What is SAMBA? Samba: installation, configuration, optimization of work Configuring samba server under Linux.
Samba is software for organizing file exchange and working with shared resources between computers running Linux / Unix and Windows operating system. Samba consists of a client-side and a server-side. The client side allows you to access network folders and Windows resources, and the server side, in turn, opens shared access to the Ubuntu folder for other machines, including Windows.
This short tutorial will walk you through the simplest setup of Samba Ubuntu 18.04, as well as how to set up shared access to the Ubuntu folder with multiple privilege levels.
We will create three shared folders with different permission levels. A folder with anonymous access, with access for users belonging to a specific group and access only for a specific user.
Both Linux and Widnows machines will be able to access shared folders in Ubuntu, using any program that works over the SMB protocol.
For everything to work properly, all machines must be in the same workgroup specified on the Samba server. By default, for Windows, Linux and MacOS, the workgroup is named Workgroup. To find out which workgroup is used in your Windows, open a command prompt (Win + R, then cmd) and run the following command:
net config workstation
We see the parameter we need in the line Workstation domain... This is the working group.
Now, if a computer with a Samba server in your network has a permanent IP address, it is advisable to enter it in the hosts file. To do this, run Command Prompt as administrator:
And run the command:
notepad C: \ Windows \ System32 \ drivers \ etc \ hosts
In the file that opens, add a line with the IP address of the computer on which Samba will be installed:
192.168.0.1 srvr1.domain.com srvr1
Now you can move on to the question of how to share the Ubuntu folder.
Samba setup on Ubuntu 16.04
Let's start as usual with the installation. Installing Samba Ubuntu along with all the necessary components is done with the command:
sudo apt-get install -y samba samba-common python-glade2 system-config-samba
When everything is installed, you can proceed to the configuration. First, back up the original Samba configuration file:
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
After creating a backup, create your configuration file with this command:
sudo vi /etc/samba/smb.conf
First, let's specify the global file server settings. To do this, insert the following lines into the file:
workgroup = WORKGROUP
netbios name = Ubuntu Share
dns proxy = no
max log size = 1000
passdb backend = tdbsam
unix password sync = yes
pam password change = yes
map to guest = bad user
usershare allow guests = yes
Let's take a closer look at what these lines mean.
- workgroup- the working group, as already mentioned, should be the same on all machines
- netbios name- the name of the computer that will be displayed in Windows;
- log file- the address of the file where error messages and other information will be stored;
- security- by default, perform user-level authentication;
- name resolve order- the order of resolution of IP addresses by NetBIOS name. bcast - means to send a broadcast request to the local network. If all computers between which you plan to interact are in the same network, this option is optimal;
- passdb backend- a way of storing user passwords;
- unix password sync- synchronization of samba user passwords with local Unix passwords;
- map to guest- indicates when the user will be granted guest access. There are three values available - never- never, bad user- when no such user exists, bad password- when the password is entered incorrectly,
When you've finished creating the configuration file, let's move on to the question of how to share the Ubuntu folder for Windows.
Share Ubuntu folder
First, let's create a shared folder available to everyone. That is, with anonymous access, without samba authorization.
Create a folder to which we will open access, for example:
sudo mkdir -p / samba / allaccess
After the folder is created, you need to set the correct access rights for it. The following commands allow everyone to access the folder and make the owner nobody:
cd / samba
sudo chmod -R 0755 allaccess
sudo chown -R nobody: nogroup allaccess /
The next step is to describe the allaccess folder in the samba configuration file:
path = / samba / allaccess
browsable = yes
writable = yes
guest ok = yes
read only = no
Your config file should now look like this:
workgroup = WORKGROUP
server string =% h server (Samba, Ubuntu)
netbios name = Ubuntu Share
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
passdb backend = tdbsam
unix password sync = yes
passwd program = / usr / bin / passwd% u
pam password change = yes
map to guest = bad user
usershare allow guests = yes
#==============
path = / samba / allaccess
browsable = yes
writable = yes
guest ok = yes
read only = no
Let's take a closer look at the options that were used here:
- path- the path to the folder you want to share;
- browsable- whether the folder will be displayed in the list of available shares;
- writable- whether the folder will be available for writing;
- read only- the folder is read-only;
- guest ok, public- whether guest access will be allowed;
- only guest- if set to yes, then the folder will be available only to guests;
- hosts allow- ip addresses from which you can get access to this server;
- valid users- by default, all users can log in, if a list of users is passed in this parameter, then only they can log in;
- create mask- mask of rights for created files.
Restart the Samba server to apply the changes:
sudo systemctl restart samba
Samba setup for Ubuntu 16.04 for anonymous access is now complete. Now you can check the availability of the allaccess shared folder from Windows, to do this press Win + R and run:
\\ srvr1 \ allaccess
You will see our folder. If you don't see it, check the configuration again. The folder can be accessed without samba authorization. Setting up Samba shares with unauthorized access is now complete.
