What is Samba?
Samba is an open-source software package that is released under a GPL (General Public License). It allows us to access a shared network drive and printers across various operating systems using the SMB/CIFS protocol. Samba has both client and server components. Samba uses the SMB protocol, which is necessary when accessing assets on a file server from a Microsoft computer. Samba can also work as a domain controller that is compatible with Microsoft Active Directory.
In this tutorial, we will set up our Ubuntu server as a file storage platform that can be easily accessed from a Windows computer. We will use the Samba software to enable this connection. First, we will update the database of packages available for installation.
root@host:~# apt-get update && apt-get -y upgrade Hit:1 http://by.archive.ubuntu.com/ubuntu bionic InRelease Hit:2 http://by.archive.ubuntu.com/ubuntu bionic-updates InRelease Hit:3 http://by.archive.ubuntu.com/ubuntu bionic-backports InRelease Hit:4 http://security.ubuntu.com/ubuntu bionic-security InRelease Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. root@host:~#
Next, we will begin the Samba installation on our Ubuntu server.
root@host:~# apt-get install samba Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: attr ibverbs-providers libcephfs2 libibverbs1 libnl-route-3-200 libpython-stdlib librados2 python python-crypto python-dnspython python-ldb python-minimal python-samba python-tdb python2.7 python2.7-minimal samba-common samba-common-bin samba-dsdb-modules samba-vfs-modules tdb-tools Suggested packages: python-doc python-tk python-crypto-doc python-gpgme python2.7-doc binfmt-support bind9 bind9utils ctdb ldb-tools ntp | chrony smbldap-tools winbind heimdal-clients The following NEW packages will be installed: attr ibverbs-providers libcephfs2 libibverbs1 libnl-route-3-200 libpython-stdlib librados2 python python-crypto python-dnspython python-ldb python-minimal python-samba python-tdb python2.7 python2.7-minimal samba samba-common samba-common-bin samba-dsdb-modules samba-vfs-modules tdb-tools 0 upgraded, 22 newly installed, 0 to remove and 0 not upgraded. Need to get 9.518 kB of archives. After this operation, 52,7 MB of additional disk space will be used. Do you want to continue? [Y/n] Y … … Processing triggers for mime-support (3.60ubuntu1) ... Processing triggers for ureadahead (0.100.0-21) ... Processing triggers for desktop-file-utils (0.23-1ubuntu3.18.04.2) ... Processing triggers for libc-bin (2.27-3ubuntu1) ... Processing triggers for systemd (237-3ubuntu10.39) ... Processing triggers for man-db (2.8.3-2ubuntu0.1) ... Processing triggers for gnome-menus (3.13.3-11ubuntu1.1) ... Processing triggers for ufw (0.36-0ubuntu0.18.04.1) ... root@host:~#
Next, we will customize Samba to suit our specific needs. We will need to access this directory where the configuration file is installed. These files are located in /etc/samba.
In the configuration files, we will create and use many of the default configuration settings. Now, we will backup/rename the default configuration file in case we need to revert the file to its default settings.
Let's cd into that directory.
root@host:~# cd /etc/samba root@host:~# /etc/samba#
Now, let's look at the list of files.
root@host:~# /etc/samba# ls -l total 20 -rw-r--r-- 1 root root 8 сту 14 19:11 gdbcommands -rw-r--r-- 1 root root 9542 сак 26 17:16 smb.conf drwxr-xr-x 2 root root 4096 сту 14 19:11 tls root@host:~# /etc/samba#
As you can see, our smb.confconfiguration file is located here. We will make a backup copy of the original file by renaming it. To accomplish this, we will use the “mv” command as we will be creating a new smb.conf file momentarily. The mv command can move the file and rename it.
root@host:~# /etc/samba# mv smb.conf smb.conf.old root@host:~# /etc/samba# root@host:~# /etc/samba# ls -l total 20 -rw-r--r-- 1 root root 8 сту 14 19:11 gdbcommands -rw-r--r-- 1 root root 9542 сак 26 17:16 smb.conf.old drwxr-xr-x 2 root root 4096 сту 14 19:11 tls root@host:~# /etc/samba#
The next step is to create a new configuration file. We will use the “touch” command for this.
root@host:~# /etc/samba# touch smb.conf root@host:~# /etc/samba#
Now, we will create a “smbusers” file. This file stores the username and password of the people who will be accessing the file server. This information is encrypted so there is will not be any issues with security. This is accomplished using the setting 'encrypt passwords = yes' in the smb.conf file.
root@host:~# /etc/samba# touch smbusers root@host:~# /etc/samba# root@host:~# /etc/samba# ls -l total 20 -rw-r--r-- 1 root root 8 сту 14 19:11 gdbcommands -rw-r--r-- 1 root root 0 сак 26 17:33 smb.conf -rw-r--r-- 1 root root 9542 сак 26 17:16 smb.conf.old -rw-r--r-- 1 root root 0 сак 26 17:33 smbusers drwxr-xr-x 2 root root 4096 сту 14 19:11 tls root@host:~# /etc/samba#
Now, we will create a folder that we will share on the network.
