Samba share to see guest RHEL on virtualbox VM

I want to connect to RHEL 7.1 (developer version) that I subscribed to and installed on as a guest on virtualbox installed on my windows 8.1 laptop.

I've installed webmin to help manage the server.  The steps I've undertaken are:

I created a samba user in RHEL with password:

samba-1.png
I sychronised the user and then created the share (myshare at the toplevel in RHEL)

samba-2.png
The contents of the config file are:

# This is the main Samba configuration file. For detailed information about the
# options listed here, refer to the smb.conf(5) manual page. Samba has a huge
# number of configurable options, most of which are not shown in this example.
#
# The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step
# guides for installing, configuring, and using Samba:
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# The Samba-3 by Example guide has working examples for smb.conf. This guide is
# generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# In this file, lines starting with a semicolon (;) or a hash (#) are
# comments and are ignored. This file uses hashes to denote commentary and
# semicolons for parts of the file you may wish to configure.
#
# Note: Run the "testparm" command after modifying this file to check for basic
# syntax errors.
#
#---------------
# Security-Enhanced Linux (SELinux) Notes:
#
# Turn the samba_domain_controller Boolean on to allow Samba to use the useradd
# and groupadd family of binaries. Run the following command as the root user to
# turn this Boolean on:
# setsebool -P samba_domain_controller on
#
# Turn the samba_enable_home_dirs Boolean on if you want to share home
# directories via Samba. Run the following command as the root user to turn this
# Boolean on:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory, such as a new top-level directory, label it
# with samba_share_t so that SELinux allows Samba to read and write to it. Do
# not label system directories, such as /etc/ and /home/, with samba_share_t, as
# such directories should already have an SELinux label.
#
# Run the "ls -ldZ /path/to/directory" command to view the current SELinux
# label for a given directory.
#
# Set SELinux labels only on files and directories you have created. Use the
# chcon command to temporarily change a label:
# chcon -t samba_share_t /path/to/directory
#
# Changes made via chcon are lost when the file system is relabeled or commands
# such as restorecon are run.
#
# Use the samba_export_all_ro or samba_export_all_rw Boolean to share system
# directories. To share such directories and only allow read-only permissions:
# setsebool -P samba_export_all_ro on
# To share such directories and allow read and write permissions:
# setsebool -P samba_export_all_rw on
#
# To run scripts (preexec/root prexec/print command/...), copy them to the
# /var/lib/samba/scripts/ directory so that SELinux will allow smbd to run them.
# Note that if you move the scripts to /var/lib/samba/scripts/, they retain
# their existing SELinux labels, which may be labels that SELinux does not allow
# smbd to run. Copying the scripts will result in the correct SELinux labels.
# Run the "restorecon -R -v /var/lib/samba/scripts" command as the root user to
# apply the correct SELinux labels to these files.
#
#--------------
#
#======================= Global Settings =====================================

[global]
	log file = /var/log/samba/log.%m
	cups options = raw
	load printers = no
	server string = Samba Server Version %v
	path = /myshare
	workgroup = WORKGROUP
	interfaces = lo enp0s3 192.168.1.7/24 192.168.13.2/24
	security = user
	passdb backend = tdbsam
	max log size = 50

        netbios name = MYNAME
        hosts allow = ALL
        setsebool samba_enable_home_dirs = 1
        setsebool use_samba_home_dirs = 1


# ----------------------- Network-Related Options -------------------------
#
# workgroup = the Windows NT domain name or workgroup name, for example, MYGROUP.
#
# server string = the equivalent of the Windows NT Description field.
#
# netbios name = used to specify a server name that is not tied to the hostname.
#
# interfaces = used to configure Samba to listen on multiple network interfaces.
# If you have multiple interfaces, you can use the "interfaces =" option to
# configure which of those interfaces Samba listens on. Never omit the localhost
# interface (lo).
#
# hosts allow = the hosts allowed to connect. This option can also be used on a
# per-share basis.
#
# hosts deny = the hosts not allowed to connect. This option can also be used on
# a per-share basis.
#
# max protocol = used to define the supported protocol. The default is NT1. You
# can set it to SMB2 if you want experimental SMB2 support.
#

;	netbios name = MYSERVER


;	max protocol = SMB2

# --------------------------- Logging Options -----------------------------
#
# log file = specify where log files are written to and how they are split.
#
# max log size = specify the maximum size log files are allowed to reach. Log
# files are rotated when they reach the size specified with "max log size".
#

