We’ll be using a clean debian 7 lxc container for this setup.
/etc/apt/sources.list and add wheezy backports:
deb http://http.debian.net/debian wheezy-backports main apt-get update
- We do this because the version of samba included in the stable repository for Wheezy is very old. The backports has a much newer version of Samba 4 available.
Now install Samba:
apt-get -t wheezy-backports install samba
Make a copy of
/etc/samba/smb.conf and then edit the file.
Delete the existing contents and add:
[global] workgroup = WORKGROUP server string = Samba Server %v netbios name = shinyfiles server role = auto security = user encrypt passwords = yes map to guest = never name resolve order = bcast host
Create a base directory you’d like to share over the network
mkdir -p /samba/staff.files
- This directory could be called anything that you like, and be located anywhere.
Now we need to check the permissions for the
folder, assign the correct group, and possibly even create users.
- When using samba in as a standalone fileserver without a domain controller (workgroup mode) the best practice is to create an identical Linux user for each Windows client you plan on connecting to the share. Ideally, the usernames and passwords should match.
First, we’ll add a group called staff:
Members of this group will be granted access to the samba share. We’ll make the necessary additions to smb.conf later.
Now, we’ll set the permissions on the
staff.files folder to
770 and also set ownership:
chmod 770 /samba/staff.files chown :staff /samba/staff.files
This is so the file owner and group members have all rights, but others can’t read, write or even see the files in the directory.
You’ll probably also want to set the setgid bit for the directory, such that newly created files inherit their group from their parent directory rather than their creator.
chmod -R +s /samba/<share folder>
And we’ll add one of our planned Windows client users:
useradd -G staff <username>
Now we need to add the Linux user which we’ve just added to our samba sharing group to the smb database.
smbpasswd -a <username>
Enter a password. For consistancy this should be the same password assigned to the user on the Windows client machine and also on your Linux samba server.
Also remember that you can check which users you’ve already added to the samba user/password db using the command:
[staff.files] path = /samba/staff.files valid users = @staff browsable = yes writable = yes guest ok = no read only = no
You’ll need one of these share configuration blocks for each
tree of folders you’d like to share. If you’d like only a
single user to be able to access the share, you could change
service smbd restart.
Attempt to connect up with a Windows client.