$schemamarkup = get_post_meta(get_the_ID(), 'schemamarkup', true); if(!empty($schemamarkup)) { echo $schemamarkup; }

Set Up Samba or NFS on CentOS Stream 9: AD, Kerberos & SELinux

October 22, 2025 | By the+gnu+linux+evangelist.

How to Install Samba & NFS

  1. 2. System update and install core packages

    Update system and install the packages used by both Samba and NFS workflows.

    sudo dnf update -y
    sudo dnf install -y epel-release
    sudo dnf install -y samba samba-client samba-common sssd realmd krb5-workstation oddjob oddjob-mkhomedir adcli samba-common-tools
    sudo dnf install -y nfs-utils nfs4-acl-tools rpcbind
    sudo dnf install -y policycoreutils-python-utils selinux-policy-devel
  2. 3. Create canonical directories and permissions

    Create share directories under /srv (recommended for server data) and set POSIX permissions before applying SELinux contexts.

    sudo mkdir -p /srv/samba/share
    sudo mkdir -p /srv/nfs/data
    sudo chown -R root:root /srv/samba /srv/nfs
    sudo chmod -R 2770 /srv/samba/share
  3. 4. SELinux: persistent file contexts for Samba and NFS

    Label Samba share directories with the samba_share_t type so smbd can access them. For NFS exports set an appropriate type (server policies often use nfs_t for exports) and enable the needed booleans. Using semanage fcontext creates persistent rules; then apply with restorecon. See SELinux Samba docs for rationale. :contentReference[oaicite:0]{index=0}

    sudo semanage fcontext -a -t samba_share_t '/srv/samba(/.*)?'
    sudo restorecon -Rv /srv/samba
    sudo semanage fcontext -a -t nfs_t '/srv/nfs(/.*)?'
    sudo restorecon -Rv /srv/nfs
    sudo setsebool -P nfs_export_all_rw on
  4. 5. Samba basic config and test share

    Create a minimal smb.conf with a secure share. We use hosts allow and Samba ACLs for access control; AD users/groups will be mapped later.

    sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
    sudo tee /etc/samba/smb.conf <<'EOF'
    [global]
       workgroup = EXAMPLE
       server string = CentOS9 Samba Server
       security = ADS
       realm = EXAMPLE.COM
       unix password sync = no
       client signing = mandatory
       server signing = mandatory
       idmap config * : backend = tdb
       template homedir = /home/%D/%U
       winbind use default domain = yes
    
    [share]
       path = /srv/samba/share
       browsable = yes
       read only = no
       create mask = 0660
       directory mask = 2770
    EOF
    sudo systemctl enable --now smb nmb

Contents