Reading Time: 9 minutes

What is Samba?

Samba is an open-source software package that is released under a GPL (General Public License). It allows us to access a shared network drive and printers across various operating systems using the SMB/CIFS protocol. Samba has both client and server components. Samba uses the SMB protocol, which is necessary when accessing assets on a file server from a Microsoft computer. Samba can also work as a domain controller that is compatible with Microsoft Active Directory. 

Introduction

In this tutorial, we will set up our Ubuntu server as a file storage platform that can be easily accessed from a Windows computer. We will use the Samba software to enable this connection. First, we will update the database of packages available for installation.

root@host:~# apt-get update && apt-get -y upgrade
 Hit:1 http://by.archive.ubuntu.com/ubuntu bionic InRelease
 Hit:2 http://by.archive.ubuntu.com/ubuntu bionic-updates InRelease
 Hit:3 http://by.archive.ubuntu.com/ubuntu bionic-backports InRelease
 Hit:4 http://security.ubuntu.com/ubuntu bionic-security InRelease
 Reading package lists... Done
 Building dependency tree
 Reading state information... Done
 Calculating upgrade... Done
 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@host:~#

Samba Installation

Next, we will begin the Samba installation on our Ubuntu server.

root@host:~# apt-get install samba
 Reading package lists... Done
 Building dependency tree
 Reading state information... Done
The following additional packages will be installed:
   attr ibverbs-providers libcephfs2 libibverbs1 libnl-route-3-200
   libpython-stdlib librados2 python python-crypto python-dnspython python-ldb
   python-minimal python-samba python-tdb python2.7 python2.7-minimal
   samba-common samba-common-bin samba-dsdb-modules samba-vfs-modules
   tdb-tools
Suggested packages:
   python-doc python-tk python-crypto-doc python-gpgme python2.7-doc
   binfmt-support bind9 bind9utils ctdb ldb-tools ntp | chrony smbldap-tools
   winbind heimdal-clients
 The following NEW packages will be installed:
   attr ibverbs-providers libcephfs2 libibverbs1 libnl-route-3-200
   libpython-stdlib librados2 python python-crypto python-dnspython python-ldb
   python-minimal python-samba python-tdb python2.7 python2.7-minimal samba
   samba-common samba-common-bin samba-dsdb-modules samba-vfs-modules
   tdb-tools
 0 upgraded, 22 newly installed, 0 to remove and 0 not upgraded.
 Need to get 9.518 kB of archives.
 After this operation, 52,7 MB of additional disk space will be used.
 Do you want to continue? [Y/n] Y
 …
 …
 Processing triggers for mime-support (3.60ubuntu1) ...
 Processing triggers for ureadahead (0.100.0-21) ...
 Processing triggers for desktop-file-utils (0.23-1ubuntu3.18.04.2) ...
 Processing triggers for libc-bin (2.27-3ubuntu1) ...
 Processing triggers for systemd (237-3ubuntu10.39) ...
 Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
 Processing triggers for gnome-menus (3.13.3-11ubuntu1.1) ...
 Processing triggers for ufw (0.36-0ubuntu0.18.04.1) ...
root@host:~#

Samba Configuration

Next, we will customize Samba to suit our specific needs. We will need to access this directory where the configuration file is installed. These files are located in /etc/samba. 

In the configuration files, we will create and use many of the default configuration settings. Now, we will backup/rename the default configuration file in case we need to revert the file to its default settings.

Let's cd into that directory.

root@host:~# cd /etc/samba
root@host:~# /etc/samba#

Now, let's look at the list of files.

root@host:~# /etc/samba# ls -l
 total 20
 -rw-r--r-- 1 root root 8 сту 14 19:11 gdbcommands
 -rw-r--r-- 1 root root 9542 сак 26 17:16 smb.conf
 drwxr-xr-x 2 root root 4096 сту 14 19:11 tls
root@host:~# /etc/samba#

As you can see, our smb.confconfiguration file is located here. We will make a backup copy of the original file by renaming it. To accomplish this, we will use the “mv” command as we will be creating a new smb.conf file momentarily. The mv command can move the file and rename it.

