Samba Server

Introduction

Sometimes having shares available via Samba is useful. This configuration basically provide access to the same data exported via NFS, except user home directories are read/write while the media share is read-only.

Samba Server

aptitude install samba samba-common

Answer the following questions:

Please specify the workgroup you want this server to appear to be in when queried by clients. Note that this parameter also controls the domain name used with the security=domain setting.

• Workgroup/Domain Name:
• Home

If your computer gets IP address information from a DHCP server on the network, the DHCP server may also provide information about WINS servers ("NetBIOS name servers") present on the network. This requires a change to your smb.conf file so that DHCP-provided WINS settings will automatically be read from /etc/samba/dhcp.conf.

The dhcp3-client package must be installed to take advantage of this feature.

• Modify smb.conf to use WINS settings from DHCP?
• no

Configuring Samba

Edit the smb.conf file:

nano /etc/samba/smb.conf

Enable User security

In the global section, remove the ";" at the front of the line 'security = user' and edit it like so.

security = share

Disable printer support

I don't have any printers attached to my Samba server, so I comment out all the printer configurations by placing a ';' in front of all the relevant lines.

Then find the 'load printers' section and set it to 'no'.

# If you want to automatically load your printer list rather
 # than setting them up individually then you'll need this
    load printers = no

Configure Home directory access

Make home directories browsable and writable

# Un-comment the following (and tweak the other settings below to suit)
 # to enable the default home directory shares.  This will share each
 # user's home directory as \\server\username
 [homes]
    comment = Home Directories
    browseable = no
 
 # By default, \\server\username shares can be connected to by anyone
 # with access to the samba server.  Un-comment the following parameter
 # to make sure that only "username" can connect to \\server\username
 # This might need tweaking when using external authentication schemes
    valid users = %S

 # By default, the home directories are exported read-only. Change next
 # parameter to 'yes' if you want to be able to write to them.
    writable = yes

 # File creation mask is set to 0700 for security reasons. If you want to
 # create files with group=rw permissions, set next parameter to 0775.
    create mask = 0775

 # Directory creation mask is set to 0700 for security reasons. If you want to
 # create dirs. with group=rw permissions, set next parameter to 0775.
    directory mask = 0775

Configure Media directory access

If you have already created the 'media' directory (as part of the NFSServer howto), do so now.

mkdir -p /srv/media
 chown -R nobody:nogroup /srv/media
 chmod 2775 /srv/media

Continue editing '/etc/smb.conf'

[Media]
   comment = Media
   path = /srv/Media
   writable = yes
   force user = nobody
   force group = nogroup
   public = yes
   printable = no
   create mask = 0775
   directory mode = 0775
   force create mode = 0775
   force directory mode = 0775

Adding And Managing Users

Adding a new user

In this example, I will add a user named louise. You can add as many users as you need in the same way, just replace the username louise with the desired username in the commands.

useradd louise -m -G users

Now add the user to the Samba user database.

smbpasswd -a louise

Now you should be able to log in from your Windows workstation with the file explorer using the username louise and the chosen password and store files on the Linux server either in louise's home directory or in the public shared directory.

Adding an existing user to the users group

In the command below, we are adding the existing system user account 'martin' to the 'users' group.

addgroup martin user

Now add the user to the Samba user database.

smbpasswd -a martin

Reloading Samba Configuration

Check configuration file for errors

testparm

Reload Samba to pick up the new configurations

sudo /etc/init.d/samba reload

Samba Firewall Rules

If you run a firewall on your Samba server these are the ports you need to allow.

• netbios-ns 137/udp # NetBIOS Name Service
• netbios-dgm 138/udp # NetBIOS Datagram Service
• netbios-ssn 139/tcp # NetBIOS Session Service
• microsoft-ds 445/tcp # Microsoft Directory Service

References

• http://www.howtoforge.net/debian_etch_samba_standalone_server_with_tdbsam_backend
• http://www.debian-administration.org/articles/165
• http://troy.jdmz.net/samba/fw/