Samba - first steps. Creating a home network using Samba for devices running Windows, Linux, Android OS Samba Service
The main Samba configuration file is /etc/samba/smb.conf. The initial configuration file has a significant number of comments to document the various configuration directives.
Not all possible options are included in the default settings file. See manual man smb.conf or Samba FAQ for more details.
1. First change the following key/value pairs in the section file /etc/samba/smb.conf:
Workgroup = EXAMPLE ... security = user
Parameter security is located much lower in the section and is commented out by default. Also replace EXAMPLE to something more appropriate to your surroundings.
2. Create a new section at the end of the file or uncomment one of the examples for the directory that you want to share:
Comment = Ubuntu File Server Share path = /srv/samba/share browsable = yes guest ok = yes read only = no create mask = 0755
comment: A short description of the shared resource. Used for your convenience.
path: path to the shared directory.
This example uses /srv/samba/sharename because, according to the File System Hierarchy Standard (FHS), the /srv directory is where all data related to a given site should reside. Technically, a Samba share can be placed anywhere on the file system where file access restrictions allow, but following standards is recommended.
browsable: Allows Windows clients to view the contents of a shared directory using Windows Explorer.
guest ok: Allows clients to connect to the shared resource without providing a password.
read only: Determines whether the resource is accessible with read-only or write privileges. Write privileges are only available when you specify no, as shown in this example. If the value yes, then access to the resource will be read-only.
create mask: Defines what access rights will be set for new files created.
3. Now that Samba is configured, you need to create a directory and set permissions on it. Enter in terminal:
Sudo mkdir -p /srv/samba/share sudo chown nobody.nogroup /srv/samba/share/
parameter -p tells mkdir to create a complete directory tree if it doesn't exist.
4. Finally, restart samba services to apply the new settings:
Sudo restart smbd sudo restart nmbd
You can now search the Ubuntu file server using the Windows client and browse its shared directories. If your client does not show your shares automatically, try accessing your server by its IP address, for example, \\192.168.1.1, from a Windows Explorer window. To check that everything works, try creating a directory inside your share from Windows.
To create additional shares, create a new section in /etc/samba/smb.conf and restart Samba. Just make sure the shared directory is created and has the correct permissions.
Shared resource "" and the way /srv/samba/share- these are just examples. Set the resource name and directory name according to your environment. It is a good idea to use the name of the resource's directory on the file system as the name of the resource. In other words, the resource can be specified for the /srv/samba/qa directory.
Implementation network protocols Server Message Block (SMB) And Common Internet File System (CIFS). The main purpose is to share files and printers between Linux and Windows systems.
Samba consists of several demons working in background and providing services and a number of command line tools for interacting with Windows services:
- smbd- a daemon that is an SMB server for file services and print services;
- nmbd- a daemon that provides NetBIOS naming services;
- smblient- the utility provides command line access to SMB resources. It also allows you to get lists shared resources on remote servers and view the network environment;
- smb.conf- a configuration file containing settings for all Samba tools;
List of ports used by Samba
- share- this security mode emulates the authentication method used by operating systems Windows systems 9x/Windows Me. In this mode, usernames are ignored and passwords are assigned to shares. In this mode, Samba attempts to use a client-supplied password that can be used by different users.
- user* - This security mode is set by default and uses a username and password for authentication, as is usually done in Linux. In most cases, on modern operating systems, passwords are stored in an encrypted database that is used only by Samba.
- server- this security mode is used when it is necessary for Samba to perform authentication when accessing another server. For clients, this mode looks the same as user-level authentication (user mode), but Samba actually contacts the server specified in the password server parameter to perform authentication.
- domain- using this security mode, you can fully join a Windows domain; For clients, this looks the same as user-level authentication. Unlike server-level authentication, domain authentication uses more secure password exchange at the domain level. To fully join a domain, you need to run additional commands on the Samba system and possibly on the domain controller.
- ads- this security mode is similar to the domain authentication method, but requires a domain controller Active Directory Domain Services.
Full list of parameters Samba is in manpages.
Above was an example with access to a directory with shared access. Let's consider another example with a private directory, which can only be accessed by login and password.
Let's create a group and add a user to it
Sudo groupadd smbgrp sudo usermod -a -G smbgrp proft
Let's create a directory for the user and set rights
Sudo mkdir -p /srv/samba/proft sudo chown -R proft:smbgrp /srv/samba/proft sudo chmod -R 0770 /srv/samba/proft
Let's create a samba user
Sudo smbpasswd -a proft
Add a new resource to /etc/samba/smb.conf
Path = /srv/samba/proft valid users = @smbgrp guest ok = no writable = yes browsable = yes
Let's restart the server
Sudo systemctl restart smbd
An example of setting up a resource that contains symlink to the user's folder ( /srv/samba/media/video » /home/proft/video)
Path = /srv/samba/media guest ok = yes read only = yes browsable = yes force user = proft
Client setup
View your computer's shared resources
Smbclient -L 192.168.24.101 -U%
Another connection method for an anonymous user with command line
Smbclient -U nobody //192.168.24.101/public ls
If the server is configured with a higher level of security, you may need to pass the username or domain name using the -W and -U options, respectively.
Smbclient -L 192.168.24.101 -U proft -W WORKGROUP
Mounting a samba resource
# create a mount point mkdir -p ~/shares/public # mount a resource # for anonymous user nobody mount -t cifs //192.168.24.101/public /home/proft/shares/public -o user=nobody,password=,workgroup= WORKGROUP,ip=192.168.24.101,utf8 # for user proft mount -t cifs //192.168.24.101/public /home/proft/shares/public -o user=proft,password=1,workgroup=WORKGROUP,ip=192.168. 24.101,utf8
More better passwords store in a separate file
# sudo vim /etc/samba/sambacreds username=proft password=1 username=noboy password=
Set the access rights to 0600
Sudo chmod 0600 /etc/samba/sambacreds
New mount line
Mount -t cifs //192.168.24.101/public /home/proft/shares/public -o user=proft,credentials=/etc/samba/sambacreds,workgroup=WORKGROUP,ip=192.168.24.101
And an example for /etc/fstab
//192.168.24.101/public /home/proft/shares/public cifs noauto,username=proft,credentials=/etc/samba/sambacreds,workgroup=WORKGROUP,ip=192.168.24.101 0 0
You can open the resource in the Nautilus/Nemo/etc file manager using this path smb://192.268.24.101.
If Nemo writes Nemo cannot handle "smb" locations. it means the package is missing gvfs-smb.
Access to the server with Windows and Android client
Under Windows, you can find out the workgroup from the console using
Net config workstation
You can open resources on a remote machine by typing the UNC address in the Explorer line or in Run (Start - Run): \192.168.24.101 .
On Android you can connect to the server using ES File Explorer, on the Network tab, add a server, simply by IP (without specifying the scheme, smb). After which you can open the shared resources. For statistics: an HDRIP movie runs without any slowdown.
Additional reading