root@host:~# /etc/samba# mkdir /opt/FirstTestShare root@host:~# /etc/samba#
Next, we must apply a permission set that allows our users to read, write, and modify it.
root@host:~# /etc/samba# chmod 0777 /opt/FirstTestShare root@host:~# /etc/samba#
Now we will open and configure the smb.conf using the nano editor.
root@host:~# nano smb.conf
The configuration file consists of several sections. The central part is called [global]. Additional sections may be added depending on your needs and may include: [Documents], [Files], and [Video].
Initially, we will set up the main section and provide a name for our server.
server string = Test Fileserver Samba
Next, we will identify a workgroup that exists on a Windows network. A workgroup is identified as a unique object that is a common resource to all the computers within a given network environment that can be seen and utilized. The default name for a workgroup is WORKGROUP.
workgroup = WORKGROUP
Now, let's set the file server role. Samba has multiple functions, but today, we will be using it as a simple file server.
server role = standalone server
Next, we will review the “configure authorization” settings. We need this option enabled to allow access to the file server, download files, read, modify and delete, only for those users who have a username and password added. We will use the value user - authorization by login and password.
security = user
After this, we need to specify the user database file. This file identifies and stores the users we have provided access for.
smb passwd file = /etc/samba/smbusers
Next, we should enable the "force enable password encryption" setting. This setting is essential for security concerns as using encrypted passwords significantly reduces the ability of plain text passwords being “sniffed” when traffic crosses the network like when users go to log in to a Samba share.
encrypt passwords = yes
Additionally, we can also forbid guest access to the share. Using this setting, we can prohibit guest user logins and authorization attempts.
map to guest = bad user
Next, we can determine how and where the application logs will be stored. A number defines the logging levels. The higher the number (from 0 -7), the more detailed the level of logging that will be written. The more information we receive about the operation of the application, the better.
There is, however, a downside to this. Why would it be bad to set a higher level of logging? Simply because this produces a large amount of information and the file size can increase significantly, which uses up valuable disk space. Normally, higher logging levels are only needed for debugging purposes. If you are a developer or need to track down an error, it can then be set to a higher level, and if you need basic logging, then a medium number can be used.
logfile = /var/log/samba/log.%m
Now, we can establish the name of the folder. This will be the visible name of the shared folder. We used this name.
The next setting we will look at is called comment. This comment will be the tooltip value that will be displayed when we hover over the folder.
comment = Our First Test Share
Next, it is essential to indicate the path of our folder that we will share.
path = /opt/FirstTestShare
With this next setting, we indicate that this folder should be visible. If this value is not specified, then the folder will be hidden.
browseable = yes
Now, we can allow users to write to the shared folder.
writeable = yes
Next, we can determine the permissions level that will be assigned to files uploaded to the shared folder.
create mask = 0775
Also, for directories.
directory mask = 0775
Now that we have finished with the configuration file save it using the following command.
ctrl + X then Y then enter
After saving the configuration file, we need to restart the service.
root@host:~#/etc/samba# service smbd restart root@host:~#/etc/samba#
Now, we can add the service to the systemctl startup configuration.
root@host:~#/etc/samba# systemctl enable smbd Synchronizing state of smbd.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable smbd root@host:~#/etc/samba#
Next, we can verify if Samba is up and running.
service smbd status
One important note, earlier the service was called Samba, it was later renamed to smbd in ubuntu 16. If you cannot start the smbd service, try the samba command
Now we can see our shared folder in a networked environment. We will locate our IP address by using the ifconfig command.
root@host:~# ifconfig Command 'ifconfig' not found, but can be installed with: apt install net-tools root@host:~#
If you received an error message like the one above, we simply need to install an additional package called nettools.
root@host:~#/etc/samba# apt install net-tools Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: efibootmgr fonts-liberation2 fonts-opensymbol gir1.2-geocodeglib-1.0 gir1.2-gst-plugins-base-1.0 gir1.2-gstreamer-1.0 gir1.2-gudev-1.0 gir1.2-udisks-2.0 grilo-plugins-0.3-base gstreamer1.0-gtk3 libboost-date-time1.65.1 libboost-filesystem1.65.1 libboost-iostreams1.65.1 libboost-locale1.65.1 libcdr-0.1-1 libclucene-contribs1v5 libclucene-core1v5 libcmis-0.5-5v5 libcolamd2 libdazzle-1.0-0 libe-book-0.1-1 libedataserverui-1.2-2 libeot0 libepubgen-0.1-1 libetonyek-0.1-1 libevent-2.1-6 libexiv2-14 libfreerdp-client2-2 libfreerdp2-2 libfwup1 libgc1c2 libgee-0.8-2 libgexiv2-2 libgom-1.0-0 libgpgmepp6 libgpod-common libgpod4 liblangtag-common liblangtag1 liblirc-client0 libllvm8 liblua5.3-0 libmediaart-2.0-0 libmspub-0.1-1 libodfgen-0.1-1 libqqwing2v5 libraw16 librevenge-0.0-0 libsgutils2-2 libssh-4 libsuitesparseconfig5 libvncclient1 libwayland-egl1-mesa libwinpr2-2 libxapian30 libxmlsec1 libxmlsec1-nss lp-solve media-player-info python3-mako python3-markupsafe syslinux syslinux-common syslinux-legacy usb-creator-common Use 'apt autoremove' to remove them. The following NEW packages will be installed: net-tools 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 194 kB of archives. After this operation, 803 kB of additional disk space will be used. Get:1 http://by.archive.ubuntu.com/ubuntu bionic/main amd64 net-tools amd64 1.60+git20161116.90da8a0-1ubuntu1 [194 kB] Fetched 194 kB in 0s (1.737 kB/s) Selecting previously unselected package net-tools. (Reading database ... 151714 files and directories currently installed.) Preparing to unpack .../net-tools_1.60+git20161116.90da8a0-1ubuntu1_amd64.deb ... Unpacking net-tools (1.60+git20161116.90da8a0-1ubuntu1) ... Setting up net-tools (1.60+git20161116.90da8a0-1ubuntu1) ... Processing triggers for man-db (2.8.3-2ubuntu0.1) ... root@host:~#/etc/samba#
Now, we can repeat the ifconfig command.
root@host:~#/etc/samba# ifconfig enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.88.207 netmask 255.255.255.0 broadcast 192.168.88.255 inet6 fe80::7e73:aaa2:eebd:4266 prefixlen 64 scopeid 0x20<link> ether 08:00:27:4a:9e:9d txqueuelen 1000 (Ethernet) RX packets 32348 bytes 34851594 (34.8 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 13521 bytes 1137635 (1.1 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 517 bytes 46151 (46.1 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 517 bytes 46151 (46.1 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 root@host:~#/etc/samba#
As we can see, our IP is 192.168.88.207.
To connect to the share on Windows, we need to go to the network environment and enter our IP address.
Next, because we don’t know the username and password, we will create them. Here we will set the up a user locally on the file server and then save them to our previously created smbusers file.
root@host:~#/etc/samba# useradd -c "samba user n1" -s /sbin/nologin user1 root@host:~#/etc/samba#
The command flags we used are broken down here. The “–s /sbin/nologin user1” means that the user will not be able to log into the server itself. This setting is a solid security measure.
root@host:~#/etc/samba# smbpasswd -a user1 New SMB password: Retype new SMB password: Added user user1. root@host:~#/etc/samba#
Now, we can go into the file system and try to log in. Once we can log in to the file server, we can create our folders and files as well as read other people's files and folders. Other users do not have the permissions needed to delete any of our files and folders. This setting, however, can be changed in the configuration file using the 'create mask' and 'directory mask' parameters. As a bonus, we will analyze a problematic situation that may arise and how to solve it.
As an example, a lawyer works in an organization and want to see what documents are in the file system. As an unauthorized user, he can go into the shared folder and view the files, but he will not be able to change or edit them. User1 and those who are in this group, will by default, be able to edit and delete files.
So, let's include all the users in the same group. We can accomplish this by creating a new group.
root@host:~# groupadd buh root@host:~#
We then set the default group for both user1 and user2.
root@host:~# usermod -g buh user1 root@host:~# root@host:~# usermod -g buh user2 root@host:~#
We can now restart Samba to apply the new changes.
root@host:~# service smbd restart root@host:~#
Now, we can change the ownership settings for all the files and for the folder itself.
root@host:~# chown -R user1:buh /opt/FirstTestShare root@host:~#
Now, user2 will be able to edit files in the Buh folder, like user1. You can also accomplish this with other users as well.
Another essential aspect of these settings is that users can download and modify a file, then re-save it to the shared folder. But imagine a situation in which a user opened the file to see its contents but failed to close it. Another user wants to open this file from a different location. The file will be locked from being edited because the first user has it open. If another user attempts to open the file, the file will be opened, but in a read-only mode. They will be able to view it, but they cannot edit it.
In such situations, there exists a smbstatus utility that allows us to see who has the file open.
In the Service section, we can see that there is a file with the pid number 9127. In order to close the file and start working on it, we can forcibly close the file using the kill command with our pid number.
sudo kill -9 9127
In this tutorial, we learned how to install Samba and customize it to meet our needs. We created users, set up user groups to work with and share files, and finally, solved some simple problems that may arise during file sharing.
Talk To An Expert Today!
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.