You can also connect to this server from Linux using Nautilus, for this you just need to type the address smb: // server ip, under other places:
Protected Sharing Ubuntu Folder
To share a folder for Windows Ubuntu, to which only users from a specific group will have access, create a separate folder and describe it in the Samba configuration file in Ubuntu.
First, create a folder:
sudo mkdir -p / samba / allaccess / secured
Create a group:
sudo addgroup securedgroup
Setting up the rights:
cd / samba / allaccess
$ sudo chown -R richard: securedgroup secured
$ sudo chmod -R 0770 secured /
The last step is to add the settings to the samba config file:
sudo vi /etc/samba/smb.conf
path = / samba / allaccess / secured
valid users = @securedgroup
guest ok = no
writable = yes
browsable = yes
Restart the Samba server. Now only users of the securegroup can access the shared folder in Ubuntu.
To check how it works, let's add the user richard to our group:
sudo usermod -a -G securedgroup richard
Linux is a great operating system, but we’re not going to get away from Windows, and neither is it from us. Windows will always surround us - whether it is a home, corporate network or an Internet cafe. We constantly have to exchange documents with Windows computers - after all, not all users prefer to work in Linux. Having at its disposal a server on Linux , in any case, there will be a need to interact with Windows computers, so we will talk about connecting Linux to the Microsoft network.
Installing Samba
To install Samba, we need to install the samba and samba-client packages. It is also advisable to install the smbfs package. In addition, the system will update the samba-common package, which may already be installed on the system. All my manipulations will be carried out on Ubuntu 10.04, the main difference from other distributions is the installation method. For Ubuntu through the console, this way:
$ sudo apt - get install samba
Or using the Synaptic package manager, which I did, this option turned out to be more convenient for me, since I could select from the list those packages that I needed, these were:
samba
smbclient
samba-common
If you've used a different Linux distribution in the past, you're probably familiar with the LinNeighborhood program. It is a graphical program that allows you to view Windows network resources. There is no need for it in Ubuntu. First, the standard GNOME tools allow you to browse Windows networks. And secondly, for the sake of interest, the LinNeighborhood program was installed from one of the Ubuntu repositories. It turned out that this program, found by Synaptic, is not usable at all (localization issues). Well, okay, it makes sense to figure it out if there are excellent standard tools that already work.
Basic Samba setup
At this stage, we will assume that the utility is installed. The main Samba configuration file is /etc/samba/smb.conf. You need to open it and change several parameters. The first one is workgroup - it sets the name (of your choice) of the NT workgroup or domain:
WORKGROUP = MyHomeGroup
You can also set the comment parameter - this is a description of your computer:
comment = My Linux computer
Set the security parameter. If the network is client / server, then you need to select the server parameter, and ifpeer-to-peer network (i.e. a network without a dedicated server), then you need to select user or share:
security = share
Set the name of the guest account like this:
guest account = guest
You also need to configure encodings:
client code page = 866
character set = utf8
To make Samba run faster, set the following options:
socket options = TCP_NO DELAY SO_RCVBUF = 8192 SO_SNDBUF = 8192
dns proxy = no
The interfaces parameter specifies the interfaces on which the Samba service should run. It is necessary to specify the interfaces that connect our machine to Windows networks:
interfaces = 192.168.0.22/24
Configuring Shares
Now it remains to configure the resources that we want to provide for general use, this is the [ public].
# general directory
comment = Public Directory
# path
path = / var / samba
# not only reading
read only = no
# allow writing
writable = yes
# allow guest access
guest ok = yes
# allow viewing directory contents
browseable = yes
In this case, the / var / samba directory will be a shared resource on our computer (you need to create it, since there is no such directory on the system by default). Other users will be able to write their files to it (read only = no, writeable = yes), of course, they will be able to read them (browseable = yes). You do not need to check the username and password to access the resource (guest ok = yes) - the so-called guest access is used. The comment "Public Directory" will be seen by other users of the Windows network when viewing the resources of our computer.
If there is a need to provide general access ("share") to the user's home directories, then go to the section ;. Uncomment all lines commented out with a semicolon before the line ;. T . e. you should get the following:
comment = Home Directories
browseable = no
valid users =% S
writable = no
create mask = 0600
directory mask = 0700
For now, custom directories will not be visible in the list of shared resources, you can refer to them at \\ server \ username ... For example, \\ server \ petya. If you want the user resources to be browseable, then set the browseable parameter to yes:
browseable = yes
After all the changes, save the configuration file and start (or restart - restart) Samba:
$ sudo /etc/init.d/samba start
Viewing Windows Network Resources
You can view the resources of the Windows network using the smbclient program, but it works in text mode, so it is not very convenient to use. It is much more convenient to use a file browser to browse network resources. This can be done using the menu Transition | Connect to server ...
Samba Optimization Secrets
Now let's talk about how to make Samba run a little faster. If you open the smb.conf configuration file, you will find the wide links parameter in it. Never install it in no ! This will significantly reduce the performance of Samba. On the contrary, you need to set it to yes (if the wide links parameter was disabled before), which will significantly increase performance.