	# log files split per-machine:
	# maximum size of 50KB per log file, then rotate:

# ----------------------- Standalone Server Options ------------------------
#
# security = the mode Samba runs in. This can be set to user, share
# (deprecated), or server (deprecated).
#
# passdb backend = the backend used to store user information in. New
# installations should use either tdbsam or ldapsam. No additional configuration
# is required for tdbsam. The "smbpasswd" utility is available for backwards
# compatibility.
#



# ----------------------- Domain Members Options ------------------------
#
# security = must be set to domain or ads.
#
# passdb backend = the backend used to store user information in. New
# installations should use either tdbsam or ldapsam. No additional configuration
# is required for tdbsam. The "smbpasswd" utility is available for backwards
# compatibility.
#
# realm = only use the realm option when the "security = ads" option is set.
# The realm option specifies the Active Directory realm the host is a part of.
#
# password server = only use this option when the "security = server"
# option is set, or if you cannot use DNS to locate a Domain Controller. The
# argument list can include My_PDC_Name, [My_BDC_Name], and [My_Next_BDC_Name]:
#
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
#
# Use "password server = *" to automatically locate Domain Controllers.

;	security = domain
;	passdb backend = tdbsam
;	realm = MY_REALM

;	password server = <NT-Server-Name>

# ----------------------- Domain Controller Options ------------------------
#
# security = must be set to user for domain controllers.
#
# passdb backend = the backend used to store user information in. New
# installations should use either tdbsam or ldapsam. No additional configuration
# is required for tdbsam. The "smbpasswd" utility is available for backwards
# compatibility.
#
# domain master = specifies Samba to be the Domain Master Browser, allowing
# Samba to collate browse lists between subnets. Do not use the "domain master"
# option if you already have a Windows NT domain controller performing this task.
#
# domain logons = allows Samba to provide a network logon service for Windows
# workstations.
#
# logon script = specifies a script to run at login time on the client. These
# scripts must be provided in a share named NETLOGON.
#
# logon path = specifies (with a UNC path) where user profiles are stored.
#
#
;	security = user
;	passdb backend = tdbsam

;	domain master = yes
;	domain logons = yes

	# the following login script name is determined by the machine name
	# (%m):
;	logon script = %m.bat
	# the following login script name is determined by the UNIX user used:
;	logon script = %u.bat
;	logon path = \\%L\Profiles\%u
	# use an empty path to disable profile support:
;	logon path =

	# various scripts can be used on a domain controller or a stand-alone
	# machine to add or delete corresponding UNIX accounts:

;	add user script = /usr/sbin/useradd "%u" -n -g users
;	add group script = /usr/sbin/groupadd "%g"
;	add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
;	delete user script = /usr/sbin/userdel "%u"
;	delete user from group script = /usr/sbin/userdel "%u" "%g"
;	delete group script = /usr/sbin/groupdel "%g"


# ----------------------- Browser Control Options ----------------------------
#
# local master = when set to no, Samba does not become the master browser on
# your network. When set to yes, normal election rules apply.
#
# os level = determines the precedence the server has in master browser
# elections. The default value should be reasonable.
#
# preferred master = when set to yes, Samba forces a local browser election at
# start up (and gives itself a slightly higher chance of winning the election).
#
;	local master = no
;	os level = 33
;	preferred master = yes

#----------------------------- Name Resolution -------------------------------
#
# This section details the support for the Windows Internet Name Service (WINS).
#
# Note: Samba can be either a WINS server or a WINS client, but not both.
#
# wins support = when set to yes, the NMBD component of Samba enables its WINS
# server.
#
# wins server = tells the NMBD component of Samba to be a WINS client.
#
# wins proxy = when set to yes, Samba answers name resolution queries on behalf
# of a non WINS capable client. For this to work, there must be at least one
# WINS server on the network. The default is no.
#
# dns proxy = when set to yes, Samba attempts to resolve NetBIOS names via DNS
# nslookups.

;	wins support = yes
;	wins server = w.x.y.z
;	wins proxy = yes

;	dns proxy = yes

# --------------------------- Printing Options -----------------------------
#
# The options in this section allow you to configure a non-default printing
# system.
#
# load printers = when set you yes, the list of printers is automatically
# loaded, rather than setting them up individually.
#
# cups options = allows you to pass options to the CUPS library. Setting this
# option to raw, for example, allows you to use drivers on your Windows clients.
#
# printcap name = used to specify an alternative printcap file.
#


;	printcap name = /etc/printcap
	# obtain a list of printers automatically on UNIX System V systems:
;	printcap name = lpstat
;	printing = cups

# --------------------------- File System Options ---------------------------
#
# The options in this section can be un-commented if the file system supports
# extended attributes, and those attributes are enabled (usually via the
# "user_xattr" mount option). These options allow the administrator to specify
# that DOS attributes are stored in extended attributes and also make sure that
# Samba does not change the permission bits.
#
# Note: These options can be used on a per-share basis. Setting them globally
# (in the [global] section) makes them the default for all shares.

