Can anyone point me to a Samba installation guide for Rocky 8?

I’ve been successfully installing Samba on various RHEL platforms for some years, but I can no longer get it to respond, even when I follow my old trusted notes to the letter. Does anyone have a link to a good set-up article that’s known to work? I’ve followed several guides, mostly they are either old, poorly written or with contrived content and many are just incomplete copies of each other. My requirement is very basic — local authentication only.

Clearly something with Samba has changed, as it always used to be so easy, by which I mean a few years ago. I tried CentOS 8 a couple of years ago, also tried Rocky recently and even Oracle. They all behave the same — Samba is running but just doesn’t respond, even to the local server-side client smbclient which just times-out. I had to give up before, but now want to resolve it, as it’s daft that it won’t work. Thanks.

Hey there!
I’m not sure where you are getting halted but, might it be that you didn’t allow the directory you try to share in SELinux? (ref)

No, Samba is essentially non-responding entirely and I can’t even share the home directories, which SELinux already recognises. I also tried turning off SELinux, changing the ‘enforcing’ parameter to ‘disabled’.

Also added the firewall rule, using the Samba service. Thanks though.

Hrm interesting,
disabling SELinux alltogether is a move backwards in my eyes but it should at least completely get rid of it in EL 8.

Tbh, everything that needs to be done is basically this: Rocky Linux 8 : Samba : Fully Accessed Shared Folder : Server World

Thanks, that site has always been a good resource in the past, but it didn’t appear in my search results. I’m just going through a fresh installation of Rocky. Yesterday I became so frustrated with Samba that I deleted the entire virtual machine Fingers crossed this will go better lumarel.

Yeah totally, server-world made their name really a proof of quality guides

I carried out every step at the link but Samba is still dead and non-functional, just the same as every other time I’ve tried it, same as with CentOS 8 and Oracle attempts. I can’t even perform an smbclient command from the server console. It doesn’t prompt for the password, but just waits and eventually times-out :

smbclient -L //localhost -U samba
rotocol negotiation failed: NT_STATUS_IO_TIMEOUT

Same from a Windows client — just completely dead and eventually comes back with "Windows cannot access… " etc. By complete contrast, I have xrdp already working from a Windows client to the new Rocky server and that’s fine. It worked straight away after installation, didn’t even need to reboot, but Samba is a nightmare.

I’ve turned off SELinux too.

I noticed that the server-world guide doesn’t include a Samba password set-up, unlike some of the other articles I’ve seen.

I did this also :

ps -e | grep smb
   1320 ?        00:00:00 smbd
   1466 ?        00:00:00 smbd-notifyd
   1467 ?        00:00:00 smbd-cleanupd
   2880 ?        00:00:00 smbd[127.0.0.1]
   2897 ?        00:00:00 smbd[127.0.0.1]

I don’t know if this is connected with Samba not working, but the newly installed server appears to have created an additional IP address that I didn’t set up. I set up a fixed address of 192.168.0.x along with all my other machines on the LAN, while Rocky has configured an extra interface virbr0 at 192.168.122.1. I don’t use that subnet, but where has this come from?

ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:e7:44:07 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.119/24 brd 192.168.0.255 scope global noprefixroute enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fee7:4407/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:f4:f0:a5 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever

Tbh a virbr normally comes from libvirt or such, let me give it a try, I really don’t remember right now,
not really hosting SMB shares on plain linux

So, there is a 2nd guide: Rocky Linux 8 : Samba : Limited Shared Folder : Server World
this one looks like it’s suited for specific useraccount access

(installing right now and testing)

Yep worked as intended here:
I setup the following:

• minimal-environment install (in the Anaconda UI it’s called “Minimal”)
• dnf install samba
• groupadd smbshare
• mkdir /home/smbshare
• chgrp smbshare /home/smbshare/
• chmod 770 /home/smbshare/
• vi /etc/samba/smb.conf changed the content to (without comments):

[global]
        workgroup = SAMBA
        security = user
        unix charset = UTF-8
[smbshare]
        path = /home/smbshare
        writeable = yes
        guest ok = no
        valid users = @smbshare
        force group = smbshare
        force create mode = 770
        force directory mode = 770
        inherit permissions = yes

• systemctl enable --now smb
• useradd testuser
• smbpasswd -a testuser
• usermod -aG smbshare testuser
• setsebool -P samba_enable_home_dirs on
• restorecon -R /home/smbshare/
• firewall-cmd --add-service=samba
• firewall-cmd --add-service=samba --permanent

And finally I mounted this with Files (Nautilus) on my Workstation (with the created credentials), and created a directory and file:

[user@workstation smb-share:server=r8-samba-dev.domain,share=smbshare]$ tree
.
└── hello
    └── file

1 directory, 1 file

Thank you for going through this and testing it out, it’s appreciated. I tried the minimal installation of 8.9 and went through the precise steps you’ve set out. I saw that a /etc/samba/smb.conf was already present on the fresh installation of the minimal install, but regardless of that, I repeated your dnf install samba exactly.

It seemed exactly like the other installations I’ve tried — doing nothing without any response, but eventually I noticed that it is very very slow to present login credentials at the client end.and then again, very slow to authenticate, to the point that it is not usable. I tried a Windows server machine as a client, entering \ \192.168.0.119\smbshare for this test.

Then, when opening a simple text file that I had created at the server end, consisting of just a few bytes, the file required half a minute to open it.

