There may not be a single office where the shared resources of the local network, such as folders and printers, are not utilised. Large and medium-sized businesses use Active Directory's capabilities, whereas smaller businesses use Windows or Samba's conventional tools, but on Linux servers. Let us consider all possibilities.
What is Samba?
Samba is a server application that uses the SMB/CIFS protocol to give client terminals access to folders, printers, and disks.
Setting up shared folders
Installing and configuring the Samba server for Ubuntu is carried out in the following steps.
Update information about repositories and install updates for existing packages in the system:
apt-get update && apt-get upgrade
Install the Samba package:
apt-get install -y samba samba-client
Let's create a backup copy of the configuration file:
cp /etc/samba/smb.conf /etc/samba/smb.conf_sample
Let's create directories for files, for example in the /media directory:
Important! By default, the /media directory is located at the system root / and rarely has its own partition. For this reason, it is possible for the root partition to overflow. To avoid this unpleasant situation, we recommend mounting a separate hard disk in /media/samba.
Create a directory for all users:
Change directory permissions:
chmod -R 0755 /media/samba/public
You should also use the chown command to change the owner and/or group.
Create a directory for a limited circle of people:
Let's create a user group using the system tools:
Adding Samba Users:
We add the created users to the group:
usermod -aG smbgrp user1
Change the group that owns the private directory:
chgrp smbgrp /media/samba/private
Using the Samba tools, create a password for the added user:
smbpasswd -a user1
Using a text editor, such as nano, edit the samba configuration file:
Delete all lines from the file. Insert the following:
workgroup = WORKGROUP
security = user
map to guest = bad user
wins support = no
dns proxy = no
path = /media/samba/public
guest ok = yes
force user = nobody
browsable = yes
writable = yes
path = /media/samba/private
valid users = @smbgrp
guest ok = no
browsable = yes
writable = yes
Save using Ctrl + X , then press Y and Enter.
Let's explain the meaning of the lines. The configuration file consists of three sections:
global - this section is responsible for the general settings of the Samba server;
public and private - sections describing settings for shared directories.
There are five parameters in the global section :
- workgroup - working group. To simplify the user experience, WORKGROUP is specified as the default group. If your network has changed the workgroup name, then you should change this value for Samba as well;
- security - server security level. The user value means authorization by a login/password pair;
- map to guest - parameter determines how requests are processed. The value bad user means that requests with an incorrect password will be rejected even if such a username exists;
- wins support - enable or disable WINS support;
- dns proxy - the ability to proxy requests to DNS.
Directory settings are performed in the corresponding sections:
path - full path to the directory on the hard drive;
guest ok - the ability to access the directory without a password (guest);
browsable - whether to show a directory (“ball”) on the server, among others. If the parameter is set to “no”, then access will be possible by the full path, for example ip-addresshidden_directory;
force user - the user from which the directory is being processed. To improve the security of the server, nobody is usually used. The main thing is not to use the root user - it's not safe.
writable - setting the value to "yes" allows the user to perform actions on files inside the directory - renaming, adding, deleting, moving to a subdirectory and copying;
valid users - list of users who have access to the directory. If there are several users, their names are separated by commas. If access is required for users belonging to a group, the group name is preceded by the symbol ”at” @ (“dog”).
Important! The name of the shared directory displayed to users is equal to the name of the section in which it is described.
Check the settings with the command:
Restarting the server:
service smbd restart
service nmbd restart
Set up a firewall. To do this, in the rules we will open TCP ports 139 and 445, as well as UDP ports 137 and 138, but only for those subnets that you trust. To specify your own range of addresses, replace the value after the “-s” key:
iptables -A INPUT -p tcp -m tcp --dport 445 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 139 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 137 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 138 -s 10.0.0.0/24 -j ACCEPT
To save the rules and apply them after a server reboot, use the iptables-persistent package. Let's install it:
apt-get install iptables-persistent
When installing the package, the program will prompt you to remember the existing iptables rules. We confirm this action.
