Installing and configuring Samba

Posted byVyacheslav Leave a comment on Installing and configuring Samba

Installing on Linux Ubuntu / Debian:

sudo apt install samba

Creating a backup copy of the configuration file just in case:

sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.backup

Opening a config for editing, for example in the nano editor:

sudo nano /etc/samba/smb.conf

I will briefly describe the parameters of the standard config:

[global]
netbios name = NAME
# Workgroup Name
workgroup = WORKGROUP
# Server Description
server string = %h server (Samba, Ubuntu)
# Enable the WINS (Windows Internet Name Service) server features. The WINS server registers the bindings of the NETBIOS name with the IP address.
# wins support = no
# Address of another server on the WINS network.
;   wins server = w.x.y.z
# Whether to make a query to the DNS server if the WINS server could not resolve the NetBIOS name
 dns proxy = no
# The parameter determines in which order to use the name service to get the IP address (lmhosts - look up the IP in the samba lmhosts file, host - /etc/hosts, wins - via the wins server specified in the "wins server", bcast - send a broadcast request to all network interfaces )
;   name resolve order = lmhosts host wins bcast
 
# Determines which interfaces will be used.
;   interfaces = 127.0.0.0/8 eth0
# Indicates that only the interfaces specified in the "interfaces" should be strictly used.
;   bind interfaces only = yes
 
# Log file location
log file = /var/log/samba/log.%m
# More detailed log level (default 0)
log level = 2
debug timestamp = yes
# The maximum file size in kilobytes, if the size is exceeded, then a new one is created, and the .old extension is added to the existing one, "0" is added with no limit on the size)
 max log size = 1000
# Whether to write logs to syslog
#   syslog only = no
# Log level to be written to syslog system log (0 - LOG_ERR, 1 - LOG_WARNING, 2 - LOG_NOTICE, 3 - LOG_INFO)
   syslog = 0
# Access to resources is carried out by: user - username and password, share - password, server - redirection of the check to another server (if you cannot use "security = user", domain - imitation of the operation of the Windows domain server
# security = user
# Encryption of passwords transmitted between client and server
   encrypt passwords = true
# User storage mechanism (smbpasswd, tdbsam, ldapsam)
   passdb backend = tdbsam
# Using PAM for authentication
   obey pam restrictions = yes
# Synchronize UNIX password with SMB password when changing the encrypted SMB password in the smbpasswd file
   unix password sync = yes
# The program that will be used to change UNIX passwords
   passwd program = /usr/bin/passwd %u
# A string that controls the exchange of “chat” between the smbd daemon and the password changer
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
# Using PAM to change UNIX passwords instead of the specified program in the "passwd program"
   pam password change = yes
# (Never - requests with the wrong password are rejected; Bad User - requests with the wrong password are rejected, but if the username exists, an attempt will be made to log in as a guest; Bad Password - requests with the wrong password will be processed as an attempt to log in as a guest; Bad Uid - in security mode = domain / ads when the user is authenticated, but does not have a UNIX account will be considered a guest.
   map to guest = bad user
 
########## Domains ###########
# Network Login Service Support for Windows 9X
;   domain logons = yes
# Path to the directory where user profiles will be stored (Application Data, Desktop, NTuser.dat, ...)
;   logon path = \\%N\profiles\%U
#   logon path = \\%N\%U\profile
# Path to append home directory for Windows NT workstations
;   logon drive = H:
# Home directory for client authorization
#   logon home = \\%N\%U
# The script file that will be downloaded and executed on the client computer upon login.
;   logon script = logon.cmd
# Path to the script that will be executed by the smbd daemon from the root user under the circumstances described below.
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
# Path to the script that runs when adding a computer account to the SAMBA domain
; add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
# The path to the script that runs as root smbd when creating a new group
; add group script = /usr/sbin/addgroup --force-badname %g
 
########## Printing ##########
# Display all printers
#   load printers = yes
# Determines which status information about the printer will be interpreted in the system.
;   printing = bsd
# Override compiled printcap name
;   printcap name = /etc/printcap
;   printing = cups
;   printcap name = cups
 