;	map archive = no
;	map hidden = no
;	map read only = no
;	map system = no
;	store dos attributes = yes


#============================ Share Definitions ==============================

[homes]
	comment = Home Directories
	browseable = no
	writable = yes
;	valid users = %S
;	valid users = MYDOMAIN\%S

[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = no
	guest ok = no
	writable = no
	printable = yes

# Un-comment the following and create the netlogon directory for Domain Logons:
;	[netlogon]
;	comment = Network Logon Service
;	path = /var/lib/samba/netlogon
;	guest ok = yes
;	writable = no
;	share modes = no

# Un-comment the following to provide a specific roving profile share.
# The default is to use the user's home directory:
;	[Profiles]
;	path = /var/lib/samba/profiles
;	browseable = no
;	guest ok = yes

# A publicly accessible directory that is read only, except for users in the
# "staff" group (which have write permissions):
;	[public]
;	comment = Public Stuff
;	path = /home/samba
;	public = yes
;	writable = yes
;	printable = no
;	write list = +staff
# from the page https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/sect-Managing_Confined_Services-Samba-Configuration_examples.html
[myshare]
	comment = My share
	writeable = yes
	create mode = 775
	public = yes
	path = /myshare
	directory mode = 775

Open in new window

When I executed testparm I got the following:


[anthony@localhost /]$ testparm /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Unknown parameter encountered: "setsebool samba_enable_home_dirs"
Ignoring unknown parameter "setsebool samba_enable_home_dirs"
Unknown parameter encountered: "setsebool use_samba_home_dirs"
Ignoring unknown parameter "setsebool use_samba_home_dirs"
Processing section "[homes]"
Processing section "[printers]"
Processing section "[myshare]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
        netbios name = MYNAME
        server string = Samba Server Version %v
        interfaces = lo, enp0s3, 192.168.1.7/24, 192.168.13.2/24
        log file = /var/log/samba/log.%m
        max log size = 50
        load printers = No
        idmap config * : backend = tdb
        path = /myshare
        hosts allow = ALL
        cups options = raw

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        print ok = Yes
        browseable = No

[myshare]
        comment = My share
        read only = No
        create mask = 0775
        directory mask = 0775
        guest ok = Yes
[anthony@localhost /]$

Open in new window


However when I click on Network on windows explorer, there is nothing there.  

Previously I have updated the IPtables with the following:

#iptables -A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT 
#iptables -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT 
#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT 
#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

Open in new window


In case it's not clear, I'm not a linux expert by any stretch of the imagination, I want to install some red-hat software that runs off a linux server to look at business processes and decision modelling.

Can someone point out what I should be checking in order to be able see the VM guest on my network?
TerribleTonyHAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Disable iptables. service iptables stop
Your smb.conf uses  workgroup
how many IPs does the VM have?
Did you run setsebool and chcon? Deals with selinux

If you do \\192.168.1.7 does it list the available shares?

You may have to include the same options in forward.

Does your IP tables
iptables -L --line-numbers
0
TerribleTonyHAuthor Commented:
I had to install a new RHEL VM because I got this separate issue on trying to log-in (telling me "login incorrect" without waiting for me to enter password).  So the IP is now 192.168.1.10 and not 7 as per previous post.

I haven't bothered installing webmin yet but I've followed the instruction from the redhat site for Samba (albeit for version 6)

running iptables -L brings back:

[anthony@localhost myshare]$ sudo iptables -L
[sudo] password for anthony:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
INPUT_direct  all  --  anywhere             anywhere
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere
INPUT_ZONES  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
FORWARD_direct  all  --  anywhere             anywhere
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere
FORWARD_IN_ZONES  all  --  anywhere             anywhere
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere
FORWARD_OUT_ZONES  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
OUTPUT_direct  all  --  anywhere             anywhere

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination
FWDI_public  all  --  anywhere             anywhere            [goto]
FWDI_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination
FWDO_public  all  --  anywhere             anywhere            [goto]
FWDO_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_direct (1 references)
target     prot opt source               destination

Chain FWDI_public (2 references)
target     prot opt source               destination
FWDI_public_log  all  --  anywhere             anywhere
FWDI_public_deny  all  --  anywhere             anywhere
FWDI_public_allow  all  --  anywhere             anywhere

