Setting up a Minimal Samba Server in Fedora Core 12

Goal:
Minimal FC12 Samba install with low RAM usage, high security, and least amount of configuration.

Why?
Quickly turn an older machine into a modern Fedora Core 12 file server compatible with linux and windows clients. Less software installed means less setup, less maintenance, less updates, and less chance of human error somewhere along the way. The theory here is, the system starts out relatively secure and (if kept up-to-date) should remains so over time.

Side Note:
There are definitely many other ways to go about setting up a Samba server, much of which depends on your networking environment and overall requirements / constraints. This article is meant more as a guide – my notes which describe the method i happen to use – so that if i have to, i can do it all again.

Assumptions:
- Comfortable with install and use of Fedora Core Linux OS (command line)
- Basic understanding of networking concepts (setting up a static IP)
- Some experience with editing the smb.conf file

Features:
- No GUI / Desktop Environment
- Low RAM usage: boots up @ ~80MB with smbd and nmbd running
- SELinux and iptables firewall enabled / configured for use with Samba
- Samba Security level = User

System Resources:
CPU: AMD @ 700MHz
RAM: 192MB

Steps Involved:

  1. Download and burn the Fedora-12-i386-DVD.iso file to dvd
  2. Boot from the disc and go through install process (with less that 200MB RAM it defaults to text mode install – you can also force a text mode install at the boot: prompt by typing: linux text)
  3. Once install is completed and system is rebooted, login as root
  4. Check that networking is up
    - type:
    ifconfig

    (see if you have an IP address)
    - type:

    dhclient eth0

    (to use dhcp for now)

  5. Bring the system up to date
    - type:
    yum check-update

    (to check for updates first)
    - type:

    yum update

    (say “yes” to install the updates)

  6. - type:

    yum list installed

    (to see a list of all installed packages)

  7. Check to see what package “groups” got installed by default
    - type:
    yum grouplist > grouplist.txt

    - type:

    cat grouplist.txt | more
  8. Remove any unwanted package groups
    - type:
    yum groupremove "Mail Server"
  9. Add the Samba package group
    - type:
    yum groupinstall "Windows File Server"
  10. Configure Samba by editing /etc/samba/smb.conf
    - Note, for Vista support (in the Global section) add:
    client NTLMv2 auth = yes

    - Note, to hide unreadable files like /lost+found/ (in the Global section) add:

    hide unreadable = yes

    - type:

    testparm

    (confirm output has no errors in it)

  11. Deal with SELinux security policies (see default smb.conf file for details)
    - type:
    setsebool -P samba_domain_controller on

    - type:

    setsebool -P samba_enable_home_dirs on

    - type:

    chcon -t samba_share_t /path-to-mounted-directories

    (remember to mount any/all directories first)
    - type:

    ls -ldZ /path-to-mounted-directories

    (to confirm it worked)
    - Note, for existing shares, to make sure this affects all files and folders recursively add:

    chcon -R -t samba_share_t /path-to-existing-mounted-directories

    - Note: to completely disable SELinux protection for smbd daemon (not recommended) type:

    setsebool -P smbd_disable_trans 1

    - Note: you can temporarily disable SELinux by putting it into permissive mode – type:

    getenforce

    to find out whether SELinux is in permissive [0], enforcing [1], or disabled [2] mode.
    - Note: to put SELinux into permissive mode (for testing purposes but not recommended) type:

    setenforce 0
  12. Add samba users
    - type:
    useradd john

    - type:

    smbpasswd -a john
  13. Configure the firewall to accept samba connections
    - type:
    system-config-firewall-tui

    (add an asterix next to the line: “Samba”)

  14. Configure the network to use static IP/netmask/gateway/DNS info
    - type:
    system-config-network-tui

    - select: [Edit a Device Params] and remove the asterix from the line: “Use DHCP”. then, and add static info

  15. Configure the network to use a static Hostname and DNS address (note: DNS settings may not be required)
    - type:
    system-config-network-tui

    - select: [Edit DNS configuration] then, and add static hostname and dns info

  16. Get the network, smb, and nmb to start automatically next time you reboot
    - type:
    chkconfig --level 3 network on

    - type:

    chkconfig --level 3 smb on

    - type:

    chkconfig --level 3 nmb on

    - type:

    chkconfig --list network

    (or smb, or nmb to confirm it worked. you can also leave out the servicename to see a list of all services)

Reboot.
Use another computer to check that everything went well.

