Samba
Related articles
Samba is a re-implementation of the SMB/CIFS networking protocol, it facilitates file and printer sharing among Linux and Windows systems as an alternative to NFS. Some users say that Samba is easily configured and that operation is very straight-forward. However, many new users run into problems with its complexity and non-intuitive mechanism. This article provides instructions for users on how to setup Samba. It is strongly suggested that the user sticks close to the following directions.
Contents
- 1 Server configuration
- 2 Client configuration
-
3 Troubleshooting
- 3.1 Windows clients keep asking for password even if Samba shares are created with guest permissions
- 3.2 Windows 7 connectivity problems - mount error(12): cannot allocate memory
- 3.3 Trouble accessing a password-protected share from Windows
- 3.4 Getting a dialog box up takes a long time
- 3.5 Error: Failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
- 3.6 Sharing a folder fails
- 3.7 "Browsing" network fails with "Failed to retrieve share list from server"
- 3.8 You are not the owner of the folder
- 3.9 protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
- 3.10 Connection to SERVER failed: (Error NT_STATUS_UNSUCCESSFUL)
- 4 See also
Server configuration
To share files with Samba, install the samba package.
The Samba server is configured in /etc/samba/smb.conf
. Copy the default Samba configuration file to /etc/samba/smb.conf
:
# cp /etc/samba/smb.conf.default /etc/samba/smb.conf
Edit /etc/samba/smb.conf
, scroll down to the Share Definitions section. The default configuration automatically creates a share for each user's home directory. It also creates a share for printers by default. There are a number of commented sample configurations included. More information about available options for shared resources can be found in man smb.conf
. Here is the on-line version.
On Windows side, be sure to change smb.conf
to the Windows Workgroup. (Windows default: WORKGROUP)
Starting services
To provide basic file sharing through SMB start/enable smbd.service
and nmbd.service
services. See smbd and nmbd manpages for details.
"Usershare" is a feature that gives non-root users the capability to add, modify, and delete their own share definitions.
This creates the usershares directory in /var/lib/samba
:
# mkdir -p /var/lib/samba/usershares
This makes the group sambashare:
# groupadd sambashare
This changes the owner of the directory and group you just created to root:
# chown root:sambashare /var/lib/samba/usershares
This changes the permissions of the usershares directory so that users in the group sambashare can read, write and execute files:
# chmod 1770 /var/lib/samba/usershares
Set the following variables in smb.conf
configuration file:
/etc/samba/smb.conf
... [global] usershare path = /var/lib/samba/usershares usershare max shares = 100 usershare allow guests = yes usershare owner only = yes ...
Add your user to the sambashare group. Replace your_username
with the name of your user:
# usermod -a -G sambashare your_username
Restart smbd
and nmbd
services.
Log out and log back in. You should now be able to configure your samba share using GUI. For example, in Thunar you can right click on any directory and share it on the network. If you want to share pathes inside your home directory you must make it listable for the group others.
Adding a user
If it does not exist yet, create a Linux user account for the Samba user. Substitute samba_user
with your preferred name:
# useradd samba_user
Samba users use a password separate from that of the Linux user accounts. Create the Samba user account with the same name as in the previous command:
# pdbedit -a -u samba_user
Changing Samba user's password
To change a user's password, use smbpasswd
:
# smbpasswd samba_user
Required ports
If you are using a firewall, do not forget to open required ports (usually 137-139 + 445). For a complete list please check Samba port usage.
Client configuration
Only smbclient is required to access files from a Samba/SMB/CIFS server. See man smbclient
for commonly used commands.
Shared resources from other computers on the LAN may be accessed and mounted locally by GUI or CLI methods. Depending on the desktop environment, GUI methods may not be available. See also #File manager configuration for use with a file manager.
There are two parts in sharing access. The first is the underlying file system mechanism, which some environments have built in. The second is the interface which allows the user to mount shared resources.
Manual mounting
For a lighter approach without support for listing public shares, only install cifs-utils to provide /usr/bin/mount.cifs
.
To list public shares on a server:
$ smbclient -L hostname -U%
Create a mount point for the share:
# mkdir /mnt/mountpoint
Mount the share using the mount.cifs
type. Not all the options listed below are needed or desirable (ie. password
).
