Scope/Description
- This article will show you some basic SMB share configurations.
Prerequisites
- SMB Packages Installed
- SMB Services Running and Enabled
- SMB Ports Open on Firewall (133/tcp, 445/tcp and 137/udp, 138/udp)
- Local users with samba password configured.
- Local group to authenticate users connecting to share(s).
- Joined to an Active Directory if using Windows ACLs to manage share permissions.
- Domain Group(s) that will handle assigning share permissions via Windows ACLs given SeDiskOperatorPrivilege permission.
Steps
Local User Access Share
- For a basic Local User Access share, we first must ensure the permissions are set correctly on the directory we are sharing out.
- The directory must be set to 770 by doing chmod 770 /path/to/share for permissions, and the owner user/group is set as root:smbgroup by doing chown root:smbgroup where smbgroup is a local group that we have any local user attempting to connect to the share a member of.
- Once we have this completed, we can then utilize a share configuration similar to below to allow access.
[samba] force group = smbgroup inherit permissions = Yes path = /tank/samba-dataset read only = No valid users = @smbgroup
Guest Access Share
- For a basic Guest Access share, we first must ensure the permissions are set correctly on the directory we are sharing out.
- The directory must be set to 770 by doing chmod 770 /path/to/share for permissions, and the owner user/group is set as nobody:nogroup by doing chown nobody:nogroup.
- Once we have this completed, we can then utilize a share configuration similar to below to allow access.
[samba-guest] guest ok = Yes guest only = Yes inherit permissions = Yes path = /tank/samba-guest read only = No
Verification
- We can run testparm and see the output of our new shares.
Troubleshooting
- Ensure there are no typos within your share configuration parameters.
- Ensure if using password access that the user attempting to connect is a member of the group owning the share, and has a samba password configured.
- If utilizing a guest access share on a Windows client, you may have issues as by default access to guest access network shares in Windows is disabled.
Further Reading
Views: 4467