root@host:~# /etc/samba# mv smb.conf smb.conf.old
root@host:~# /etc/samba#
root@host:~# /etc/samba# ls -l
 total 20
 -rw-r--r-- 1 root root 8 сту 14 19:11 gdbcommands
 -rw-r--r-- 1 root root 9542 сак 26 17:16 smb.conf.old
 drwxr-xr-x 2 root root 4096 сту 14 19:11 tls
root@host:~# /etc/samba#

The next step is to create a new configuration file. We will use the “touch” command for this. 

root@host:~# /etc/samba# touch smb.conf
root@host:~# /etc/samba#

Now, we will create a “smbusers” file. This file stores the username and password of the people who will be accessing the file server. This information is encrypted so there is will not be any issues with security. This is accomplished using the setting 'encrypt passwords = yes' in the smb.conf file.

root@host:~# /etc/samba# touch smbusers
root@host:~# /etc/samba#
root@host:~# /etc/samba# ls -l
 total 20
 -rw-r--r-- 1 root root 8 сту 14 19:11 gdbcommands
 -rw-r--r-- 1 root root 0 сак 26 17:33 smb.conf
 -rw-r--r-- 1 root root 9542 сак 26 17:16 smb.conf.old
 -rw-r--r-- 1 root root 0 сак 26 17:33 smbusers
 drwxr-xr-x 2 root root 4096 сту 14 19:11 tls
root@host:~# /etc/samba#

Now, we will create a folder that we will share on the network.

root@host:~# /etc/samba# mkdir /opt/FirstTestShare
root@host:~# /etc/samba#

Next, we must apply a permission set that allows our users to read, write, and modify it.

root@host:~# /etc/samba# chmod 0777 /opt/FirstTestShare
root@host:~# /etc/samba#

Now we will open and configure the smb.conf using the nano editor.

root@host:~# nano smb.conf

The configuration file consists of several sections. The central part is called [global]. Additional sections may be added depending on your needs and may include: [Documents], [Files], and [Video]. 

Initially, we will set up the main section and provide a name for our server.

server string = Test Fileserver Samba

Next, we will identify a workgroup that exists on a Windows network. A workgroup is identified as a unique object that is a common resource to all the computers within a given network environment that can be seen and utilized. The default name for a workgroup is WORKGROUP.

workgroup = WORKGROUP

Now, let's set the file server role. Samba has multiple functions, but today, we will be using it as a simple file server.

server role = standalone server

Next, we will review the “configure authorization” settings. We need this option enabled to allow access to the file server, download files, read, modify and delete, only for those users who have a username and password added. We will use the value user - authorization by login and password.

security = user

After this, we need to specify the user database file. This file identifies and stores the users we have provided access for. 

smb passwd file = /etc/samba/smbusers

Next, we should enable the "force enable password encryption" setting. This setting is essential for security concerns as using encrypted passwords significantly reduces the ability of plain text passwords being “sniffed” when traffic crosses the network like when users go to log in to a Samba share.

encrypt passwords = yes

Additionally, we can also forbid guest access to the share. Using this setting, we can prohibit guest user logins and authorization attempts. 

map to guest = bad user

Next, we can determine how and where the application logs will be stored. A number defines the logging levels. The higher the number (from 0 -7), the more detailed the level of logging that will be written. The more information we receive about the operation of the application, the better. 

There is, however, a downside to this. Why would it be bad to set a higher level of logging? Simply because this produces a large amount of information and the file size can increase significantly, which uses up valuable disk space. Normally, higher logging levels are only needed for debugging purposes. If you are a developer or need to track down an error, it can then be set to a higher level, and if you need basic logging, then a medium number can be used.

logfile = /var/log/samba/log.%m

Now, we can establish the name of the folder. This will be the visible name of the shared folder. We used this name.

