Samba Configure
Install Samba
Install samba:
sudo apt update
sudo apt install samba
Check if the installation successful:
whereis samba
The expected output should be something like this:
samba: /usr/sbin/samba /usr/lib/samba /etc/samba /usr/share/samba /usr/share/man/man7/samba.7.gz /usr/share/man/man8/samba.8.gz
Configure Firewall
If you have a firewall running on your Ubuntu system you’ll need to allow incoming UDP connections on ports 137 and 138 and TCP connections on ports 139 and 445.
Assuming you are using UFW to manage your firewall, you can open the ports by enabling the samba profile:
sudo ufw allow samba
Configuring Global Samba options
Before making changes to the Samba configuration file, create a backup for future reference purposes:
sudo cp /etc/samba/smb.conf{,.backup}
Open /etc/samba/smb.conf and make sure server role is set to standalone server:
# Most people will want "standalone sever" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
server role = standalone server
Creating Samba Users and Directory Structure
Create Samba Directory
All Samba directories and data will be located in the /samba directory. To create the /samba directory type:
sudo mkdir /samba
Set the group ownership to sambashare. This group is created during the Samba installation, later we will add all Samba users to this group:
sudo chgrp sambashare /samba
Creating Samba Users
To create a new user named smbuser use the following command:
sudo useradd -M -d /samba/smbuser -s /usr/sbin/nologin -G sambashare smbuser
The useradd options have the following meanings:
-Mdo not create the user’s home directory. We’ll manually create this directory.-d samba/smbuser- set the user’s home directory to/samba/smbuser.-s /usr/sbin/nologin- disable shell access for this user.-G sambashare- add the user to the sambashare group
Creating Samba Users Home directory
Create the user’s home directory and set the directory ownership to user smbusetr and group sambashare:
sudo mkdir /samba/smbuser
sudo chown smbuser:sambashare /samba/smbuser
Setting Samba Users Home directory Permissions
The following command will add the setgid bit to the /samba/smbuser directory so the newly created files in this directory will inherit the group of the parent directory. This way, no matter which user creates a new file, the file will have group-owner of sambashare:
sudo chmod 2770 /samba/smbuser
Add Samba User to Samba Database
Add the smbuser user account to the Samba database by setting the user password:
sudo smbpasswd -a smbuser
You will be prompted to enter and confirm the user password.
Enable Samba user account
Once the password is set to enable the Samba account run:
sudo smbpasswd -e smbuser
Configuring Samba Shares
Open the Samba configuration file:
sudo vim /etc/samba/smb.conf
and append the section at the end of the file:
[smbuser]
path = /samba/smbuser
browseable = yes
read only = no
force create mode = 0660
force directory mode = 2770
valid users = smbuser @sambashare
Samba Options
The options have the following meanings:
[smbuser]- The names of the shares that you will use when logging in.path- The path to the share.browseable- Whether the share should be listed in the available shares list. By setting to no other users won’t be able to see the share.read only- Whether the users specified in the valid users list are able to write to this share.force create mode- Sets the permissions for the newly created files in this share.force directory mode- Sets the permissions for the newly created directories in this share.valid users- A list of users and groups that are allowed to access the share. Groups are prefixed with the @ symbol.
Restart Samba Services
sudo systemctl restart smbd
sudo systemctl restart nmbd
Samba Commands
List Samba Users
pdbedit is used to manage the SAM database:
sudo pdbedit -L -v
Add User to Samba Group
sudo usermod -aG sambashare someuser
Delete Samba users
Delete from Samba database:
smbpasswd -x smbuser
Delete from Unix system:
userdel -r smbuser