The wide links parameter determines how Samba follows symbolic links. If wide links = no, then Samba will not follow symbolic links outside the exported area. Samba first follows a symbolic link and then executes a so-called directory path lookup (a system call that determines where the link ended). This operation implies 6 more system calls than if wide links = yes. Considering that there are a lot of such operations being done, disabling wide links decreases Samba performance by about 30%.
Implementation of network protocols Server Message Block (SMB) and Common Internet File System (CIFS)... The main purpose is to share files and printers between Linux and Windows systems.
Samba consists of several daemons that run in the background and provide services and a number of command line tools for interacting with Windows services:
- smbd- a daemon that is an SMB server for file and print services;
- nmbd- a daemon that provides NetBIOS naming services;
- smblient- the utility provides command line access to SMB resources. It also allows you to get lists of shared resources on remote servers and view your network environment;
- smb.conf- configuration file containing settings for all Samba tools;
List of ports used by Samba
- share- This security mode emulates the authentication method used by Windows 9x / Windows Me operating systems. In this mode, usernames are ignored and passwords are assigned to shares. In this mode, Samba tries to use a client-supplied password that can be used by different users.
- user* - This security mode is set by default and uses a username and password for authentication, as is usually done in Linux. In most cases on modern operating systems, passwords are stored in an encrypted database that only Samba uses.
- server- This security mode is used when Samba needs to authenticate against another server. For clients, this mode looks the same as user-level authentication (user mode), but in fact, to perform authentication, Samba contacts the server specified in the password server parameter.
- domain- using this security mode, you can fully join a Windows domain; to clients it looks the same as user-level authentication. Unlike server-level authentication, domain-based authentication uses more secure domain-level password exchange. Full domain joins require additional commands on the Samba system and possibly on a domain controller.
- ads- This security mode is similar to the domain authentication method, but requires an Active Directory Domain Services domain controller.
Complete list of parameters Samba available in manpages.
Above was an example with access for a shared directory. Let's consider another example with a private directory, which can be accessed only by login and password.
Create a group and add a user to it
Sudo groupadd smbgrp sudo usermod -a -G smbgrp proft
Create a directory for the user and set the rights
Sudo mkdir -p / srv / samba / proft sudo chown -R proft: smbgrp / srv / samba / proft sudo chmod -R 0770 / srv / samba / proft
Create a samba user
Sudo smbpasswd -a proft
Add a new resource to /etc/samba/smb.conf
Path = / srv / samba / proft valid users = @smbgrp guest ok = no writable = yes browsable = yes
Let's restart the server
Sudo systemctl restart smbd
An example of configuring a resource that has symlink to the user's folder ( / srv / samba / media / video » / home / proft / video)
Path = / srv / samba / media guest ok = yes read only = yes browsable = yes force user = proft
Client setup
Viewing Shared Computer Resources
Smbclient -L 192.168.24.101 -U%
Another way to connect for anonymous user with command line
Smbclient -U nobody //192.168.24.101/public ls
If the server is configured with a higher security level, you may need to pass the username or domain name using the -W and -U options, respectively.
Smbclient -L 192.168.24.101 -U proft -W WORKGROUP
Mounting a samba resource
# create mount point mkdir -p ~ / shares / public # mount resource # for anonymous user nobody mount -t cifs //192.168.24.101/public / home / proft / shares / public -o user =, nobody password =, workgroup = WORKGROUP, ip = 192.168.24.101, utf8 # for user proft mount -t cifs //192.168.24.101/public / home / proft / shares / public -o user = proft, password = 1, workgroup = WORKGROUP, ip = 192.168. 24.101, utf8
Better yet, store passwords in a separate file.
# sudo vim / etc / samba / sambacreds username = proft password = 1 username = noboy password =
Let's set access rights 0600
Sudo chmod 0600 / etc / samba / sambacreds
New line to mount
Mount -t cifs //192.168.24.101/public / home / proft / shares / public -o user = proft, credentials = / etc / samba / sambacreds, workgroup = WORKGROUP, ip = 192.168.24.101
And an example for / etc / fstab
//192.168.24.101/public / home / proft / shares / public cifs noauto, username = proft, credentials = / etc / samba / sambacreds, workgroup = WORKGROUP, ip = 192.168.24.101 0 0
You can open a resource in the file manager Nautilus / Nemo / etc using this path smb: //192.268.24.101.
If Nemo writes Nemo cannot handle "smb" locations. means there is not enough package gvfs-smb.
Server access from Windows and Android client
Under Windows, you can find out the workgroup from the console using
Net config workstation
You can open resources on a remote machine by typing the UNC address in the Explorer line or in Run (Start - Run): \192.168.24.101 .
For Android, you can connect to the server using ES File Explorer, on the Network tab, add a server, simply by IP (without specifying a scheme, smb). Then you can open shared resources. For statistics: HDRIP-movie runs without slowdown.
Additional reading