Samba file server
Install
apt-cache policy samba | grep -A1 Installed # check version it will install sudo apt-get install samba -y
- Main services
sudo service smbd restart sudo service nmbd restart
- Configuration
sudo vi /etc/samba/smb.conf
- Reload
sudo smbcontrol all reload-config
Usage
smb://192.168.1.65 #UNC path, for Nautilus or other file manager smbclient -L //windowsserver/tmp -Ujohndoe%secret #list remote shares smbclient -L localhost -U% #list samba server its own shares sudo smbstatus -S smbtree #network browser, an equivalent of "Network Neighborhood" in Windows sudo mount -t cifs //<server>/<share> -o username=user@domain,password=**** /mnt/<mountpoint> #mount a share
Connect to Windows share, this will allow for FTP type commands, type help for more options
$ smbclient //windowsserver/Piotr -UPiotr%password
Enter Piotr's password:
Domain=[WINDOWSSERVER] OS=[Windows 8.1 9600] Server=[Windows 8.1 6.3]
smb: \> ls #list directory
smb: \> get filename.txt #save a file from remote server -> a local system
Mount Windows share
sudo mount -t cifs //ntserver/share -o user=piotr,password=myPassword /mnt/ntserver_share
#user can substituted with username or credentials
- -t smbfs : File system type to be mount (outdated RHEL <=4 or Debian <= 3, use cifs)
- -t cifs : File system type to be mount
- -o : are options passed to mount command
- //ntserver/download - Windows 2000/NT share name
- /mnt/ntserver_share - Linux mount point
Manage CIFS from linux terminal
The Samba net utility is meant to work just like the net utility available for windows and DOS. The first argument should be used to specify the protocol to use when executing a certain command. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000. If this argument is omitted, net will try to determine it automatically. Not all commands are available on all protocols.
net {<ads|rap|rpc>} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-l] [-P] [-d debuglevel] [-V] [--request-timeout seconds]
Create a share
net usershare add share_name /home/user/somefolder "Share description" everyone:F guest_ok=y
To make these shares permanent create a file for each share under /var/lib/samba/usershares/ using:
net usershare info --long share_name > /var/lib/samba/usershares/share_name
This has a further advantage a desktop like KDE/GNOME/MATE/Unity the directories will show up as shared in the file manager (Dolphin, Nautilus etc.). That's cause the net username//var/lib/samba/usershares/ thing is the same mechanism that Dolphin and Nautilus use when you share directories in the GUI.
Check setting of newly created share
net usershare info --long
Although creating a share gives an access to subfolders by default, sometimes permissions for CIFS shares need fixing. Check and compare permissions then issue:
sudo chmod -R a+rwX /path/to/someDirectory
or lighter version if others (guests) do not need write access
sudo chmod -R og+rwX /path/to/someDirectory
Manage the SAM database (Database of Samba Users)
Because /etc/passwd does not store enough information about accounts for using with Windows Shares, samba maintain its own user/password database. This is used based on a authentication setup in /etc/samba/smb.conf
$ sudo smbpasswd -a piotr #add user piotr and give a password $ sudo pdbedit -L -v #list all Samba users -v verbose -w "smbpasswd" listing format piotr:1000:Piotr
Find SAM databases, use tdbdump tool to manage its rescords in a format tdbdump /var/lib/samba/private/passdb.tdb
$ locate .tdb /var/cache/samba/gencache.tdb /var/cache/samba/printing/printers.tdb /var/lib/samba/account_policy.tdb /var/lib/samba/group_mapping.tdb /var/lib/samba/registry.tdb /var/lib/samba/share_info.tdb /var/lib/samba/private/passdb.tdb /var/lib/samba/private/secrets.tdb
Troubleshooting
Testparm
Once you know there's a daemon, you should always run testparm, in hopes of getting something such as the following:
$ sudo testparm Load smb config files from /opt/samba/lib/smb.conf Processing section "[homes]" Processing section "[printers]" ... Processing section "[tmp]" Loaded services file OK. ...
testparm /usr/local/samba/lib/smb.conf client 192.168.1.10
This will run one more test that checks the hostname and address against hosts allow and hosts deny options and might produce the Allow connection from hostname to service and/or Deny connection from hostname to service messages for the client system. These messages indicate that you have hosts allow and/or hosts deny options in your smb.conf, and they prohibit access from the client system.
Add member to Samba server
It is recommended that your user be a member of the sambashare group then enable File Sharing Server With User Login (Very Reliable Method) On machine you file share add current user to Samba:
sudo smbpasswd -a username
nmblookup
nmblookup -B BIGSERVER __SAMBA__ #you should get back the IP address of your Samba server.
If you do not, then nmbd is incorrectly installed. Check your inetd.conf if you run it from there, or that the daemon is running and listening to UDP port 137. One common problem is that many inetd implementations can't take many parameters on the command line. If this is the case, then create a one-line script that contains the right parameters and run that from inetd.
nmblookup -B ACLIENT `*' #you should get the PC's IP address back
If you do not, then the client software on the PC isn't installed correctly, or isn't started, or you got the name of the PC wrong. If ACLIENT does not resolve via DNS, then use the IP address of the client in the above test.
nmblookup -d 2 `*' #the same as the previous test but are trying it via a broadcast to the default broadcast address
A number of NetBIOS/TCP/IP hosts on the network should respond, although Samba may not catch all of the responses in the short time it listens. You should see the got a positive name query response messages from several hosts. If this does not give a result similar to the previous test, then nmblookup isn't correctly getting your broadcast address through its automatic mechanism. In this case you should experiment with the interfaces option in smb.conf to manually configure your IP address, broadcast, and netmask.
If your PC and server aren't on the same subnet, then you will need to use the -B option to set the broadcast address to that of the PC's subnet.
This test will probably fail if your subnet mask and broadcast address are not correct. (Refer to test 3 notes above).
smbclient //BIGSERVER/TMP #you should then be prompted for a password
You should use the password of the account with which you are logged into the UNIX box. If you want to test with another account, then add the -U accountname option to the end of the command line for example, smbclient //bigserver/tmp -Ujohndoe.
Note
It is possible to specify the password along with the username as follows: smbclient //bigserver/tmp -Ujohndoe%secret
Once you enter the password, you should get the smb> prompt. If you do not, then look at the error message. If it says “invalid network name,” then the service tmp is not correctly set up in your smb.conf.
References
- wiki.samba.org Current version is 4.X
- MountWindowsSharesPermanently Ubuntu wiki
- brennan.id Samba and LDAP