Simple Ubuntu Server: Part 7 – Setting Up Samba Shares

In Part 7 we start to get into the fun stuff, setting up samba shares! Samba is an implementation of SMB/CIFS (server message block/common internet file system) that facilitates sharing files and printers over different operating systems .

The first thing you’ll need to do is to get the samba packages by running the two commands below.

sudo apt-get update
sudo apt-get install samba smbfs

Once everything has been downloaded and installed, samba is ready to go, all you have to do now is edit its configuration file. With your favorite editor, open the file for editing after making a backup copy just in case something goes wrong.

sudo cp /etc/samba/smb.conf{,.orig}
sudo vi /etc/samba/smb.conf

Keep in mind that after any changes you make to the configuration file, you will need to restart the samba server for the changes to take affect.

sudo service smbd restart

The next thing you’ll want to do, especially if you’ve been following along in the earlier parts is to change the default security level so that every user that accesses your samba server has to have an account on that machine. To do so, remove the hashtag at the front of line 102 as shown below.

Before

Before

After

After

Save the file and exit. Next up, create a smbpasswd for each user that will have access to the machine. Since I want to give access to the user john.doe, I will use that username, but yours will be different.

sudo smbpasswd -a john.doe

Note that samba works in a 2-step authentication. First the username/password combo is checked against valid samba users and passwords. Second, the username is checked against valid users that have access to the shared resource (as setup below).

The next step is to create shared directories for the users to access. Most likely you already have these on your machine and/or know what they should be. For my server, I’m going to use a directory I just made in the /srv directory called sharedfiles.

Open up your smb.conf file again for editing. If you know you are in a different workgroup that the default (i.e. replacing an existing server, adding an additional server, matching a workgroup that already exists with a new server) change line 38 to match.

Workgroup name

Workgroup name

This next section is optional. If you want each of your users to have access to their home directories then you’ll edit lines below. If you refer back to the earlier post where I created users, I didn’t create home directories for them so I will skip this part, but if your users have home directories and you want them to have access, follow this part.

No access to home directories

No access to home directories

Access to home directories

Access to home directories

Your users will now be able to access their home directories by browsing to the samba server (in the case of my server)

\\myubuntuserver\john.doe

Also, if you remember the part about permissions and users/groups, you’ll note in the config file above that you can edit the permissions of created files and directories if you want. Note that the default allows full file & directory access for the user/owner and no access for anyone else. Line 279 starts the setup of roaming profiles which is beyond the scope of this section.

And now for the real shares (note that printers will be covered in a subsequent part that deals entirely with CUPS).  Scroll down to the very end of the file where you will add your own manual share definitions for the directories that you want others to have access to. For each of the directories, make a separate entry.

Shares definitions

Shares definitions

Explanation:

[officeshares]

this is the displayed name of the shared directory
comment = Office Shared Files

this is is the comment that appears with the name
path = /srv/sharedfiles

this is the path (from root) to the shared directory
read only = No

do you want the shared directory to be read only?
guest ok = No

do you want guests (i.e. no login credentials to be able to access the share?)
browseable = Yes

should the directory be browseable (i.e. should it appear if you browse to \\myubuntuserver?)
create mask = 0664

this is the file creation mask (0 is a "sticky bit" which you should leave at '0' unless you know otherwise to change it, and 664 for files if you remember refers to -rw-rw-r--)
directory mask = 0775

this is the directory creation mask (0 is a "stick bit" again, and 775 for directories refers to drwxrwxr-x)
valid users = @office.users

this specifies that only the users in the group "office.users" have access to the directory
force group = office.users

this is specifies that by default, the group owner for any created files/directories is the group office.users

Work through the next one, and see if you can figure out who has access.

Done? If you said, everyone, you’re right. This share is something I’ll use occasionally, and what it does is allows anyone that visits and plugs into you LAN to add or remove (but not execute) files and directories. This is most useful when you have, say a friend or consultant come visit and you need to transfer large files to/from that person but you don’t want to use an intermediary (like a flash drive or cd) and don’t want to temporarily give them a username/password to your machine. Note that I typically change a directory of this type so no user or group in particular owns it.

sudo chown nobody:nogroup /srv/transfer

When you are all finished adding your share definitions, run the following command:

testparm

Which will run through and check for common mistakes and errors and alert you as such. The output will look similar to what I have shown below. Remember that I did not share my users home directories.

testparm output

testparm output

If something is wrong, double check the changes/entries you made and restart samba and attempt to access your shares. The most common problems seem to be:

  • spelling/path errors (does the path exist?)
  • permission errors (your user or group does not have access to the shared directory)
  • user/group issues (does the user you are using to access the shared files exist in the correct group?)
  • restart the samba server

Once you fix all the error, you’ll have access are ready to roll!

One final note. If you want (a common reason if because you have lots of Windows machines on the same network) you can map usernames to correspond to an account on the server. This is done by adding the line:

username map = /etc/samba/smbusers

to the samba configuration file (/etc/samba/smb.conf). Then creating the file /etc/samba/smbusers, and populating it as illustrated below.

smbuser name map

smbuser name map 

Tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

Protected by WP Anti Spam