@JS's Notes

Site with notes from my work.

Samba stand-alone server on Debian 10

2020-09-20 System @JS

My test platform: Debian 10.5

Samba will be configured as a stand-alone server, not as a domain controller. Each user will have their own home directory available via the SMB protocol, and all users will have a shared directory with read/write access.

Requirements: user with root privileges or non-root user with sudo privileges.

Samba installation
$ sudo apt update && sudo apt upgrade -y
$ sudo apt install samba samba-common -y

Move default smb.conf file to smb.conf.org:

$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.org

Create a new /etc/samba/smb.conf and paste the code below in the file:

[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = ctx03vm
security = user
map to guest = bad user
dns proxy = no
  • workgroup - the workgroup name,
  • netbios name - netbios name for your server.

Restart Samba service to apply all the changes and verify status:

$ sudo systemctl restart smbd.service ; sudo systemctl status smbd.service
Adding Samba shares and users

Create the directories for sharing the files and change the group to the users group:

$ sudo mkdir -p /home/shares/allusers
$ sudo chown -R root:users /home/shares/allusers/
$ sudo chmod -R ug+rwx,o+rx-w /home/shares/allusers/
$ sudo mkdir -p /home/shares/anonymous
$ sudo chown -R root:users /home/shares/anonymous/
$ sudo chmod -R ug+rwx,o+rx-w /home/shares/anonymous/

Group share (allusers) - share that is accessible and writable for all members of users group. Add the following config at the end of the /etc/samba/smb.conf file:

[allusers]
  comment = All Users
  path = /home/shares/allusers
  valid users = @users
  force group = users
  create mask = 0660
  directory mask = 0771
  writable = yes

Home directories (homes) - if you want all users to be able to read and write to their home directories, add the following config at the end of the /etc/samba/smb.conf file:

[homes]
   comment = Home Directories
   browseable = no
   valid users = %S
   writable = yes
   create mask = 0700
   directory mask = 0700

Anonymous share (anonymous) - share open to anyone in the network. Add the following config at the end of the /etc/samba/smb.conf file:

[anonymous]
   path = /home/shares/anonymous
   force group = users
   create mask = 0660
   directory mask = 0771
   browsable =yes
   writable = yes
   guest ok = yes

Restart Samba service to apply all the changes and verify status:

$ sudo systemctl restart smbd.service; sudo systemctl status smbd.service

In this example, I will add a user named smbusr:

$ sudo useradd smbusr -m -G users

Add smbusr user to samba user database:

$ sudo smbpasswd -a smbusr

Now you should be able to log in from your Windows workstation with the file explorer using the username smbusr and the chosen password to Samba server.

Update 1 - Client with Debian 10

$ sudo apt install cifs-utils -y

A publicly shared directory can be mounted on the Linux client with the following command:

$ sudo mkdir /mnt/smbpoint
$ sudo mount -t cifs //<IP_Samba_address>/allusers /mnt/smbpoint -o user=smbusr
  • <IP_Samba_address> - Samba server IP address,
  • /mnt/smbpoint - mount point,
  • user=smbusr - samba user.

When mounting, the system asks for a password for smbusr user.

Debian 10
© 2019 - 2020 Created by @JS
Powered by Hugo