Samba Installation 24.04LTS: Difference between revisions

From ScottWiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 17: Line 17:
Now we will create a group to assign to the various shares we are going to create for admin access (read write)
Now we will create a group to assign to the various shares we are going to create for admin access (read write)


  groupadd -g 10000 smbaadmins
  groupadd -g 10000 smbadmins


We now need to add the users into this group.
We now need to add the users into this group.
Line 42: Line 42:


<pre>
<pre>
#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
#  - When such options are commented with ";", the proposed setting
#    differs from the default Samba behaviour
#  - When commented with "#", the proposed setting is the default
#    behaviour of Samba but the option is considered important
#    enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic
# errors.
#======================= Global Settings =======================
[global]
[global]
 
  workgroup = SCOTTWORLD
## Browsing/Identification ###
  server string = %h server (Samba, Ubuntu)
 
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = SCOTTWORLD
 
# server string is the equivalent of the NT Description field
server string = %h server (Samba, Ubuntu)
netbios name = solaris
 
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
#  wins support = no
 
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
 
# This will prevent nmbd to search for NetBIOS names through DNS.
  dns proxy = no
 
#### Networking ####
 
# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;  interfaces = 127.0.0.0/8 eth0
 
# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself.  However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
;  bind interfaces only = yes
 
#### Debugging/Accounting ####
 
# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m
   log file = /var/log/samba/log.%m
# Cap the size of the individual log files (in KiB).
   max log size = 1000
   max log size = 1000
 
  logging = file
 
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
#  syslog = 0
 
# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d
   panic action = /usr/share/samba/panic-action %d


 
  server role = standalone server
####### Authentication #######
   obey pam restrictions = yes
 
# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone sever" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
 
server role = standalone server
 
ntlm auth = yes
client lanman auth = no
 
 
# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
   passdb backend = tdbsam
  security = user
obey pam restrictions = yes
 
# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
#  unix password sync = yes
 
# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
#  passwd program = /usr/bin/passwd %u
#  passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
 
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
#  pam password change = yes
 
# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
   map to guest = bad user
   map to guest = bad user


#========== HIT samba over the head, to disable printing =========
#========== HIT samba over the head, to disable printing =========
load printers = no
  load printers = no
show add printer wizard = no
  show add printer wizard = no
printcap name = /dev/null
  printcap name = /dev/null
disable spoolss = yes
  disable spoolss = yes


#======================= Share Definitions =======================
#======================= Share Definitions =======================
[software]
[software]
path = /srv/data/software
  path = /srv/data/software
guest ok = no
  guest ok = no
guest only = no
  guest only = no
read only = yes
  read only = yes
write list = @smbadmins
  write list = @smbadmins
force group = smbadmins
  force group = smbadmins
create mask = 0775
  create mask = 0775
directory mask = 2775
  directory mask = 2775


[media]
[media]
path = /srv/media
  path = /srv/media
guest ok = no
  guest ok = no
guest only = no
  guest only = no
read only = yes
  read only = yes
write list = @smbadmins
  write list = @smbadmins
force group = plex
  force group = plex
force user = plex
  force user = plex
create mask = 0775
  create mask = 0775
directory mask = 2775
  directory mask = 2775


[torrents]
[torrents]
path = /srv/data/torrents
  path = /srv/backup/torrents
guest ok = no
  guest ok = no
guest only = no
  guest only = no
read only = yes
  read only = yes
write list = @smbadmins
  write list = @smbadmins
force group = debian-transmission
  force group = debian-transmission
force user = smbadmin
  force user = smbadmin
create mask = 0775
  create mask = 0775
directory mask = 2775
  directory mask = 2775


[www]
[www]
path = /srv/data/www
  path = /srv/data/www
guest ok = no
  guest ok = no
guest only = no
  guest only = no
read only = yes
  read only = no
write list = @smbadmins
  write list = @smbadmins, smbuser
force group = www-data
  force group = www-data
force user = www-data
  force user = www-data
create mask = 0775
  create mask = 0775
directory mask = 2775
  directory mask = 2775


[backup]
[backup]
path = /srv/backup
  path = /srv/backup
guest ok = no
  guest ok = no
guest only = no
  guest only = no
read only = yes
  read only = yes
write list = @smbadmins
  write list = @smbadmins
force group = smbadmins
  force group = smbadmins
create mask = 0770
  create mask = 0770
directory mask = 2770
  directory mask = 2770


[documents]
[documents]
path = /srv/data/documents
  path = /srv/data/documents
guest ok = no
  guest ok = no
guest only = no
  guest only = no
read only = yes
  read only = yes
write list = @smbadmins
  write list = @smbadmins
force group = smbadmins
  force group = smbadmins
create mask = 0775
  create mask = 0775
directory mask = 2775
  directory mask = 2775


[drop]
[drop]
path = /srv/data/drop
  path = /srv/data/drop
guest ok = no
  guest ok = no
guest only = no
  guest only = no
read only = no
  read only = no
write list = @smbadmins,smbuser
  write list = @smbadmins,smbuser
force group = smbadmins
  force group = smbadmins
create mask = 0775
  create mask = 0775
directory mask = 2775
  directory mask = 2775
 
 
 
 
 
</pre>
</pre>


Line 255: Line 141:
Then restart the samba service.
Then restart the samba service.


  service smbd restart
  systemctl start smbd.service

Latest revision as of 03:09, 19 March 2024

Install Samba and the required services. 

apt install samba

Stop the samba service 

 systemctl stop smbd.service

First we will create a samba user and set a password for Windows users to authenticate. If we want multiple users we can repeat this process. 

adduser --disabled-login smbuser
adduser --disabled-login smbadmin
smbpasswd -a smbuser
smbpasswd -a smbadmin

Now we will create a group to assign to the various shares we are going to create for admin access (read write) 

groupadd -g 10000 smbadmins

We now need to add the users into this group. 

usermod -a -G smbadmins smbadmin

We can also add sysadmin to this group to give it samba RW permissions 

usermod -a -G smbadmins sysadmin

Now we need to create the share directory and set its permissions. 

chown -R smbadmin:smbadmins /path/to/your/share

Change the file permissions 

chmod -R 2775 /path/to/your/share

This will set the group sticky bit so that new files / folder will inherit group permissions.

Modify smb.conf 

sudo nano /etc/samba/smb.conf

[global]
   workgroup = SCOTTWORLD
   server string = %h server (Samba, Ubuntu)
   log file = /var/log/samba/log.%m
   max log size = 1000
   logging = file
   panic action = /usr/share/samba/panic-action %d

   server role = standalone server
   obey pam restrictions = yes
   map to guest = bad user

#========== HIT samba over the head, to disable printing =========
   load printers = no
   show add printer wizard = no
   printcap name = /dev/null
   disable spoolss = yes

#======================= Share Definitions =======================
[software]
   path = /srv/data/software
   guest ok = no
   guest only = no
   read only = yes
   write list = @smbadmins
   force group = smbadmins
   create mask = 0775
   directory mask = 2775

[media]
   path = /srv/media
   guest ok = no
   guest only = no
   read only = yes
   write list = @smbadmins
   force group = plex
   force user = plex
   create mask = 0775
   directory mask = 2775

[torrents]
   path = /srv/backup/torrents
   guest ok = no
   guest only = no
   read only = yes
   write list = @smbadmins
   force group = debian-transmission
   force user = smbadmin
   create mask = 0775
   directory mask = 2775

[www]
   path = /srv/data/www
   guest ok = no
   guest only = no
   read only = no
   write list = @smbadmins, smbuser
   force group = www-data
   force user = www-data
   create mask = 0775
   directory mask = 2775

[backup]
   path = /srv/backup
   guest ok = no
   guest only = no
   read only = yes
   write list = @smbadmins
   force group = smbadmins
   create mask = 0770
   directory mask = 2770

[documents]
   path = /srv/data/documents
   guest ok = no
   guest only = no
   read only = yes
   write list = @smbadmins
   force group = smbadmins
   create mask = 0775
   directory mask = 2775

[drop]
   path = /srv/data/drop
   guest ok = no
   guest only = no
   read only = no
   write list = @smbadmins,smbuser
   force group = smbadmins
   create mask = 0775
   directory mask = 2775

You can run a testparm command to check the samba configuration. 

testparm

Then restart the samba service. 

systemctl start smbd.service
Retrieved from ‘https://wiki.scottworld.net/index.php?title=Samba_Installation_24.04LTS&oldid=305