skip navigation

Content:: Samba server installation

Samba server setup
Last Modified: 2012-05-30
Using the Debian netinst CD's we can setup a Samba server in less than an hour, granted your internet connection is a fair speed. A Samba server can be used by just about any operating system to transfer and share files. This is primarily based on the setup I have that runs my home network. We'll run through some basic tool installation and the core samba server. It is HIGHLY recommended that you install some security software like an iptables firewall, logwatch and denyhost to name a few things.

Table of Contents
Core installation
Make sure our package management queries are up to date and the OS is upgraded. # apt-get update
# apt-get upgrade
Set up remote access with SSH, afterwords you can run "ifconfig" to determin the IP address of the system. This will allow you remote access to make copy and paste a lot easier. # apt-get install ssh
A few useful tools that aren't neccessary for completing an installation. # apt-get install less
# apt-get install dnsutils
# apt-get install lynx
# apt-get install ncurses-hexedit
# apt-get install zip
# apt-get install bzip2
# apt-get install gcc
# apt-get install g++
The core Samba software which is the purpose of the installation.
# apt-get install samba
# apt-get install smbclient
Filesystem used for mounting, etc.
# apt-get install smbfs
Setting a static IP Address
Go into the directory where the network configurations are. # cd /etc/network
Make a backup copy of your interface file. # cp interfaces interfaces.orig
Use your favorite editor to edit the interfaces file # nano interfaces
We'll first comment out the default DHCP lines and add some more. You will want to verify your interface. In general eth0 will be your default
#allow-hotplug eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static
Restart your interface (you will need to re-establish your network connection if you are logged in via SSH. # ifdown eth0 && ifup eth0

Testing a Samba account
You should have at least one user at this point.
Run the smbpasswd command to create a password for this account # smbpasswd -a <account>
New SMB password:
Retype new SMB password:

Use the smbclient program to test the connection. # smbclient -U <account> -L
You should recieve a password prompt
Enter <account>'s password: 
Followed by some information
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.5.6]

        Sharename       Type      Comment
        ---------       ----      -------
        print$          Disk      Printer Drivers
        IPC$            IPC       IPC Service (croatoan server)
        <account>       Disk      Home Directories
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.5.6]

        Server               Comment
        ---------            -------
        <Samba Server>         <Samba Server> server

        Workgroup            Master
        ---------            -------
Yes, your server is now working! However I'd recommend doing a few configurations before patting yourself on the back.
Setting up groups for shares
For groups I tend to create a user without shell access which will create the home directories, add a user and create a group.
The main shares I have use are for music, installation programs, iso files, dvd repository, a general storage and access to my web development web server. # useradd -d /home/music -m -s /bin/false music
# useradd -d /var/www -m -s /bin/false www
# useradd -d /home/programs -m -s /bin/false programs
# useradd -d /home/iso -m -s /bin/false iso
# useradd -d /home/dvd -m -s /bin/false dvd
# useradd -d /home/storage -m -s /bin/false storage
We will change the permissions on the sub folders to allow read, write and execute access for the user and group. # chmod 2770 /home/dvd
# chmod 2770 /home/iso
# chmod 2770 /home/music
# chmod 2770 /home/programs
# chmod 2770 /home/storage/
Adding a user can be done in the same fashion.
We'll change the permissions on the user that was created during the installation and the user we tested the server connection with.
We'll add full access for the user and no access for the group and everyone. # chmod 700 <account>/

Lastly we'll add our user account to the groups we created above. usermod -a -G music <account>
usermod -a -G www <account>
usermod -a -G programs <account>
usermod -a -G iso <account>
usermod -a -G dvd <account>
usermod -a -G storage <account>
Configuring your Samba server
The samba configuration files are stored in /etc/samba, the primary one we'll be working with is the smb.conf file. # cd /etc/samba
# cp smb.conf smb.conf.orig
# nano smb.conf
We'll do some simple configurations, use the generic workgroup "WORKGROUP", configure the back end password storage and set up some logging. The shares are pretty generic. Individual users will have a home directory and each of our previously created groups for the shares.
#======================= Global Settings =======================
        workgroup = WORKGROUP
        encrypt passwords = true
# Permission fix (setgid) for mac
        unix extensions = off
# Domain
        domain logons = yes
# PAM/SMB authentication
        #security = user
        #passdb backend = smbpasswd
        passdb backend = tdbsam
        obey pam restrictions = yes
        unix password sync = yes
# Kerberos
#       security = ADS
#       realm = <Domain>
#       kerberos method = system keytab
# Logging
        log file = /var/log/samba/samba.log
        max log size = 1000
        syslog = 0
#======================= No Printing =============================
#load printers = no
#show add printer wizard = no
#printing = none
#printcap name = /dev/null
#disable spoolss = yes

#======================= Share Definitions =======================
        comment = Home Directories
        browseable = no
        read only = no
        create mask = 0700
        directory mask = 0700
        valid users = %S
        comment = STORAGE
        read only = no
        locking = no
        path = /home/storage
        guest ok = no
        inherit permissions = yes
        inherit acls = yes
        comment = DVD
        read only = no
        locking = no
        path = /home/dvd
        guest ok = no
        inherit permissions = yes
        inherit acls = yes
        comment = ISO
        read only = no
        locking = no
        path = /home/iso
        guest ok = no
        inherit permissions = yes
        inherit acls = yes
        comment = PROGRAMS
        read only = no
        locking = no
        path = /home/programs
        guest ok = no
        inherit permissions = yes
        inherit acls = yes
        comment = WWW
        read only = no
        locking = no
        path = /var/www
        guest ok = no
        inherit permissions = yes
        inherit acls = yes
        comment = MUSIC
        read only = no
        locking = no
        path = /home/music
        guest ok = no
        inherit permissions = yes
        inherit acls = yes

After any changes to the configuration file, or additions to the groups the samba server must be restarted for the changes to take place. # /etc/init.d/samba restart
Mounting the shares
With the later versions of debian getting around mounting as the root user can be quite a hassle. I've seen many ways of doing it online but did not like any of them. Running as the sudo user or root user you can mount a share as a specific user. You will need to know the user id and group id you can determine this by viewing the password file. # cat /etc/passwd |grep <account>
smbmount //<account> /mnt/<account> -o user=<account>,uid=1000,gid=1000