Samba Server Configuration - Simple
Note: There is another Network Share via Samba Tutorial at the following community wiki page: How to Create a Network Share Via Samba Via CLI (Command-line interface/Linux Terminal) - A Differing Procedure. That tutorial focuses on using the CLI and its procedure differs from the procedure documented in this wiki page.
Note: For Ubuntu 8.04 (Hardy) and later, shared directories are created directly from the directory. Browse to the location of the directory you would like to share, right-click the directory, and choose Sharing Options. Click the "Share this folder".
The shares are defined in the background using the "net usershare" command and the definitions are saved in /var/lib/samba/usershares/ . Therefore, shares defined with this method are not visible in smb.conf.
This section should allow you to "quick start" SMB shares between Ubuntu and either Ubuntu or Windows servers. The GUI method is easier to work with because:
- Shares are Public (browsable in Network Places)
- A password is not set for shares (they can be mounted by anyone).
However, remember that this is less secure.
Be warned you are installing a service (server) and you may wish to install a Firewall management utility to help prevent undesired access. See also the manual configuration sections below to learn how to "hide" your shares from browsing and set a password for access.
This section enables Ubuntu as a samba file server.
Sharing a directory
To share a directory you must have permission to access the directory. Go to your home directory ( Places → Home directory). Right click on the "Documents" directory and in the pop up menu select "Share Folder".
If samba is not installed, you will get a pop-up menu "Sharing services are not installed". Select "Install Windows networks support (SMB)" and deselect "Install Unix networks support (NFS)" → then click "Install services".
If you get an error message that the samba .deb could not be found, open a terminal and update apt-get.
sudo apt-get update
Try again and Ubuntu will download and install samba. Right click on the "Documents" directory and in the pop-up menu select "Share Folder". You will get a pop up menu "Share Folder". Select "Windows networks (SMB)" in the pull down menu and give your share a name in the "Name" box. Unselect the "Read only" check box if you want read/write access to the share. Click the "Share" button.
Windows XP Server
This section enables Windows XP as a samba file server.
Sharing a directory
1. On the Windows server, browse in explorer ("My Computer") to the location of the directory you wish to share (C:\Documents and Settings for example). Next right click on the directory to share and select "Sharing and Security...". In the pop-up dialog box click the "Sharing" tab. Click the "Network Setup Wizard" to configure your network to allow shares. Work your way through the wizard. Note the default workgroup is MSHOME. You may change this value if you like but all your computers should be in the same workgroup. Eventually you will be given the option to "Turn on file and printer sharing". This is the option you want, continue with the network wizard. You will have to restart your computer for the settings to take effect -> Restart Windows.
2. After rebooting, again open explorer ("My Computer") and navigate to the directory you wish to share. Again right click on the directory and select "Sharing and Security...". In the pop-up dialog box click the "Sharing" tab. In the "Network sharing and security" box, tic (select with the mouse) the "Share this folder on the network" box. Give the directory a share name. This will give read only access to Ubuntu computers via samba. To allow read/write access tic (select with the mouse) the "Allow network users to change my files" box. Click the "Apply" button and close the dialog box.
Samba Server Configuration by GUI
There are a few graphical tools available that offer more flexibility than the "Sharing Options" in the Nautilus context menu.
A fairly comprehensive graphical Samba configuration tool is available for KDE, by installing the "kdenetwork-filesharing" package. After install, you can find it by launching the KDE Control Center. (Alt-F2 and then type kcontrol). Browse to Internet & Network > Samba.
For Gnome, the package system-config-samba is convenient. Once installed, launch System - Administration - Samba. (Shares created using the "Sharing options" context menu will not be visible in this tool.)
A less friendly but also graphical tool is Swat, a web-based interface.
Samba Server Configuration in terminal
Configuration is performed by reading and editing /etc/samba/smb.conf, the configuration file for the samba server.
The following tips show how to do some basic things without installing additional software, using the command line. It is not difficult, just be careful with typos.
First open a terminal: Applications > System Tools > Terminal and open the file smb.conf
sudo nano -w /etc/samba/smb.conf
How to Save: To save in nano use "CTRL-O", then "CTRL-X".
Tip: Replacing sudo nano with gksudo gedit gives you a nice graphical editor.
The file *smb.conf* is divided in several sections:
Global Settings Debugging/Accounting Authentication Printing File sharing Misc Share Definitions
Comments may start with either a # or a ;
Let's start with Global Settings. Here you will see several lines, which you can also see in the graphical networktool like workgroup and wins server. If you changed everything to your liking already then you can skip this section, if not change to what you need. If you do not know what items mean, leave them be and read the relevant part in the real Samba-howto instead of randomly changing them. It will save you trouble-shooting later.