# mount -t cifs //SERVER/sharename /mnt/mountpoint -o user=username,password=password,workgroup=workgroup,ip=serverip
SERVER
- The Windows system name.
sharename
- The shared directory.
mountpoint
- The local directory where the share will be mounted.
-o [options]
- See
man mount.cifs
for more information.
The simplest way to add an fstab entry is something like this:
/etc/fstab
//SERVER/sharename /mnt/mountpoint cifs username=username,password=password 0 0
However, storing passwords in a world readable file is not recommended! A safer method would be to use a credentials file. As an example, create a file and chmod 600 filename
so only the owning user can read and write to it. It should contain the following information:
/path/to/credentials/sambacreds
username=username password=password
and the line in your fstab should look something like this:
/etc/fstab
//SERVER/SHARENAME /mnt/mountpoint cifs credentials=/path/to/credentials/sambacreds 0 0
If using systemd (modern installations), one can utilize the x-systemd.automount
option, which speeds up service boot by a few seconds. Also, one can map current user and group to make life a bit easier, utilizing uid
and gid
options.
/etc/fstab
//SERVER/SHARENAME /mnt/mountpoint cifs credentials=/path/to/smbcredentials,x-systemd.automount,uid=username,gid=usergroup 0 0
User mounting
/etc/fstab
//SERVER/SHARENAME /mnt/mountpoint cifs users,credentials=/path/to/smbcredentials,workgroup=workgroup,ip=serverip 0 0
This will allow users to mount it as long as the mount point resides in a directory controllable by the user; i.e. the user's home. For users to be allowed to mount and unmount the Samba shares with mount points that they do not own, use smbnetfs, or grant privileges using sudo.
WINS host names
The smbclient package provides a driver to resolve host names using WINS. To enable it, add “wins” to the “hosts” line in /etc/nsswitch.conf.
Automatic mounting
There are several ways to easily browse shared resources:
smbnetfs
First, check if you can see all the shares you are interested in mounting:
$ smbtree -U remote_user
If that does not work, find and modify the following line
in /etc/samba/smb.conf
accordingly:
domain master = auto
Now restart smbd.service
and nmbd.service
.
If everything works as expected, install smbnetfs from the official repositories.
Then, add the following line to /etc/fuse.conf
:
user_allow_other
and load the fuse
kernel module:
# modprobe fuse
Now copy the directory /etc/smbnetfs/.smb
to your home directory:
$ cp -a /etc/smbnetfs/.smb ~
Then create a link to smb.conf
:
$ ln -sf /etc/samba/smb.conf ~/.smb/smb.conf
If a username and a password are required to access some of the shared folders, edit ~/.smb/smbnetfs.auth
to include one or more entries like this:
~/.smb/smbnetfs.auth
auth "hostname" "username" "password"
It is also possible to add entries for specific hosts to be mounted by smbnetfs, if necessary.
More details can be found in ~/.smb/smbnetfs.conf
.
If you are using the Dolphin or Nautilus file managers, you may want to add the following to ~/.smb/smbnetfs.conf
to avoid "Disk full" errors as smbnetfs by default will report 0 bytes of free space:
~/.smb/smbnetfs.conf
free_space_size 1073741824
When you are done with the configuration, you need to run
$ chmod 600 ~/.smb/smbnetfs.*
Otherwise, smbnetfs complains about 'insecure config file permissions'.
Finally, to mount your Samba network neighbourhood to a directory of your choice, call
$ smbnetfs mount_point
Daemon
The Arch Linux package also maintains an additional system-wide operation mode for smbnetfs. To enable it, you need to make the
said modifications in the directoy /etc/smbnetfs/.smb
.
Then, you can start and/or enable the smbnetfs
daemon as usual. The system-wide mount point is at /mnt/smbnet/
.
autofs
See Autofs for information on the kernel-based automounter for Linux.
File manager configuration
GNOME Files, Nemo, Caja, Thunar and PCManFM
In order to access samba shares through GNOME Files, Nemo, Caja, Thunar or PCManFM, install the gvfs-smb package, available in the official repositories.
