In this setup I just need a little security ( I don' t want someone to accidently delete stuff from the LAN ) and two file shares, one file share with data stored in a RAID 1 array and one file share with insignificant data.
the server
# cat /etc/issue /etc/debian_version Debian GNU/Linux 7 \n \l 7.6
install samba
# apt-get install samba
backup original smb.conf and adjust smb.conf
# cp /etc/samba/smb.conf /etc/samba/smb.conf.0 # vi /etc/samba/smb.conf
save `smb.conf original (debian package default) and initial changes` to smb.conf.master
# cp /etc/samba/smb.conf /etc/samba/smb.conf.master
test smb.conf.master and create smb.conf
# testparm -s /etc/samba/smb.conf.master > /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf.master rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[share]" Loaded services file OK. Server role: ROLE_STANDALONE
the smb.conf
# cat /etc/samba/smb.conf [global] server string = %h samba interfaces = 192.0.2.29/32, eth0 map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb [homes] comment = Home Directories valid users = %S create mask = 0700 directory mask = 0700 browseable = No [share] comment = insigdato path = /insigdato read only = No create mask = 0755 guest ok = Yes
Create the system user smbuser
# adduser smbuser --system --shell /usr/sbin/nologin --home /home/sigdato Warning: The home dir /home/sigdato you specified already exists. Adding system user `smbuser' (UID 110) ... Adding new user `smbuser' (UID 110) with group `nogroup' ...
Add the smbuser to samba
# smbpasswd -L -a smbuser New SMB password: Retype new SMB password: Added user smbuser.
Adjust ownership of /insigdato
# chown -R smbuser.nogroup /insigdato/
Restart samba
# /etc/init.d/samba restart
Check the new share from another host in the LAN
# apt-get install smbclient # smbclient -U smbuser -L 192.0.2.29 Enter smbuser's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.6] Sharename Type Comment --------- ---- ------- share Disk insigdato IPC$ IPC IPC Service (kernel samba) smbuser Disk Home Directories Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.6]I can see the insigdato share ( 192.0.2.29:/insigdato ) and the share on the RAID 1 Array ( the smbuser 's home directory )
Mount a samba share in a linux system
# apt-get install samba-common # mkdir /insigdato_test # mount -v -t cifs //192.0.2.29/share /insigdato_test -o username=smbuser,password=pas,iocharset=utf8,file_mode=0777,dir_mode=0777,uid=clientuserwhere, pas is the samba password for smbuser
and clientuser is the client host unix user that owns the mounted samba share
the insigdato share should be visible and browsable from all hosts in the LAN but one needs to login as smbuser in order to write.
samba file shares