Setting up Samba home folder shares for a CentOS 6 server and Mac OS X client
On Mac OS X if you want to share your home folder over the network with authentication, you only have to tick a check box in System Preferences and It Just Works™. On CentOS Linux? Well…
Today I wanted to access my home folder on our Linux analysis machine over the network on a Mac OS X client. Although I could have just done everything in a Terminal, I like the pretty graphics of Finder and being able to see my files without typing
ls -l. The Linux machine in question is one I installed CentOS 6 on a while back. (Which, by the way, was a big mistake, since CentOS apparently does not maintain packages for things younger than a decade).
I first looked into using NFS since apparently that’s the thing you use for Linux machines, but if you don’t want NFS to share your files with the entire world, you need to set up a Kerberos key distribution service. That is unappealing given that I just want to access my own files over the network. So I settled on Samba instead. (Apple Filing Protocol, the only other option for an OS X client, is 100% out of the question because it is awful and I’m pretty sure it’s not supported on Linux).
There are roughly a dozen configuration files you need to edit in order for Samba to work properly. I don’t actually know which files I need to edit, I just kept doing things I found on the Internet until Samba started working.
/etc/samba/smb.conf: We want to let each user access their own home directory over Samba.
[global] workgroup = WORKGROUP server string = Samba Server netbios name = SAMBA # change hosts allow to the subnet you want to share files across hosts allow = 192.168.0. log file = /var/log/samba/log.%m max log size = 50 security = user map to guest = bad user passdb backend = tdbsam # this will let people log into their own home directories [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mask = 0700 directory mask = 0700
/etc/sysconfig/iptables: I don’t know if these are all needed but it seems to work. Again change the subnet with the one you want to actually share across (to match hosts allow in smb.conf)
-A INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 137 -j ACCEPT -A INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 137 -j ACCEPT -A INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 138 -j ACCEPT -A INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 138 -j ACCEPT -A INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPT -A INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 139 -j ACCEPT -A INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT -A INPUT -s 192.168.0.0/24 -m state --state NEW -p udp --dport 445 -j ACCEPT
Then restart the services with
# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] # service smb restart Shutting down SMB services: [ OK ] Starting SMB services: [ OK ]
We also need to let SELinux know that we’re not doing any terrorist activities on our Samba share:
# setsebool -P samba_enable_home_dirs on
Now to test it locally with
$ smbclient //localhost/myuser -U myuser Enter myuser's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23-12.el6] tree connect failed: NT_STATUS_ACCESS_DENIED
OK, so that bit in
passdb backend = tdbsam requiring “no further configuration” is apparently a total lie. Luckily there exists
smbpasswd for backwards compatibility, so let’s just use that:
# smbpasswd -a myuser New SMB password: Retype new SMB password: Added user myuser.
smbclient again yields:
$ smbclient //localhost/myuser -U myuser Enter myuser's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23-12.el6] smb: \>
Victory! Now to test it on OS X. In Finder, click Go => Connect to Server… and enter
smb://192.168.0.101 (or whatever your server is called) and type in your credentials. Hopefully it works!
I don’t know why it is so complicated. I suspect that ultimately it’s my own fault for installing CentOS but honestly I’m inclined to think that everything involving Linux is awful and terrible.