To check existing rules, we use:
By analogy with Linux, let's set up shared access to public and private folders, but in Windows OS.
To create a shared directory without password protection, you need to configure security restrictions in the control panel. To do this, open:
Control Panel → Network → Network and Sharing Center → Advanced sharing settings.
In the updated window, open the “All networks” section and look for the “Sharing with password protection” section. Set the option to "Disable password protected sharing". To save the parameter values, click on the “ Save Changes ” button.
Now let's open access to the directory itself. Right-click on the folder and select "Properties" from the context menu. Open the "Access" tab and click on "Advanced settings".
In the advanced sharing settings window that opens, check the box “Share this folder”, in the “Share name” field, specify the name that will be displayed to users. Click on the "Permissions" button.
In the window that opens, in the user groups, select “Everyone”, and in the permissions for the group, check the “Full control” checkbox. Click “OK” in this and other windows.
In the properties window of the public folder, click on the “Sharing” button.
In the window that opens, add the user “Everyone”, and also delegate the rights to “Read and write”. Click on the "Share" button.
In the updated window, click "Finish".
Let's set up a shared folder, but for a limited circle of people.
Right-click on the folder, select " Properties ".
In the window that opens, go to the " Access " tab. Click on the " Advanced Settings " button.
In the new window that opens, check the box " Share this folder ". Then click on the " Permissions " button.
In the window that opens, in the “ Groups or users ” field, select “ All ” and click the “ Delete ” button.
Thus, a ban on anonymous access to the folder is set.
The window will update. Click on the “ Add ” button.
In the window that opens, click on the " Additional " button.
The window will change in size. Click on the " Search " button. Double-click to select the user who needs access to this directory, for example, buhgalter.
In the window that opens, if desired, we can add another user through “ Additional ” - “ Search ”. Similarly, you can add a user group, for example, “ Administrators ”, while it should be understood that access will be granted to all users from this group.
Set permissions for the user “buhgalter”. If full access to the directory is required, check the box in the appropriate place.
By pressing the “ OK ” buttons, we return to the folder properties window, in which we click on the “ Sharing ” button .
In this window, you need to find and add the accountant user.
In the window for selecting users and groups, click on the " Advanced " button.
The window will resize itself again. Click on the " Search " button. In the list of users and groups found below, select the user you are looking for. Select it by double clicking.
In the remaining window, check if the users are specified correctly and click the “ OK ” button.
Set the required permission level for the user and click on the “ Share ” button.
We click on the “ Done ” button.
Connecting to shared folders
To connect to shared folders from a Linux environment, you need to install a separate software - smbclient. Install:
sudo apt-get install smbclient
The following command format is used to connect to the server:
smbclient -U <Имя_пользователя> <IP-адрес><Имя_каталога_на_сервере>
smbclient -U buhgalter 10.0.0.1public
In order not to enter this command every time, you can configure mounting the shared directory as a network drive. To do this, install the cifs-utils package:
sudo apt-get install cifs-utils
Mounting is performed according to the following pattern:
mount -t cifs -o username=<Имя_пользователя>,password= //<IP-адрес>/<Общий каталог> <Точка монтирования>
mount -t cifs -o username=Everyone,password= //10.0.0.1/public /media
Important! If you need to connect to shared folders located on a Windows server, then for non-password protected directories, you should use “Everyone” as the username. To connect to a Linux server, we recommend using "nobody" as the username. In the case of access to protected directories, you should use the credentials that you specified.
Connecting to remote folders from a Windows environment is a little different. To do this, in Explorer or the program launch window (Windows + R), you should use the following template:
By simply specifying the server's IP address, you will get a list of shared folders.
When connecting to a Windows server, the security system may require you to enter credentials. To connect to a shared open folder, use Everyone, and leave the password field blank.
When connecting to a Linux server from Windows OS, you should use the previously specified template:
or just the server address: