How to Install and Configure Samba on Ubuntu 18.04

Published on

10 min read

Install and Configure Samba on Ubuntu 18.04

Samba is a free and open-source re-implementation of the SMB/CIFS network file sharing protocol that allows end users to access files, printers, and other shared resources.

This tutorial explains how to install Samba on Ubuntu 18.04 and configure it as a standalone server to provide file sharing across different operating systems over a network.

We’ll create the following Samba shares and users.

Users:

  • sadmin - An administrative user with read and write access to all shares.
  • josh - A regular user with its own private file share.

Shares:

  • users - This share will be accessible with read/write permissions by all users.
  • josh - This share will be accessible with read/write permissions only by users josh and sadmin.

The file shares will be accessible from all devices on your network. Later in this tutorial, we will also provide detailed instructions on how to connect to the Samba server from Linux, Windows and macOS clients.

Prerequisites

Before continuing, make sure you are logged in to your Ubuntu 18.04 system as a user with sudo privileges .

Installing Samba on Ubuntu

Samba is available from the official Ubuntu repositories. To install it on your Ubuntu system follow the steps below:

  1. Start by updating the apt packages index:

    sudo apt update
  2. Install the Samba package with the following command:

    sudo apt install samba
  3. Once the installation is completed, the Samba service will start automatically. To check whether the Samba server is running, type:

    sudo systemctl status smbd

    The output should look something like below indicating that Samba service is active and running:

    ● smbd.service - Samba SMB Daemon
       Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
       Active: active (running) since Wed 2019-11-27 09:25:38 UTC; 2min 12s ago
         Docs: man:smbd(8)
               man:samba(7)
               man:smb.conf(5)
     Main PID: 15142 (smbd)
       Status: "smbd: ready to serve connections..."
        Tasks: 4 (limit: 1152)
       CGroup: /system.slice/smbd.service
    ...

At this point, Samba has been installed and ready to be configured.

Configuring firewall

If you have a firewall running on your Ubuntu system you’ll need to allow incoming UDP connections on ports 137 and 138 and TCP connections on ports 139 and 445.

Assuming you are using UFW to manage your firewall, you can open the ports by enabling the ‘Samba’ profile:

sudo ufw allow 'Samba'

Configuring Global Samba Options

Before making changes to the Samba configuration file, create a backup for future reference purposes:

sudo cp /etc/samba/smb.conf{,.backup}

The default configuration file that ships with the Samba package is configured for standalone Samba server. Open the file and make sure server role is set to standalone server

sudo nano /etc/samba/smb.conf
/etc/samba/smb.conf
...
# Most people will want "standalone sever" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
   server role = standalone server
...

By default, Samba listens on all interfaces. If you want to restrict access to the Samba server only from your internal network uncomment the following two lines and specify the interfaces to bind to:

/etc/samba/smb.conf
...
# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
interfaces = 127.0.0.0/8 eth0

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself.  However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
bind interfaces only = yes
...

Once done run the testparm utility to check the Samba configuration file for errors. If there are no syntax errors you will see Loaded services file OK.

Finally, restart the Samba services with:

sudo systemctl restart smbdsudo systemctl restart nmbd

Creating Samba Users and Directory Structure

For easier maintainability and flexibility instead of using the standard home directories (/home/user) all Samba directories and data will be located in the /samba directory.

To create the /samba directory type:

sudo mkdir /samba

Set the group ownership to sambashare. This group is created during the Samba installation, later we will add all Samba users to this group.

sudo chgrp sambashare /samba

Samba uses Linux users and group permission system but is has its own authentication mechanism separate from the standard Linux authentication. We will create the users using the standard Linux useradd tool and then set the user password with the smbpasswd utility.

As we mentioned in the introduction, we’ll create a regular user that will have access to its private file share and one administrative account with read and write access to all shares on the Samba server.

Creating Samba Users

To create a new user named josh use the following command:

sudo useradd -M -d /samba/josh -s /usr/sbin/nologin -G sambashare josh

The useradd options have the following meanings:

  • -M -do not create the user’s home directory. We’ll manually create this directory.
  • -d /samba/josh - set the user’s home directory to /samba/josh.
  • -s /usr/sbin/nologin - disable shell access for this user.
  • -G sambashare - add the user to the sambashare group.

Create the user’s home directory and set the directory ownership to user josh and group sambashare:

sudo mkdir /samba/joshsudo chown josh:sambashare /samba/josh

The following command will add the setgid bit to the /samba/josh directory so the newly created files in this directory will inherit the group of the parent directory. This way, no matter which user creates a new file, the file will have group-owner of sambashare. For example, if you don’t set the directory’s permissions to 2770 and the sadmin user creates a new file the user josh will not be able to read/write to this file.

sudo chmod 2770 /samba/josh

Add the josh user account to the Samba database by setting the user password:

sudo smbpasswd -a josh

You will be prompted to enter and confirm the user password.

New SMB password:
Retype new SMB password:
Added user josh.

Once the password is set to enable the Samba account run:

sudo smbpasswd -e josh
Enabled user josh.

To create another user repeat the same process as when creating the user josh.

Next, let’s create a user and group sadmin. All members of this group will have administrative permissions. Later if you want to grant administrative permissions to another user simply add that user to the sadmin group .

Create the administrative user by typing:

sudo useradd -M -d /samba/users -s /usr/sbin/nologin -G sambashare sadmin

The command above will also create a group sadmin and add the user to both sadmin and sambashare groups.

