Objective
The objective is to perform a basic configuration of Samba server on Debian 9 Stretch Linux to provide access to Samba shares via MS Windows client machine.
Operating System and Software Versions
- Operating System: – Debian 9 Stretch
- Software: – Samba 4.5.8-Debian
Requirements
Privileged access to your Debian system will be required.
Difficulty
EASY
Conventions
- # – requires given linux commands to be executed with root privileges either directly as a root user or by use of
sudocommand - $ – requires given linux commands to be executed as a regular non-privileged user
Scenario
The below configuration procedure will assume a following scenario and pre-configured requirements:
- Server and MS Windows client are located on the same network and no firewall is blocking any communication between the two
- MS Windows client can resolve samba server by hostname
samba-server - MS Windows client’s Workgroup domain is
WORKGROUP
Instructions
Installation
Let’s start by Samba server installation:
# apt install samba
Furthermore, for testing purposes it is also recommended to install samba client:
# apt install smbclient
Samba server should now be up and running on your system:
# systemctl status smbd
● smbd.service - Samba SMB Daemon
Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2017-06-13 10:35:34 AEST; 3min 32s ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 1654 (smbd)
Status: "smbd: ready to serve connections..."
CGroup: /system.slice/smbd.service
├─1654 /usr/sbin/smbd
├─1655 /usr/sbin/smbd
├─1656 /usr/sbin/smbd
└─1659 /usr/sbin/smbd
Default Samba Configuration
The main Samba configuration file is called /etc/samba/smb.conf. Before we start editing smb.conf config file, let’s make a backup of the original configuration file and extract a current configuration relevant lines to a new smb.conf file:
# cp /etc/samba/smb.conf /etc/samba/smb.conf_backup # grep -v -E "^#|^;" /etc/samba/smb.conf_backup | grep . > /etc/samba/smb.conf
Your new /etc/samba/smb.conf should now contain:
# cat /etc/samba/smb.conf [global] workgroup = WORKGROUP dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d server role = standalone server passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes [homes] comment = Home Directories browseable = no read only = yes create mask = 0700 directory mask = 0700 valid users = %S [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no
Restart your samba server and use SMB client to confirm all exported samba groups:
# systemctl restart smbd
# smbclient -L localhost
WARNING: The "syslog" option is deprecated
Enter root's password:
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.8-Debian]
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
IPC$ IPC IPC Service (Samba 4.5.8-Debian)
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.8-Debian]
Server Comment
--------- -------
LASERPRINTER
LINUXCONFIG Samba 4.5.8-Debian
Workgroup Master
--------- -------
WORKGROUP LINUXCONFIG
Add Users
Samba has its own user management system. However, any user existing on the samba user list must also exist within /etc/passwd file. From this reason, create a new user using useradd command before creating any new Samba user. Once your new system user eg. linuxconfig exits, use smbpasswd command to create a new Samba user:
# smbpasswd -a linuxconfig New SMB password:
Samba Home Directories Share
By default all home directories are exported read-only and they are not browseable. To change this default configuration settings change the current homes share definition to:
[homes] comment = Home Directories browseable = yes read only = no create mask = 0700 directory mask = 0700 valid users = %S
Every time you make a change to your /etc/samba/smb.conf configuration file do not forget to restart your samba server daemon:
# systemctl restart smbd
Samba Public Anonymous Share
The following Samba definition will allow any user to read and write data into Samba share under /var/samba/ directory. First, create a new directory and make it accessible by anyone:
# mkdir /var/samba # chmod 777 /var/samba/
Next, add a new samba share definition within your /etc/samba/smb.conf Samba configuration file:
[public] comment = public anonymous access path = /var/samba/ browsable =yes create mask = 0660 directory mask = 0771 writable = yes guest ok = yes
Restart your samba server daemon:
# systemctl restart smbd
Mount Samba Shares
Now, we are ready to turn our attention to MS Windows machine and network map our new Samba share directories. Start by listing all available shares by \\\samba-server command execution:
If all went well you should see the list of all browsable samba shares:
Next, map any of the shared directories by right-clicking on the share and selecting a
Map Network Drive... option. Tick, Connect using different credentials option and finish the network drive mapping by supplying the user credentials created in previous steps:
Appendix
List Samba users:
# pdbedit -w -L
Delete Samba user:
# pdbedit -x -u username