Linux Samba server is one of the powerful servers that helps you to share files and printers with Windows-based PCs and other operating systems, it’s an open-source implementation of the Server Message Block/Common Internet File System (SMB/CIFS) protocols.
Table of Contents
How SMB Works
To understand Linux/Samba/Windows relationship, you need to understand the relationships of the operating systems to their files, printers, users, and networks.
In Linux, the login/password mechanism is radically different from the Windows Active Directory model.
So, it’s the system administrator job to maintain the logins and passwords across both platforms.
There are several options are available for handling username and password issues in different environments like:
- Linux pluggable authentication modules (PAMs): this option allows you to authenticate users against a domain controller (DC). This means you still have two user lists, one local and one on the DC, but your users need to keep track of their passwords only on the Windows system.
- Samba as a DC: this option Allows you to keep all your logins and passwords on the Linux system, and you can authenticate your Windows boxes with Samba
- Custom script: you can create scripts for maintaining logins and passwords, this can be done using a cross-platform scripting language like python.
The samba server composed of several components and daemons, the three main daemons are smbd, nmbd, and winbindd.
- The smbd daemon handles the actual sharing of files and printers. It is also responsible for user authentication and resource-locking issues. This daemon uses port 139 or 445 to listen for requests.
- The nmbd daemon handles NetBIOS name service requests. This daemon uses port 137 to listen for requests.
- The winbindd can be used to query native Windows servers for user and group information.
To install Linux samba server, you need to install three packages.
For Red Hat based distros, you can install them like this:
$ dnf -y install samba
This package provides an SMB server.
$ dnf -y install samba-common-tools
This package provides files necessary for both the server and client.
$ dnf -y install samba-client
For Debian based distros, you can install them like this:
$ apt-get -y install samba
$ apt-get -y install samba-common-tools
$ apt-get -y install samba-client
Then you can start samba service and enable it at startup:
$ systemctl start smb
$ systemctl enable smb
Samba File Sharing
Of course, you can use web-based or GUI utilities to manage your Linux Samba server. However, it is useful to understand what GUI or web tools are doing from behind.
Now we will share a folder named myfolder:
$ chmod -R 755 myfolder
Open up Samba configuration file /etc/samba/smb.conf and add the following lines at the end:
The first line is the name that SMB clients will see when they try to browse the shares stored on the Samba server.
The second line is the path to the folder that will be shared.
The third line means the share will available to all users like guest account and others. If set to no, authenticated and permitted users are only allowed.
The fourth line means that you cannot create or modify the stored files on the shared folder.
You can check for SMB configuration errors using the testparm command:
Now restart SMB service:
$ systemctl restart smb
Now we need to access what we’ve shared. The smbclient utility is a command line tool that allows your Linux-based system to act as a Windows client. You can use this tool to connect to other Samba servers or to Microsoft Windows servers.
smbclient can browse other servers, send and retrieve files from them.
$ smbclient -L localhost -U%
Here we list the shares on the Linux Samba server without being prompted for a password because of using the -U% option.
As you can see our shared folder is on the list.
You can access this shared folder from Windows by just typing the IP address in the Windows explorer.
smbclient utility allows you to access files on a Windows server or a Linux Samba server like this:
$ smbclient -U% //192.168.1.2/My_Folder
Once you’ve connected, you can use Linux commands to list and travel between files.
You can transfer files using get, put, mget, and mput commands.
If you are using iptables firewall, don’t forget to allow the ports 137,139 and 445.
Most Linux kernels support SMB file system, you can mount a Windows share or Samba share onto your local system using the mount command.
First, we create a mount point:
$ mkdir /mnt/smb
Then we mount the SMB shared folder:
$ mount -t cifs -o guest //192.168.1.2/My_Folder /mnt/smb
If the shared folder is password protected, then you should supply the username and password:
$ mount -t cifs username=likegeeks,password=mypassword //192.168.1.2/My_Folder
To unmount the SMB shared folder, use the unmount command like this:
$ umount /mnt/smb
On Debian based distros, you might need installing the cifsutils package in order to use it:
$ apt-get -y install cifs-utils
Creating Samba Users
Here, we will add a sample user that already exists in the /etc/passwd file to the Samba user database.
To create a samba entry for an existing system user, use the pdbedit command:
$ pdbedit -a likegeeks
The new user will be created in the Samba default user database which is /var/lib/samba/private/passdb.tdb file.
With a Samba user created, we can make the shares available only to authenticated users, such as the one we just created for the user likegeeks.
If the user likegeeks wants to access a resource on the Linux Samba server that has been configured strictly for him, he can do that using smbclient like this:
$ smbclient -U likegeeks -L //192.168.1.3
If you want to change the SMB user password, you can use the smbpasswd command.
$ smbpasswd likegeeks
Authenticate Users Using Windows Server
The samba setup has its own user database which mapped to Linux users. But what if we want to deploy a Linux Samba server in an environment with existing Windows servers that are being used to manage all users in the domain, and we don’t want to have to manage a separate user database in Samba? Here winbindd is introduced.
The tool used for resolving user accounts information from native Windows servers is winbindd daemon.
First, install the winbind package.
$ dnf -y install samba-winbind
Then start the service like this:
$ systemctl start winbind
Then add the following options in /etc/samba/smb.conf file:
workgroup = windows-domain
password server = 192.1638.1.5
realm = windows-domain.com
kerberos method = secrets and keytab
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
winbind normalize names = yes
winbind nss info = rfc2307
domain master = no
local master = no
Then Edit the /etc/nsswitch.conf file and modify the following lines:
passwd: files winbind
shadow: files winbind
group: files winbind
Then Edit the /etc/resolv.conf file and change the primary DNS server:
Now join the Linux Samba server from the Windows domain using the net command:
$ net join -w WINDOWS-DOMAIN -s ' win-server' -U Administrator%password
You can list the users in Windows domain using wbinfo command
$ wbinfo -u
For any problem diagnostics, you can check the samba log files under /var/log/samba/ directory, also use testparm utility to check your configuration after you modify samba configuration file.
That’s all. I hope you find the Linux samba server easy. Keep coming back.