The Samba server is an open-source software suite that provides seamless file and print services to SMB/CIFS clients.
Key Features of Samba:
- File Sharing: Facilitates cross-platform file sharing between Linux/Unix and Windows systems.
- Print Sharing: Allows shared access to printers from multiple operating systems.
- Authentication: Supports authentication via standalone, domain, or Activ
- Integration with Windows: Can join a Windows domain or act as a domain controller for Active Directory.
- Flexibility: Configurable access permissions and support for various VFS (Virtual File System) modules.
#Update the system
sudo apt update
sudo apt upgrade
#Install and start Samba
sudo apt install samba -y
sudo systemctl enable smbda
sudo systemctl start smbd
sudo systemctl status smbd
#Make backup and clean the config file
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf_back
# sudo grep -v '^ *#\|^ *$' /etc/samba/smb.conf | sudo tee /etc/samba/smb.conf
#Create the main directory
sudo mkdir /samba
#Create the group sambashare for all Samba users
sudo groupadd sambashare
#To create a folder
sudo mkdir /samba/new_folder
sudo chmod 2770 /samba/<samba_folder>
sudo chown sadmin:sambashare /samba/<samba_folder> #sadmin - is user with admin`s rights
#To add user
sudo useradd -M -d /samba/<samba_folder> -s /usr/sbin/nologin -G sambashare <username>
sudo smbpasswd -a <username>
sudo smbpasswd -e <username>
#To change the user`s password
sudo smbpasswd <username>
#To delete the user
deluser <username>
#To increase the value of opened files
sudo ulimit -n 16384
#Example /etc/samba/smb.conf
#==============Head of the configuration file=====================
[global]
log file = /var/log/samba/log.%m
log level = 2 vfs:2
map to guest = bad user
max log size = 1000
security = USER
server role = standalone server
workgroup = WORKGROUP
server string = %h server (Samba, Ubuntu)
panic action = /usr/share/samba/panic-action %d
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
[RECYCLE$]
path = /samba/.recycle
read only = no
valid users = @sambashare
[Folder Name]
path = /samba/share
browseable = yes
read only = no
force create mode = 0660
force directory mode = 2770
valid users = @sambashare @sadmin vasia.p
vfs objects = full_audit recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 2770
recycle:subdir_mode = 2770
full_audit:prefix = %u|%I|%S|%f
full_audit:failure = none
full_audit:success = mkdir rmdir open read pread write pwrite sendfile rename unlink lock
full_audit:facility = local5
full_audit:priority = notice
recycle:repository = /samba/.recycle/%S
recycle:exclude = ~$* *.tmp *.TMP *.temp *.bak *.log .DS_Store
recycle:exclude_dir = /tmp,/cache
#==============End of the configuration file=====================
#==========================Folders===============================
sudo mkdir /samba/.recycle
sudo mkdir /samba/share
sudo chown sadmin:sambashare /samba/.recycle
sudo chmod 2770 /samba/.recycle
sudo chown sadmin:sambashare /samba/share
sudo chmod 2770 /samba/share
#================================================================
#To test Samba configuration
sudo testparm
#==========================Logging===============================
sudo nano /etc/rsyslog.conf
#Add
local5.* -/var/log/samba/samba_audit.log
sudo nano /etc/rsyslog.d/50-default.conf
#Add
*.*;local5,auth,authpriv.none -/var/log/syslog
sudo touch /var/log/samba/samba_audit.log
sudo chown syslog:adm /var/log/samba/samba_audit.log
sudo chmod 0640 /var/log/samba/samba_audit.log
sudo chmod 0750 /var/log/samba
sudo chown root:adm var/log/samba
#Restart
systemctl restart rsyslog
#================================================================
#To logon and to open the folder
net use \\samba\<samba_folder> /user:<username> <password> # do not add `\` in the end (can`t login)
explorer \\samba\<samba_folder>
=====================Troubleshooting=============================
journalctl -t smbd_audit
journalctl -t smbd_audit -f
cat /var/log/samba/samba_audit.log
cat /var/log/samba/log.<IP or HOSTNAME>
cat /var/log/samba/log.smbd
#To check the user
sudo pdbedit -L #in the list?
sudo pdbedit -Lv <username> #U=Active, D=Disable
================================================================
==================Connection to Samba shares====================
#Install cifs-utils
sudo apt install cifs-utils -y
#Mount the folder
mount.cifs //<IP or HOSTNAME>/<foldername> /<mnt to the folder>
#Create an account file
sudo nano /etc/samba/credentials
sudo chmod 600 /etc/samba/credentials
#then add
username=username
password=password
#Edit the fstab
sudo nano /etc/fstab
# then add
//<IP or HOSTNAME>/<foldername> /<mnt to the folder> cifs user,rw,credentials=/root/.smbselus 0 0
#Example
//192.168.1.10/shared /mnt/samba_share cifs credentials=/etc/samba/credentials,rw,iocharset=utf8,file_mode=0770,dir_mode=0770 0 0
#Mount
sudo mount -a
#Check
df -h | grep samba_share
============================================================
# More info https://www.samba.org/samba/docs/current/man-html/samba.7.html