############ Misc ############
# Attaching and processing another configuration file
;   include = /home/samba/etc/smb.conf.%m
#         SO_RCVBUF=8192 SO_SNDBUF=8192
# Socket options for customer service
#   socket options = TCP_NODELAY
# The command is executed when the server receives a WinPopup message.
;   message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
# Matching the browse list. Wizard browsers on isolated subnets will transmit their local browsing lists and request a complete copy of the list for the entire global network.
#   domain master = auto
# The range of user identifiers for matching UNIX SIDs of users to SIDs of NT users.
;   idmap uid = 10000-20000
# The range of group identifiers for mapping UNIX SIDs of groups to SIDs of NT groups
;   idmap gid = 10000-20000
;   template shell = /bin/bash
;   winbind enum groups = yes
;   winbind enum users = yes
;   usershare max shares = 100
# Allow non-authenticated users to access user shares
   usershare allow guests = yes
 
#======================= Share Definitions =======================
;[homes]
# folder comment
;   comment = Home Directories
# The share is displayed in the list of available shares in the network environment and in the list view.
;   browseable = no
# The ban on changing and creating files
;   read only = yes
# Access rights for the file being created
;   create mask = 0700
# Permissions for the created directory
;   directory mask = 0700
# List of users allowed access
;   valid users = %S
;[netlogon]
;   comment = Network Logon Service
;   path = /home/samba/netlogon
# Do not require a password to connect
;   guest ok = yes
;   read only = yes
;[profiles]
;   comment = Users profiles
;   path = /home/samba/profiles
;   guest ok = no
;   browseable = no
;   create mask = 0600
;   directory mask = 0700
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
;   write list = root, @lpadmin
;[cdrom]
;   comment = Samba server's CD-ROM
;   read only = yes
;   locking = no
;   path = /cdrom
;   guest ok = yes
 
# The command launched when connecting to the service
;   preexec = /bin/mount /cdrom
# The command started when disconnecting from the service
;   postexec = /bin/umount /cdrom
 
# Allows only the specified IP addresses to connect to the Samba server, by default, everyone is allowed, you can not limit - comment out the line, but limit it with a firewall, for example iptables
hosts allow = 172.16. 192.168.1. 192.168.0. 127. 10.

I will give an example of the configuration of the user “ixnfo”:

[ixnfo]
path = /srv/samba/ixnfo
comment = ixnfo
browseable = yes
writable = yes
read only = no
create mask = 0770
directory mask = 0770

You can check the correctness of the configuration parameters with the command:

testparm

Daemon check:

netstat -nlp

You can find out the version of samba like this:

smbd --version

Example of creating a directory:

sudo mkdir -p /srv/samba/anonymous_share
sudo chown nobody.nogroup /srv/samba/anonymous_share/

View privileges on files and folders:

ls -l /srv/samba

Adding user “ixnfo” in Ubuntu:

sudo useradd ixnfo

Adding a samba user (a user with the same name should already be created in the system using the command above):

sudo smbpasswd -a ixnfo

User activation:

sudo smbpasswd -e ixnfo

Create users file:

sudo touch /etc/samba/smbusers
sudo nano /etc/samba/smbusers
ixnfo = Admin

Example of specifying privileges:

sudo chown ixnfo:ixnfo -R /srv/samba/ixnfo/
sudo chmod -R 0770 /srv/samba/ixnfo/

Apply the changes:

sudo smbcontrol all reload-config

Or restart the samba:

sudo service samba restart
sudo restart smbd
sudo restart nmbd

Or so restart:

sudo /etc/init.d/smbd restart
sudo /etc/init.d/nmbd restart
sudo systemctl restart smbd
sudo systemctl restart nmbd

An example of viewing computer network information in Windows:

net config workstation

An example of the command to connect a network drive in Windows (you can add to the startup file with a bat file):

net use K: \\192.168.1.5\dir /persistent:no /user:USER PASSWORD

See also my articles:
IPTables rules for Samba
Installing system-config-samba
Resolving errors:
How to troubleshoot Samba autorun in Linux?
Solution WARNING: The “syslog” option is deprecated
System error 1231 has occurred
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)

Leave a comment

Leave a Reply