su
mkdir -p -m 1777 /tmp/wpshare
vi /tmp/wpshare/afile
chmod 444 /tmp/wpshare/afile
cd /etc/samba/
mv smb.conf smb.conf.WORKING
# Find current network number, used below instead of "10.41.":
ifconfig
cat >smb.conf <<!
[global]
workgroup = CTS2322
netbios name = wpserver
server string = Anonymous LAN File Server (Samba)
security = share
browseable = yes
hosts allow = 10.41.
[wpshare]
path = /tmp/wpshare
comment = test files for Samba
read only = no
guest ok = yes
!
testparm
/etc/init.d/smb start
chkconfig smb on
iptables -I RH-Firewall-1-INPUT -m state --state NEW \
-m udp -p udp --dport 137 -j ACCEPT
iptables -I RH-Firewall-1-INPUT -m state --state NEW \
-m udp -p udp --dport 138 -j ACCEPT
iptables -I RH-Firewall-1-INPUT -m state --state NEW \
-m tcp -p tcp --dport 139 -j ACCEPT
iptables -I RH-Firewall-1-INPUT -m state --state NEW \
-m tcp -p tcp --dport 445 -j ACCEPT
# or: vi /etc/init.d/iptables
# /etc/init.d/iptables restart
less /var/log/messages
less /var/log/samba/*
ls -l /etc/logrotate.d/samba
exit
cd
# The following should work from localhost
# or another on same LAN:
smbclient -L wpserver
smbclient //wpserver/wpshare
smbtree -N
ls
get afile
q
ls -l afile
su
cd
mkdir mnt
smbmount //wpserver/wpshare mnt -o guest
ls -l mnt
smbumount mnt
exit
Sample /etc/sysconfig/iptables firewall with samba additions
cat iptables
# Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 995 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 993 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
# Holes needed for Samba (plus TCP/901 for swat):
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT