Samba - SMB
Samba refers to a software suite that allows for file and print services to be shared across different operating systems, specifically between Linux/Unix and Windows systems. Samba implements the Server Message Block (SMB) protocol, which is widely used for sharing files, printers, and other resources in a network.
1. Install Samba on Ubuntu Server
Update your package list and install Samba:
sudo apt update sudo apt install sambaVerify Samba installation:
whereis samba
2. Configure Samba Shares
Let's configure the shares you need (editable and readonly).
Edit the Samba configuration file: Open the
smb.conffile:sudo nano /etc/samba/smb.confCreate the shares: Add the following configuration at the end of the
smb.conffile:[editable] path = /srv/samba/editable read only = no browsable = yes [readonly] path = /srv/samba/readonly read only = yes browsable = yeseditable: This share allows all users to read and write files.
readonly: This share allows all users to read but not modify the files.
Create directories for the shares:
sudo mkdir -p /srv/samba/editable /srv/samba/readonly sudo chmod -R 0777 /srv/samba/editable sudo chmod -R 0755 /srv/samba/readonly
You need to ensure that the user sambauser exists in the system before adding them to Samba otherwise we cannot set passwords to the samba user.
Creating samba users :
1. Create the System User
First, create a system user named sambauser (if it doesn't already exist) to be used by Samba
The shell /usr/sbin/nologin ensures that user cannot access shell on the server to harden the security:
sudo useradd -s /usr/sbin/nologin sambauser2. Add sambauser to Samba Database
sambauser to Samba DatabaseNow that the user exists, you can proceed with adding sambauser to the Samba database:
sudo smbpasswd -a sambauserThis will allow you to set a Samba-specific password for sambauser.
3. Enable the User
After setting the password, you need to enable the user in Samba:
sudo smbpasswd -e sambauserUFW Configuration
If you have enabled the UFW firewall across the organization then you might need to configure the ufw to access the smb
sudo ufw allow sambaIf you want to allow samba connections from specific IPs or network then we can do it using the following commands :
# IPs
sudo ufw allow 10.10.10.100 from any port 139
sudo ufw allow 10.10.10.100 from any port 445
# NETWORK
sudo ufw allow 10.10.10.0/24 from any port 139
sudo ufw allow 10.10.10.0/24 from any port 445Adding OpenLDAP authentication (EXPERIMENTAL)
You can configure Samba to authenticate against an LDAP directory for user management. Make sure you have an LDAP server set up before proceeding.
Install necessary packages:
sudo apt install libpam-ldap libnss-ldap nsswitch.conf libpam-mount libnss-dbConfigure PAM to use LDAP: Edit the
/etc/nsswitch.conffile to ensure that the system checks the LDAP server for user and group information.In
/etc/nsswitch.conf, modify the following lines to includeldap:passwd: compat ldap group: compat ldap shadow: compat ldapConfigure
/etc/pam.d/common-sessionto use LDAP for authentication: Ensure this line is present:session required pam_ldap.soConfigure the Samba LDAP authentication: Edit the
/etc/samba/smb.conffile and include the following:[global] security = user passdb backend = ldapsam:ldap://localhost ldap admin dn = "cn=admin,dc=example,dc=com" ldap suffix = "dc=example,dc=com" ldap group suffix = "ou=Groups,dc=example,dc=com" ldap user suffix = "ou=Users,dc=example,dc=com"Replace
dc=example,dc=comwith the correct base DN for your LDAP directory.
5. Restart Samba Service
After configuring the shares and LDAP authentication, restart the Samba service to apply the changes:
sudo systemctl restart smbdLast updated