Installing on Linux Ubuntu / Debian:
sudo apt install samba
Creating a backup copy of the configuration file just in case:
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.backup
Opening a config for editing, for example in the nano editor:
sudo nano /etc/samba/smb.conf
I will briefly describe the parameters of the standard config:
[global] netbios name = NAME # Workgroup Name workgroup = WORKGROUP # Server Description server string = %h server (Samba, Ubuntu) # Enable the WINS (Windows Internet Name Service) server features. The WINS server registers the bindings of the NETBIOS name with the IP address. # wins support = no # Address of another server on the WINS network. ; wins server = w.x.y.z # Whether to make a query to the DNS server if the WINS server could not resolve the NetBIOS name dns proxy = no # The parameter determines in which order to use the name service to get the IP address (lmhosts - look up the IP in the samba lmhosts file, host - /etc/hosts, wins - via the wins server specified in the "wins server", bcast - send a broadcast request to all network interfaces ) ; name resolve order = lmhosts host wins bcast # Determines which interfaces will be used. ; interfaces = 127.0.0.0/8 eth0 # Indicates that only the interfaces specified in the "interfaces" should be strictly used. ; bind interfaces only = yes # Log file location log file = /var/log/samba/log.%m # More detailed log level (default 0) log level = 2 debug timestamp = yes # The maximum file size in kilobytes, if the size is exceeded, then a new one is created, and the .old extension is added to the existing one, "0" is added with no limit on the size) max log size = 1000 # Whether to write logs to syslog # syslog only = no # Log level to be written to syslog system log (0 - LOG_ERR, 1 - LOG_WARNING, 2 - LOG_NOTICE, 3 - LOG_INFO) syslog = 0 # Access to resources is carried out by: user - username and password, share - password, server - redirection of the check to another server (if you cannot use "security = user", domain - imitation of the operation of the Windows domain server # security = user # Encryption of passwords transmitted between client and server encrypt passwords = true # User storage mechanism (smbpasswd, tdbsam, ldapsam) passdb backend = tdbsam # Using PAM for authentication obey pam restrictions = yes # Synchronize UNIX password with SMB password when changing the encrypted SMB password in the smbpasswd file unix password sync = yes # The program that will be used to change UNIX passwords passwd program = /usr/bin/passwd %u # A string that controls the exchange of “chat” between the smbd daemon and the password changer passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . # Using PAM to change UNIX passwords instead of the specified program in the "passwd program" pam password change = yes # (Never - requests with the wrong password are rejected; Bad User - requests with the wrong password are rejected, but if the username exists, an attempt will be made to log in as a guest; Bad Password - requests with the wrong password will be processed as an attempt to log in as a guest; Bad Uid - in security mode = domain / ads when the user is authenticated, but does not have a UNIX account will be considered a guest. map to guest = bad user ########## Domains ########### # Network Login Service Support for Windows 9X ; domain logons = yes # Path to the directory where user profiles will be stored (Application Data, Desktop, NTuser.dat, ...) ; logon path = \\%N\profiles\%U # logon path = \\%N\%U\profile # Path to append home directory for Windows NT workstations ; logon drive = H: # Home directory for client authorization # logon home = \\%N\%U # The script file that will be downloaded and executed on the client computer upon login. ; logon script = logon.cmd # Path to the script that will be executed by the smbd daemon from the root user under the circumstances described below. ; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u # Path to the script that runs when adding a computer account to the SAMBA domain ; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u # The path to the script that runs as root smbd when creating a new group ; add group script = /usr/sbin/addgroup --force-badname %g ########## Printing ########## # Display all printers # load printers = yes # Determines which status information about the printer will be interpreted in the system. ; printing = bsd # Override compiled printcap name ; printcap name = /etc/printcap ; printing = cups ; printcap name = cups ############ Misc ############ # Attaching and processing another configuration file ; include = /home/samba/etc/smb.conf.%m # SO_RCVBUF=8192 SO_SNDBUF=8192 # Socket options for customer service # socket options = TCP_NODELAY # The command is executed when the server receives a WinPopup message. ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & # Matching the browse list. Wizard browsers on isolated subnets will transmit their local browsing lists and request a complete copy of the list for the entire global network. # domain master = auto # The range of user identifiers for matching UNIX SIDs of users to SIDs of NT users. ; idmap uid = 10000-20000 # The range of group identifiers for mapping UNIX SIDs of groups to SIDs of NT groups ; idmap gid = 10000-20000 ; template shell = /bin/bash ; winbind enum groups = yes ; winbind enum users = yes ; usershare max shares = 100 # Allow non-authenticated users to access user shares usershare allow guests = yes #======================= Share Definitions ======================= ;[homes] # folder comment ; comment = Home Directories # The share is displayed in the list of available shares in the network environment and in the list view. ; browseable = no # The ban on changing and creating files ; read only = yes # Access rights for the file being created ; create mask = 0700 # Permissions for the created directory ; directory mask = 0700 # List of users allowed access ; valid users = %S ;[netlogon] ; comment = Network Logon Service ; path = /home/samba/netlogon # Do not require a password to connect ; guest ok = yes ; read only = yes ;[profiles] ; comment = Users profiles ; path = /home/samba/profiles ; guest ok = no ; browseable = no ; create mask = 0600 ; directory mask = 0700 [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no ; write list = root, @lpadmin ;[cdrom] ; comment = Samba server's CD-ROM ; read only = yes ; locking = no ; path = /cdrom ; guest ok = yes # The command launched when connecting to the service ; preexec = /bin/mount /cdrom # The command started when disconnecting from the service ; postexec = /bin/umount /cdrom # Allows only the specified IP addresses to connect to the Samba server, by default, everyone is allowed, you can not limit - comment out the line, but limit it with a firewall, for example iptables hosts allow = 172.16. 192.168.1. 192.168.0. 127. 10.
I will give an example of the configuration of the user “ixnfo”:
[ixnfo] path = /srv/samba/ixnfo comment = ixnfo browseable = yes writable = yes read only = no create mask = 0770 directory mask = 0770
You can check the correctness of the configuration parameters with the command:
testparm
Daemon check:
netstat -nlp
You can find out the version of samba like this:
smbd --version
Example of creating a directory:
sudo mkdir -p /srv/samba/anonymous_share sudo chown nobody.nogroup /srv/samba/anonymous_share/
View privileges on files and folders:
ls -l /srv/samba
Adding user “ixnfo” in Ubuntu:
sudo useradd ixnfo
Adding a samba user (a user with the same name should already be created in the system using the command above):
sudo smbpasswd -a ixnfo
User activation:
sudo smbpasswd -e ixnfo
Create users file:
sudo touch /etc/samba/smbusers sudo nano /etc/samba/smbusers ixnfo = Admin
Example of specifying privileges:
sudo chown ixnfo:ixnfo -R /srv/samba/ixnfo/ sudo chmod -R 0770 /srv/samba/ixnfo/
Apply the changes:
sudo smbcontrol all reload-config
Or restart the samba:
sudo service samba restart sudo restart smbd sudo restart nmbd
Or so restart:
sudo /etc/init.d/smbd restart sudo /etc/init.d/nmbd restart sudo systemctl restart smbd sudo systemctl restart nmbd
An example of viewing computer network information in Windows:
net config workstation
An example of the command to connect a network drive in Windows (you can add to the startup file with a bat file):
net use K: \\192.168.1.5\dir /persistent:no /user:USER PASSWORD
See also my articles:
IPTables rules for Samba
Installing system-config-samba
Resolving errors:
How to troubleshoot Samba autorun in Linux?
Solution WARNING: The “syslog” option is deprecated
System error 1231 has occurred
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)