Using and configuring Samba under Linux/Unix

If you are working in a heterogeneous environment, that is Windows and Linux/Unix, chances are sooner or later you will have to deal with Samba. Samba's name comes from Microsoft's SMB (Server Message Block), which is the protocol used for Microsoft's standard network file system. We will show you how to install, configure and use Samba, and what advantages it can bring to your network, be it at home or at work. We expect you have some basic Linux/Unix administration knowledge and we expect you're not afraid of the command line. But first, what can you do with Samba? Where does it become useful for you?
 Samba is a piece of software very useful for interacting with the Windows systems in your network : it provides file sharing, printer sharing, Active Directory features and Primary Domain Controller integration. In practical terms, if you want to set up a file/print server for Windows machines, Samba is for you. Why wouldn't you use a Windows machine for the task? Well, you can profit by the increased security and stability a Linux/Unix system has to offer, for one. Next, you can set up a Samba server with a less powerful computer that runs no GUI or useless services. We set up a Samba server with Linux and it runs 24/7 since 2009-ish with no problems. And the hardware is almost ten years old, nonetheless it does the job very well, since Samba is not a CPU or memory hog. So, a Samba machine is the "set it and forget it" type. Since it runs Linux, it was trivial to set up rsync on it for backups, plus the appropriate cronjob, and that was about it. It Just Works(TM). Now let's start with the beginning and see how and what to install.

2. Installing Samba

We will start with installing SAMBA on Linux first, and stop at few major distributions.

2.1. Debian and derivatives

On these systems, just type

# apt-get install samba samba-common samba-client 

and that's that. We suppose you're the network admin and you have access to information such as workgroups or printer names, because when Debian will set up your Samba, you will be asked basic questions like workgroup/DN or how do you want to start Samba (daemon or inetd, and we recommend daemon). This makes for easier setup, but it's not a substitute for editing the smb.conf file and other related chores.

2.2. Fedora/Redhat and derivatives

On Fedora/Redhat, one installs Samba by installing the same package names, only with yum instead of apt-get, of course. Fedora offers a system configuration tool called system-config-samba you can use, but we recommend the traditional way, because you will learn more and you'll be able to use what you learned on other systems. If you want everything Samba-related, just type

# yum groupinstall "Windows File Server"

to get advanced SMB/CIFS features like LDAP and Active Directory.

2.3. Slackware, Gentoo and Arch

On Slackware, download the 'samba-$version' package from one of the mirrors (the n category) and use installpkg on it. On Gentoo, you better be aware of the Samba-specific USE flags (kerberos acl cups ldap pam readline python winbind) and enable them according to what you want to achieve, then

# emerge net-fs/samba 

See here for a complete tutorial on how to set up Samba on Gentoo. Arch Linux is as well-documented as it always was, so this is the place to go for Arch-specific instructions. In short, installing the samba package will give you all you need.

2.4. BSD systems

On FreeBSD, the port name is net/samba34, with similar names on NetBSD and OpenBSD.So on FreeBSD, we do

# cd /usr/ports/net/samba34 && make install clean 

Please take note that we will try to remain as OS-agnostic as possible in our tutorial here, so if you need something specific, use the respective OS's documentation. As long as you have a Unix(-like) OS with Samba installed, you're good to go.

3. Setting up Samba

3.1. Defining a purpose

Before you rush and start editing configuration files, we suggest you take a minute to think about your purpose. What do you want to accomplish? Do you need just file sharing? Or printer sharing too? Should the access be public? Think about security and your site's policy. Who will have access to the shares?
We assume, for the rest of this tutorial, that you want to set up a Samba server for file and printer sharing in a corporate environment with Linux and Windows machines. Active Directory, although linked to Samba, is a little outside of the scope of this article. So, we want to set up Samba like so :

• One folder that holds the shared data
• A limited and known userbase that have access to the share
• Two printers to be shared to the aforementioned users
• We shall not discuss Unix-to-Unix file sharing, if that's the case, since that is a different matter.

