Samba: Difference between revisions

From 太極
Jump to navigation Jump to search
No edit summary
 
(16 intermediate revisions by the same user not shown)
Line 45: Line 45:
sudo apt-get install python-glade2
sudo apt-get install python-glade2
sudo apt-get install system-config-samba
sudo apt-get install system-config-samba
</syntaxhighlight>
</syntaxhighlight>Use Dash and search for 'samba'. It will ask for the user's password first. The samba password can also be set by  
Use Dash and search for 'samba'. It will ask for the user's password first. The samba password can also be set by  
: <syntaxhighlight lang='bash'>
: <syntaxhighlight lang='bash'>
sudo smbpasswd -a USERNAME
sudo smbpasswd -a USERNAME
</syntaxhighlight>
</syntaxhighlight>


A non-gui way to configuration samba is adding the following to the end of /etc/samba/smb.conf file, '''sudo nano -w /etc/samba/smb.conf''' (-w means no-wrap). Any line beginning with a semicolon (“;”) or a hash (“#”) character is ignored.
* A non-gui way to configuration samba is adding the following to the end of /etc/samba/smb.conf file, '''sudo nano -w /etc/samba/smb.conf''' (-w means no-wrap). Any line beginning with a semicolon (“;”) or a hash (“#”) character is ignored.
<pre>
: <syntaxhighlight lang='bash'>
[brb]
[brb]
         path = /home/brb
         path = /home/brb
Line 58: Line 57:
;      browseable = yes
;      browseable = yes
         guest ok = yes
         guest ok = yes
</pre>
</syntaxhighlight>
* [http://www.unixmen.com/howto-install-and-configure-samba-share-in-ubuntu/ Share between ubuntu and linux] On the client file manager, type '''smb://192.168.1.XX/'''
* [http://www.unixmen.com/howto-install-and-configure-samba-share-in-ubuntu/ Share between ubuntu and linux] On the client file manager, type '''smb://192.168.1.XX/'''
* https://help.ubuntu.com/community/Samba
* https://help.ubuntu.com/community/Samba
Line 86: Line 85:
   </ol>
   </ol>
</ul>
</ul>
* [https://vishalvyas.com/how-to-install-and-configure-samba-in-ubuntu/ How to Install and Configure Samba in Ubuntu] 2024


On Windows PC, go to start and open 'Run' then enter ip with double backslash. Like this (\\192.168.1.XX). On macOS/Linux, "Connect to Server" in the file browser, smb://192.168.1.XX/fileshare.
On Windows PC, go to start and open 'Run' then enter ip with double backslash. Like this (\\192.168.1.XX). On macOS/Linux, "Connect to Server" in the file browser, smb://192.168.1.XX/fileshare.
Line 107: Line 107:
* 4) '''sudo smbpasswd -a pi'''  # samba username/password
* 4) '''sudo smbpasswd -a pi'''  # samba username/password
* 5) '''sudo systemctl restart smbd'''
* 5) '''sudo systemctl restart smbd'''
== DietPi ==
<ul>
<li>https://dietpi.com/docs/software/file_servers/
<li>[https://dietpi.com/docs/install/ How to install DietPi]
* global software password. [https://dietpi.com/forum/t/password-explanation/14415 Password explanation]
* To change the hostname (default is DietPi). '''dietpi-config -> Security Options -> Hostname'''.
<li>It seems ssh daemon is installed by default. It uses '''Dropbear''', which is a lightweight SSH server optimized for resource-constrained devices.
* We need to use dietpi-software to install SSH client (i.e. ssh command)
<li>It's useful to install '''avahi-daemon'''
<li>By default, the samba setting is created and ready to use. '''cat /etc/samba/smb.conf''' shows the share folder is located at '''/mnt/dietpi_userdata''' and the user name is dietpi.
<li>Following the last tab in the SAMBA section, we need to install the '''wsdd'''  (Web Service Discovery Daemon) daemon so Samba share can be shown in the Windows network view. '''sudo apt install wsdd2'''. Original wsdd is written in python and wsdd2 is written in C. Note that https://github.com/ServerContainers/samba Docker image also includes an option to install wsdd2. See [https://en.wikipedia.org/wiki/WS-Discovery WS-Discovery] on Wikipedia. Port 3702 was used.
<li>Default  /etc/samba/smb.conf from dietpi:
<pre>
[dietpi]
        comment = DietPi Share
        path = /mnt/dietpi_userdata
        browseable = yes
        create mask = 0664
        directory mask = 0775
        valid users = dietpi
        writeable = yes
</pre>


== Share printer ==
== Share printer ==
Line 195: Line 218:
== How to mount a Samba shared directory at boot ==
== How to mount a Samba shared directory at boot ==
[https://linuxconfig.org/how-to-mount-a-samba-shared-directory-at-boot How to mount a Samba shared directory at boot]
[https://linuxconfig.org/how-to-mount-a-samba-shared-directory-at-boot How to mount a Samba shared directory at boot]
== Not seen by Android apps ==
I use OpenMediaVault to create shared folders. The share folders can be seen my Ubuntu, but not by some Android apps (eg Material Files, FE File Explorer network neighborhood, Amaze File Explorer). However, [https://play.google.com/store/apps/details?id=com.sec.android.app.myfiles My Files] (Samsung) and Solid Explorer can see OMV SMB share folders.
* One possible reason is that the default server '''minimum protocol''' for SMB has been raised to '''SMB2''', while some variants of jcifs (Java CIFS Client Library) used by Android apps do not support SMB2. You could try setting the auxiliary parameter `'''server min protocol = NT1'''` in the services->SMB section of openmediavault to see if that resolves the issue. [https://www.truenas.com/community/threads/smb-share-not-accessable-from-android-device-works-from-pc.68958/ SMB share not accessable from android device (works from PC)]. Not sure how to do.
* [https://forum.openmediavault.org/index.php?thread/21210-shared-folder-smb-cifs-on-nas-is-not-visible/ Shared folder SMB/CIFS on NAS is not visible]. Not help.
* [https://www.guidingtech.com/smb-server-solid-explorer-android/ How To Access SMB Server on Solid Explorer] by Solid Explorer.


= Permission denied on soft-link folders =
= Permission denied on soft-link folders =
(Works on Ubuntu 22.04) [https://unix.stackexchange.com/a/137192 How do you make samba follow symlink outside the shared path]
* (Works on Ubuntu 22.04) [https://unix.stackexchange.com/a/137192 How do you make samba follow symlink outside the shared path].
* '''mfsymlinks''' option (client side option)
** Purpose: The mfsymlinks option enables support for Minshall+French symlinks when mounting SMB shares on Linux systems
** Usage: It's typically added as a mount option when mounting CIFS shares, either in fstab or in mount commands
** References: [https://learn.microsoft.com/en-us/troubleshoot/azure/azure-storage/files/security/files-troubleshoot-linux-smb Troubleshoot Azure Files issues in Linux (SMB)]
 
'''Server side''':
<pre>
<pre>
[global]
[global]
Line 208: Line 244:
<pre>
<pre>
sudo service smbd restart
sudo service smbd restart
</pre>
'''Client side''' (pay attention to the '''mfsymlinks''' option):
{{Pre}}
mount -t cifs //server/share /mountpoint -o username=user,password=pass,vers=3.0,mfsymlinks
</pre>
In '''OpenMediaVault''', go to Service -> SMB/CIFS -> Settings. At the end add the following to "Extra options"
<pre>
follow symlinks = yes
wide links = yes
allow insecure wide links = yes
</pre>
For my local '''/etc/fstab''' file, I have something like (pay attention to the '''mfsymlinks''' option)
{{Pre}}
//192.168.XX.XX/ShareName /media/ssd500 cifs credentials=/etc/samba/credentials,mfsymlinks,uid=1000,gid=1000,x-systemd.device-timeout=10 0 0
</pre>
</pre>


Line 239: Line 292:
guest ok = yes
guest ok = yes
</pre>
</pre>
= /etc/fstab =
* [https://wiki.manjaro.org/index.php?title=Fstab_-_Use_SystemD_automount Fstab - Use SystemD automount]
* See [[Self_hosting#Shared_storage|Proxmox -> shared storage]] for a tip in the case the samba share is not mounted at boot.
* [https://linuxconfig.org/how-to-mount-a-samba-shared-directory-at-boot How to mount a Samba shared directory at boot]. It includes the use of '''uid, gid''' so the mounted directory belongs to a user, not root.


= SambaCry vulnerability and check Samba version =
= SambaCry vulnerability and check Samba version =

Latest revision as of 21:18, 3 November 2024

Samba - allows Linux to transfer files with Windows clients

sudo apt-get install -y samba samba-common python-glade2 system-config-samba
sudo cp -pf /etc/samba/smb.conf /etc/samba/smb.conf.bak
sudo sh -c 'cat /dev/null  > /etc/samba/smb.conf'
sudo nano /etc/samba/smb.conf
sudo service smbd restart
testparm
# password protected
sudo addgroup smbgrp
sudo useradd till -G smbgrp
sudo smbpasswd -a SOMEEXISTEDUSER
sudo mkdir -p /samba/secured
cd /samba
sudo chmod -R 0770 secured
sudo chown root:smbgrp secured
sudo nano /etc/samba/smb.conf
sudo service smbd restart 
testparm

sudo netstat -pant | grep smbd   # mine shows 139 & 445
$ ps -ef | grep smbd    # see if the Samba daemon (smbd)
$ ps -ef | grep nmbd    # see if the NetBIOS name server daemon (nmbd) is running

$ sudo service smbd stop  # does not stop nmbd 
$ sudo service nmbd stop

$ sudo service smbd start
$ sudo service nmbd start
sudo apt-get install samba samba-common
sudo apt-get install python-glade2
sudo apt-get install system-config-samba
Use Dash and search for 'samba'. It will ask for the user's password first. The samba password can also be set by
sudo smbpasswd -a USERNAME
  • A non-gui way to configuration samba is adding the following to the end of /etc/samba/smb.conf file, sudo nano -w /etc/samba/smb.conf (-w means no-wrap). Any line beginning with a semicolon (“;”) or a hash (“#”) character is ignored.
[brb]
        path = /home/brb
;       writeable = no
;       browseable = yes
        guest ok = yes
  • (2020-04-27) Ubuntu 18.04. (2022-03) Ubuntu 20.04. This is following the class "Building an Ubuntu Home Server" in lynda.com
    1. mkdir /mnt/stored/shared
    2. chmod 444 /mnt/storage/shared # optional
    3. sudo apt install samba
    4. sudo nano /etc/samba/smb.conf. Scroll down to the bottom and add
    5. [fileshare]
        comment = share files
        path = /mnt/storage/shared
        readonly = yes
        create mask = 0444
        directory mask = 0444
      
    6. testparm
    7. sudo systemctl restart smbd
    8. sudo smbpasswd -a CurrUserName (required)
    9. sudo useradd user2 # optional
    10. sudo passwd user2 # optional
    11. sudo smbpasswd -a user2 # optional
    12. sudo ufw allow 139/tcp # depends
    13. sudo ufw allow 445/tcp # depends

On Windows PC, go to start and open 'Run' then enter ip with double backslash. Like this (\\192.168.1.XX). On macOS/Linux, "Connect to Server" in the file browser, smb://192.168.1.XX/fileshare.

On Android, FE explorer, click "+". Enter Display Name, Host Name IP, Path, Port 445, User Name/PW. Save. It works.

Raspberry pi

How to Setup a Raspberry Pi Samba Server.

  • 1) sudo apt update; sudo apt-get install samba samba-common-bin
  • 2) mkdir /home/pi/shared
  • 3) sudo nano /etc/samba/smb.conf
[pimylifeupshare]
path = /home/pi/shared
writeable=Yes
create mask=0777
directory mask=0777
public=no
“create mask” and “directory mask” – This option defines the maximum permissions for both files and folders. Setting this to 0777 allows users to read, write, and execute. Note when I create a new dir using mkdir, the permission is 755.
  • 4) sudo smbpasswd -a pi # samba username/password
  • 5) sudo systemctl restart smbd

DietPi

  • https://dietpi.com/docs/software/file_servers/
  • How to install DietPi
    • global software password. Password explanation
    • To change the hostname (default is DietPi). dietpi-config -> Security Options -> Hostname.
  • It seems ssh daemon is installed by default. It uses Dropbear, which is a lightweight SSH server optimized for resource-constrained devices.
    • We need to use dietpi-software to install SSH client (i.e. ssh command)
  • It's useful to install avahi-daemon
  • By default, the samba setting is created and ready to use. cat /etc/samba/smb.conf shows the share folder is located at /mnt/dietpi_userdata and the user name is dietpi.
  • Following the last tab in the SAMBA section, we need to install the wsdd (Web Service Discovery Daemon) daemon so Samba share can be shown in the Windows network view. sudo apt install wsdd2. Original wsdd is written in python and wsdd2 is written in C. Note that https://github.com/ServerContainers/samba Docker image also includes an option to install wsdd2. See WS-Discovery on Wikipedia. Port 3702 was used.
  • Default /etc/samba/smb.conf from dietpi:
    [dietpi]
            comment = DietPi Share
            path = /mnt/dietpi_userdata
            browseable = yes
            create mask = 0664
            directory mask = 0775
            valid users = dietpi
            writeable = yes
    

    Share printer

    How to Make Your Own Wireless Printer With a Raspberry Pi

    create mask, directory mask, UMASK

    • Understanding UMASK with Linux and Samba
    • Samba share permissions simplified
      • "create mask" default is 0744. This means that, by default, the owner of a newly created file will have read, write, and execute permissions (7), while the group and others will only have read permissions.
      • Directories must have the execute bit for proper access. Default parameter for "directory mask" is 0755. This means that, by default, the owner of a newly created directory will have read, write, and execute permissions (7), while the group and others will have read and execute permissions (5).
      • The leading 0 in the mask 0755 is used to indicate that the value is an octal (base-8) number. The leading 0 is not required when setting permissions using the chmod command or when specifying permissions in the smb.conf file, but it is commonly included to make it clear that the value is an octal number. So, 0755 and 755 are equivalent and will result in the same permissions being set.
    • How to create a Samba share
      • create mask = 0660: files in the share are created with permissions to allow all group users to read and write files created by other users.
      • directory mask = 0770: as before, but for directories.
      • This has nothing to do with Samba. This is related to file permissions.

    smbclient command - terminal method

    • You can use the `smbclient` command to send or receive files to a Samba server from the Linux command line. `smbclient` is a program that comes with Samba and provides an FTP-like interface to access files on a Samba server.
      To install `smbclient` on Ubuntu, you can use the following command: sudo apt install smbclient. Once you have `smbclient` installed, you can use it to send a file to a Samba server with a command like this: smbclient //server/share -c 'cd /remote/path ; put local-file' . This command connects to the specified Samba server and share, changes to the specified remote directory, and uploads the specified local file. You can also use the `-U` option to specify a different remote username if needed.
      To receive a file from a Samba server, you can use the `get` command within `smbclient`, like this: smbclient //server/share -c 'cd /remote/path ; get remote-file' . This command connects to the specified Samba server and share, changes to the specified remote directory, and downloads the specified remote file.
    • Mount a samba shared folder. See Mounting_a_Samba_Share_using_the_cifs-utils_package.
    • I have trouble to connect to the samba server though connecting it itself from the samba server works fine.
      $ smbclient -L //192.168.1.XX/sambashare -U SOMEEXISTEDUSER
      WARNING: The "syslog" option is deprecated
      Connection to 192.168.1.XX failed (Error NT_STATUS_IO_TIMEOUT)
      
