The main Samba configuration file is /etc/samba/smb.conf. The initial configuration file has a significant number of comments to document the various configuration directives.
Not all possible options are included in the default settings file. See manual man smb.conf or Samba FAQ for more details.
1. First change the following key/value pairs in the section file /etc/samba/smb.conf:
Workgroup = EXAMPLE ... security = user
Parameter security is located much lower in the section and is commented out by default. Also replace EXAMPLE to something more appropriate to your surroundings.
2. Create a new section at the end of the file or uncomment one of the examples for the directory that you want to share:
Comment = Ubuntu File Server Share path = /srv/samba/share browsable = yes guest ok = yes read only = no create mask = 0755
comment: A short description of the shared resource. Used for your convenience.
path: path to the shared directory.
This example uses /srv/samba/sharename because, according to the File System Hierarchy Standard (FHS), the /srv directory is where all data related to a given site should reside. Technically, a Samba share can be placed anywhere on the file system where file access restrictions allow, but following standards is recommended.
browsable: Allows Windows clients to view the contents of a shared directory using Windows Explorer.
guest ok: Allows clients to connect to the shared resource without providing a password.
read only: Determines whether the resource is accessible with read-only or write privileges. Write privileges are only available when you specify no, as shown in this example. If the value yes, then access to the resource will be read-only.
create mask: determines which access rights will be set for new files created.
3. Now that Samba is configured, you need to create a directory and set permissions on it. Enter in terminal:
Sudo mkdir -p /srv/samba/share sudo chown nobody.nogroup /srv/samba/share/
parameter -p tells mkdir to create a complete directory tree if it doesn't exist.
4. Finally, restart samba services to apply the new settings:
Sudo restart smbd sudo restart nmbd
You can now search the Ubuntu file server using the Windows client and browse its shared directories. If your client does not show your shares automatically, try accessing your server by its IP address, for example, \\192.168.1.1, from a Windows Explorer window. To check that everything works, try creating a directory inside your share from Windows.
To create additional shares, create a new section in /etc/samba/smb.conf and restart Samba. Just make sure the shared directory is created and has the correct permissions.
Shared resource "" and the way /srv/samba/share- these are just examples. Set the resource name and directory name according to your environment. It is a good idea to use the name of the resource's directory on the file system as the name of the resource. In other words, the resource can be specified for the /srv/samba/qa directory.
This article will focus on creating a wireless local network for devices running various operating systems Windows systems, Linux, Android using Samba.
Nowadays, almost every apartment has Wi-Fi network, and there is also a large number of different devices (laptops, smartphones, tablets, Android TV Box). In this regard, sooner or later there will be a need to combine all devices available for use into one home network in order to easily access all kinds of files from any gadget.
This is actually what will be discussed in this opus. So let's get started.
For network construction, we will use a ready-made solution called Samba. This is the package free programs with open source code allowing you to connect to network drives, printers and other equipment on various operating systems using its own SMB/CIFS protocol.
The software consists of two parts - server and client. We will install the Samba server on one of the devices, which by definition will be the main one, and the Samba client on all the others.
Installing the Samba server
In my case, for the server device, I chose a laptop on which Windows 7 and Ubuntu Mate 16.04 were installed in parallel. Below we will consider in detail the process of installing and configuring Samba for both operating systems.
Setting up samba server under Linux
By default, Samba is not installed in Ubuntu, so you need to do so before moving on. As an option, in order not to subsequently edit the Samba configuration file through the terminal, we will install the Gadmin-Samba program, which includes, in addition to the Samba server packages and GUI.
To install, type in the terminal:
Sudo apt install gadmin-samba
Once the installation is complete, launch Gadmin Samba. The application interface is not Russified, but understanding the settings is quite simple.
There are a lot of settings in the program, but by and large, in our case we are interested in the “users” tab. Go to it and add a new user.
Click the “New user” button, enter the user name in the updated window, come up with a password, add it to the group (in order not to “invent the wheel”, indicate the existing one, namely “sambausers”) and set the home directory for the files. After that, click "Apply".
HD Videobox - New user
To apply the changes, restart the server using the “deactivate” and “activate” buttons, respectively, located in the upper left corner of the application window.
