Setting up and Configuring a basic Samba Server in AWS
From very old days Samba is opted as a secure file transfer protocol native to Linux Operating system. In this article I will setup a basic samba server in AWS public Subnet and access the share from a Linux server in the private subnet.
First thing first, Let’s create an EC2 server with Amazon Linux 2 AMI in the public subnet. In security group open port 22and port 445 to anywhere i.e 0.0.0.0/0 range.
Launch the instance and wait for status check to be 2/2 passed.
SSH into the server. and change the hostname to a convenience name for ease.
* As this is an Amazon Linux 2 AMI we need to follow the below steps to change the hostname to an user friendly name.
$ sudo vi /etc/cloud/cloud.cfg
In the end of the file add the below line and save.
preserve_hostname: true
Then run the hostnamectl
command to change the hostname. The run the update and finally reboot the system to get the change affect.
$ sudo hostnamectl set-hostname samba-server
$ sudo yum update -y
$ sudo reboot
Re login the server over ssh
. This time we will install Samba
, samba-client
, and cifs-utils
as Root user.
$ sudo su -
# yum install -y samba samba-client cifs-utils
Edit the samba
configuration file smb.conf
for adding the samba details.
# vim /etc/samba/smb.conf
Edit and add the entries like below.
security = user
hosts allow = 127. 172.
*** Add the loopback IP and the VPC starting ip as shown above
interfaces = lo eth0 passdb backend = smbpasswd:/etc/samba/sambapasswd.txt printing = cups
printcap name = cups
load printers = yes
cups options = raw[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775[devdocs]
comment = Development documentation
read only = no
available = yes
path = /devdocs
public = yes
valid users = devdocsuser
write list = devdocsuser
writable = yes
browseable = yes
Create samba
user and set the password. After that add the user to use samba
service.
# useradd devdocsuser
# passwd devdocsuser
# smbpasswd -a devdocsuser
# service smb restart
when we set the password for samba
user it will throw the below warning. can be ignored.
Create a directory to be use by Samba
for sharing purpose. Change the permission to 0777.
# mkdir /devdocs
# chmod 777 /devdocs
After adding the directory restart the samba
service and check the parameters are valid or not by running testparm
command. If it shows below output then the configuration file is syntactically valid.
# service smb restart
# testparm
Now launch another Amazon Linux 2 VM in the same VPC
and in private subnet
.
Do the same steps to change the hostname
and update the package and install the samba
, samba-client
and cifs-utils
.
Create a directory to mount the samba share and change the permission of that directory to 0775
.
$ sudo mkdir /mnt/devdocs
$ sudo chmod 777 /mnt/devdocs/
After creating the directory needs to mount the samba share into that directory to use the share as samba sharing. Use the samba server private ip in the smbclient
command.
$ smbclient //<private ip of server>/devdocs -U devdocsuser
If the above command gives you a smb prompt then everything is working as excepted.
To use samba share as a file system we need to mount that into the directory using cifs
protocol.
$ sudo mount -t cifs -o username=devdocsuser //<private ip of the server>/devdocs /mnt/devdocs/
After mounting run the df -hT
to see if the filesystem is populating or not.
For permanent mounting and make the file system available at the time of booting need the add the entry in fstab
.
//172.31.93.191/devdocs /mnt/devdocs/ cifs
credentials=/home/ec2-user/.samba_cred,_netdev 0 0
The “ _netdev” option is important since we are mounting a network device. Clients may hang during the boot process if the system encounters any difficulties with the network.
Create a file to store the credentials of the samba.
$ vim /home/ec2-user/.samba_cred
username=devdocsuser
password=devdocsuser
After creating the samba credentials file mount the file system.
$ sudo mount -a
Cross check if the file system is mounted or not by running df -hT
command. It will show the output like below.
Finally we have mounted a samba share in a Linux server successfully. Now let’s mount the same share in a Windows server to check it’s functionality in windows as well.
For that use case let’s launch a Windows VM in the same VPC
and in the private subnet
.
After the instance pass 2/2 check RDP
into it.
After getting into the server right click on This PC
in Windows Explorer
and click on Add a network location
.
Click on Choose a custom network location
and then click Next
.
Enter the Samba share private ip and share name like \\<samba server private ip>\<share name>
Click on Next
. It will ask the credentials to connect the server. Put samba user name and password. then press OK
.
Name the location as per your convenience. I am leaving as it is. Click onNext
then Finish
.
Now we have mounted the samba share in both Linux and Windows. To test the functionality create a file in the samba server in the directory where samba share is mounted i.e. /devdocs
.
As we can see the file we created in the samba server is populating in both the Linux and Windows machine.
*** To add more security we can change the samba
share ownership to devdocsuser
and change the permission to 0755
. It will enhance the security if the share is used for any financial purpose.
* to know more about cifs
protocol please read the document. https://cifs.com/