https://docs.fedoraproject.org/en-US/quick-docs/samba/#trouble_with_accessing_the_share
https://www.server-world.info/en/note?os=Fedora_35&p=samba&f=3
$ sudo dnf install samba
$ sudo systemctl enable smb --now
$ firewall-cmd --get-active-zones
$ sudo firewall-cmd --permanent --zone=FedoraWorkstation --add-service=samba
$ sudo firewall-cmd --permanent --zone=libvirt --add-service=samba
$ sudo firewall-cmd --reload
With standard selinux policy samba will be unable to do some very basic things. Use the two commands below to enable them before continuing.
$ sudo setsebool -P samba_enable_home_dirs 1
$ sudo setsebool -P samba_export_all_rw 1
In this example you will share a directory inside your home directory, accessible only by your user.
Samba does not use the operating system users for authentication, so your user account must be duplicated in Samba. So if your account is tallest
on the host, the user tallest
must also be added to Samba. While the usernames must match, the passwords can be different.
Create a user called tallest
in Samba:
$ sudo smbpasswd -a tallest
Create a directory to be the share for tallest, and set the correct SELinux context:
$ mkdir /home/tallest/Transfer
$ sudo semanage fcontext --add --type "samba_share_t" ~/Transfer
$ sudo restorecon -R ~/Transfer
Samba configuration lives in the /etc/samba/smb.conf
file. Adding the following section at the end of the file will instruct Samba to set up a share for tallest called "share" at the /home/tallest/share
directory just created.
[Transfer]
comment = network drive share for Myron
path = /home/tallest/Transfer
writeable = yes
browseable = yes
public = yes
create mask = 0644
directory mask = 0755
write list = user
Restart Samba for the changes to take effect:
$ sudo systemctl restart smb
[sara@kallisti ~]$ sudo iptables -S
-P INPUT ACCEPT-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N LIBVIRT_FWI
-N LIBVIRT_FWO
-N LIBVIRT_FWX
-N LIBVIRT_INP
-N LIBVIRT_OUT
-A INPUT -j LIBVIRT_INP
-A OUTPUT -j LIBVIRT_OUT
-A LIBVIRT_FWI -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWO -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 68 -j ACCEPT
[sara@kallisti ~]$ sudo iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 LIBVIRT_INP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 LIBVIRT_FWX all -- anywhere anywhere
2 LIBVIRT_FWI all -- anywhere anywhere
3 LIBVIRT_FWO all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 LIBVIRT_OUT all -- anywhere anywhere
Chain LIBVIRT_FWI (1 references)
num target prot opt source destination
1 ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
2 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain LIBVIRT_FWO (1 references)
num target prot opt source destination
1 ACCEPT all -- 192.168.122.0/24 anywhere
2 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain LIBVIRT_FWX (1 references)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere
Chain LIBVIRT_INP (1 references)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:domain
2 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
3 ACCEPT udp -- anywhere anywhere udp dpt:bootps
4 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain LIBVIRT_OUT (1 references)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:domain
2 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
3 ACCEPT udp -- anywhere anywhere udp dpt:bootpc
4 ACCEPT tcp -- anywhere anywhere tcp dpt:bootpc
[sara@kallisti ~]$ sudo iptables -D FORWARD 1
[sara@kallisti ~]$ sudo iptables -D FORWARD 2
[sara@kallisti ~]$ sudo iptables -D FORWARD 3
[sara@kallisti ~]$ sudo iptables -P FORWARD DROP