How to configure Samba Server share on Debian 9 Stretch Linux

How to configure Samba Server share on Debian 9 Stretch Linux

The objective is to perform a basic configuration of Samba server on Debian 9 Stretch Linux to provide access to Samba shares via MS Windows client machine.

Operating System and Software Versions

  • Operating System: – Debian 9 Stretch
  • Software: – Samba 4.5.8-Debian

Requirements

Privileged access to your Debian system will be required.

Difficulty

EASY

Conventions

  • # – requires given command to be executed with root privileges either directly as a root user or by use of sudo command
  • $ – given command to be executed as a regular non-privileged user

Scenario

The below configuration procedure will assume a following scenario and pre-configured requirements:

  • Server and MS Windows client are located on the same network and no firewall is blocking any communication between the two
  • MS Windows client can resolve samba server by hostname samba-server
  • MS Windows client’s Workgroup domain is WORKGROUP

    Instructions

    Installation

    Let’s start by Samba server installation:

    # apt install samba
    

    Furthermore, for testing purpose it is also recommended to install samba client:

    # apt install smbclient
    

    Samba server should now be up and running on your system:

    # systemctl status smbd
    ● smbd.service - Samba SMB Daemon
       Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
       Active: active (running) since Tue 2017-06-13 10:35:34 AEST; 3min 32s ago
         Docs: man:smbd(8)
               man:samba(7)
               man:smb.conf(5)
     Main PID: 1654 (smbd)
       Status: "smbd: ready to serve connections..."
       CGroup: /system.slice/smbd.service
               ├─1654 /usr/sbin/smbd
               ├─1655 /usr/sbin/smbd
               ├─1656 /usr/sbin/smbd
               └─1659 /usr/sbin/smbd
    

    Default Samba Configuration

    The main Samba configuration file is called /etc/samba/smb.conf. Before we start editing smb.conf config file, let’s make a backup of the original configuration file and extract a current configuration relevant lines to a new smb.conf file:

    # cp /etc/samba/smb.conf /etc/samba/smb.conf_backup
    # grep -v -E "^#|^;" /etc/samba/smb.conf_backup | grep . > /etc/samba/smb.conf
    

    Your new /etc/samba/smb.conf should now contain:

    # cat /etc/samba/smb.conf
    [global]
       workgroup = WORKGROUP
       dns proxy = no
       log file = /var/log/samba/log.%m
       max log size = 1000
       syslog = 0
       panic action = /usr/share/samba/panic-action %d
       server role = standalone server
       passdb backend = tdbsam
       obey pam restrictions = yes
       unix password sync = yes
       passwd program = /usr/bin/passwd %u
       passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
       pam password change = yes
       map to guest = bad user
       usershare allow guests = yes
    [homes]
       comment = Home Directories
       browseable = no
       read only = yes
       create mask = 0700
       directory mask = 0700
       valid users = %S
    [printers]
       comment = All Printers
       browseable = no
       path = /var/spool/samba
       printable = yes
       guest ok = no
       read only = yes
       create mask = 0700
    [print$]
       comment = Printer Drivers
       path = /var/lib/samba/printers
       browseable = yes
       read only = yes
       guest ok = no
    

    Restart your samba server and use SMB client to confirm all exported samba groups:

    # systemctl restart smbd
    # smbclient -L localhost
    WARNING: The "syslog" option is deprecated
    Enter root's password: 
    Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.8-Debian]
    
            Sharename       Type      Comment
            ---------       ----      -------
            print$          Disk      Printer Drivers
            IPC$            IPC       IPC Service (Samba 4.5.8-Debian)
    Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.8-Debian]
    
            Server               Comment
            ---------            -------
            LASERPRINTER         
            LINUXMASTERSWIKI          Samba 4.5.8-Debian
    
            Workgroup            Master
            ---------            -------
            WORKGROUP            LINUXMASTERSWIKI
    

    Add Users

    Samba has its of user management system. However, any user existing on the samba user list must also exist within /etc/passwd file. From this reason, create a new user using useradd command before creating any new Samba user. Once your new system user eg. linuxmasterswiki exits, use smbpasswd command to create a new Samba user:

    # smbpasswd -a linuxmasterswiki
    New SMB password:
    

    Samba Home Directories Share

    By default all home directories are exported read-only and they are not browseable. To change this default configuration settings change the current homes share definition to:

    [homes]
       comment = Home Directories
       browseable = yes
       read only = no
       create mask = 0700
       directory mask = 0700
       valid users = %S
    

    Every time you make a change to your /etc/samba/smb.conf configuration file do not forget to restart your samba server daemon:

    # systemctl restart smbd
    

    Samba Public Anonymous Share

    The following Samba definition will allow any user to read and write data into Samba share under /var/samba/ directory. First, create a new directory and make it accessible by anyone:

    # mkdir /var/samba
    # chmod 777 /var/samba/
    

    Next, add a new samba share definition within your /etc/samba/smb.conf Samba configuration file:

    [public]
      comment = public anonymous access
      path = /var/samba/
      browsable =yes
      create mask = 0660
      directory mask = 0771
      writable = yes
    

    Restart your samba server daemon:

    # systemctl restart smbd
    

    Mount Samba Shares

    Now, we are ready to turn our attention to MS Windows machine and network map our new Samba share directories. Start by listing all available shares by \\samba-server command execution:

If all went well you should see the list of all browsable samba shares:

Next, map any of the shared directories by right-clicking on the share and selecting a Map Network Drive... option. Tick, Connect using different credentials option and finish the network drive mapping by supplying a user credentials created in previous steps:

Appendix

List Samba users:

# pdbedit -w -L

Delete Samba user:

# pdbedit -x -u username
 
Enjoyed this video?
How to configure Samba Server share on Debian 9 Stretch Linux
"No Thanks. Please Close This Box!"