Overclock.net › How To's › How To Run A Linux Based File Server Using Samba

How To Run A Linux Based File Server Using Samba

Introduction

So, you want to setup a file server....maybe for home or a small office? There are a lot of options out there, but the old saying holds true "The best things in life are free." And that applies here, too! Setting up a file server is quite simple, especially on Linux. It's easy, very stable, and like I said, free!

In this guide I'll go through the steps necessary to setup a file server on a Linux-based system using Samba. Then, I'll show you the different ways available to you to manage that samba server.


What is Samba?

Samba is the open-source platform for SMB/CIFS based file and print sharing. The name Samba comes from the first part of that protocol, SMB, or Server Message Block, which is the standard Microsoft network file system. If you're wondering, CIFS stands for Common Internet File System.

It is normally used to share files in a heterogeneous environment where UNIX-based systems and Windows-based systems are present. As mentioned earlier, it can also be used to share printers over the network.


Installation

Installation is extremely simple, as Samba is available in all major distribution's repos - if it isn't already installed by default.

On a Debian-based system enter the following into a terminal:
Code:
$ sudo apt-get install samba smbclient samba-common

On an RPM-based system enter the following into a terminal:
Code:
$ su -c yum install samba smbclient samba-common

Or, if you want to compile from source, grab the source here

Then, as root:
Code:
$ tar xvzf samba-latest.tar.gz
$ cd samba*/source3
$ ./autogen.sh

This will give you a ./configure script with which to build the binary package against your specific system. If you need any non-standard options, check ./configure --help for some guidance.

Then, continue to build the binaries an install the package:
Code:
$ ./configure [...options...]
$ make
$ make install

And, voila, Samba is install from source.



Surprisingly enough, the defaults Samba ships with are good enough for 99.99% of deployments. It would be the exception rather than the rule that someone would need additional compile-time options for a Samba package.


Configuring Samba

There are two ways with which to administer a Samba server; via command line (CLI) or via SWAT, which is a web-based GUI. Either will get the job done the same, but we'll go over both. As always, since this is Linux, you should be comfortable with the CLI way of doing things.

Before you continue however, add a user into Samba for yourself. You should map this to your normal username:

As root run:
Code:
$ smbpasswd -a USER
New SMB password:
Retype new SMB password:

Note: The USER account for Samba must exist as a user on the Linux system already.


Configure via CLI

All configuration for Samba shares is done via /etc/samba/smb.conf. Open it in your editor of choice and you will see something similar to this:
Code:
[global]
        netbios name = ****
        guest account = ****
        server string = ****
        encrypt passwords = true
        smb passwd file = /etc/smbpasswd
        hosts allow = ****
        hosts deny = ****
        workgroup = WORKGROUP
        map to guest = bad user
        security = user
        wins support = true
        log file = /var/log/samba/%m.log

These are the global defaults used by the server. I'll explain them line by line:

netbios name - this is the name of the server of which Samba is on and should respond to. For example, if this string was ServerA then typing \\ServerA\ into a Windows Explorer window would bring you to the root of the Samba server's shares where all available shares are shown.

guest account - Use this if you want to support a guest account which is unprivileged and can be given out publicly. In share sections (described later) this account can be used to access the share without a password

server string - Defines a message string to be given when a user connects to the server.

encrypt passwords - By default, passwords for connecting to the server/shares are sent in clear text. Setting this to true encrypts the passwords for added security.

smb password file - Specifies the smbpasswd file that the Server uses to authenticate users. It is simply a copy of /etc/passwd with entries for valid users who can connect to the server.

hosts allow - With this you can specify specific computers or network address which can access the shares. For example hosts allow = 192.168.1 would explicitly allow all hosts on the 192.168.1.0/24 network access.

hosts deny - The exact opposite of hosts allow. Allow listed here will be explicitly denied access.

workgroup - Specifies the workgroup the server will appear in. It is very important to have the server and client's workgroups match.

map to guest - Use this if you want Samba to map an unrecognized user to a specific account. In my case, the bad user value denies access to users who specify a bad password on user account that exists - or if the username specifies does not exist the client is mapped to the guest account. Set this to Never is you want it to straight up deny access.

security - If set to user the server will require any connections to authenticate with a valid username and password first. The entry must be in both /etc/passwd and /etc/smbpasswd. Another option is share in which case the server expects a password for each share, not each user.

wins support - Set this to yes to support the WINS protocol for name resolution.

log file - Samba allows you to log each connection or connection attempt. This specifies the path to the log file it should use. Note that the %m.log at the end of the file path tells the server to create a new entry for each machine that it talks to, under the /var/log/samba directory.


There are literally dozens more options that can be put under the [Global] header, much to much for this guide. Consult Samba's documention or visit www.samba.org if you want to learn more.


Now, onto listing shares. It is quite easy a workable template is as follows:
Code:
[Movies]
        path = /mnt/Warehouse/Movies
        guest ok = yes
        public = yes
        writeable = yes
        valid users = turtle user2 user3
        read only = no

The [Movies] line is the name of the Share, and is what the folder name in Windows Explorer will be.

path - Specifies the absolute path to the intended share folder. Note that all sub-directories will likewise be shared.

guest ok - Specifies whether or not the guest account can access the specific share

public - Specifies if the share itself should be publicly browsable

writeable - Specifies if the share should allow network writes

valid users - Specifies specific users that have access to this share

read only - Specifies if the share should be mounted as read-only or not.

Additional options include:

invalid users - Specifies specific users that should be denied access to this share

force create mode - Use this to force a minimum set of UNIX-style permissions on all files created in this share. For example force create mode = 0755 would set all files that had less than 755 permissions placed in this folder as 755.

force directory mode - Same as above, but specifically for directories.



Again, there are literally dozens of more commands here. Check out the smb.conf man page for all of them.



Once you have all of your [Global] and [Share] options set in /etc/samba/smb.conf, exit and save the file. Then restart Samba. This will cause Samba to re-read the configuration file and thus change any options or add any new shares (or remove old ones). To test this, open a Windows Explorer window and point it to \\ServerName to see all of your shares, or specifically \\ServerName\Share for going directly to a specific share.


Configure via SWAT

SWAT is the web-based GUI configuration tool for Samba. To access it, point your web browser to servername:901 - as SWAT listens by default on port 901.

You should get something similar to this:
r00220010614cam01_01.gif

Click on the Globals and enter in the values for each field you want to set. If you don't want a field set, leave it blank.

btlb2702.jpg

When you are done, click Commit Changes

For shares, it is a similar methodology. Click on the Shares tab at the top then Create Share, and fill in the field as appropriate for the path and any variables you want set. If you don't want one set, leave the field blank.

r00220010614cam01_03.gif


When done, restart the daemon - and again, navigate to the server or share via Windows Explorer to see if it worked. If it did not, you'll want to check either SWAT or /etc/samba/smb.conf for typos - they are the most common source of problems for Samba configurations.



That's it! Now you have an extremely stable, easy to manage file server.

Comments (1)

Very nice! Thanks for taking the time to create this guide.
Overclock.net › How To's › How To Run A Linux Based File Server Using Samba