File Sharing (Basics)
The important part for us is File sharing. Samba shares are named in brackets, [ ], and configured by adding options in the lines that follow. Most options are boolean (yes / no).
We need to change:
[homes] comment = Home Directories browseable = no # By default, the home directories are exported read-only. Change next # parameter to 'yes' if you want to be able to write to them. writable = no
This describes your /home directory. Usually you want to share this directory in a home environment, because these are the files you want to share. To do so, make the following changes:
[homes] comment = Home Directories browseable = yes # By default, the home directories are exported read-only. Change the # next parameter to 'no' if you want to be able to write to them. read only = no
This finishes sharing your /home directory. The last thing we need to do is fixing a user.
Add users who can access your shares with the 'smbpasswd' command.
sudo smbpasswd -a username New SMB password: Retype new SMB password: Added user username. sudo smbpasswd -e username Enabled user username.
NOTE: the username used here should be a real user setup on your PC/Server. Reload Samba for every change to users/passwords or 'smb.conf'
sudo /etc/init.d/samba reload
NOTE: If the above command doesn't work for you, try:
sudo smbd reload
That's the basis of Samba file-sharing. Please leave your comments about what else is needed here.
- Can/should the SMB password be different from the user's system password? MartinSpacek - 2007-11-19
File Sharing (Advanced)
We started with the base of Samba file-sharing. The above-mentioned items should be enough to get you started. Next we will add details that you might or might not need.
If you have more than one network card
If you have more than one network card (or interface) then you have to define where you want Samba to run. In smb.conf under the [global] section, add:
interfaces = 127.0.0.1, 192.168.0.31/24 bind interfaces only = yes
The first address (127.0.0.1), is a loopback network connection (it's your own machine). The second address (192.168.0.31), is the address of the card you want Samba to run on, the second number (24) is the subnet default for a CLASS-C network. It may vary depending on your network.
With "bind interfaces only" you limit which interfaces on a machine will serve SMB requests.
You can limit which IP address can connect to your Samba server adding these lines:
hosts allow = 127.0.0.1, 192.168.0.31, 192.168.0.32 hosts deny = 0.0.0.0/0
The loopback address must be present in the first line. The second line deny access from all IP address not in the first line.
Private and public shares in same config
First you'll want to set this up in the [global] section of your smb.conf
[global] security = user encrypt passwords = true map to guest = bad user guest account = nobody
security = user restricts logins to users on your server. encrypt passwords = true is necessary for most modern versions of Windows to login to your shares. map to guest = bad user will map login attempts with bad user names to the guest account you specify with guest account = nobody. That is, if you attempt to login to the share with a user name not set up with smbpasswd the you will be logged in as the user nobody.
Next the private share
[private] comment = Private Share path = /path/to/share/point browseable = no read only = no
If browseable is set to no the share will not show up on graphical browsers such a "My Network Places" on Windows or Places -> Network on Ubuntu.
path is the path to the directory that you want to share out. browseable = no will have the share not show up when users browse the network. read only = no will let you, as an authenticated user, write to the share.
Finally, the public share
[public] comment = Public Share path = /path/to/share/point read only = no guest only = yes guest ok = yes
Again, path is the path to the directory that you want to share out. read only = no will allow users to write to this share. guest only = yes and guest ok = yes will allow guest logins and also force users to login as guests. The user you specified with guest account in the [global] section must have write permissions on /path/to/share/point in order to write files to the share.
Note: When Windows attempts to access a SMB share it will use the current Windows user name and password. The map to guest = bad user trick above allows access to the public share only if you give Samba an incorrect user name. If you give it a valid user name, but a bad password, the login will fail and Windows will give you a password prompt when you try to access the share. If you have the same user name for your Windows machine and your Ubuntu machine, you could be unwittingly giving the Samba server a valid user name, but invalid password. To resolve this you will either have to change the Windows user name, or to remove that user name from the Samba password file with sudo smbpasswd -x [username].
Note: The above uses security = user. To access the private shares you will have to make sure the user exists in smbpasswd. These users must also already exist as normal users on your machine. You add users to smbpasswd simply by running sudo smbpasswd -a [username] and giving a password.
To set permissions of newly created documents / files edit /etc/samba/smb.conf and in the [global] section add :
create mask = 0644 directory mask = 0755