Install the samba package.
Configuring samba
Start by copying the default config from the
samba git repo to /etc/samba/smb.conf. In this file
change/set the following global configuration values:
workgroup = WORKGROUP
server string = Fiiillleees
hosts allow = 192.168. 192.178. 127.
log file = /var/log/samba/%m.log
guest account = smbshare
load printers = No
printcap name = /dev/null
disable spoolss = Yes
# map non-existent user ids to guest user
map to guest = Bad User
This will enable anyone on the local network (assuming a
192.168.0.0/16 network) to access the network shares. This is suitable
for a lazy home setup or LAN party.
Anonymous users use the guest account. There is also one user account
(loebl) for write access to all shares to add data without
ssh access.
Create the guest user
The guest user only has to exist, he does not login. Make this user
part of the netusers group created earlier.
useradd smbshare
usermod -d / -s /usr/bin/nologin smbshare
usermod -a -G netusers smbshare
Create the normal user
In addition to exist in the base system, the user also has to be
added to the samba user database.
#useradd loebl #loebl already exists on the system is reused as samba login
#passwd loebl
smbpasswd -a loebl
Create the directories
for the shares
Directories to share have to be created (duh). I am setting a flag
that lets newly created sub-directories inherit the group of their
parent. This way the group will always be the share group.
mkdir /srv/storage/video
chown loebl:netusers /srv/storage/video
chmod 2775 /srv/storage/video
#repeat for other folders
Create a share
Shares are defined after the global section in /etc/samba/smb.conf.
The section name is the name of the share on the network.
Write permissions for specific users can be given with the option
write list. Groups can bi given in the write list by
prepending them with an @.
# share the films read only and allow guest access
[video]
path = /srv/storage/video
read only = yes
guest ok = yes
[data]
path = /srv/storage/data
writeable = yes
guest ok = yes
write list = loebl
[misc]
path = /srv/storage/misc
read only = yes
guest ok = yes
Automatically
starting samba server and netbios server
The NetBios server can safely be enabled to start at boot:
systemctl enable nmbd.service. The samba server should only
be started if the storage is available. For this we use the same
approach as was used for the torrent server. Edit the storage mount:
sytemctl edit srv-stroage.mount and add another Wants line
(or create the Unit section and add the first Wants line):
[Unit]
Wants=smbd.service
Also edit smbd.service to state the dependency on this mount.
Enabling smbd.service is not recommended, as we don’t want it at boot
time. systemctl edit smbd.service:
[Unit]
Requires=srv-storage.mount
After=srv-storage.mount
Firewall rule
There are mutliple rules needed to allow netbios and samba traffic
through the firewall. Create the file in_nmbd.conf in
/etc/nft_rules:
udp dport 137 accept
udp dport 138 accept
As well as in_smbd.conf:
tcp dport 139 accept
tcp dport 445 accept