Don’t forget, also, to set access rights to “shared” folders for shared access. This can be done either through the terminal or through the graphical interface of the Nautilus file explorer.
Nautilus - changing permissions
Nautilus - File Write Permission
Setting up samba server under Windows
In the case of Windows, everything is much more prosaic, since Samba is used by default in this operating system.
In principle, you can use an existing account or enable guest access. Alternatively, you can create another account, the data of which will be used for network access
To create a new account, you need to go to the "control panel", select "manage user accounts" and create new account with a password.
Adding a new account
When creating a new user, you will need to select an account type, create a name and password.
At the last stage, you will need to set rights to view changes to “shared” folders. This can be done in standard Windows Explorer through the item context menu"properties", in relation to the folder you need.
"Sharing" a folder
Adding a user and changing folder permissions
After creating a new user, be sure to re-login to the current session for the changes to take effect.
Installing the Samba client on Android
To access the Samba server and, accordingly, network drives on devices running Android control I recommend using the Root Explorer application (download link full version no advertising at the end of the article).
Samba is a program that allows you to access network drives on various operating systems via SMB/CIFS protocol. It has client and server parts. Is free software, released under the GPL license.
Samba runs on most Unix-like systems, such as GNU/Linux, POSIX-compliant Solaris and Mac OS X Server, various BSD variants, OS/2, Windows. Samba is included in almost all GNU/Linux distributions, including, of course, Ubuntu.
Installation
To do shared folder In Ubuntu Desktop, just right-click on the folder and select the “Publish Folder” menu item. There is no need to edit any configuration files. Everything described below applies only to manual setting, for example, in the case of creating a file server.
To install, just open a terminal and enter:
sudo apt-get install samba
The application will be automatically downloaded and installed.
Settings
Using the terminal, we will make a backup copy of the initial configuration file:
Sudo cp /etc/samba/smb.conf(,.bak)
Now you can edit the settings file /etc/samba/smb.conf; to do this, open it in any text editor with superuser rights. For example, like this:
Sudo nano /etc/samba/smb.conf An example of configuring Samba as a standalone file server with authorization: ; Global Settings servers; General server settings ; Computer name that will be displayed in the network environment netbios name = main-server server string = ; Working group clients workgroup = WORKGROUP announce version = 5.0 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 passdb backend = tdbsam security = user null passwords = true ; File for user name aliases username map = /etc/samba/smbusers name resolve order = hosts wins bcast ; wins support is set to yes if your nmbd(8) in Samba is a WINS server. Do not set this parameter to yes unless you have multiple subnets and do not want your nmbd to act as a WINS server. Never set this parameter to yes on more than one machine within the same subnet. wins support = no ; Printer support printing = CUPS printcap name = CUPS ; Logs log file = /var/log/samba/log.%m syslog = 0 syslog only = no ; Configuring binding to which interfaces to listen on, if listens on all interfaces are not specified; interfaces = lo, eth0 ; bind interfaces only = true ; ; ; path = /var/lib/samba/printers ; browseable = yes ; guest ok = yes ; read only = yes ; write list = root ; create mask = 0664 ; directory mask = 0775 ; ; ; path = /tmp ; printable = yes ; guest ok = yes ; browseable = no ; ; ;path = /media/cdrom ;browseable = yes ;read only = yes ;guest ok = yes ; Hard drive ball; The name of the balls is visible from clients; Path to the shared disk path = /media/sda1 ; Is it possible to browse browseable = yes read only = no guest ok = no create mask = 0644 directory mask = 0755 ; Binding to a specific user name or group, names separated by a space; force user = user1 user2 ; force group = group1 group2 ; Another HDD, similar to what is above path = /media/sde1 browseable = yes read only = no guest ok = no create mask = 0644 directory mask = 0755
Now we need to deal with the users.
Samba uses users that are already in the system, let’s take the name user as an example, let’s say that it is already in the system, we need to add it to the SMB database and assign a password to access shared resources, we’ll do this with the command:
Smbpasswd -a user
You will be prompted to enter a password, the user will be added to the database, now you need to enable this user.
