banner Debian GNU/Linux

Linux File Server : Samba

File Sharing for Windows clients

This is part of a write-up of an attempt to use Linux as a "Small Business Server", and describes a simple Samba configuration.

create a share

creating a Windows shared directory on a Samba server is done by simply adding a section to the smb.conf file. Here, we simply share the complete /srv/smb directory as 'store'. Windows clients will then see "\\server\store" ...

This directory needs to exist, and as with filesharing under Windows with NTFS security, the filesystem can render a share unaccessible even if it is shared. So we will need to allow access. In order to do that, we will create a group (smbusers), add users to the group, and grant this group access to /srv/smb.

	mkdir /srv/smb
	groupadd smbusers
	chgrp -R smbusers /srv/smb
	chmod 770 /srv/smb

	# adding users to the group is taken care of when creating user accounts with 'useradd -g [-G]' 

to share /srv/smb as "store" on sambaserver, add a section like the following to etc/samba/smb.conf.

		comment= windows share on server
		path = /srv/smb
		public = yes
		browsable = yes
		writable = yes

The share is created simply by adding the section [store]. The properties of the share need to be set. refer to documentation ...

home directories

   		comment = Home Directories
   		browseable = no
   		writable = yes
		create mask = 0700
		directory mask = 0700

'create mask' and 'directory mask' set the permissions for files and directories.

[global] section

The [global] section sets the properties of the samba server itself, rather than the shares. This section should at least have yopur workgroup name.

Samba has a huge number of configurable options. Read the smb.conf(5) manual page (or the Samba Documentation online) in order to understand the options correctly.


		workgroup = SILLYSOFT

							# server string is the equivalent of the NT Description field
   		server string = %h server (Samba %v)

							# Windows Internet Name Serving Support Section:
		wins support = no
		;wins server = w.x.y.z
							# sets the name resolver order : 'host' = DNS + hostsfile
		name resolve order = host bcast lmhosts wins

		security = user				# forces users to authenticate before accessing shares

		### and so on ...

This setup (i.e. leave the defaults as installed - change/add only the stuff mentioned here) should allow for a quick setup of some basic file sharing : user homes + \\server\store.

More elaborate samba configuration :

create user accounts

Because we're implementing user-based authentication, we need to create user accounts. These users should have a UNIX account and a SAMBA account. Here is a procedure to create UNIX and SAMBA accounts ; you can choose to have the same user names and passwords for both, it makes things easier. Remember that access to samba shares is controlled both by samba and by unix file system permissions so you have to have both set correctly to allow users to do what they need to do, without allowing them too much access. The joy of system administration.

Web based GUI for easy administration

apt-get install swat (samba web administration tool). Swat re-writes smb.conf during setup, so set it up before you make changes to smb.conf. swat requires some additional editing in inetd.conf and /etc/services. man swat explains the details. For Debian, all you have to do is uncomment (remove #) in front of 'swat stream tcp ...' in /etc/inetd.conf. Then, browse to http://your_server:901. Passwords for loging in are sent as clear text.

Koen Noens
October 2005