[FirstTestShare]

The next setting we will look at is called comment. This comment will be the tooltip value that will be displayed when we hover over the folder.

comment = Our First Test Share

Next, it is essential to indicate the path of our folder that we will share.

path = /opt/FirstTestShare

With this next setting, we indicate that this folder should be visible. If this value is not specified, then the folder will be hidden.

browseable = yes

Now, we can allow users to write to the shared folder.

writeable = yes

Next, we can determine the permissions level that will be assigned to files uploaded to the shared folder.

create mask = 0775

Also, for directories.

directory mask = 0775

Now that we have finished with the configuration file save it using the following command.
ctrl + X then Y then enter

After saving the configuration file, we need to restart the service.

root@host:~#/etc/samba# service smbd restart
root@host:~#/etc/samba#

Now, we can add the service to the systemctl startup configuration.

root@host:~#/etc/samba# systemctl enable smbd
 Synchronizing state of smbd.service with SysV service script with /lib/systemd/systemd-sysv-install.
 Executing: /lib/systemd/systemd-sysv-install enable smbd
root@host:~#/etc/samba#

Next, we can verify if Samba is up and running.

service smbd status

One important note, earlier the service was called Samba, it was later renamed to smbd in ubuntu 16. If you cannot start the smbd service, try the samba command

Now we can see our shared folder in a networked environment. We will locate our IP address by using the ifconfig command. 

root@host:~# ifconfig
 Command 'ifconfig' not found, but can be installed with:
 apt install net-tools
root@host:~#

If you received an error message like the one above, we simply need to install an additional package called nettools.

root@host:~#/etc/samba# apt install net-tools
 Reading package lists... Done
 Building dependency tree
 Reading state information... Done
 The following packages were automatically installed and are no longer required:
   efibootmgr fonts-liberation2 fonts-opensymbol gir1.2-geocodeglib-1.0
   gir1.2-gst-plugins-base-1.0 gir1.2-gstreamer-1.0 gir1.2-gudev-1.0
   gir1.2-udisks-2.0 grilo-plugins-0.3-base gstreamer1.0-gtk3
   libboost-date-time1.65.1 libboost-filesystem1.65.1 libboost-iostreams1.65.1
   libboost-locale1.65.1 libcdr-0.1-1 libclucene-contribs1v5
   libclucene-core1v5 libcmis-0.5-5v5 libcolamd2 libdazzle-1.0-0
   libe-book-0.1-1 libedataserverui-1.2-2 libeot0 libepubgen-0.1-1
   libetonyek-0.1-1 libevent-2.1-6 libexiv2-14 libfreerdp-client2-2
   libfreerdp2-2 libfwup1 libgc1c2 libgee-0.8-2 libgexiv2-2 libgom-1.0-0
   libgpgmepp6 libgpod-common libgpod4 liblangtag-common liblangtag1
   liblirc-client0 libllvm8 liblua5.3-0 libmediaart-2.0-0 libmspub-0.1-1
   libodfgen-0.1-1 libqqwing2v5 libraw16 librevenge-0.0-0 libsgutils2-2
   libssh-4 libsuitesparseconfig5 libvncclient1 libwayland-egl1-mesa
   libwinpr2-2 libxapian30 libxmlsec1 libxmlsec1-nss lp-solve
   media-player-info python3-mako python3-markupsafe syslinux syslinux-common
   syslinux-legacy usb-creator-common
 Use 'apt autoremove' to remove them.
 The following NEW packages will be installed:
   net-tools
 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
 Need to get 194 kB of archives.
 After this operation, 803 kB of additional disk space will be used.
 Get:1 http://by.archive.ubuntu.com/ubuntu bionic/main amd64 net-tools amd64 1.60+git20161116.90da8a0-1ubuntu1 [194 kB]
 Fetched 194 kB in 0s (1.737 kB/s)
 Selecting previously unselected package net-tools.
 (Reading database ... 151714 files and directories currently installed.)
 Preparing to unpack .../net-tools_1.60+git20161116.90da8a0-1ubuntu1_amd64.deb ...
 Unpacking net-tools (1.60+git20161116.90da8a0-1ubuntu1) ...
 Setting up net-tools (1.60+git20161116.90da8a0-1ubuntu1) ...
 Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
root@host:~#/etc/samba#

Now, we can repeat the ifconfig command.

