server = srv.example.local (192.168.2.10/24)
client = client.example.local (192.168.2.20/24)


SERVER CONFIGURATION

Install samba and samba-client:

# yum install -y samba samba-client

Create shared directory:

# mkdir /srv/sambashare
# chmod 777 /srv/sambashare

Set samba_share_t SELinux context:

# semanage fcontext -at samba_share_t "/srv/samba_share(/.*)?"
# restorecon -v /srv/sambashare

Configure /etc/samba/smb.conf:

[global] section:
By default, guests are prohibited by the following implicit option:
map to guest = Never

If you provide at least one public share, you can force the guests to use the “nobodyaccount using both of these 2 options:
map to guest = Bad User
guest account = nobody

The host allow option allows networks:
host allow = 127. 192.168.2.
Or hosts (ip or hostname):
host allow = 192.168.2.20 client.example.local

Example:

# vi /etc/samba/smb.conf
[global]
[...]
hosts allow = 127. 192.168.2.20
[...]

[custom_share]
comment = group share
path = /srv/sambashare
browseable = yes
writable = no
printable = no
valid users = @group, alice
write list = @group

The global configuration only allows the share to be accessed by localhost or 192.168.2.20.
Every single user requires a user account (ldap is more convenient).
The share is only writable by the users who belong to the (ldap) group named group
The user alice has read access even though she doesn’t belong to the group group.

Check samba configuration:

# testparm -s

Enable and start smb and nmb:

# systemctl enable smb smb
# systemctl start smb nmb

Allow service in firewall:

# firewall-cmd --permanent --add-service=samba
# firewall-cmd --reload

Create user accounts:

# smbpasswd -a alice
# smbpasswd -a user1

Note: user1 is a member of group.


CLIENT CONFIGURATION:

See RHCSA post regarding samba (2nd part):
https://sysadminplayfield.github.io/rhcsa/centos7/2020/02/20/rhcsa-18-nfs-samba.html