How to configure Samba Server share on Debian 9 Stretch Linux


The objective is to perform a basic configuration of Samba server on Debian 9 Stretch Linux to provide access to Samba shares via MS Windows client machine.

Operating System and Software Versions

  • Operating System: – Debian 9 Stretch
  • Software: – Samba 4.5.8-Debian


Privileged access to your Debian system will be required.




  • # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ – requires given linux commands to be executed as a regular non-privileged user


The below configuration procedure will assume a following scenario and pre-configured requirements:

  • Server and MS Windows client are located on the same network and no firewall is blocking any communication between the two
  • MS Windows client can resolve samba server by hostname samba-server
  • MS Windows client’s Workgroup domain is WORKGROUP



Let’s start by Samba server installation:

# apt install samba

Furthermore, for testing purposes it is also recommended to install samba client:

# apt install smbclient

Samba server should now be up and running on your system:

# systemctl status smbd
● smbd.service - Samba SMB Daemon
   Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2017-06-13 10:35:34 AEST; 3min 32s ago
     Docs: man:smbd(8)
 Main PID: 1654 (smbd)
   Status: "smbd: ready to serve connections..."
   CGroup: /system.slice/smbd.service
           ├─1654 /usr/sbin/smbd
           ├─1655 /usr/sbin/smbd
           ├─1656 /usr/sbin/smbd
           └─1659 /usr/sbin/smbd

Default Samba Configuration

The main Samba configuration file is called /etc/samba/smb.conf. Before we start editing smb.conf config file, let’s make a backup of the original configuration file and extract a current configuration relevant lines to a new smb.conf file:

# cp /etc/samba/smb.conf /etc/samba/smb.conf_backup
# grep -v -E "^#|^;" /etc/samba/smb.conf_backup | grep . > /etc/samba/smb.conf

Your new /etc/samba/smb.conf should now contain:

# cat /etc/samba/smb.conf
   workgroup = WORKGROUP
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes
   comment = Home Directories
   browseable = no
   read only = yes
   create mask = 0700
   directory mask = 0700
   valid users = %S
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

Restart your samba server and use SMB client to confirm all exported samba groups:

# systemctl restart smbd
# smbclient -L localhost
WARNING: The "syslog" option is deprecated
Enter root's password: 
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.8-Debian]

        Sharename       Type      Comment
        ---------       ----      -------
        print$          Disk      Printer Drivers
        IPC$            IPC       IPC Service (Samba 4.5.8-Debian)
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.8-Debian]

        Server               Comment
        ---------            -------
        LINUXCONFIG          Samba 4.5.8-Debian

        Workgroup            Master
        ---------            -------
        WORKGROUP            LINUXCONFIG

Add Users

Samba has its own user management system. However, any user existing on the samba user list must also exist within /etc/passwd file. From this reason, create a new user using useradd command before creating any new Samba user. Once your new system user eg. linuxconfig exits, use smbpasswd command to create a new Samba user:

# smbpasswd -a linuxconfig
New SMB password:

Samba Home Directories Share

By default all home directories are exported read-only and they are not browseable. To change this default configuration settings change the current homes share definition to:

   comment = Home Directories
   browseable = yes
   read only = no
   create mask = 0700
   directory mask = 0700
   valid users = %S

Every time you make a change to your /etc/samba/smb.conf configuration file do not forget to restart your samba server daemon:

# systemctl restart smbd

Samba Public Anonymous Share

The following Samba definition will allow any user to read and write data into Samba share under /var/samba/ directory. First, create a new directory and make it accessible by anyone:

# mkdir /var/samba
# chmod 777 /var/samba/

Next, add a new samba share definition within your /etc/samba/smb.conf Samba configuration file:

  comment = public anonymous access
  path = /var/samba/
  browsable =yes
  create mask = 0660
  directory mask = 0771
  writable = yes
  guest ok = yes

Restart your samba server daemon:

# systemctl restart smbd

Mount Samba Shares

Now, we are ready to turn our attention to MS Windows machine and network map our new Samba share directories. Start by listing all available shares by \\\samba-server command execution:

show samba share on the MS windows machine

If all went well you should see the list of all browsable samba shares:

MS windows samba share list

Next, map any of the shared directories by right-clicking on the share and selecting a Map Network Drive... option. Tick, Connect using different credentials option and finish the network drive mapping by supplying the user credentials created in previous steps:

Network map


List Samba users:

# pdbedit -w -L

Delete Samba user:

# pdbedit -x -u username