systemctl enable smb.service ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service' [root@server ~]# systemctl start smb.service [root@server ~]# systemctl status smb.service smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled) Active: active (running) since Sun 2016-05-29 17:55:17 IST; 9s ago Main PID: 4065 (smbd)
Make an directory to share using SMB / CIFS
[root@server ~]# mkdir /arkit-multiuser
By default SELinux is enabled. SELinux will not allow to share directory with other network client without proper SELinux security policies
[root@server ~]# semanage fcontext -a -t samba_share_t "/arkit-multiuser(/.*)?" [root@server ~]# restorecon -vRF /arkit-multiuser/ restorecon reset /arkit-multiuser context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0 [root@server ~]# ls -ldZ /arkit-multiuser/ drwxr-xr-x. root root system_u:object_r:samba_share_t:s0 /arkit-multiuser/
SELinux context for SMB / CIFS share is samba_share_t
Enabling the firewall ports to communicate with clients
[root@server ~]# firewall-cmd --permanent --add-service=samba success [root@server ~]# firewall-cmd --reload success
Adding normal users and converting them as Samba users
[root@server ~]# useradd ravi [root@server ~]# useradd ramana [root@server ~]# useradd srikanth [root@server ~]# smbpasswd -a ravi New SMB password: Retype new SMB password: Added user ravi. [root@server ~]# smbpasswd -a ramana New SMB password: Retype new SMB password: Added user ramana. [root@server ~]# smbpasswd -a srikanth New SMB password: Retype new SMB password: Added user srikanth.
To verify Samba user
[root@server ~]# pdbedit -L -v ravi Unix username: ravi NT username: Account Flags: [U ] User SID: S-1-5-21-3339526382-645010227-446471857-1000 Primary Group SID: S-1-5-21-3339526382-645010227-446471857-513 Full Name: Home Directory: \server\ravi HomeDir Drive: Logon Script: Profile Path: \server\ravi\profile Domain: SERVER Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 20:36:39 IST Kickoff time: Wed, 06 Feb 2036 20:36:39 IST Password last set: Sun, 29 May 2016 18:07:47 IST Password can change: Sun, 29 May 2016 18:07:47 IST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Creating common group and add user to group provide access
[root@server ~]# groupadd IT [root@server ~]# usermod -aG IT ravi [root@server ~]# usermod -aG IT ramana
Configuring the Samba share with multi user support. Edit the configuration file and add the configuration yet end of config file
[root@server ~]#vim /etc/samba/smb.conf [multiuser] comment = Information Technology Team path = /arkit-multiuser write list = @IT hosts allow = 192.168.4.
Save and Exit
That’s about server side configuration
Now client side configuration
[root@server ~]# yum install cifs-utils Installed: cifs-utils.x86_64 0:6.2-7.el7 Complete!
Now create an file in /root with username and password and restrict access to other user
[root@server ~]# vim /root/access [root@server ~]# chmod 600 /root/access [root@server ~]# ls -l /root/access -rw-------. 1 root root 30 May 29 18:24 /root/access [root@server ~]# cat /root/access username=ravi password=redhat [root@server ~]#
Open /etc/fstab file and mount the samba share permanently
[root@Client ~]#vim /etc/fstab //192.168.4.20/multiuser /mnt/coss cifs credentials=/root/access,defaults,multiuser,sec=ntlmssp 0 0
Save & Exit
[root@Client ~]# mount -a
now let login to other user and check the CIFS share visibility and access
[root@Client ~]# cifscreds add 192.168.4.20
Check using df command
That’s it.
Conclusion
samba share multi user access SMB / CIFS has been created. Now you learned that creating and configuring samba multi user access
Please do comment your feedback
SEO: samba share multi user access samba share multi user access samba share multi user access
Thanks for your wonderful Support and Encouragement
Stay Connected with us. Learn More and Earn More
- Do Not Miss Interesting and Important Articles: Signin Now
- Download free PDF Books : Download Anything and Everything for Free
- Stay Connected with Us: Facebook Page | Twitt | Google Plus | LinkedIn | RSS feeds
- High Qualitfy Video Tutorials : All Videos
Hi Ravi,
i am getting below error while configure the samba client.
Error details:
[root@bgclient01 sbin]# mount -a
/sbin/mount.cifs: invalid option — ‘t’
Usage: mount.cifs -o
Mount the remote target, specified as a UNC name, to a local directory.
Options:
user=
pass=
dom=
Less commonly used options:
credentials=,guest,perm,noperm,setuids,nosetuids,rw,ro,
sep=,iocharset=,suid,nosuid,exec,noexec,serverino,
mapchars,nomapchars,nolock,servernetbiosname=
directio,nounix,cifsacl,sec=,sign,fsc
Options not needed for servers supporting CIFS Unix extensions
(e.g. unneeded for mounts to most Samba versions):
uid=,gid=,dir_mode=,file_mode=,sfu
Rarely used options:
port=,rsize=,wsize=,unc=,ip=,
dev,nodev,nouser_xattr,netbiosname=,hard,soft,intr,
nointr,ignorecase,noposixpaths,noacl,prefixpath=,nobrl
Options are described in more detail in the manual page
man 8 mount.cifs
To display the version number of the mount helper:
mount.cifs -V
Configuration File Details:
[root@bgclient01 sbin]# vi /etc/fstab
#
# /etc/fstab
# Created by anaconda on Mon May 30 09:32:40 2016
#
# Accessible filesystems, by reference, are maintained under ‘/dev/disk’
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=93feecc8-8474-493b-a9e7-c0290421dc7d / ext3 defaults 1 1
UUID=1fcf2890-98f5-4b69-9db1-35641bcc3826 /boot ext3 defaults 1 2
UUID=6c5e689a-28c0-4eab-a7ec-f76e547c19f7 swap swap defaults 0 0
//10.xx.xx.xx/multiuser /nfssamba cifs,credentials=/root/access,defaults,multiuser,sec=ntlmssp 0 0
Please help to resolve on this.
regards
Mahesh Dudhani
Syntax what you have written in /etc/fstab file is correct but did you enabled the Firewall ports from server and SELinux context. Try to mount manually without adding an entry in /etc/fstab file use #mount //server/ShareName /mountpoint -o username=user
while mounting you have to use share name .i.e.[mutiuser] not directory path.
fstab entry seems incorrect. There is a comma after cifs. I reckon the two options are separate, and mount options.
fstab Entry is correct.
Hi Ark,
Thanks for your tutorial. Very informative.
Just one question: how to use the cifscreds command? I understand it is for the Samba multiuser environment, but I don’t know how to get it worked. My hypothetical environment is as follows:
==========
Server Side (server.example.com)
==========
1) Two Linux users: user1 user2. Both belong to group sambagroup.
2) Added both users to Samba user database via ‘smbpasswd -a user1’ and ‘smbpasswd -a user2’
3) mkdir /sambashare; chgrp sambagroup /sambashare; chmod 2770 /sambashare
4) Edited /etc/samba/smb.conf accordingly. All services, firewall, and SELinux are configured properly. Shared folder can be accessed and mounted from remote clients.
==========
Client Side
==========
1) Add following to /etc/fstab:
//server.example.com/sambashare /sharedfolder cifs _netdev,multiuser,credentials=/root/smbpass 0 0
2) Added user1 login information into /root/smbpass:
username=user1
password=pass
3) mount -a can mount remote folder.
Now if I use ‘touch testfile’ in the folder, the file owner is always user1. I suppose this is where the cifscreds comes in, but don’t know how it worked. What should i do so that I can create a file under the owner user2?
Thank you very much!