KB450435 – Basic SMB Share Configuration(s)

Last modified: July 28, 2021
You are here:

Scope/Description

  • This article will show you some basic SMB share configuration(s).

Prerequisites

  • SMB Packages Installed
  • SMB Services Running and Enabled
  • SMB Ports Open on Firewall (133/tcp, 445/tcp and 137/udp, 138/udp)
  • Local users with samba password configured.
  • Local group to authenticate users connecting to share(s).
  • Joined to an Active Directory if using Windows ACLs to manage share permissions.
  • Domain Group(s) that will handle assigning share permissions via Windows ACLs given SeDiskOperatorPrivilege permission.

Steps

Local User Password Access Share

  • For a basic Local User Password Access share, we first must ensure the permissions are set correctly on the directory we are sharing out.
  • The directory must be set to 770 by doing chmod 770 /path/to/share for permissions, and the owner user/group is set as root:smbgroup by doing chown root:smbgroup where smbgroup is a local group that we have any local user attempting to connect to the share a member of.
  • Once we have this completed, we can then utilize a share configuration similar to below to allow access.
[samba]
force group = smbgroup
inherit permissions = Yes
path = /tank/samba-dataset
read only = No
valid users = @smbgroup

Domain Authentication Access Share

  • For a basic Domain Authentication Access share, we must first ensure the permissions are set correctly on the directory we are sharing out.
  • The directory must be set to 770 by doing chmod 770 /path/to/share for permissions, and the owner user/group is set as root:DOMAIN\Domain Group by doing chown root:DOMAIN\Domain Group where Domain Group is an Active Directory group that will handle the assigning of permissions via Windows ACLs.
  • Once we have this completed, we can then utilize a share configuration similar to below to allow access, and assigning of permissions on the share through the use of Windows ACLs.
[samba-windows-acls]
map acl inherit = Yes
path = /tank/samba-windows-acls
read only = No
vfs objects = acl_xattr
acl_xattr:ignore system acl = yes

Guest Access Share

  • For a basic Guest Access share, we first must ensure the permissions are set correctly on the directory we are sharing out.
  • The directory must be set to 770 by doing chmod 770 /path/to/share for permissions, and the owner user/group is set as nobody:nogroup by doing chown nobody:nogroup.
  • Once we have this completed, we can then utilize a share configuration similar to below to allow access.
[samba-guest]
guest ok = Yes
guest only = Yes
inherit permissions = Yes
path = /tank/samba-guest
read only = No

Verification

  • We can run testparm and see the output of our new shares.

Troubleshooting

  • Ensure there are no typos within your share configuration parameters.
  • Ensure if using password access that the user attempting to connect is a member of the group owning the share, and has a samba password configured.
  • If utilizing a guest access share on a Windows client, you may have issues as by default access to guest access network shares in Windows is disabled.
  • If utilizing Domain Authentication Access, ensure you have joined your system to the Active Directory before configuring the share(s).

Further Reading

Was this article helpful?
Dislike 0
Views: 51
Unboxing Racking Storage Drives Cable Setup Power UPS Sizing Remote Access