Chain FWDI_public_allow (1 references)
target     prot opt source               destination

Chain FWDI_public_deny (1 references)
target     prot opt source               destination

Chain FWDI_public_log (1 references)
target     prot opt source               destination

Chain FWDO_public (2 references)
target     prot opt source               destination
FWDO_public_log  all  --  anywhere             anywhere
FWDO_public_deny  all  --  anywhere             anywhere
FWDO_public_allow  all  --  anywhere             anywhere

Chain FWDO_public_allow (1 references)
target     prot opt source               destination

Chain FWDO_public_deny (1 references)
target     prot opt source               destination

Chain FWDO_public_log (1 references)
target     prot opt source               destination

Chain INPUT_ZONES (1 references)
target     prot opt source               destination
IN_public  all  --  anywhere             anywhere            [goto]
IN_public  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain INPUT_direct (1 references)
target     prot opt source               destination

Chain IN_public (2 references)
target     prot opt source               destination
IN_public_log  all  --  anywhere             anywhere
IN_public_deny  all  --  anywhere             anywhere
IN_public_allow  all  --  anywhere             anywhere

Chain IN_public_allow (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination

Chain IN_public_log (1 references)
target     prot opt source               destination

Chain OUTPUT_direct (1 references)
target     prot opt source               destination

Open in new window


Disabling the tables brings back:

[anthony@localhost myshare]$ sudo service iptables stop
Redirecting to /bin/systemctl stop  iptables.service
Failed to issue method call: Unit iptables.service not loaded.

Open in new window


Running ip addr show brings back just 2 ip addresses

[anthony@localhost myshare]$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:3b:49:b1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.10/24 brd 192.168.1.255 scope global dynamic enp0s3
       valid_lft 72519sec preferred_lft 72519sec
    inet6 fde0:191d:668f:5b50:a30:67ff:fe3b:49b1/64 scope global dynamic
       valid_lft 7114sec preferred_lft 3514sec
    inet6 fe80::a30:67ff:fe3b:49b1/64 scope link
       valid_lft forever preferred_lft forever

Open in new window


I haven't done anything with  setsebool and chcon in this installation.

I can't see anything on windows network directory. I got this message when I entered the ipaddress into the browser:

samba-3.png
Which seems to suggest it's some linux security measure? Next steps, I've no idea.
0
arnoldCommented:
The error you received about iptables says it is not running, pointing to the possibility that you are actually using firewalld on your 7 install and not iptables.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

TerribleTonyHAuthor Commented:
Yes, I am:

[anthony@localhost myshare]$ sudo systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since Sun 2015-06-14 14:26:18 BST; 5h 47min ago
 Main PID: 565 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─565 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Jun 14 14:26:18 localhost.localdomain systemd[1]: Started firewalld - dynamic...
Hint: Some lines were ellipsized, use -l to show in full.
[anthony@localhost myshare]$ firewall-cmd --state
running
[anthony@localhost myshare]$

Open in new window


Is this just a case of stopping this service?

Do I have to re-start?
0
TerribleTonyHAuthor Commented:
Well, disabling it worked some:

[anthony@localhost myshare]$ sudo systemctl disable firewalld
[sudo] password for anthony:
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'

Open in new window


I can see a new connection on the network in windows (localhost):

samba-4.png
However clicking on it just shows my laptop directories:

samba-5.png
Any suggestions?
0
arnoldCommented:
Localhost is associated with 127.0.0.1 which always refers to self.

Change the hostname on your VM to something that resolves to a routeable IP in the LAN

Try \\192.168.1.10\ and see whether the shares you have are displayed.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TerribleTonyHAuthor Commented:
I changed the contents of /etc/hostname to:

VMhost.localdomain

Open in new window


And the (confusedly) added the last line to the contents of /etc/hosts to the following:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.7 VMhost VMhost.localdomain

Open in new window


192.168.1.7 is the IP address of the windows host
0
TerribleTonyHAuthor Commented:
Also there was no change in what was available on the windows network drive.

Adding \\192.168.1.10 to the browser comes back with the original message as before.
0
arnoldCommented:
Run hostname newhostname on the command line within the shell,  a reboot is needed,

Double check you hosts file, you said it was 1.10, yet you have it as 1.7.
0
TerribleTonyHAuthor Commented:
I was getting confused between host for linux and host/guest for virtualbox. I've now got connectivity by rebooting and setting the value of the /etc/hosts file to the ip address of the linux guest (if that makes sense).

Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Virtualization

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.