root@host:~#/etc/samba# ifconfig
 enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
      inet 192.168.88.207 netmask 255.255.255.0 broadcast 192.168.88.255
      inet6 fe80::7e73:aaa2:eebd:4266 prefixlen 64 scopeid 0x20<link>
      ether 08:00:27:4a:9e:9d txqueuelen 1000 (Ethernet)
      RX packets 32348 bytes 34851594 (34.8 MB)
      RX errors 0 dropped 0 overruns 0 frame 0
      TX packets 13521 bytes 1137635 (1.1 MB)
      TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
      inet 127.0.0.1 netmask 255.0.0.0
      inet6 ::1 prefixlen 128 scopeid 0x10<host>
      loop txqueuelen 1000 (Local Loopback)
      RX packets 517 bytes 46151 (46.1 KB)
      RX errors 0 dropped 0 overruns 0 frame 0
      TX packets 517 bytes 46151 (46.1 KB)
      TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
 root@host:~#/etc/samba#

As we can see, our IP is 192.168.88.207.

Windows Connection

To connect to the share on Windows, we need to go to the network environment and enter our IP address. 

//192.168.88.207

Next, because we don’t know the username and password, we will create them. Here we will set the up a user locally on the file server and then save them to our previously created smbusers file.

root@host:~#/etc/samba# useradd -c "samba user n1" -s /sbin/nologin user1
root@host:~#/etc/samba#

The command flags we used are broken down here. The “–s /sbin/nologin user1” means that the user will not be able to log into the server itself. This setting is a solid security measure.

root@host:~#/etc/samba# smbpasswd -a user1
 New SMB password:
 Retype new SMB password:
 Added user user1.
root@host:~#/etc/samba#

Now, we can go into the file system and try to log in. Once we can log in to the file server, we can create our folders and files as well as read other people's files and folders. Other users do not have the permissions needed to delete any of our files and folders. This setting, however, can be changed in the configuration file using the 'create mask' and 'directory mask' parameters. As a bonus, we will analyze a problematic situation that may arise and how to solve it.

As an example, a lawyer works in an organization and want to see what documents are in the file system. As an unauthorized user, he can go into the shared folder and view the files, but he will not be able to change or edit them. User1 and those who are in this group, will by default, be able to edit and delete files.

So, let's include all the users in the same group. We can accomplish this by creating a new group.

root@host:~# groupadd buh
root@host:~#

We then set the default group for both user1 and user2.

root@host:~# usermod -g buh user1
root@host:~#
root@host:~# usermod -g buh user2
root@host:~#

We can now restart Samba to apply the new changes.

root@host:~# service smbd restart
root@host:~#

Now, we can change the ownership settings for all the files and for the folder itself.

root@host:~# chown -R user1:buh /opt/FirstTestShare
root@host:~#

Now, user2 will be able to edit files in the Buh folder, like user1. You can also accomplish this with other users as well. 

Another essential aspect of these settings is that users can download and modify a file, then re-save it to the shared folder. But imagine a situation in which a user opened the file to see its contents but failed to close it. Another user wants to open this file from a different location. The file will be locked from being edited because the first user has it open. If another user attempts to open the file, the file will be opened, but in a read-only mode. They will be able to view it, but they cannot edit it.

In such situations, there exists a smbstatus utility that allows us to see who has the file open.

In the Service section, we can see that there is a file with the pid number 9127. In order to close the file and start working on it, we can forcibly close the file using the kill command with our pid number.

sudo kill -9 9127

Conclusion

In this tutorial, we learned how to install Samba and customize it to meet our needs. We created users, set up user groups to work with and share files, and finally, solved some simple problems that may arise during file sharing.

Talk To An Expert Today!

Give us a call at 800.580.4985, or open a chat or ticket with us to speak with one of our knowledgeable Solutions or Experienced Hosting advisors to learn how you can take advantage of this technology today!

Avatar for Ellen Sletton

About the Author: Ellen Sletton

I'm 23 years old Linux Tech who always takes NO as Next Opportunity. Every day I'm trying to learn something new and share my knowledge with others. My free time I spend with my dog Emil or doing some UI/UX design or simply making an inspiring photo for my blog :) Sharing knowledge helps me generate new ideas and stay motivated.

Latest Articles

Blocking IP or whitelisting IP addresses with UFW

Read Article

CentOS Linux 7 end of life migrations

Read Article

Use ChatGPT to diagnose and resolve server issues

Read Article

What is SDDC VMware?

Read Article

Best authentication practices for email senders

Read Article