Smbpasswd -e user
Next, let's create an alias for the username user to make it easier for us to access from a Windows machine on which we have, for example, a user named Admin. To do this, we'll create and edit the file /etc/samba/smbusers:
Sudo touch /etc/samba/smbusers sudo gedit /etc/samba/smbusers
Write a couple of lines into the file
# Unix_name = SMB_name1 SMB_name2 user = Admin
This completes the setup, restart Samba.
Samba file server for Windows network
Very often Samba is used to create a file server on a Windows network.
File server as part of an Active Directory domain
In order to create a file server integrated into an Active Directory domain, you will first need to join your Ubuntu machine to the domain. A separate article is devoted to this:
To create a file server, you do not need to configure PAM, just add domain users and groups via Winbind to the system.
After successfully logging into the domain, all you have to do is configure the shared resources on your computer.
Here you should immediately pay attention to one very important thing: Samba tries to map the rights to Windows files onto Unix rights, however, due to fundamental differences in the mechanisms for assigning rights, this is not always possible. Please note that file rights are always and in any case controlled by your file system on a computer running Ubuntu; Samba can only adapt to them, but not change their behavior.
Therefore, by default, shared resources will have very limited access control capabilities - assigning different rights to the user, group and everyone else. However, this can be easily fixed by adding POSIX ACL support to your FS. In this case, it will be possible to assign different rights to different users and groups, much like in Windows.
POSIX ACL support is available in at least ext3/4; to activate it, you just need to add the acl parameter to the mounting options of the desired partition.
It is important that the directory you want to share via Samba is on a disk mounted with the acl option. Otherwise, you will not be able to properly use the mechanism for delimiting access rights to files on the shares.
There is one more very important point: POSIX ACLs do not support inheritance of access rights from parent directories, but in Windows this feature is present. Therefore, Samba implements an additional mechanism for storing information about the inheritance of access rights, which uses extended file system attributes. Therefore, in order for Samba to correctly handle inheritance of rights other than acl, it is necessary to add the user_xattr parameter to the file system mounting options, which is responsible for enabling support for extended attributes.
For example, I always use separate LVM disks to organize shared resources, and my fstab lines for them look something like this:
/dev/mapper/data-profiles /var/data/profiles ext3 defaults,noexec,acl,user_xattr 0 2
The noexec option is needed because on Windows balls there should not be 100% executable files Linux, and it won’t hurt to be on the safe side.
To work with acl on Ubuntu, you need to install a package of appropriate utilities:
Sudo aptitude install acl
Then you can view the extended rights (i.e. ACL) for a file or directory with the command
Getfacl file
And install with the command
Setfacl file
Just in case, I would like to draw your attention to the fact that the POSIX ACL mechanism has nothing to do with Samba - it is simply an add-on to the standard mechanism for dividing rights in Linux. Accordingly, Samba can use it, but cannot change or bypass it in any way.
To work with extended FS attributes, you will need a utility package very similar to acl - attr , which can be installed with the command
Sudo aptitude install attr
To view extended attributes you can use the command
Getfattr file
And for installation
Setfattr file
However, there is one small catch. The fact is that Samba stores all information about inheritance in binary form in a single extended attribute user.SAMBA_PAI. Therefore, you will not be able to change anything using setfattr, unless you completely remove extended attributes (sometimes this may need to be done).
Well, you will have to manage the inheritance of rights from a Windows machine using the standard tools of this system. Or using the smbcacls utility, if you figure out how to use it.
There is also an experimental VFS module acl_xattr, which allows you to store NT ACLs entirely in extended attributes. Unfortunately, there is no documentation on it, so it’s difficult to say anything intelligible about it. It is expected that Samba 4 will have full integrated support for NT ACLs, but for now you can use what is available.
If you have anything to add about extended attributes in Samba and methods of working with them, be sure to write to this topic on the forum. I would be grateful for any links, articles and comments on the topic.
In addition, extended file system attributes allow Samba to enable full support for DOS file attributes such as hidden, archive, etc.
So, let's assume that you have a directory on the system that you want to share via Samba (and it is located on a disk mounted with acl and user_xattr support). Now you need to actually configure its sharing. To do this, you need to enter the appropriate information into the /etc/samba/smb.conf file.
