What is SAMBA? Samba - first steps Support for the samba network environment.
Sometimes you need to very quickly set up a file share on the server and open access to it. In this case, there is no need to fence any complex configurations, access rights or something else. You just need quick access to information without unnecessary questions.
For example, I recently needed something like this to open access to backups, which were stored on the server. I didn’t want to figure it out and look for information myself; I needed to quickly give the person reading access so that he could find everything he needed.
I will not specifically operate with versions operating systems. Samba's configs are the same almost everywhere I've worked with them, especially in the simplest configurations.
So, install Samba in any suitable way for your operating system. The configurations are valid for version 3 of samba. Next we decide what we need:
- access by user and password,
- access by IP address,
- access to everyone without restrictions.
Depending on this, the settings will be slightly different.
For password access draw the following config:
Security = user passdb backend = tdbsam workgroup = MYGROUP server string = Samba path = /mnt/shara valid users = @users force group = users create mask = 0660 directory mask = 0771 writable = yes browseable = yes
# useradd share-user -M -G users -s /sbin/nologin
We import this user into Samba and set the password:
# smbpasswd -a share-user
And we try to go to the ball at the address:
\\server ip\share
To organize access depending on ip address, make the following settings in smb.conf:
Security = share workgroup = MYGROUP server string = Samba map to guest = bad user path = /mnt/files browsable = yes writable = yes guest ok = yes read only = no hosts allow = 192.168.0.171
In this case full access will be at the address 192.168.0.171. To add the entire subnet, you need to specify the following:
Hosts allow = 192.168.0.
You can combine different subnets and addresses, separating them with spaces. In order to disable access to some individual addresses from an allowed subnet, you can do this:
Hosts allow = 192.168.0. except 192.168.0.15
Access will be allowed to the entire subnet 192.168.0.0/24, except for the address 192.168.0.15.
We restart samba and check.
If you have samba 4 installed, then this configuration will not work and you will receive an error:
WARNING: Ignoring invalid value "share" for parameter "security" !}
For IP access to work properly, you need to make the following changes to the above config:
Security = user map to guest = Bad Password
Leave the rest of the parameters the same. After this, access via IP will work on version 4 of Samba.
If access will be provided to everyone without restrictions, That simplest configuration samba will be like this:
Security = user workgroup = MYGROUP server string = Samba guest account = nobody map to guest = Bad User path = /mnt/files browseable = Yes guest ok = Yes writeable = Yes public = yes
Don't forget to give everyone rights to the folder:
# chmod 0777 /mnt/files
Restart Samba and try to log in. They should let you in without any questions asked.
This is how you can organize the simplest thing in literally 5 minutes file server using samba. And often it’s more difficult and it’s not necessary. For some kind of file dump, the latest option is suitable.
For more complex configurations I have separate articles:
Online course on Linux
If you have a desire to learn how to build and maintain highly available and reliable systems, I recommend that you get acquainted with online course “Linux Administrator” in OTUS. The course is not for beginners; for admission you need basic knowledge of networks and Linux installation to the virtual machine. The training lasts 5 months, after which successful course graduates will be able to undergo interviews with partners. What this course will give you:- Knowledge of Linux architecture.
- Mastering modern methods and tools for data analysis and processing.
- Ability to select a configuration for the required tasks, manage processes and ensure system security.
- Proficiency in basic work tools system administrator.
- Understanding of the specifics of deploying, configuring and maintaining networks built on Linux.
- The ability to quickly solve emerging problems and ensure stable and uninterrupted operation of the system.
Implementation network protocols Server Message Block (SMB) And Common Internet File System (CIFS). The main purpose is to share files and printers between Linux and Windows systems.
Samba consists of several daemons that run in the background and provide services and a number of command line tools for interacting with Windows services:
- smbd- a daemon that is an SMB server for file services and print services;
- nmbd- a daemon that provides NetBIOS naming services;
- smblient- the utility provides command line access to SMB resources. It also allows you to get lists shared resources on remote servers and view your network environment;
- smb.conf - configuration file, containing settings for all Samba tools;
List of ports used by Samba
- share- this security mode emulates the authentication method used by operating systems Windows systems 9x/Windows Me. In this mode, usernames are ignored and passwords are assigned to shares. In this mode, Samba attempts to use a client-supplied password that can be used by different users.
- user* - This security mode is set by default and uses a username and password for authentication, as is usually done in Linux. In most cases, on modern operating systems, passwords are stored in an encrypted database that is used only by Samba.
- server- this security mode is used when it is necessary for Samba to perform authentication when accessing another server. For clients, this mode looks the same as user-level authentication (user mode), but Samba actually contacts the server specified in the password server parameter to perform authentication.
- domain- using this security mode, you can fully join a Windows domain; For clients, this looks the same as user-level authentication. Unlike server-level authentication, domain authentication uses more secure password exchange at the domain level. To fully join a domain, you need to run additional commands on the Samba system and possibly on the domain controller.
- ads- this security mode is similar to the domain authentication method, but requires a domain controller Active Directory Domain Services.
Full list of parameters Samba is in manpages.
Above was an example with access for a shared directory. Let's consider another example with a private directory, which can only be accessed by login and password.
