Home

File sharing with samba

Install the samba package.

Configuring samba

Start by copying the default config from the samba git repo to /etc/samba/smb.conf. In this file change/set the following global configuration values:

workgroup = WORKGROUP
server string = Fiiillleees
hosts allow = 192.168. 192.178. 127.
log file = /var/log/samba/%m.log
guest account = smbshare

load printers = No
printcap name = /dev/null
disable spoolss = Yes

# map non-existent user ids to guest user
map to guest = Bad User

This will enable anyone on the local network (assuming a 192.168.0.0/16 network) to access the network shares. This is suitable for a lazy home setup or LAN party.

Anonymous users use the guest account. There is also one user account (loebl) for write access to all shares to add data without ssh access.

Create the guest user

The guest user only has to exist, he does not login. Make this user part of the netusers group created earlier.

useradd smbshare
usermod -d / -s /usr/bin/nologin smbshare
usermod -a -G netusers smbshare

Create the normal user

In addition to exist in the base system, the user also has to be added to the samba user database.

#useradd loebl #loebl already exists on the system is reused as samba login
#passwd loebl
smbpasswd -a loebl

Create the directories for the shares

Directories to share have to be created (duh). I am setting a flag that lets newly created sub-directories inherit the group of their parent. This way the group will always be the share group.

mkdir /srv/storage/video
chown loebl:netusers /srv/storage/video
chmod 2775 /srv/storage/video
#repeat for other folders

Create a share

Shares are defined after the global section in /etc/samba/smb.conf. The section name is the name of the share on the network.

Write permissions for specific users can be given with the option write list. Groups can bi given in the write list by prepending them with an @.

# share the films read only and allow guest access
[video]
  path = /srv/storage/video
  read only = yes
  guest ok = yes

[data]
  path = /srv/storage/data
  writeable = yes
  guest ok = yes
  write list = loebl

[misc]
  path = /srv/storage/misc
  read only = yes
  guest ok = yes

Automatically starting samba server and netbios server

The NetBios server can safely be enabled to start at boot: systemctl enable nmbd.service. The samba server should only be started if the storage is available. For this we use the same approach as was used for the torrent server. Edit the storage mount: sytemctl edit srv-stroage.mount and add another Wants line (or create the Unit section and add the first Wants line):

[Unit]
Wants=smbd.service

Also edit smbd.service to state the dependency on this mount. Enabling smbd.service is not recommended, as we don’t want it at boot time. systemctl edit smbd.service:

[Unit]
Requires=srv-storage.mount
After=srv-storage.mount

Firewall rule

There are mutliple rules needed to allow netbios and samba traffic through the firewall. Create the file in_nmbd.conf in /etc/nft_rules:

udp dport 137 accept
udp dport 138 accept

As well as in_smbd.conf:

tcp dport 139 accept
tcp dport 445 accept