When I executed testparm I got the following:
# This is the main Samba configuration file. For detailed information about the # options listed here, refer to the smb.conf(5) manual page. Samba has a huge # number of configurable options, most of which are not shown in this example. # # The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step # guides for installing, configuring, and using Samba: # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf # # The Samba-3 by Example guide has working examples for smb.conf. This guide is # generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf # # In this file, lines starting with a semicolon (;) or a hash (#) are # comments and are ignored. This file uses hashes to denote commentary and # semicolons for parts of the file you may wish to configure. # # Note: Run the "testparm" command after modifying this file to check for basic # syntax errors. # #--------------- # Security-Enhanced Linux (SELinux) Notes: # # Turn the samba_domain_controller Boolean on to allow Samba to use the useradd # and groupadd family of binaries. Run the following command as the root user to # turn this Boolean on: # setsebool -P samba_domain_controller on # # Turn the samba_enable_home_dirs Boolean on if you want to share home # directories via Samba. Run the following command as the root user to turn this # Boolean on: # setsebool -P samba_enable_home_dirs on # # If you create a new directory, such as a new top-level directory, label it # with samba_share_t so that SELinux allows Samba to read and write to it. Do # not label system directories, such as /etc/ and /home/, with samba_share_t, as # such directories should already have an SELinux label. # # Run the "ls -ldZ /path/to/directory" command to view the current SELinux # label for a given directory. # # Set SELinux labels only on files and directories you have created. Use the # chcon command to temporarily change a label: # chcon -t samba_share_t /path/to/directory # # Changes made via chcon are lost when the file system is relabeled or commands # such as restorecon are run. # # Use the samba_export_all_ro or samba_export_all_rw Boolean to share system # directories. To share such directories and only allow read-only permissions: # setsebool -P samba_export_all_ro on # To share such directories and allow read and write permissions: # setsebool -P samba_export_all_rw on # # To run scripts (preexec/root prexec/print command/...), copy them to the # /var/lib/samba/scripts/ directory so that SELinux will allow smbd to run them. # Note that if you move the scripts to /var/lib/samba/scripts/, they retain # their existing SELinux labels, which may be labels that SELinux does not allow # smbd to run. Copying the scripts will result in the correct SELinux labels. # Run the "restorecon -R -v /var/lib/samba/scripts" command as the root user to # apply the correct SELinux labels to these files. # #-------------- # #======================= Global Settings ===================================== [global] log file = /var/log/samba/log.%m cups options = raw load printers = no server string = Samba Server Version %v path = /myshare workgroup = WORKGROUP interfaces = lo enp0s3 192.168.1.7/24 192.168.13.2/24 security = user passdb backend = tdbsam max log size = 50 netbios name = MYNAME hosts allow = ALL setsebool samba_enable_home_dirs = 1 setsebool use_samba_home_dirs = 1 # ----------------------- Network-Related Options ------------------------- # # workgroup = the Windows NT domain name or workgroup name, for example, MYGROUP. # # server string = the equivalent of the Windows NT Description field. # # netbios name = used to specify a server name that is not tied to the hostname. # # interfaces = used to configure Samba to listen on multiple network interfaces. # If you have multiple interfaces, you can use the "interfaces =" option to # configure which of those interfaces Samba listens on. Never omit the localhost # interface (lo). # # hosts allow = the hosts allowed to connect. This option can also be used on a # per-share basis. # # hosts deny = the hosts not allowed to connect. This option can also be used on # a per-share basis. # # max protocol = used to define the supported protocol. The default is NT1. You # can set it to SMB2 if you want experimental SMB2 support. # ; netbios name = MYSERVER ; max protocol = SMB2 # --------------------------- Logging Options ----------------------------- # # log file = specify where log files are written to and how they are split. # # max log size = specify the maximum size log files are allowed to reach. Log # files are rotated when they reach the size specified with "max log size". # # log files split per-machine: # maximum size of 50KB per log file, then rotate: # ----------------------- Standalone Server Options ------------------------ # # security = the mode Samba runs in. This can be set to user, share # (deprecated), or server (deprecated). # # passdb backend = the backend used to store user information in. New # installations should use either tdbsam or ldapsam. No additional configuration # is required for tdbsam. The "smbpasswd" utility is available for backwards # compatibility. # # ----------------------- Domain Members Options ------------------------ # # security = must be set to domain or ads. # # passdb backend = the backend used to store user information in. New # installations should use either tdbsam or ldapsam. No additional configuration # is required for tdbsam. The "smbpasswd" utility is available for backwards # compatibility. # # realm = only use the realm option when the "security = ads" option is set. # The realm option specifies the Active Directory realm the host is a part of. # # password server = only use this option when the "security = server" # option is set, or if you cannot use DNS to locate a Domain Controller. The # argument list can include My_PDC_Name, [My_BDC_Name], and [My_Next_BDC_Name]: # # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # # Use "password server = *" to automatically locate Domain Controllers. ; security = domain ; passdb backend = tdbsam ; realm = MY_REALM ; password server = <NT-Server-Name> # ----------------------- Domain Controller Options ------------------------ # # security = must be set to user for domain controllers. # # passdb backend = the backend used to store user information in. New # installations should use either tdbsam or ldapsam. No additional configuration # is required for tdbsam. The "smbpasswd" utility is available for backwards # compatibility. # # domain master = specifies Samba to be the Domain Master Browser, allowing # Samba to collate browse lists between subnets. Do not use the "domain master" # option if you already have a Windows NT domain controller performing this task. # # domain logons = allows Samba to provide a network logon service for Windows # workstations. # # logon script = specifies a script to run at login time on the client. These # scripts must be provided in a share named NETLOGON. # # logon path = specifies (with a UNC path) where user profiles are stored. # # ; security = user ; passdb backend = tdbsam ; domain master = yes ; domain logons = yes # the following login script name is determined by the machine name # (%m): ; logon script = %m.bat # the following login script name is determined by the UNIX user used: ; logon script = %u.bat ; logon path = \\%L\Profiles\%u # use an empty path to disable profile support: ; logon path = # various scripts can be used on a domain controller or a stand-alone # machine to add or delete corresponding UNIX accounts: ; add user script = /usr/sbin/useradd "%u" -n -g users ; add group script = /usr/sbin/groupadd "%g" ; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" ; delete user script = /usr/sbin/userdel "%u" ; delete user from group script = /usr/sbin/userdel "%u" "%g" ; delete group script = /usr/sbin/groupdel "%g" # ----------------------- Browser Control Options ---------------------------- # # local master = when set to no, Samba does not become the master browser on # your network. When set to yes, normal election rules apply. # # os level = determines the precedence the server has in master browser # elections. The default value should be reasonable. # # preferred master = when set to yes, Samba forces a local browser election at # start up (and gives itself a slightly higher chance of winning the election). # ; local master = no ; os level = 33 ; preferred master = yes #----------------------------- Name Resolution ------------------------------- # # This section details the support for the Windows Internet Name Service (WINS). # # Note: Samba can be either a WINS server or a WINS client, but not both. # # wins support = when set to yes, the NMBD component of Samba enables its WINS # server. # # wins server = tells the NMBD component of Samba to be a WINS client. # # wins proxy = when set to yes, Samba answers name resolution queries on behalf # of a non WINS capable client. For this to work, there must be at least one # WINS server on the network. The default is no. # # dns proxy = when set to yes, Samba attempts to resolve NetBIOS names via DNS # nslookups. ; wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; dns proxy = yes # --------------------------- Printing Options ----------------------------- # # The options in this section allow you to configure a non-default printing # system. # # load printers = when set you yes, the list of printers is automatically # loaded, rather than setting them up individually. # # cups options = allows you to pass options to the CUPS library. Setting this # option to raw, for example, allows you to use drivers on your Windows clients. # # printcap name = used to specify an alternative printcap file. # ; printcap name = /etc/printcap # obtain a list of printers automatically on UNIX System V systems: ; printcap name = lpstat ; printing = cups # --------------------------- File System Options --------------------------- # # The options in this section can be un-commented if the file system supports # extended attributes, and those attributes are enabled (usually via the # "user_xattr" mount option). These options allow the administrator to specify # that DOS attributes are stored in extended attributes and also make sure that # Samba does not change the permission bits. # # Note: These options can be used on a per-share basis. Setting them globally # (in the [global] section) makes them the default for all shares. ; map archive = no ; map hidden = no ; map read only = no ; map system = no ; store dos attributes = yes #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes ; valid users = %S ; valid users = MYDOMAIN\%S [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes # Un-comment the following and create the netlogon directory for Domain Logons: ; [netlogon] ; comment = Network Logon Service ; path = /var/lib/samba/netlogon ; guest ok = yes ; writable = no ; share modes = no # Un-comment the following to provide a specific roving profile share. # The default is to use the user's home directory: ; [Profiles] ; path = /var/lib/samba/profiles ; browseable = no ; guest ok = yes # A publicly accessible directory that is read only, except for users in the # "staff" group (which have write permissions): ; [public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = +staff # from the page https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/sect-Managing_Confined_Services-Samba-Configuration_examples.html [myshare] comment = My share writeable = yes create mode = 775 public = yes path = /myshare directory mode = 775
[anthony@localhost /]$ testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Unknown parameter encountered: "setsebool samba_enable_home_dirs" Ignoring unknown parameter "setsebool samba_enable_home_dirs" Unknown parameter encountered: "setsebool use_samba_home_dirs" Ignoring unknown parameter "setsebool use_samba_home_dirs" Processing section "[homes]" Processing section "[printers]" Processing section "[myshare]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] netbios name = MYNAME server string = Samba Server Version %v interfaces = lo, enp0s3, 192.168.1.7/24, 192.168.13.2/24 log file = /var/log/samba/log.%m max log size = 50 load printers = No idmap config * : backend = tdb path = /myshare hosts allow = ALL cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [myshare] comment = My share read only = No create mask = 0775 directory mask = 0775 guest ok = Yes [anthony@localhost /]$
#iptables -A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT #iptables -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT #iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT #iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
From novice to tech pro — start learning today.