samba

Samba Notes, simple file shares setup, like install samba on debian but for a wheezy server and a bit more thorough.

In this setup I just need a little security ( I don' t want someone to accidently delete stuff from the LAN ) and two file shares, one file share with data stored in a RAID 1 array and one file share with insignificant data.

the server
# cat /etc/issue /etc/debian_version 
Debian GNU/Linux 7 \n \l

7.6


install samba
# apt-get install samba


backup original smb.conf and adjust smb.conf
# cp /etc/samba/smb.conf /etc/samba/smb.conf.0
# vi /etc/samba/smb.conf


save `smb.conf original (debian package default) and initial changes` to smb.conf.master
# cp /etc/samba/smb.conf /etc/samba/smb.conf.master


test smb.conf.master and create smb.conf
# testparm -s /etc/samba/smb.conf.master > /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf.master
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[share]"
Loaded services file OK.
Server role: ROLE_STANDALONE


the smb.conf
# cat /etc/samba/smb.conf
[global]
 server string = %h samba
 interfaces = 192.0.2.29/32, eth0
 map to guest = Bad User
 obey pam restrictions = Yes
 pam password change = Yes
 passwd program = /usr/bin/passwd %u
 passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
 unix password sync = Yes
 syslog = 0
 log file = /var/log/samba/log.%m
 max log size = 1000
 dns proxy = No
 usershare allow guests = Yes
 panic action = /usr/share/samba/panic-action %d
 idmap config * : backend = tdb

[homes]
 comment = Home Directories
 valid users = %S
 create mask = 0700
 directory mask = 0700
 browseable = No

[share]
 comment = insigdato
 path = /insigdato
 read only = No
 create mask = 0755
 guest ok = Yes


Create the system user smbuser
# adduser smbuser --system --shell /usr/sbin/nologin --home /home/sigdato 
Warning: The home dir /home/sigdato you specified already exists.
Adding system user `smbuser' (UID 110) ...
Adding new user `smbuser' (UID 110) with group `nogroup' ...


Add the smbuser to samba
# smbpasswd -L -a smbuser
New SMB password:
Retype new SMB password:
Added user smbuser.


Adjust ownership of /insigdato
# chown -R smbuser.nogroup /insigdato/


Restart samba
# /etc/init.d/samba restart


Check the new share from another host in the LAN
# apt-get install smbclient
# smbclient -U smbuser -L 192.0.2.29
Enter smbuser's password: 
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.6]

 Sharename       Type      Comment
 ---------       ----      -------
 share           Disk      insigdato
 IPC$            IPC       IPC Service (kernel samba)
 smbuser         Disk      Home Directories
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.6]

I can see the insigdato share ( 192.0.2.29:/insigdato ) and the share on the RAID 1 Array ( the smbuser 's home directory )

Mount a samba share in a linux system
# apt-get install samba-common
# mkdir /insigdato_test
# mount -v -t cifs //192.0.2.29/share /insigdato_test -o username=smbuser,password=pas,iocharset=utf8,file_mode=0777,dir_mode=0777,uid=clientuser
where, pas is the samba password for smbuser
and clientuser is the client host unix user that owns the mounted samba share


the insigdato share should be visible and browsable from all hosts in the LAN but one needs to login as smbuser in order to write.



samba file shares