Let's create a group and add a user to it
Sudo groupadd smbgrp sudo usermod -a -G smbgrp proft
Let's create a directory for the user and set rights
Sudo mkdir -p /srv/samba/proft sudo chown -R proft:smbgrp /srv/samba/proft sudo chmod -R 0770 /srv/samba/proft
Let's create a samba user
Sudo smbpasswd -a proft
Add a new resource to /etc/samba/smb.conf
Path = /srv/samba/proft valid users = @smbgrp guest ok = no writable = yes browsable = yes
Let's restart the server
Sudo systemctl restart smbd
An example of setting up a resource that contains symlink to the user's folder ( /srv/samba/media/video » /home/proft/video)
Path = /srv/samba/media guest ok = yes read only = yes browsable = yes force user = proft
Client setup
View your computer's shared resources
Smbclient -L 192.168.24.101 -U%
Another way to connect for an anonymous user with the command line
Smbclient -U nobody //192.168.24.101/public ls
If the server is configured with more high level security, you may need to pass the username or domain name using the -W and -U options, respectively.
Smbclient -L 192.168.24.101 -U proft -W WORKGROUP
Mounting a samba resource
# create a mount point mkdir -p ~/shares/public # mount a resource # for anonymous user nobody mount -t cifs //192.168.24.101/public /home/proft/shares/public -o user=nobody,password=,workgroup= WORKGROUP,ip=192.168.24.101,utf8 # for user proft mount -t cifs //192.168.24.101/public /home/proft/shares/public -o user=proft,password=1,workgroup=WORKGROUP,ip=192.168. 24.101,utf8
More better passwords store in a separate file
# sudo vim /etc/samba/sambacreds username=proft password=1 username=noboy password=
Set the access rights to 0600
Sudo chmod 0600 /etc/samba/sambacreds
New mount line
Mount -t cifs //192.168.24.101/public /home/proft/shares/public -o user=proft,credentials=/etc/samba/sambacreds,workgroup=WORKGROUP,ip=192.168.24.101
And an example for /etc/fstab
//192.168.24.101/public /home/proft/shares/public cifs noauto,username=proft,credentials=/etc/samba/sambacreds,workgroup=WORKGROUP,ip=192.168.24.101 0 0
Open resource in file manager Nautilus/Nemo/etc can be done using this path smb://192.268.24.101.
If Nemo writes Nemo cannot handle "smb" locations. it means the package is missing gvfs-smb.
Access to the server with Windows and Android client
Under Windows, you can find out the workgroup from the console using
Net config workstation
You can open resources on a remote machine by typing the UNC address in the Explorer line or in Run (Start - Run): \192.168.24.101 .
On Android you can connect to the server using ES File Explorer , on the Network tab, add a server, simply by IP (without specifying the scheme, smb). After which you can open the shared resources. For statistics: an HDRIP movie runs without any slowdown.
Additional reading
The main Samba configuration file is /etc/samba/smb.conf. The initial configuration file has a significant number of comments to document the various configuration directives.
Not all possible options are included in the default settings file. See manual man smb.conf or Samba FAQ for more details.
1. First change the following key/value pairs in the section file /etc/samba/smb.conf:
Workgroup = EXAMPLE ... security = user
Parameter security is located much lower in the section and is commented out by default. Also replace EXAMPLE to something more appropriate to your surroundings.
2. Create a new section at the end of the file or uncomment one of the examples for the directory that you want to share:
Comment = Ubuntu File Server Share path = /srv/samba/share browsable = yes guest ok = yes read only = no create mask = 0755
comment: A short description of the shared resource. Used for your convenience.
path: path to the shared directory.
This example uses /srv/samba/sharename because, according to the File System Hierarchy Standard (FHS), the /srv directory is where all data related to a given site should reside. Technically, a Samba share can be placed anywhere on the file system where file access restrictions allow, but following standards is recommended.
browsable: Allows Windows clients to view the contents of a shared directory using Windows Explorer.
guest ok: Allows clients to connect to the shared resource without providing a password.
read only: Determines whether the resource is accessible with read-only or write privileges. Write privileges are only available when you specify no as shown in in this example. If the value yes, then access to the resource will be read-only.
create mask: Defines what access rights will be set for new files created.
3. Now that Samba is configured, you need to create a directory and set permissions on it. Enter in terminal:
Sudo mkdir -p /srv/samba/share sudo chown nobody.nogroup /srv/samba/share/
parameter -p tells mkdir to create a complete directory tree if it doesn't exist.
4. Finally, restart samba services to apply the new settings:
Sudo restart smbd sudo restart nmbd
Now you can find Ubuntu file server using a Windows client and view its shared directories. If your client does not show your shares automatically, try accessing your server by its IP address, for example, \\192.168.1.1, from a Windows Explorer window. To check that everything works, try creating a directory inside your share from Windows.
To create additional shares, create a new section in /etc/samba/smb.conf and restart Samba. Just make sure the shared directory is created and has the correct permissions.
Shared resource "" and the way /srv/samba/share- these are just examples. Set the resource name and directory name according to your environment. It's a good idea to use the name of the resource's directory in file system. In other words, the resource can be specified for the /srv/samba/qa directory.