So, you want to setup a file server....maybe for home or a small office? There are a lot of options out there, but the old saying holds true "The best things in life are free." And that applies here, too! Setting up a file server is quite simple, especially on Linux. It's easy, very stable, and like I said, free!
In this guide I'll go through the steps necessary to setup a file server on a Linux-based system using Samba. Then, I'll show you the different ways available to you to manage that samba server.
What is Samba?
Samba is the open-source platform for SMB/CIFS based file and print sharing. The name Samba comes from the first part of that protocol, SMB, or Server Message Block, which is the standard Microsoft network file system. If you're wondering, CIFS stands for Common Internet File System.
It is normally used to share files in a heterogeneous environment where UNIX-based systems and Windows-based systems are present. As mentioned earlier, it can also be used to share printers over the network.
Installation is extremely simple, as Samba is available in all major distribution's repos - if it isn't already installed by default.
On a Debian-based system enter the following into a terminal:
$ sudo apt-get install samba smbclient samba-common
On an RPM-based system enter the following into a terminal:
$ su -c yum install samba smbclient samba-common
Or, if you want to compile from source, grab the source here
Then, as root:
$ tar xvzf samba-latest.tar.gz $ cd samba*/source3 $ ./autogen.sh
This will give you a ./configure script with which to build the binary package against your specific system. If you need any non-standard options, check ./configure --help for some guidance.
Then, continue to build the binaries an install the package:
$ ./configure [...options...] $ make $ make install
And, voila, Samba is install from source.
Surprisingly enough, the defaults Samba ships with are good enough for 99.99% of deployments. It would be the exception rather than the rule that someone would need additional compile-time options for a Samba package.
There are two ways with which to administer a Samba server; via command line (CLI) or via SWAT, which is a web-based GUI. Either will get the job done the same, but we'll go over both. As always, since this is Linux, you should be comfortable with the CLI way of doing things.
Before you continue however, add a user into Samba for yourself. You should map this to your normal username:
As root run:
$ smbpasswd -a USER New SMB password: Retype new SMB password:
Note: The USER account for Samba must exist as a user on the Linux system already.
Configure via CLI
All configuration for Samba shares is done via /etc/samba/smb.conf. Open it in your editor of choice and you will see something similar to this:
[global] netbios name = **** guest account = **** server string = **** encrypt passwords = true smb passwd file = /etc/smbpasswd hosts allow = **** hosts deny = **** workgroup = WORKGROUP map to guest = bad user security = user wins support = true log file = /var/log/samba/%m.log
These are the global defaults used by the server. I'll explain them line by line:
netbios name - this is the name of the server of which Samba is on and should respond to. For example, if this string was ServerA then typing \\ServerA\ into a Windows Explorer window would bring you to the root of the Samba server's shares where all available shares are shown.
guest account - Use this if you want to support a guest account which is unprivileged and can be given out publicly. In share sections (described later) this account can be used to access the share without a password
server string - Defines a message string to be given when a user connects to the server.
encrypt passwords - By default, passwords for connecting to the server/shares are sent in clear text. Setting this to true encrypts the passwords for added security.
smb password file - Specifies the smbpasswd file that the Server uses to authenticate users. It is simply a copy of /etc/passwd with entries for valid users who can connect to the server.
hosts allow - With this you can specify specific computers or network address which can access the shares. For example hosts allow = 192.168.1 would explicitly allow all hosts on the 192.168.1.0/24 network access.
hosts deny - The exact opposite of hosts allow. Allow listed here will be explicitly denied access.
workgroup - Specifies the workgroup the server will appear in. It is very important to have the server and client's workgroups match.
map to guest - Use this if you want Samba to map an unrecognized user to a specific account. In my case, the bad user value denies access to users who specify a bad password on user account that exists - or if the username specifies does not exist the client is mapped to the guest account. Set this to Never is you want it to straight up deny access.
security - If set to user the server will require any connections to authenticate with a valid username and password first. The entry must be in both /etc/passwd and /etc/smbpasswd. Another option is share in which case the server expects a password for each share, not each user.
wins support - Set this to yes to support the WINS protocol for name resolution.
log file - Samba allows you to log each connection or connection attempt. This specifies the path to the log file it should use. Note that the %m.log at the end of the file path tells the server to create a new entry for each machine that it talks to, under the /var/log/samba directory.
There are literally dozens more options that can be put under the [Global] header, much to much for this guide. Consult Samba's documention or visit www.samba.org if you want to learn more.
Now, onto listing shares. It is quite easy a workable template is as follows:
[Movies] path = /mnt/Warehouse/Movies guest ok = yes public = yes writeable = yes valid users = turtle user2 user3 read only = no
The [Movies] line is the name of the Share, and is what the folder name in Windows Explorer will be.
path - Specifies the absolute path to the intended share folder. Note that all sub-directories will likewise be shared.
guest ok - Specifies whether or not the guest account can access the specific share
public - Specifies if the share itself should be publicly browsable
writeable - Specifies if the share should allow network writes
valid users - Specifies specific users that have access to this share
read only - Specifies if the share should be mounted as read-only or not.
Additional options include:
invalid users - Specifies specific users that should be denied access to this share
force create mode - Use this to force a minimum set of UNIX-style permissions on all files created in this share. For example force create mode = 0755 would set all files that had less than 755 permissions placed in this folder as 755.
force directory mode - Same as above, but specifically for directories.
Again, there are literally dozens of more commands here. Check out the smb.conf man page for all of them.
Once you have all of your [Global] and [Share] options set in /etc/samba/smb.conf, exit and save the file. Then restart Samba. This will cause Samba to re-read the configuration file and thus change any options or add any new shares (or remove old ones). To test this, open a Windows Explorer window and point it to \\ServerName to see all of your shares, or specifically \\ServerName\Share for going directly to a specific share.
Configure via SWAT
SWAT is the web-based GUI configuration tool for Samba. To access it, point your web browser to servername:901 - as SWAT listens by default on port 901.
You should get something similar to this:
Click on the Globals and enter in the values for each field you want to set. If you don't want a field set, leave it blank.
When you are done, click Commit Changes
For shares, it is a similar methodology. Click on the Shares tab at the top then Create Share, and fill in the field as appropriate for the path and any variables you want set. If you don't want one set, leave the field blank.
When done, restart the daemon - and again, navigate to the server or share via Windows Explorer to see if it worked. If it did not, you'll want to check either SWAT or /etc/samba/smb.conf for typos - they are the most common source of problems for Samba configurations.
That's it! Now you have an extremely stable, easy to manage file server.