SMB Shared Folders, Printers.

SMB SHARED FOLDERS

Note for me to remember. when i tried installing samba, i had this output:

Done
Setting up samba (2:4.15.13+dfsg-0ubuntu0.20.04.4) ...
Samba is not being run as an AD Domain Controller: Masking samba-ad-dc.service
Please ignore the following error about deb-systemd-helper not finding those services.
(samba-ad-dc.service masked)
Created symlink /etc/systemd/system/multi-user.target.wants/nmbd.service → /lib/systemd/system/nmbd.service.
Failed to preset unit: Unit file /etc/systemd/system/samba-ad-dc.service is masked.
/usr/bin/deb-systemd-helper: error: systemctl preset failed on samba-ad-dc.service: No such file or directory
Created symlink /etc/systemd/system/multi-user.target.wants/smbd.service → /lib/systemd/system/smbd.service.
samba-ad-dc.service is a disabled or a static unit, not starting it.
Processing triggers for ufw (0.36-6ubuntu1) ...
Processing triggers for systemd (245.4-4ubuntu3.20) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for libc-bin (2.31-0ubuntu9.9) ...

probably I need to unmask these services and then check

Anyway let’s start our lab:

Sharing Home Directories

• Samba can provide access to user home directories

• Each user has access to their own private folder

• Integrates well with local Linux user accounts (we’ll see later how to do that)

First thing let’s edit the smb.conf file:

sudo vim /etc/samba/smb.conf

I will need to uncomment this to enable home directories sharing

browseable=no : Home directories are hidden by default

read only = no : Users are allowed to write to their own folder

valid users = %s : telling smb to use linux users

[homes]
   comment = Home Directories
   browseable = no
   readonly = no
   valid users = %s

Printers are enabled by default:

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

Now i can crate a folder before i start sharing it. Technically i can share any foldr but if i am running APPARMOR or SELinux i might need to change the context to let smb access to the shared folder

the best place to create shared home directoried (folder), is under /srv

sudo mkdir -p /srv/samba/corp

cd samba

Here, you can start creating folder for different purposes like a corp ‘corporation’ folder or marketing folder or anything

Now, follow these steps:

touk@ubuntu:/srv$ sudo groupadd corp
touk@ubuntu:/srv$ id
uid=1000(touk) gid=1000(touk) groups=1000(touk),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),120(lpadmin),132(lxd),133(sambashare),998(docker)
touk@ubuntu:/srv$ sudo usermod -a -G corp touk

touk@ubuntu:/srv$ groups touk
touk : touk adm cdrom sudo dip plugdev lpadmin lxd sambashare docker corp

I have created a group and added my user to it, I will change permissions too

touk@ubuntu:/srv/samba$ sudo chown  -R touk:corp /srv/samba/corp
touk@ubuntu:/srv/samba$ sudo chmod  -R 770  /srv/samba/corp

Note: samba expect to get the password of the user account

sudo smbpasswd -a touk

touk@ubuntu:/srv$ sudo smbpasswd -a touk
New SMB password:
Retype new SMB password:
Added user touk.

Now I need to tell samba about this directory!

sudo vim /etc/samba/smb.conf

And jump to the end of the file

[corp]
        comment = Corporate Documents
        path = /srv/samba/corp
        read only = no
        browseable = yes
        valid users = touk, +corp

And you can check for typo: sudo testparm

sudo testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed

Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
        log file = /var/log/samba/log.%m
        logging = file
        map to guest = Bad User
        max log size = 1000
        obey pam restrictions = Yes
        pam password change = Yes
        panic action = /usr/share/samba/panic-action %d
        passwd chat = *Enter\\snew\\s*\\spassword:* %n\\n *Retype\\snew\\s*\\spassword:* %n\\n *password\\supdated\\ssuccessfully* .
        passwd program = /usr/bin/passwd %u
        server role = standalone server
        server string = %h server (Samba, Ubuntu)
        unix password sync = Yes
        usershare allow guests = Yes
        idmap config * : backend = tdb

[homes]
        browseable = No
        comment = Home Directories
        read only = No
        valid users = %s

[printers]
        browseable = No
        comment = All Printers
        create mask = 0700
        path = /var/spool/samba
        printable = Yes

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/printers

[corp]
        comment = Corporate Documents
        path = /srv/samba/corp
        read only = No
        valid users = touk +corp

Once we have all that configured, Let’s test it:

sudo apt install smbclient

touk@ubuntu:/srv/samba$ smbclient -L localhost
Password for [WORKGROUP\\touk]:

        Sharename       Type      Comment
        ---------       ----      -------
        print$          Disk      Printer Drivers
        corp            Disk      Corporate Documents
        IPC$            IPC       IPC Service (ubuntu server (Samba, Ubuntu))
        touk            Disk      Home Directories
SMB1 disabled -- no workgroup available

And VOILA, i can see corp is shared.

Now i can go and create a folder and see if it is going to be shared:

touk@ubuntu:/srv/samba/corp$ ls -l
total 0
-rwxrwx--- 1 touk corp 0 Aug 31 04:36 smb_file_shared.txt

You can use the smbclient to login in:

touk@ubuntu:/srv/samba/corp$ smbclient //localhost/corp -U touk