Optionally:
1. Install NTFS support.
- type:

yum install ntfs-3g

2. Once it’s done downloading/installing, figure out which device it is (for me it was /dev/sde1) and mount it.
- type:

mount -t ntfs /dev/[your-usb-device] /media/

3. Deal with selinux and ntfs support
- type:

setsebool -P samba_share_fusefs 1

Comments 14

  1. Alejo wrote:

    Very Good !

    Posted 28 Jan 2010 at 5:19 pm
  2. Harsh Vadgama wrote:

    I would like to point out that selinux will give you problems if you mount and ntfs/fat32 partition.
    There is no need to mount these partitions manually by the way. In Kde the automount using ntfs-3g. So this is what i do

    1. In point 10 include

    setsebool -P samba_share_fusefs 1

    2. The command chcon -t samba_share_t /path-to-mounted-directories is not needed if you automount. In anycase it gives you permision errors.

    3. Restart smb.

    4. Type command
    ausearch -m avc -ts today | audit2why

    5. every 9th line tells you what it needs so what ever is written after the # execute it. (i.e set all the sebools mentioned)

    6. write down the time after you finish setting all those sebools.

    7. Once you have finished setting all the sebools, and written down the time — run your command again. verify if it works or not. (it likely will still fail, but you need to collect the info)

    8. Type
    ausearch -m avc -ts 14:53 |audit2allow -RM mysamba

    — Use the timestamp that you wrote down instead of “14:53″

    To enforce the policy just execute it as stated (e.g. semodule -i mysamba.pp)

    9. you can run ausearch as often as needed. it just pulls out the avc’s that match your timestamp. (-ts)

    DONE!!!!!

    By the way i needed any guest to see my folders so i just edited it as follows

    security = share
    # passdb backend = tdbsam
    guest account = nobody

    Worked great. No need to disable selinux.

    Posted 11 Apr 2010 at 4:36 pm
  3. elran wrote:

    thanks for pointing that out.
    of course, we’re not running any desktop environment in this setup, KDE, or other. This is a minimal text-based install.

    Posted 11 Apr 2010 at 7:32 pm
  4. Carl Williams wrote:

    Thanks for the information, very appreciated

    Posted 08 Aug 2010 at 1:09 am
  5. razvantim wrote:

    Thanks. Your solution worked perfectly. In the process I’ve also learned more on seLinux

    Posted 10 Mar 2011 at 4:07 am
  6. elran wrote:

    You’re welcome Carl & Razvantim.

    @Razvantim – yeah, seLinux can be a pain. i wanted to be able to tweak it enough so that i could leave it on while others were recommending shutting it off completely/perminantly just because it was too complicated.

    Anyway, glad to see others are making use of this how-to.

    My minimal FC12 Samba server is still rock solid & it’s been 1 year since i wrote this post. I can’t even remember the last time i had to reboot it ;)

    Posted 12 Mar 2011 at 1:53 pm
  7. Jonessaboyouadoptast wrote:

    I did however expertise some technical issues using this site, as I experienced to reload the site many times previous to I could get it to load correctly.

    Posted 15 Apr 2013 at 6:51 pm
  8. krakazyabrabest wrote:

    good info thx

    Posted 10 Aug 2017 at 6:53 am
  9. highdarkelf wrote:

    More about the author

    Posted 10 Aug 2017 at 9:00 am
  10. somilye wrote:

    look here

    Posted 11 Aug 2017 at 7:10 am
  11. iriskacando wrote:

    great site

    Posted 24 Aug 2017 at 8:39 am
  12. nemohunter wrote:

    click my name now

    Posted 31 Aug 2017 at 3:55 am
  13. svyatt555 wrote:

    thank you very much

    Posted 02 Nov 2017 at 1:50 pm
  14. Stepan009 wrote:

    Really great post

    Posted 02 Nov 2017 at 2:23 pm

Post a Comment

Your email is never published nor shared. Required fields are marked *