====== 24.04 Samba Installation ======


Install Samba and the required services.

  apt install samba

Stop the samba service 

  systemctl stop smbd.service

Add the windows server discovery service - so you can find stuff on the network

  apt install wsdd-server

First we will create a samba user and set a password for Windows users to authenticate.
If we want multiple users we can repeat this process.
<code>
 adduser --disabled-login smbuser
 adduser --disabled-login smbadmin
 smbpasswd -a smbuser
 smbpasswd -a smbadmin
</code>
Now we will create a group to assign to the various shares we are going to create for admin access (read write)

  groupadd -g 10000 smbadmins

We now need to add the users into this group.

  usermod -a -G smbadmins smbadmin

We can also add sysadmin to this group to give it samba RW permissions

  usermod -a -G smbadmins sysadmin

Now we need to create the share directory and set its permissions.

  chown -R smbadmin:smbadmins /path/to/your/share

Change the file permissions 

  chmod -R 2775 /path/to/your/share

This will set the group sticky bit so that new files / folder will inherit group permissions.

Modify smb.conf

  sudo nano /etc/samba/smb.conf

<code>
[global]
   workgroup = SCOTTWORLD
   server string = %h server (Samba, Ubuntu)
   log file = /var/log/samba/log.%m
   max log size = 1000
   logging = file
   panic action = /usr/share/samba/panic-action %d

   server role = standalone server
   obey pam restrictions = yes
   map to guest = bad user

#========== HIT samba over the head, to disable printing =========
   load printers = no
   show add printer wizard = no
   printcap name = /dev/null
   disable spoolss = yes

#======================= Share Definitions =======================
[software]
   path = /srv/data/software
   guest ok = no
   guest only = no
   read only = yes
   write list = @smbadmins
   force group = smbadmins
   create mask = 0775
   directory mask = 2775

[media]
   path = /srv/media
   guest ok = no
   guest only = no
   read only = yes
   write list = @smbadmins
   force group = plex
   force user = plex
   create mask = 0775
   directory mask = 2775

[torrents]
   path = /srv/backup/torrents
   guest ok = no
   guest only = no
   read only = yes
   write list = @smbadmins
   force group = debian-transmission
   force user = smbadmin
   create mask = 0775
   directory mask = 2775

[www]
   path = /srv/data/www
   guest ok = no
   guest only = no
   read only = no
   write list = @smbadmins, smbuser
   force group = www-data
   force user = www-data
   create mask = 0775
   directory mask = 2775

[backup]
   path = /srv/backup
   guest ok = no
   guest only = no
   read only = yes
   write list = @smbadmins
   force group = smbadmins
   create mask = 0770
   directory mask = 2770

[documents]
   path = /srv/data/documents
   guest ok = no
   guest only = no
   read only = yes
   write list = @smbadmins
   force group = smbadmins
   create mask = 0775
   directory mask = 2775

[drop]
   path = /srv/data/drop
   guest ok = no
   guest only = no
   read only = no
   write list = @smbadmins,smbuser
   force group = smbadmins
   create mask = 0775
   directory mask = 2775
</code>

You can run a testparm command to check the samba configuration.

  testparm

Then restart the samba service.

  systemctl start smbd.service
  
For any windows clients (especially Windows 11 you may have to run these commands through powershell (admin) to allow windows to connect nicely (also enable network discovery when prompted)

  Set-SmbClientConfiguration -EnableInsecureGuestLogons $true -Force
  Set-SmbClientConfiguration -RequireSecuritySignature $false -Force
  Set-SmbServerConfiguration -RequireSecuritySignature $false -Force