Let's start with the general settings that can be added to the section of this file (these are not all possible parameters, just a few quite useful ones):
# Disable printer sharing. Unless, of course, you really want to share them. # For complete shutdown you need to specify all 4 lines below load printers = no show add printer wizard = no printcap name = /dev/null disable spoolss = yes # Make hidden when viewed with Windows files with the following names hide files = /$RECYCLE.BIN/desktop.ini/lost+found/Thumbs.db/ # Use the next UNIX user as Guest for the public share share guest account = nobody # Treat unregistered users as guest map to guest = Bad User ## Settings that use extended file system attributes # Handle inheritance of rights using extended file system attributes map acl inherit = yes # Use extended file system attributes to store DOS attributes store dos attributes = yes # Disable DOS attribute mapping on UNIX rights enabled default # According to man smb.conf, when using extended attributes, these options must be disabled map archive = no map system = no map hidden = no map readonly = no
Now the settings for the directly shared resource. I call it profiles, and physically on the Ubuntu machine it is located at /var/data/profiles:
# Comment comment = User Profiles # Path to the folder that we are sharing path = /var/data/profiles/ # Users with unlimited access rights to the share # I have a domain administrators group. # When working with files, these users are treated as local root admin users = "@DOMAIN\Domain Administrators" # Hide folders to which the user does not have access hide unreadable = yes # Non-read-only access read only = no # Masks for created files - can be set as desired #create mask = 0600 #directory mask = 0700 # Disabling locking - it is better to disable locking = no
There are many other options - it's worth consulting the Samba documentation for details.
Do not forget to set the correct owner and access rights to the folder that you are sharing, otherwise, despite any samba settings, writing to it may be prohibited at the Linux permission level. I usually do it like this:
Sudo chmod ug+rwx /var/data/profiles sudo chown root:"domain users" /var/data/profiles
Please note, since your Ubuntu machine is joined to a domain, you can use domain users and groups as file owners directly in Ubuntu.
Check that Samba configuration is correct with the command
Testparm
Then restart Samba:
Sudo /etc/init.d/samba restart
Now you can access the shared resource from any machine in the domain.
By the way, don't forget about SGID and Sticky bits for directories. They will allow you to inherit the owning group and prevent users from deleting files that are not theirs - this can be very convenient for multi-user storages. However, unlike editing rights from Windows, changing these bits on folders on a shared resource will not work - only manually directly on the Ubuntu computer.
Among other things, Samba allows you to organize the storage of previous versions of files, which is sometimes useful when creating shared resources with user data.
Standalone file server
Not everyone has an Active Directory domain. Therefore, there is often a need to organize Linux machine offline file storage with its own authorization system. It's very easy to do.
The main feature of this organization of file storage will be that all information about users will be stored in the Samba database; accordingly, users will have to be added and deleted to Samba manually.
The most important thing is to decide on the method of accessing the resource. To change it, you must correctly set the value of the security parameter in the section of the /etc/samba/smb.conf file. You can read more about this parameter or in the official documentation.
Typically the value used is share or user .
Standalone file server without authorization
It is convenient for the house so that everyone can see everyone. This can be done by adding 4 lines to the section of the /etc/samba/smb.conf file. Some may already exist.
[global] workgroup = WORKGROUP map to guest = Bad User netbios name = NOTEBOOK security = userNOTEBOOK - the name of the computer that will be on the network. In addition, you need to install additional programs:
sudo apt-get install sambaFor kubuntu you also need to install smb4k. After editing the configs, you need to restart the services. In systemd (since 15.04) the restart looks like this:
sudo systemctl restart smbd.service nmbd.serviceYou can view the “balls” through the file browser nautilus, konkueror, or like this:
Smbclient -L 127.0.0.1
. Official documentation in English.
Sharing a folder on ubuntu
Create a folder for sharing files.
mkdir ~/shareAdd the following lines to the end of the /etc/samba/smb.conf file, replacing yuraku1504 with the username of the computer running samba:
[ MyShareWork] comment = Anonymous Samba Share path = / home/ yuraku1504/ share guest ok = yes browsable =yes writable = yes read only = no force user = yuraku1504 force group = yuraku1504The folder will be opened for reading and writing.