      # From server itself
      $ smbclient -L //localhost 
      
      # Solution: ufw
      # https://askubuntu.com/a/184806
      sudo ufw allow Samba

    Remove and re-install Samba

    $ sudo apt-get remove --purge samba
    $ sudo apt-get remove --purge smbclient libsmbclient
    
    $ sudo apt-get install samba
    $ sudo apt-get install smbclient libsmbclient

    Access

    Mounting a Samba Share using the cifs-utils package

    • Mounting a Samba Share
    • How to Mount Windows Share on Linux using CIFS. If we don't add the uid=1000,gid=1000 option, all files will belong to root since we are using "sudo" to run the "mount" command. We can use id -u to find the current user id.
      sudo mount -t cifs \
        -o username=YOURUSERNAME,password=YOUPASSWORD,uid=1000,gid=1000 \
        //server_name_or_ip/shareName \ # shareName is different from a folderName
        /mnt/folder_to_mount_to/
      

      OR How to Mount SMB Shares in Ubuntu 22.04?

      sudo mount -t cifs \
           -o rw,vers=3.0,credentials=/root/.SMBcredentials \
           //192.168.43.20/shared \
           /media/share
      

    Navigate to a samba location I've mounted in Nautilus on the command line

    How do I navigate to a samba location I've mounted in Nautilus on the command line?

    $XDG_RUNTIME_DIR/gvfs
    

    For example,

    $ ls -l $XDG_RUNTIME_DIR/gvfs
    total 0
    drwx------ 1 brb brb 0 Jul 22 22:16 smb-share:server=odroidxu4.local,share=ext3
    drwx------ 1 brb brb 0 Aug 13 19:50 smb-share:server=openmediavault.local,share=share
    
    $ echo $XDG_RUNTIME_DIR
    /run/user/1000
    

    How to mount a Samba shared directory at boot

    How to mount a Samba shared directory at boot

    Not seen by Android apps

    I use OpenMediaVault to create shared folders. The share folders can be seen my Ubuntu, but not by some Android apps (eg Material Files, FE File Explorer network neighborhood, Amaze File Explorer). However, My Files (Samsung) and Solid Explorer can see OMV SMB share folders.

    Permission denied on soft-link folders

    Server side:

    [global]
    allow insecure wide links = yes
    
    [share]
    follow symlinks = yes
    wide links = yes
    
    sudo service smbd restart
    

    Client side (pay attention to the mfsymlinks option):

    mount -t cifs //server/share /mountpoint -o username=user,password=pass,vers=3.0,mfsymlinks
    

    In OpenMediaVault, go to Service -> SMB/CIFS -> Settings. At the end add the following to "Extra options"

    follow symlinks = yes
    wide links = yes
    allow insecure wide links = yes
    

    For my local /etc/fstab file, I have something like (pay attention to the mfsymlinks option)

    //192.168.XX.XX/ShareName /media/ssd500 cifs credentials=/etc/samba/credentials,mfsymlinks,uid=1000,gid=1000,x-systemd.device-timeout=10 0 0
    

    Example of /etc/samba/smb.conf

    [global]
    workgroup = WORKGROUP
    server string = Samba Server %v
    netbios name = ubuntu
    security = user
    map to guest = bad user
    dns proxy = no
    logging = syslog@0 file
    allow insecure wide links = yes
    
    [share]
    comment = share files
    path = /home/XXX/Path1
    readonly = yes
    # create mask = 0444
    # directory mask = 0444
    follow symlinks = yes
    wide links = yes
    
    [taichiVideo]
    comment = tai chi video
    path = /Path2/
    read only = yes
    writable = no
    browsable = yes
    guest ok = yes
    

    /etc/fstab

    SambaCry vulnerability and check Samba version

    http://pcworld.com/article/3199106/linux/the-sambacry-scare-gives-linux-users-a-taste-of-wannacry-petya-problems.html

    To check your samba version

    $ smbd -V
    Version 4.3.11-Ubuntu