Samba server
Installing the Samba server
In this recipe, we will learn how to install Samba as our network storage server. Samba is a collection of open source applications that implement Server Message Block (SMB) and Common Internet File System (CIFS) protocols on Unix systems. This allows Samba to be accessible across different types of network system. Samba provides various other functionalities, such as a domain controller for the networks of Windows systems. In this recipe, we will focus on using Samba as a storage server.
You will need access to a root account or an account with
sudo privileges
If your server is using any firewall system, make sure to open the necessary network ports. Samba runs on TCP 139 and 445 and UDP ports 137 and 138. Check Chapter 2, Networking, for more details on firewall configuration.
Follow these steps to install the Samba server:
- Install the Samba server with the following command:
$ sudo apt-get update $ sudo apt-get install samba -y
- After installation is complete, you can check the Samba version with the following command:
$ smbd --version - Next, we need to configure Samba to enable sharing on the network. First, create a backup of the original configuration file:
$ sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.orignl - Next, open
smb.confand replace its contents with the following:[global] workgroup = WORKGROUP server string = Samba Server netbios name = ubuntu security = user map to guest = bad user dns proxy = no [Public] path = /var/samba/shares/public browsable =yes writable = yes guest ok = yes read only = no create mask = 644
- Next, we need to create a shared directory:
$ sudo mkdir -p /var/samba/shares/public - Change the directory permissions to make it world writable:
$ sudo chmod 777 /var/samba/shares/public - Restart the Samba service for the changes to take effect:
$ sudo service smbd restart
Now you can access this Samba share on the Windows client. Open Windows Explorer and in the address bar, type in
\\ubuntu or \\your-server-ip. You should see the shared directory, Public, as follows:
Samba is quite an old technology, especially in the age of Cloud storage such as Dropbox and Amazon S3. However, when it comes to private networking, Samba offers a hassle-free setup and is always available for free. All you need is a small server with some free storage space. The release of Samba 4 has added Active Directory (AD) support. Now it's possible to set up Windows AD on Linux servers. Support for AD comes with a wide range of other features, including DNS for name resolution, centralized storage, and authentication with LDAP and Kerberos.
As you can see in the preceding example, setting up Samba is quick and easy, and you can easily get started with network storage within minutes. We can install the Samba server with a single command, as Samba packages are available in the Ubuntu default package repository. After installation, we have created a new quick and dirty configuration file which defines a few parameters, such as the server name (
netbios name) and a share definition. We have created a publicly-shared directory where everyone can read and write the contents.
Once you are done with installation and initial testing, make sure that you remove public sharing and enable authenticated access to your Samba shares. You don't want the server to fill up with data from unknown people. In the next recipes, we will take a closer look at user management and access control for Samba shares.
To secure your Samba installation and limit access to your local network or subnet, you can use the following configuration parameters:
[globals] hosts deny = ALL hosts allow = xxx.xxx.xxx.xxx/yy 127. interfaces = eth0 lo bind interfaces only = Yes
This configuration limits Samba to listen only on listed interfaces. In this case, its
eth0, the Ethernet network, and lo, localhost. Connection requests from all other hosts are denied.
If you need a simple file sharing tool for your personal use and do not want to set up and configure Samba, then you can try using a tool named OwnCloud. It is very similar to Dropbox and is open source. It gives you web access to all your files and documents. Plus, you get desktop and mobile client apps to sync all files to a remote server.
Another good tool is BitTorrent Sync. Again, this is a file synchronization tool, but this time it is peer-to-peer file synchronization. If you really care about the privacy and security of data, then this tool is made for you. All files are synchronized between two or more systems (say, your desktop and laptop) without the use of any centralized server.
- Ubuntu server guide for Samba at https://help.ubuntu.com/lts/serverguide/samba-fileserver.html
Adding users to the Samba server
In the previous recipe, we installed the Samba server and created a public share accessible to everyone. In this recipe, we will learn how to add authentication to the Samba server and password protect shared directories.
You will need access to a root account or an account with
sudo privileges.
Make sure that the Samba server is installed and running.
Follow these steps to add users to the Samba server:
- Create a new user account. You can use any existing account or add a new Samba only account with the following command. Change
smbuserto your desired username:$ sudo useradd -d /home/smbuser -s /sbin/nologin smbuser - Now, we need to allocate a Samba password to this new user. First, enter your
sudopassword, followed by the new password for your Samba account, and then verify the password:$ sudo smbpasswd -a smbuser
- Create a shared directory for this user and change its ownership:
$ sudo chown smbuser:smbuser /var/samba/share/smbuser - Next, edit the Samba configuration to add the preceding share:
[Private] path = /var/samba/shares/smbuser browsable = yes writable = yes valid users = smbuser
- Save the changes to the configuration file and reload the Samba server:
$ sudo service smbd reload - Now, check in Windows Explorer. You should see the new shared directory. On trying to open that directory, you will be asked for a Samba username and password:
Samba allows various different types of configuration for shared resources. In the previous recipe, we learned how to set up a public share, and in this recipe we have created a private share for a single user. We have created a new user with the
nologin permission. This will allow smbuser to access only the Samba shared directory and nothing else. You can also use existing user accounts on the Ubuntu server.
After adding a user, we set a password to be used with the Samba server. Samba maintains a database of passwords separately from Ubuntu passwords. You can enable or disable Samba users with the following commands:
- Enable a Samba user:
$ sudo smbpasswd -e username - Disable a Samba user:
$ sudo smbpasswd -d username - Remove a Samba user:
$ sudo smbpasswd -x username
To enable multiple users to access a shared resource, you can specify the list of users under the valid users line, as follows:
valid users = userone, usertwo, userthree
write list = userone, usertwo
Samba also supports the sharing of users,
home directories. This will enable users to create shares for all existing Ubuntu users with a single block of configuration. Add the following lines to the Samba configuration to enable the sharing of home directories:[homes] browseable = No valid users = %S
After this configuration, user's home directories will be available at
//server-name/user-name. You will be required to provide a username and password to access these shares. Home directories are by default shared as read only. To enable write permissions, add the following line to the preceding block:writable = yes
Note that on Windows, you will not be able to access multiple
home directories from a single Windows system. Windows does not allow multiple user authentications to a single host.
Alternatively, to share a directory with a group of users, you can use group sharing. Use the following line to share a directory with a group of users:
path=/var/samba/shares/group-share valid users = @groupname
Then, set group ownership on the directory,
group-share:$ sudo chgrp groupname /var/samba/shares/group-share
There are some other directives such as
create mask, directory mask, force user, and force group. These directives can be used to determine the permissions and ownership of the newly created files under Samba share.
After any changes to the Samba configuration file, use
testparm to check the configuration for any syntax errors:$ testparm
It should show the Loaded services file
OK message, as listed in following screenshot:
With the release of version 4, Samba can be set as a domain controller. Check the official documentation for more details at the following link:
You can also configure the Samba server to authenticate against the LDAP server. LDAP installation and configuration is covered in Chapter 14, Centralized Auth Service. For more details on Samba and LDAP integration, check out the Ubuntu server guide at https://help.ubuntu.com/lts/serverguide/samba-ldap.html.
- Linux home server Samba guide at http://www.brennan.id.au/18-Samba.html#useraccounts
Comments
Post a Comment