Simple Samba

Feb 5, 2020

As a first post I thought I would tackle a topic I initially avoided for quite a while, Samba. Setting up a Samba server can be incredibly simple and is a great first step to setting up your own personal cloud at home.

Sharing files via Samba allows me to go from my desktop to my laptop without skipping a beat. I can also feel at ease because my sensitive files are password protected and remain solely on the LAN.

For this post I started with a fresh install of Ubuntu 18.04 for both the server and the client. Other Linux distributions could easily be subbed in, but be aware the install packages and services might be slightly different.


Hardware

First off let me introduce my home server. I have an Intel Kaby Lake Pentium G4600 two core four thread CPU with 8 GB of DDR4 RAM. It’s capable system, but by no means a beast. You could easily repurpose an older system or use a single board computer such as a Raspberry Pi as a Samba Server. There are tons of great options out there. As a side note, prior to the Rasbperry Pi 4, the USB ports on Rasperry Pi’s connected to a combo hub/Ethernet chip and the ethernet throughput was hindered as a result. Something to keep in mind.


Server

Install Samba and create a backup of the default smb.conf config.

# apt update && apt install samba -y
# mv /etc/samba/smb.conf /etc/smb.conf.bak

Samba configs can get complicated fast and here I’m outling the bare minimum to get started. Each section is started with a name enclosed in brackets. The global section outlines the guest user and log settings. You will then need a section for each directory you want to share.

Here I am sharing the /tank/media/music directory with guest access and read only permissions. This configuration allows any user on the LAN to mount the music directory, but changes can’t be made to it as it is shared read only. I am also sharing the /tank/documents directory with security=user access and read/write permissions (both defaults). This configuration requires a samba user name and password before mounting the documents directory.

Create a new config /etc/samba/smb.conf (I like to create a new file to avoid clutter)

[global]
    map to guest = Bad User
    log file = /var/log/samba/%m
    log level = 1

[music]
    path = /tank/media/music
    read only = yes
    guest ok = yes

[documents]
    path = /tank/documents
    read only = no

Check the config file for errors.

$ testparm -s
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[music]"
Processing section "[documents]"
Loaded services file OK.
Server role: ROLE_STANDALONE

# Global parameters
[global]
	log file = /var/log/samba/%m
	map to guest = Bad User
	idmap config * : backend = tdb

[music]
    path = /tank/media/music
    guest ok = yes

[documents]
	path = /tank/documents
	read only = No

Samba requires a Linux user account. I’m going to go ahead a use my existing account, but a new one can also be created explicitly for Samba. While the user name is shared with Linux system, a new password needs to be set for Samba.

# smbpasswd -a pete

Next go ahead and start the Samba service and open up your firewall to allow Samba access.

# systemctl enable --now smbd.service
# ufw allow samba

That’s it! Now you have a working Samba server ready to be accessed.


Client

First install the necessary package.

# apt update && sudo apt install cifs-utils -y

Now go ahead and test your server by mounting one of the file systems. In this example I am mounting the documents share in the /mnt/documents directory on the client system in read/write mode with the uid of 1000 and a gid of 1000. You will be prompted for the Samba password you set earlier.

# mkdir /mnt/documents
# mount -t cifs //server_ip/documents /mnt/documents-ousername=pete,uid=1000,gid=1000

For simplicity both my server and client usernames, uids, and gids are the same, pete, 1000, 1000. I could have also created a user named samba on the server with uid=1001, gid=1001 and on the client computer still mounted the share as uid=1000 and gid=1000 (pete). A quick ip -a on the server will return its IP address if you don’t know it off hand.

Finally let’s get a permanent mount set up using fstab. Avoid storing your Samba password in plaintext by creating a credentials file at /etc/samba/credentials/share.

username=pete
password=this_is_my_password

Modify the permissions of the credential file to be readable/writable by root:

# chown root:root /etc/samba/credentials
# chmod 700 /etc/samba/credentials
# chmod 600 /etc/samba credentials/share

Enter a new line for each share in /etc/fstab:

//server_ip/music /home/pete/Music _netdev,ro,uid=1000,gid=1000 0 0
//server_ip/documents /home/pete/Documents _netdev,credentials=/etc/samba/credentials/share,uid=1000,gid=1000 0 0

Go ahead and either mount the shares right away or reboot.

# mount -a

For additional information I’d recommend checking out the Samba entry over at ArchWiki. There are a lot more advanced things you can do with Samba. I plan on tackling autofs mounting and VPN access in future installments.