How to Set Up a Samba Server on Linux
Samba allows you to share your files over a local network to computers running any operating system. Samba also makes it simple to control access to these shares using a single configuration file.
Markus Spiske©
Set Up a Samba Server
Install Samba
On Debian, you can install the Samba server right from the default Debian repositories. It’s a single package, so go ahead and install it.
sudo apt install samba
This command will install and start both the Samba server smbd and the Samba NetBIOS server nmbd. nmbd is not required for this tutorial, so in the interests of security you can stop and disable it with systemctl:
sudo systemctl stop nmbd.service
sudo systemctl disable nmbd.service
The sudo systemctl disable nmbd.service command will produce the following output when run:
Synchronizing state of nmbd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable nmbd
Removed /etc/systemd/system/multi-user.target.wants/nmbd.service.
This output communicates that because nmbd does not have native systemd management configuration, it is being disabled by the older SysV init system.
To avoid security issues that can arise from running an unconfigured, network-enabled service, let’s stop the Samba server until configuration details are in place:
sudo systemctl stop smbd.service
Samba is now installed and ready to be configured.
Samba’s Global Settings
Samba’s configuration can all be found in /etc/samba/smb.conf. That file contains both the global configuration for Samba itself and your shares. Debian is usually good about providing intelligent default configurations that work immediately, but it can’t hurt to take a look at the provided settings, and make changes where necessary.
The first setting that you’ll find near the top of your general settings is the workgroup. This determines the name of the Windows workgroup that your server will be a part of. The default value is WORKGROUP because that’s also the default value on Windows. If you’re configured something different, change it here too.
workgroup = WORKGROUP
Next, you may want to limit access to your server. If you want to limit which computers can connect to your share, uncomment the interfaces option, and specify an IP or range of IPs and an interface they can connect on.
interfaces = 192.168.1.0/24 eth0
If you’re not a fan of that method, you can always add the hosts allow option to limit who can connect too. Just specify IP addresses or ranges after.
hosts allow = 127.0.0.1/8 192.168.1.0/24
Configuration to enable SMBv3 for samba version 4.x
min protocol = SMB3
Understanding min and max protocol levels in smb.conf
- client min protocol – This setting controls the minimum protocol version that the client will attempt to use.
- client max protocol – The value of the parameter (a string) is the highest protocol level that will be supported by the client.
- SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows.
- SMB3: The same as SMB2. Used by Windows 8.
Please note that Samba version 4.11 removes SMB1 protocol version by default. However, on an older Linux and Unix distro you need to disable it manually to avoid security issues.
bind interfaces only = yes
bind interfaces only - This ensures that Samba only binds to the interfaces listed on the
The rest of the general settings are set to fairly solid defaults. You won’t need to change them to get your shares running, but feel free to have a look around and tweak anything you like.
Whenever you edit smb.conf, you should run the Samba utility testparm to check that there are no syntax errors:
sudo testparm
bind interfaces only = yes
Running the testparm command on the smb.conf file produces the following output:
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
Pressing ENTER produces the following output:
# Global parameters
[global]
server string = samba_server
interfaces = lo your_network_interface
bind interfaces only = Yes
server role = standalone server
log file = /var/log/samba/smb.log
max log size = 10000
smb ports = 445
disable netbios = Yes
idmap config * : backend = tdb
If testparm reports Loaded services file OK., then there are no syntax errors that would stop the Samba server from starting.
Configure a New Share
There are already a few shares set up for you. They allow you to share the home folders of any user on the system and your printers. Actually, there’s already a print directory being shared. Change the browseable value to no.
Now, try creating your own share. There are a ton of options that you can pick from for your Samba share, but this guide will cover the most common ones.
First, name your share, and place that name in brackets.
[New Share]
On the next line, tab in four spaces, and write a brief comment describing the share.
comment = My new share
Next, set the path equal to the absolute path to the share.
path = /home/user/share
Choose whether you want to be able to browse to the share or need to manually mount it directly.
browseable = yes
Do you want people to be able to write to the share or mount it read only?
read only = no
Can guests access it? In Samba terms, guests are anonymous users that haven’t signed in to the share. In short, do you want to password protect the share or limit access to certain users?
guest ok = no
If guests can’t access the share, who can?
valid users = username
And, that’s it. There are other options and other ways to go about these basic steps, but they take you to more or less the same place. Unless you have something really specific in mind, these options should be enough. Put it together, and you get something like this:
[New Share]
comment = A new share
path = /var/nas
browseable = yes
read only = no
guest ok = no
valid users = <username>
Save, and exit. Then, restart Samba.
systemctl restart smbd
Set Up A Samba user
In order to connect to your share, unless you’re only using guest access, you’re going to need to set up Samba user accounts. It’s super quick, and only takes a single command.
smbpasswd -a <username>
After that, you’ll be asked to enter a password for that user. That’s the password that their shares will be locked behind.
How to Connect to a Share
- There are a couple of packages that you’ll need to connect to a
Sambashare. Go ahead, and install them.
sudo apt install samba-client cifs-utils
- After that create a directory
/mnt/shareto mount the share drive.
sudo mkdir /mnt/share
- Now create a credentials file to your system. Make this as a hidden file using dot (.) for security purposes. It’s good to create it in your home directory.
vi /root/.smbcredentials
Set the samba username and password to the above file.
username=smb_username
password=smb_password
Save your file and make it readable for the root account only. This will restrict access to all non-root accounts.
chmod 400 /root/.smbcredentials
- Use the following command to mount remote samba share on a Linux system.
sudo mount -t cifs -o rw,vers=3.0,credentials=/root/.smbcredentials //192.168.1.1/share /mnt/share
But the manually mounted file system will not remain mounted after a system reboot. To mount samba share automatically after a system reboot, complete the next step.
- You can make add the configuration to
/etc/fstabfile to auto mount remote share on system boot.
sudo vi /etc/fstab
Add the line at end of the file as follows. Change values as per yours.
//<Samba server IP>/<New Share> /media/share cifs vers=3.0,credentials=/root/.smbcredentials
Save file and close it.
Conclusion
You’re ready to start creating your own Samba shares on Debian, and accessing them from your other Linux machines. There isn’t much else to it, and Samba will automatically start with Debian at boot.
References
See smb.conf here for more information.