I then tried using a recent installation of Manjaro Linux, using Dolphin file explorer. I use this system daily to open a Samba share on the old CentOS 7 server and it always works. For that I tried smb://192.168.0.119/smbshare. It eventually prompted for credentials. After entering them, it was just the same as the Windows system — extremely slow and unusable. For about a minute, it displayed “Loading folder”, shown here :

I was not able to connect at all from my old CentOS 7 server to the Rocky Samba server using the Gnome file manager. Normally this machine works daily for me when connecting to another CentOS server running Samba, but not with this Samba/Rocky 8.9 installation. It refused to respond, almost immediately coming back with the below message.

These tests are therefore from three machines, two are painfully slow to authenticate and totally unusable and one doesn’t work at all. To recap, they are

Window Server 2016 client — takes ages to display authentication prompt, then ages to proceed.
Manjaro Linux 21.2.5 KDE Dolphin file manager — exactly the same as Windows above, unusably slow.
CentOS Linux 7.6 old server that I use daily and always works with other Samba shares, won’t connect to Samba on Rocky at all.

All in all, something is not right with Samba now. I’m not a new user, as I’ve been operating with Samba on various Linux platforms for nearly ten years, across Windows clients and other Linux clients. Something’s gone wrong with it more recently. Any ideas? Thanks again for helping this far.

That’s very weird, as long as you didn’t select any of the optional groups “File and Storage Server” or “Windows File Server” you shouldn’t have samba preinstalled, if minimal-environment is used

Did you make sure it’s not a component in your network, that makes everything unusable? Tbh this somehow sounds to me as if you don’t get the throughput between your server and client.
Btw on the Windows side, most installations are by default configured to first try with anonymous credentials, which won’t work in the configuration I provided above, even listing the shares at all will already need credentials.

Yeah that doesn’t happen because of samba server or credential auth delays after the first login, at least not as far as I am aware of. (if it’s a LDAP/AD/other auth module that reacts a bit slow the first connection might take longer)

At least this here sounds like the crypto-policy of your system is as high, as that CentOS 7 gets problems:

Also threw a Windows Server 2022 in my testing as client, also works flawlessly

So yeah TL;DR;
it sounds to me like either you are having some interconnect issue (I only recently had to troubleshoot a network issue, where the connection suddenly was routed over another intercontinental VPN endpoint, no one expected that to happen and make the connection slow) or other routing or MTU related network drops,
or/and for your older clients the crypto-policy is most likely too high (you might either need DEFAULT:SHA-1 or LEGACY.

And for further troubleshooting I would first increase the log level on your samba server, and if there everything looks right, start network tracing.

Thanks for the reply again lumarel. That’s correct, I didn’t select the optional “File and Storage Server” option. Yesterday, on the full installation of Rocky, I did choose several options, including that, as I wanted to see if the Samba which was included, might work successfully. As Samba could not be used successfully, I then installed it via yum and tried again. Today, when installing the minimal install, I deliberately avoided it and followed your steps.

An interesting observation is that when I installed the full Rocky 8.9 yesterday, the result was that Samba timed out at the Windows client end, whereas after using the minimal install, it doesn’t time-out but is just very slow. So clearly there are some variations there.

I have a straightforward network here, consisting of two CentOS 7 servers, a Windows Server 2016, Manjaro Linux and numerous virtual machines running inside VirtualBox. Mostly I only power-up the devices as I need them, since it’s only me using them. Nothing has a high crypto policy, it’s all just basic systems from installation. The CentOS systems are several years old. Regarding the Rocky system, it’s just as installed, nothing changed from your notes.

I did make a change to SSH afterwards because attempting to login to Rocky through PuTTY SSH takes ages while it waits and finally offers the password prompt. I added ‘GSAPIAuthentication no’ to /etc/ssh/sshd_config, as I’ve had to do before in the past.

Is there a way that I can test Samba on the Rocky installation from itself? I had been trying smbclient on the full installation yesterday, which resulted in the protocol negotiation error, but this minimal installation doesn’t include smbclient.

Yes this was possible on my system:

[root@r8-samba-dev ~]# smbclient -U testuser //r8-samba-dev.30.lmnt/smbshare
Password for [SAMBA\testuser]:
Try "help" to get a list of possible commands.
smb: \> ls
  .                                   D        0  Sat Nov 25 23:12:10 2023
  ..                                  D        0  Sat Nov 25 23:09:25 2023
  hello                               D        0  Sat Nov 25 23:19:03 2023

		13420544 blocks of size 1024. 11440984 blocks available

Well, I followed your note to the letter, but I don’t have smbclient, but you have it. It doesn’t make sense. I wonder if either my Rocky downloads, or Samba installation don’t include all that is necessary.

Maybe the Rocky mirror is the problem? I’m based in Thailand.

It’s in its own package

[root@r8-samba-dev ~]# dnf provides smbclient
Last metadata expiration check: 2:31:29 ago on Sun 26 Nov 2023 03:13:53 PM CET.
samba-client-4.18.6-1.el8.x86_64 : Samba client programs
Repo        : baseos
Matched from:
Filename    : /usr/bin/smbclient

samba-client-4.18.6-2.el8_9.x86_64 : Samba client programs
Repo        : baseos
Matched from:
Filename    : /usr/bin/smbclient

You shouldn’t get served a incomplete mirror if you didn’t change anything to the repo defaults.

It doesn’t appear to like it

yum install smbclient
Last metadata expiration check: 3:01:03 ago on Sun 26 Nov 2023 14:02:17 GMT.
No match for argument: smbclient
Error: Unable to find a match: smbclient

Yes, because as you can see above, the package is called samba-client.