Samba – Quick and Dirty - ComputerAnt Blog

Samba – Quick and Dirty

Filed Under: Linux by Tony Cygne

Dec.18, 2009

For samba beginners, or some one just wanting to get up a simple file server for home or small office. Here is samba quick and dirty.

[ Disclaimer: The security on this tutorial is not intended for a production environment. This is intended for home users sharing non-critical and not personal data. Or for a base for setting up a system to be secured later. I find it is easier to get the darn thing running, and then tighten up the security than it is to troubleshoot the security and the system at the same time. ]

Terms:

CLIENT is the device connecting to the share.

SEVER the device hosting the share and offering it for the client to connect to.

LINUX USER is a user account on the Linux machine, created with the useradd command.

WINDOWS USER is a user account on the Windows machine. Often created using the GUI in the control panel. Also can be created with the ‘net user UserName /add’ command.

SAMBA USER is a user existing on the Linux machine. The Samba User’s user name and password must match the Windows User exactly. For this reason I suggest not using the characters ! Or @ in the username or the password. The samba user is created with the smbpasswd command. It is best to look at the the smbpasswd command as adding the ability of samba access to an existing Linux User account. In a nut shell; You create a Linux User (above) and then use the smbpasswd command to add samba access to the Linux User account. This isn’t exactly accurate, but it helps to look at it this way.

The following is a script I created to simply the process of creating samba users. On your samba server, at a terminal type…

sudo nano /bin/smbadd.sc

(Copy and paste the following)

#!/bin/sh
echo Please enter the new system and samaba user’s name:
read name
echo Please enter password for $name:
read pass
echo Making $name a system and samba user
useradd -p $pass $name
#echo -e $pass $pass | smbpasswd -as $name
echo Enter the samba password twice. Hitting enter each time.
smbpasswd -as $name
echo Verify the user is listed in the line below
cat /etc/samba/smbpasswd | grep $name

(end of Copy and Paste section)

sudo chmod +x /bin/smbadd.sc

Save the file and then exit nano. Now, when you need to you can easily add samba users. Do not do this at this time. You don’t have a working samba server!!

Note: using this script you will be required to enter the passwords in plain text viewable by anyone looking over your shoulder.

Note: I’m not the best scripter I’m sure this can be improved upon

SAMBA SERVER
Log into your samba server.

mkdir ~/sc
cd ~/sc
nano install_samba.sc

{Copy and paste in the following}

sudo apt-get install samba samba-common smbfs
sudo mkdir /data
sudo mkdir /data/shares
sudo mkdir /data/shares/open
sudo mkdir /data/shares/secure
sudo chmod -R 777 /data/shares/open
sudo chown -R guest /data/shares/secure
sudo chown -R secure:securegroup /data/share/secure
sudo chmod -R 751 /data/shares/secure
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.original

{End Paste}

chmod +x install_samba.sc
sudo ./install_samba.sc

(why the 1, aka execute bit, for everyone? I’ve noticed strange situations where ‘execute = browse’ and without this bit the users can’t browse to, or connect to the folder.)

Now we need a working samba conf. This is a good basic one.

sudo nano /etc/samba/smb.conf

(Copy and Paste the following)

[global]
netbios name = SambaServer
name resolve order = host wins lmhosts bcast
server string = My File Server
workgroup = workgroup
encrypt passwords = true
wins support = true
guest account = guest
map to guest = guest
guest ok = yes
[Open]
create mask = 0777
directory mask = 0777
path = /data/shares/open
read only = no
[Secure]
create mask = 0751
directory mask = 0740
path = /data/shares/secure
read only = no
write list = secure

(End of copy and paste)

Back to a terminal prompt, enter the folllowing.

sudo /etc/init.d/samba restart

You should now be able to access the open share from a client with any user. There is no security on that share.

Execute the smbadd.sc script and create the user ’secure’ with the password of ’secur3′. Execute smbadd script again and create the user ‘guest’ with the password of ‘guest’.

Notes:

On the server (and possibly the client) you will need to open your firewall on the ports 137-139 and 445. I prefer firestarter on an ubuntu system (sudo apt-get install -y firestarter) {I need to find out the iptables command}

To access a samba share, a client user must have share permissions as well as file system permissions. Share permissions are determined with entries in the smb.conf. Such as..

read only = no

..&..

write list = secure

file system permissions are determined by the chown and chmod commands. The above commands give every one, (that is, every single random person on the planet) read and write access to the open share. That is no security at all. And it gives read and write to the secure share for the user with the user name ’secure’ and the password of ’secur3′. It also gives read access to any members of the group named ’securegoup’. (I haven’t given any specifications for creating this group.)

On the Samba Client

Linux computer attaching to a windows (linux/samba) share. I have a mixed network, and just use samba to share data with my linux machines as well as my windows machines.

sudo apt-get install samba-common samba samba-client
mkdir /mnt/share
mount -t cifs //server/share /mnt/share -o user=winuser,pass=winpass

Notes regarding this mount command

1. winuser must be a user on the server with share permissions and file system permission to the shared directory, password is that users password

2. no spaces after the word user

3. winpass will be in plain text. So if it is used in a script, you may want to make sure that the permissions on that script only allow read and execute for the correct user.

Troubleshooting Samba (I need to dig out my notes and expand on this)

1. Firewall, turn off the firewall on client and server. Does the problem go away? If so, troubleshoot firewall. Ports 137-139 & 445 need to be open.

2. Filesystem permissions, verify that the connecting user has permissions on the share. Log into the linux box as the connecting user and then try to create a file on the share.

3. Verify that the linuxuser, the windowsuser (client), and the sambauser all exist and they all have the same password.

cat /etc/passwd | grep username
cat /etc/samba/smbpasswd | grep username

Here is a great thread on name resolution and network browsing on ubuntu.

http://ubuntuforums.org/showthread.php?t=1169149&highlight=samba

Comments RSS feed

If you found this information helpful and saved you time or energy how about you buy me a beer by clicking the donate button below!

1 Comment:

Joey Hogan

December 18th, 2009 on 9:38 pm

Hey! it actually works, cool!

2 Trackbacks / Pingbacks for this entry:

Ant2ne.com » WPA with wpa_supplicant – quick and dirty

[...] fun This script attempts to connect to a samba server, but only if that server is ping’able on the network. nano /bin/mnt.sc paste in the [...]
Moodle on Ubuntu 9.10 – With SSL logins and Active Directory Authentication « ComputerAnt Blog

[...] backup scheme, we can go back in time one week using our .last files. For a brief overview of samba and pay special attention to the client settings. We are not setting up a samba [...]

ComputerAnt Blog