Simple Samba Setup: Difference between revisions

From Coolscript
Jump to navigation Jump to search
No edit summary
No edit summary
Line 2: Line 2:




Install Samba on Debian or Ubuntu
=Install Samba on Debian or Ubuntu=
  apt-get install samba samba-common system-config-samba
  apt-get install samba samba-common system-config-samba



Revision as of 19:53, 16 March 2021

Simple Samba (SMB) Setup with the focus of having a file share method for www developers on windos machines.


Install Samba on Debian or Ubuntu

apt-get install samba samba-common system-config-samba


Configure Samba with a local user for www-data

Configure Samba with a local user to authenticate and enforce the user www-data to be used on the share level

  • Add a new group
addgroup sambagrp
  • Create a user (demo01), no home directory and no local login, just to authenticate with Samba, add the user to the new group
useradd demo01 -M -G sambagrp -s /usr/sbin/nologin 
  • Add a the new user (-a) to the Samba authentication and create a new password
smbpasswd -a demo01


  • Create or edit /etc/samba/smb.conf
[global]
   workgroup = WORKGROUP
   server string = %h server (Linux)
   interfaces = eth0
   bind interfaces only = yes
   log file = /var/log/samba/log.%m
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   obey pam restrictions = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = Yes
   map to guest = Bad User
   #log level = 4 #To be used for debugging purposes

[www]
   comment = www
   path = /var/www
   valid users = @sambagrp
   browsable = yes
   writable = yes
   read only = no
   force user = www-data


  • Restart Samba
systemctl restart smbd

Ready to use the demo01 user to connect to the Samba Server

Configure Samba with a foreign user for www-data

Configure a new user which gets authenticated with other methods such as 'sssd (ldap authentication)' like with ActiveDirectory

  • Add a new group, this time we use a ldap group
addgroup ldapgrp
  • Add the Ldap user to the new group
usermod -a -G ldapgrp  <ldap user>
  • Add a the new user (-a) to the Samba authentication and create a new password. This can become interesting because if the same password is used for ldap then the result will be some kind of a improved single sign on, ldap or active directory users will not get prompted for a password this way
smbpasswd -a <ldap user>
  • Create or edit /etc/samba/smb.conf, note that obey pam restrictions is not used anymore in this sample
[global]
   workgroup = WORKGROUP
   server string = %h server (Linux)
   interfaces = eth0
   bind interfaces only = yes
   log file = /var/log/samba/log.%m
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   #obey pam restrictions = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = Yes
   map to guest = Bad User
   #log level = 4 #To be used for debugging purposes

[www]
   comment = www
   path = /var/www
   valid users = @ldapgrp
   browsable = yes
   writable = yes
   read only = no
   force user = www-data



Maintenance Commands

Delete Windows Connection

This must be used whenever credentials or other share parameter has been changed==

  • Show connections
net use
  • Delete default connection
net use \\<Name or IP> /delete
  • Or delete a shared specific connection
net use \\<Name or IP>\sharename /delete