3.2. Defining folders and users

One starts configuring a Samba server by creating a folder that will hold the shared data. This part and the user creation part following it are the main source of access-denied headaches if misconfigured. So, we will perform a

# mkdir mywinshare 

 to create the folder to use with Samba. Besides permissions on the folder, better be careful with the location : some people recommend /, others /home/$user, others /var. Do as you think, but keep in mind the following : we know a fellow sysadmin that stored his Samba share in /var and forgot to back it up at reinstall. He kept /home on a separate partition, so that wasn't erased, but the rest of the disk, including /var, was. Oops. If that's the case, talk to your backup administrator, it's better to be safe than sorry. And of course, back up often. This cannot be emphasized enough.
Depending on what you want to achieve, that is, read-only or read/write, you should set the permissions accordingly. Always remember security and try not to use permissions like 775 or 777 if you see access denied errors. Use something sensible depending on your configuration, because you are risking making your share available to the whole world (that is, if your server has outside access) and you don't want that. Make changes to permissions gradually until you hit the spot.
Next we create a user to access the share :

# useradd smbuser 

and we set up a password :

# smbpasswd -a smbuser 

Repeat these two steps if you want more users, of course. Now that we have the share and the user(s), let's get to the configuration proper. This revolves around editing /etc/samba/smb.conf (the default location). This file is divided logically by section and commented depending on the distribution, but anyway, its' syntax is easy to understand.

3.3. smb.conf and its' sections

3.3.1. [global]

The [global] section looks something like

workgroup = WORKGROUP
netbios name = fileserver
server string = %h server (Samba %v)
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
load printers = yes
printing = cups
printcap name = cups

Adjust accordingly, of course, and do not forget to read the manual for all available options, as they're quite a few. We offered a link to the official Samba manual, but you're better off using your distro's documentation. On Debian, installing samba-doc does this for you. On other distros, the documentation is included in the samba package (Fedora, Arch).

3.3.2. The shares section

What you need next is a name by which mywinshare will be visible to the world. We'll create a section named WINSHARE and populate it thusly :

[WINSHARE]

path=/mywinshare
browseable=yes
writeable=yes
valid users = smbuser
admin users = smbadmin

 Be wary of the 'writeable' option and make sure this is what you want. If you want to add another shared directory, just mkdir it and create another section for it. We recommend fragmentation for better administration and happier users. For example, you will want a share for administrators, another for developers and yet another for "normal" users, each with their own folders, sections and appropriate rights.

3.3.3. Sharing printers

Next you might want to share a printer. Here it's a more complicated story, as you have to set up the printer on the server first in order to be able to share it. Depending on your network configuration and topology, you have two options : get some old computer, install Windows on it, install the printer you wanna share on it locally and share it on the network. Many times this is the simpler solution, but you sacrifice stability and speed. The other option is to share the printer via Samba, again, after you install it on the Samba server. Linux printing is a thorny subject, way longer to detail here, but the idea is that when you get a printer for Samba sharing, make sure it works with Linux (or BSD, Solaris, ...). We presume that you have the printer installed locally and working, so we go and create a printers section, after we make sure that CUPS (for the sake of example) is running and set up.

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = yes
writable = no
printable = yes
printer admin = root, smbadmin, @ntadmins, @smbprintadm

The '@' in front of names is used to tell groups from users.

3.3.4. Printer drivers

You might wanna make the life of your users a little better, because that's your job, and provide printer drivers for your Windows clients. You will name the section print$ (remember the square brackets) and use about the same syntax you used in the printers section :

[print$]
comment = Printer Driver Area
path = /var/lib/samba/printers
; This is a comment to let you know the above location will store the drivers
browseable = yes
guest ok = yes
read only = yes
write list = printadm

Needless to say, the user printadm must exist and have Samba permissions (see above).
Now we have a pretty much complete smb.conf for our purposes, as stated above. We shall use testparm (no arguments) to test our config file and make sure there are no typos or syntax errors. If everything looks ok, remember to (re)start your Samba and you're ready to go.

4. Testing and logging

Of course, before anything, testing is essential before you announce your users they have a new Samba server. Log files usually will provide important information if something goes wrong, and the

# smbstatus

command may also help. If you want to do live config altering on a running Samba server, use smbcontrol. Should you want to preserve those options, alter smb.conf and restart Samba.

5. Conclusion

What you just read is a simplified tutorial of basic usage of Samba : should you need more, the Samba website has lots of helpful information, also there are books published on the topic, with coverage of more advanced topics like WINS, 389 or LDAP. Remember to back up your smb.conf periodically and once again, watch out for permissions and security holes.