How to configure and secure Samba server with Ansible

Hello and welcome to this new one :

Today , we’re going to explore one of the most famous alternative service to NFS , which is Samba ( not the Brazilian dance 😂 ) . we’ll start as usually by understanding what is samba , how is different from NFS and in which case we need it .

What is Samba ?

Samba is a suite of programs that allows Linux and other systems to interoperate with Microsoft windows file and printer sharing protocols . In other word , Windows , MacOS and other client systems can access samba server to share files and printers in the same way that they would from windows file and printers server .

In fact many people prefer using samba server over windows file server because it’s more secure and robust .

Now the question here if you remember NFS also is a file sharing protocol , so :

what’s the difference ?

Well , the major difference between the two is that NFS is have been designed for Unix and Linux systems where samba on the other hand is designed for mixed environments ( including windows ) .

Another differences is the authentication mechanism , while NFS is a machine based authentication ( the system ca have access to the files for all users , which is great when sharing small files as the speed is increased and the shares are retrieved more efficiently ) , SMB ( protocol implemented by samba) on the other hand is a user authentication based ( better suited for interactions with windows computers) .

Now that the difference between them is clear and to answer the next question in which case we need Samba :

I would say based on the environment , if you have multivendor environments ( a mix between windows and Linux , which is probably the case in most enterprises today ) , it might be worthwhile to use SMB .

Now, after this nice little introduction , let’s jump to the command line and see how we can configure samba server not manually but with ansible this time :

Here I’m logged into my server ( ansible control node ) , I’ll start by creating a directory for this project ( I’ll name it smbproject) :

Then, let’s create the ansible configuration file :

Next , let’s create the inventory file “smbinventory” ( with node2 as the samba server and node1 as the client ) :

And let’s do a little ping pong to test the connectivity :

Notice that I used “2>/dev/null “ to redirect certain deprecation messages because I’m using an older version of ansible ( 2.9 ), but it’s ok for this tutorial :

Finally , let’s create the playbook ( I’ll name it “smbplaybook” ) . The first task is to install the samba package using the yum module .

Next, let’s create a group ( “smbusers” for example) and then create two users ( test1 and test2) and add them to this group :

If you were following along, you might notice that I didn’t configure a password for those two users , It doesn’t matter because Samba has its own database, so the verification will not occur at the underlying layer (Normally, in an enterprise environment, Samba will verify the credentials of users with an Active Directory or LDAP server. However, I want to keep it simple, so Samba will use its own internal database instead ) .

Next , let’s create the directory to share ( of course without forgetting to set the right selinux context label ) :

Until now, I haven’t had the chance to write about SElinux and explain it in more details , but I promise to cover it in more depth in a future content .

Alright, let’s proceed to our next task by adding those users to the Samba database :

For the final task, let’s add and configure the share in the smb configuration file (/etc/samba/smb.conf). I won’t go deeply into security measures, so let’s keep it simple : we want to deny any guest access and allow full permissions only for users in the “smbusers” group .

Finally, let’s not forget to start the samba service and open the necessary firewall port :

And that’s it for the samba server , let’s run the playbook using the ansible-playbook command :

Et voilà the playbook ran successfully . Now, for the last step , we need a second play ( since I don’t have any Windows VM available, I’ll use a Linux machine as a samba client as well. ) :

As you can see, I tagged the second play with the tag “play2” , so that we can run the second play separately :

And that’s it . Let’s verify that the samba share is mounted :

As you can see, the share is mounted successfully , I wish I had a Windows VM to demonstrate accessing the share from a Windows interface. I know most of you are familiar with it( after all the procedure is not hard ).

I hope you enjoyed this demo . If you have any further questions, please feel free to leave a comment below .

Thank you for reading, Don’t forget to like and share, and I’ll see you in the next one .