samba share :
the mounting is different from nfs
samba share : mount -t cifs //192.168.1.1/public  /share
 -t cifs is the format of samba service. and public is no the acctually directory
chcon -R -t samba_share_t  /inst
# if share folder can not mounted by guest , set the security=share in smb.conf
# if security=user
 smbpasswd -a xing  from server
  mount -t cifs //192.168.1.1/public /share -o username=xing    from client   
 
nfs: mount  -t nfs 192.168.1.1:/inst   /inst

samba security = user

mkdir  /amex
groupadd amex
chgrp amex /amex
useradd amex1
usermod G amex amex1
chmod 775 /amex
smbpasswd -a amex1
set amex as public and write list =+amex in smb config

#allow full access to amex group and readonly to others
[amex]
path=/amex
public=yes
writable= no
write list=+amex

#grant all members in amex can write to other's file
chmod 2777 /amex   sgid bit
 #only owner can remove his file
chmod 1777 /amex     sticky bit

notes: ensure create a new account in windows and login as amex1  to test

test in linux:  smbclient  //192.168.1.1/amex -U amex1
use ? to list the command
chmod 1777 for the public share if the NT-ACCEESS denied.
 
for homes directroy
 
writable=yes
valid users =lian xing
 
smbpasswd -a xing
 
ensure connect share name in [  ] ,
 
smbclient //192.168.1.1/homes -U  xing
 
not smbclient //192.168.1.1/home/xing -U xing
 
when connected all new file will be write to /home/xing or /home/lian accordingly.
ensure selinux allow user to login with cifs home directory

share folder accessable to only xing with full access but readonly to others
[data]
path=/storage
public=no
writable=no
write list=xing
browsable =yes

share folder should be read only to xing in example domain
global section
security=user
hosts allow=.example.com
[data]
path=/storage
public=no
writable =no
browsable =yes

share folder by default is writable=no ,
to  assign user1 and user2 full access should be valid users=user1 user2
 
#normal list

smbclient -L 192.168.1.10

share section will override global section in hosts allow
test share accessible
testparm /etc/samba/smb.conf  client 192.168.1.10

enable port 137 138 139 455 in iptables
 
# by default shared permission is on writable=no means read only sharing, write list
option is used to allow write access on share directory to certain users or group members
[data]
path=/data
writable = no
write list = xing lian

 
 
ok
----------
[home]
;       valid users = %S   allow local system user to access its home directory
;       valid users = MYDOMAIN\%S

---------------

allow jack and tom accesss smbshare
[smbshare]
comment =samba share
browsable = yes
writeable = no
path = /samba
-----------
trouble shooting
1. tail -f /var/log/messages
2. yum install setroubleshoot
3. service setroubleshoot restart
4. tail -f /var/log/messages
5. setroubleshoot
6. setenforce 1
7. getenforce
follow the comment of the messages

test
smbclient -U user1 //192.168.0.010/homes