Set a password and enable the user:

sudo smbpasswd -a sadminsudo smbpasswd -e sadmin

Next, create the Users share directory:

sudo mkdir /samba/users

Set the directory ownership to user sadmin and group sambashare:

sudo chown sadmin:sambashare /samba/users

This directory will be accessible by all authenticated users. The following chmod command gives write/read access to members of the sambashare group in the /samba/users directory:

sudo chmod 2770 /samba/users

Configuring Samba Shares

Open the Samba configuration file and append the sections:

sudo nano /etc/samba/smb.conf
/etc/samba/smb.conf
[users]
    path = /samba/users
    browseable = yes
    read only = no
    force create mode = 0660
    force directory mode = 2770
    valid users = @sambashare @sadmin

[josh]
    path = /samba/josh
    browseable = no
    read only = no
    force create mode = 0660
    force directory mode = 2770
    valid users = josh @sadmin

The options have the following meanings:

  • [users] and [josh] - The names of the shares that you will use when logging in.
  • path - The path to the share.
  • browseable - Whether the share should be listed in the available shares list. By setting to no other users will not be able to see the share.
  • read only - Whether the users specified in the valid users list are able to write to this share.
  • force create mode - Sets the permissions for the newly created files in this share.
  • force directory mode - Sets the permissions for the newly created directories in this share.
  • valid users - A list of users and groups that are allowed to access the share. Groups are prefixed with the @ symbol.

For more information about available options see the Samba configuration file documentation page.

Once done, restart the Samba services with:

sudo systemctl restart smbdsudo systemctl restart nmbd

In the following sections, we will show you how to connect to a Samba share from Linux, macOS and Windows clients.

Connecting to a Samba Share from Linux

Linux users can access the samba share from the command line, using the file manager or mount the Samba share.

Using the smbclient client

smbclient is a tool that allows you to access Samba from the command line. The smbclient package is not pre-installed on most Linux distros so you will need to install it with your distribution package manager.

To install smbclient on Ubuntu and Debian run:

sudo apt install smbclient

To install smbclient on CentOS and Fedora run:

sudo yum install samba-client

The syntax to access a Samba share is as follows:

mbclient //samba_hostname_or_server_ip/share_name -U username

For example to connect to a share named josh on a Samba server with IP address 192.168.121.118 as user josh you would run:

smbclient //192.168.121.118/josh -U josh

You will be prompted to enter the user password.

Enter WORKGROUP\josh's password: 

Once you enter the password you will be logged into the Samba command line interface.

Try "help" to get a list of possible commands.
smb: \>

Mounting the Samba share

To mount a Samba share on Linux first you need to instal the cifs-utils package.

On Ubuntu and Debian run:

sudo apt install cifs-utils

On CentOS and Fedora run:

sudo yum install cifs-utils

Next, create a mount point:

sudo mkdir /mnt/smbmount

Mount the share using the following command:

sudo mount -t cifs -o username=username //samba_hostname_or_server_ip/sharename /mnt/smbmount

For example to mount a share named josh on a Samba server with IP address 192.168.121.118 as user josh to the /mnt/smbmount mount point you would run:

sudo mount -t cifs -o username=josh //192.168.121.118/josh /mnt/smbmount

You will be prompted to enter the user password.

Password for josh@//192.168.121.118/josh:  ********

Using GUI

Files, the default file manager in Gnome has built-in option to access Samba shares.

  1. Open Files and click on “Other Locations” in the sidebar.
  2. In “Connect to Server”, enter the address of the Samba share in the following format smb://samba_hostname_or_server_ip/sharename.
  3. Click “Connect” and the following screen will appear:
    Gnome Samba Login
  4. Select “Registered User”, enter the Samba username and password and click “Connect”.
  5. The files on the Samba server will be shown.
    Gnome Samba Files

Connecting to a Samba Share from macOS

In macOS you can access the Samba Shares either from the command line or using the default macOS file manager Finder. The following steps show how to access the share using Finder.

  1. Open “Finder”, select “Go” and click “Connect To”.
  2. In “Connect To”, enter the address of the Samba share in the following format smb://samba_hostname_or_server_ip/sharename.
    macOS Samba Connect
  3. Click “Connect” and the following screen will appear:
    macOS Samba Login
  4. Select “Registered User”, enter the Samba username and password and click “Connect”.
  5. The files on the Samba server will be shown.
    macOS Samba Files

Connecting to a Samba Share from Windows

Windows users also have an option to connect to the Samba share from both command line and GUI. The steps below show how to access the share using the Windows File Explorer.

  1. Open up File Explorer and in the left pane right-click on “This PC”.
  2. Select “Choose a custom network location” and then click “Next”.
  3. In “Internet or network address”, enter the address of the Samba share in the following format \\samba_hostname_or_server_ip\sharename.
    Windows Samba Connect
  4. Click “Next” and you will be prompted to enter the login credentials as shown below:
    Windows Samba Connect
  5. In the next window you can type a custom name for the network location. The default one will be picked up by the Samba server.
    Windows Samba Name
  6. Click “Next” to move to the last screen of the connection setup wizard.
  7. Click “Finish” and the files on the Samba server will be shown.
    Windows Samba Files

Conclusion

In this tutorial, you have learned how to install Samba server on Ubuntu 18.04 and create different types of shared and users. We have also shown you how to connect to the Samba server from Linux, macOS and Windows devices.