Hodgepodge 3xNAS Part 7 SMB/CIFS

Published on May 18, 2023 at 7:18 pm by LEW

Introduction

This is where things start to congeal. In this post we will set up network file shares on our server Virtual Machine (VM). Our goal is one share accessible by all users on its own drive. In addition each user should be able to access their own home directory.

To make all this happen we will be using a program called samba, which creates SMB/CIFS type file shares. This is what I refer to as the lowest common denominator. It is the system Windows uses. Since Windows is the most common desktop system, its protocols tend to be available on other Operating Systems (OS). Therefore almost any device on your Local Area Network (LAN) should be able to access the Network Attached Storage (NAS), assuming they have an account that is.

There are other choices, many of which are much faster and more secure than SMB/CIFS. However most of them are not as advantages (popularity) to work with for the average user. And since we are on a LAN, security concerns are not as prevalent as they would be across the Internet.

Installing SAMBA

Installing SAMBA on Debian is fairy easy and quick (depending on the speed of your internet connection that is).

apt install samba

The above command should pull in all dependencies, so expect a number of additional packages to be installed. By default on Debian the service will be enabled and started when installed.

Setup SAMBA

The samba configuration file is located at /etc/samba/smb.conf. I suggest making a copy before editing this file.

I am assuming you have a general storage directory at /srv/storage (see last post). I am also assuming you have a normal user on your system.

You will find the smb.conf file on Debian systems comes loaded with comments. Reading them should give one a good idea of what the various stanzas in the file do.

Our target in this example is to give users access to their home directory (/home/user), and to a shared direcotry (/srv/storage) where we have mounted a second hard drive. To get there we need to accomplish three things; setup the smb.conf file, create a system users, and a samba users.

Configure smb.conf

The smb.conf file is setup in sections. Each section has a title enclosed in square brackets ([]). Several of the sections in the default configuration file are not needed. Below I will go over the sections we need and what I put in them.

Note the below is a minimal configuration file to accomplish the goal. If you are exposing the server to anything other than your LAN, there will be additional entries you may want to include. Also, I am not showing comments, but you should definitely add comments to your file so you will know what you were thinking when you revisit a year from now.

Global: The first part is the global section containing system wide parameters.

[global]
       workgroup = WORKGROUP

       interfaces = 127.0.0.0/8 enp0s3

       log file = /var/log/samba/log.%m
       max log size = 1000

       server role = standalone
       obey pam restrictions = yes
       map to guest = bad user

Since this is a standalone server, we want to identity our workgroup. If you have any Windows users on your LAN, their workgroup is set to WORKGROUP by default. If you want to make things easy for them, leave it alone. Otherwise change it to to whatever you like.

We want to limit the network interfaces samba will respond too. Here we have the local loop back address and our network adapter name. Unless you have multiple network adapters, you can leave this out if you want.

It is a good idea to setup some logging, just in case. We can specify where the logs go, and how big they can be. The %m should append the client net bios name to the end of a particular log (more useful for older OS, but no so much for newer).

We set the server role as standalone (not part of a Windows domain). We force the use of passwords with the Pluggable Authentication Module (PAM). And we set how to map unauthenticated users who attempt to log in (if a guest account is present it usually has very reduced privileges).

Homes: We need to set up access to the users home directory, for our users.

[homes]
	comment = Home Directories
	browseable = no
	read only = no
	create mask = 0700
	directory mask = 0700
	valid users = %S

 

Setting browsable to no means other users will not be able to see it. The read only parameter defaults to yes, we want to allow users to write to their home directroy.

The mask statements set default permissions for file and directory creation.

The valid users parameter ensures only the owner of the home folder can log into it.

Share: We also need to define our shared directory.

[share]
	path = /srv/storage
	writeable = yes
	browseable = yes
	public = yes
	create mask = 0644
	directory mask = 0755
	guest ok = yes

We need to define the path to our shared directory. Then we need to explicitly make it writable and browseble. We want to make it public. We also need to set default masks here too. And we need to allow guest log in.

Testing and Implementing the Configuration File

To validate our configuration file, samba includes the testparm command. Running this command will validate the syntax of the smb.conf file, and print out the share definitions for review.

Once you have validated the file you will need to restart the samba service. I am assuming systemd in this example.

systemctl restart smbd

Adding Users

Samba users must exsist as regualr users on the server. You can create them with a no log in option (don’t give them a system password or shell) if you want to make sure they can only access files through the smb/cifs interface.

Once the user exists, you can add them to the samba user database using the smbpasswd command.

smbpasswd <user name>

You will be queried for a password and have to retype it.

Access a Share

Assuming our permissions are correct, we should be able to access or server from another device using the smb/cifs protocols.

If you have a Windows device, go to “Map network Drives”, enter the IP address, and see if the shares are visible and can be mapped to a drive letter (remember on Windows to use the double forward slash).

\\192.168.x.x

Conclusion

In this post we finished creating our simple File Server  (or basic NAS if you like). there are a lot of things we could do differently. For example we could have used the File Transfer protocol (FTP) instead of smb.

This is also by no means a secure server. We have done nothing with firewalls, added some sort of backup or redundancy, and our smb .conf is minimal at best. But it is a big step forward towards the goal.

In the next post we will discuss various options for configuring multiple drives.

Hodgepodge 3xNAS Part 1 Project Overview

Hodgepodge 3xNAS Part 2 Software Choices

Hodgepodge 3xNAS Part 3 Virtual Install

Hodgepodge 3xNAS Part 4 Initial Configuration

Hodgepodge 3xNAS Part 5 Need a GUI?

Hodgepodge 3xNAS Part 6 Add a Storage Drive

Hodgepodge 3xNAS Part 7 SMB/CIFS

Hodgepodge 3xNAS Part 8 Expanded Storage

Hodgepodge 3xNAS Part 9 Making RAID

Hodgepodge 3xNAS Part 10 Cockpit Web GUI RAID 5

Hodgepodge 3xNAS Part 11 Mergerfs

Hodgepodge 3xNAS Part 12 Snapraid

Hodgepodge 3xNAS Part 13 LVM

Hodgepodge 3xNAS Part 14 The Server Hardware

Hodgepodge 3xNAS Part 15 The Server Operating System

Hodgepodge 3xNAS Part 16 Cockpit Install

Hodgepodge 3xNAS Part 17 SAMBA Setup

Hodgepodge 3xNAS Part 18 PLEX vs Kodi

Add New Comment

Your email address will not be published. Required fields are marked *