Press Ctrl+l
and enter smb://servername/share
in the location bar to access your share.
The mounted share is likely to be present at /run/user/your_UID/gvfs
or ~/.gvfs
in the filesystem.
KDE
KDE, has the ability to browse Samba shares built in. Therefore do not need any additional packages. However, for a GUI in the KDE System Settings, install the kdenetwork-filesharing package from the official repositories.
If when navigating with Dolphin you get a "Time Out" Error, you should uncomment and edit this line in smb.conf:name resolve order = lmhosts bcast host wins
as shown in this page.
Other graphical environments
There are a number of useful programs, but they may need to have packages created for them. This can be done with the Arch package build system. The good thing about these others is that they do not require a particular environment to be installed to support them, and so they bring along less baggage.
- pyneighborhood is available in the official repositories.
- LinNeighborhood, RUmba, xffm-samba plugin for Xffm are not available in the official repositories or the AUR. As they are not officially (or even unofficially supported), they may be obsolete and may not work at all.
Troubleshooting
Try to add
[global] map to guest = Bad User
to /etc/samba/smb.conf
Windows 7 connectivity problems - mount error(12): cannot allocate memory
A known Windows 7 bug that causes "mount error(12): cannot allocate memory" on an otherwise perfect cifs share on the Linux end can be fixed by setting a few registry keys on the Windows box as follows:
-
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\LargeSystemCache
(set to1
) -
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Size
(set to3
)
Alternatively, start Command Prompt in Admin Mode and execute the following:
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "LargeSystemCache" /t REG_DWORD /d 1 /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v "Size" /t REG_DWORD /d 3 /f
Do one of the following for the settings to take effect:
- Restart Windows
- Restart the Server service via services.msc
- From the Command Prompt run: 'net stop lanmanserver' and 'net start lanmanserver' - The server may automatically restart after stopping it.
For trouble accessing a password protected share from Windows, try adding this to /etc/samba/smb.conf
:[1]
Note that this needs to be added to the local smb.conf, not to the server's smb.conf
[global] # lanman fix client lanman auth = yes client ntlmv2 auth = no
Getting a dialog box up takes a long time
I had a problem that it took ~30 seconds to get a password dialog box up when trying to connect from both Windows XP/Windows 7. Analyzing the error.log on the server I saw:
[2009/11/11 06:20:12, 0] printing/print_cups.c:cups_connect(103) Unable to connect to CUPS server localhost:631 - Interrupted system call
This keeps samba from asking cups and also from complaining about /etc/printcap missing:
printing = bsd printcap name = /dev/null
Error: Failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
If you are a home user and using samba purely for file sharing from a server or NAS, you are probably not interested in sharing printers through it. If so, you can prevent this error from occurring by adding the following lines to your /etc/samba/smb.conf:
load printers = No printing = bsd printcap name = /dev/null disable spoolss = Yes
Restart the samba service, smbd.service
, and then check your logs:
cat /var/log/samba/smbd.log
and the error should now no longer be appearing.
Sharing a folder fails
It means that while you are sharing a folder from Dolphin (file manager) and everything seems ok at first, after restarting Dolphin the share icon is gone from the shared folder, and also some output like this in terminal (Konsole) output:
‘net usershare’ returned error 255: net usershare: usershares are currently disabled
To fix it, enable usershare as described in #Creating usershare path.
And you are using a firewall (iptables) because you do not trust your local (school, university, hotel) local network. This may be due to the following: When the smbclient is browsing the local network it sends out a broadcast request on udp port 137. The servers on the network then reply to your client but as the source address of this reply is different from the destination address iptables saw when sending the request for the listing out, iptables will not recognize the reply as being "ESTABLISHED" or "RELATED", and hence the packet is dropped. A possible solution is to add:
iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns
to your iptables setup.
You are not the owner of the folder
Simply try to reboot the system.
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
The client probably does not have access to shares. Make sure clients' IP address is in hosts allow =
line in /etc/samba/smb.conf
.
Connection to SERVER failed: (Error NT_STATUS_UNSUCCESSFUL)
You are probably passing wrong server name to smbclient
. To find out the server name, run hostnamectl
on the server and look at "Transient hostname" line.