Samba

Samba is a re-implementation of the SMB/CIFS networking protocol, it facilitates file and printer sharing among Linux and Windows systems as an alternative to NFS. Some users say that Samba is easily configured and that operation is very straight-forward. However, many new users run into problems with its complexity and non-intuitive mechanism. This article provides instructions for users on how to setup Samba. It is strongly suggested that the user sticks close to the following directions.

Server configuration

To share files with Samba, install the samba package.

The Samba server is configured in /etc/samba/smb.conf. Copy the default Samba configuration file to /etc/samba/smb.conf:

# cp /etc/samba/smb.conf.default /etc/samba/smb.conf
Tip: Run testparm to check the validity of samba configuration file.

Creating a share

Edit /etc/samba/smb.conf, scroll down to the Share Definitions section. The default configuration automatically creates a share for each user's home directory. It also creates a share for printers by default. There are a number of commented sample configurations included. More information about available options for shared resources can be found in man smb.conf. Here is the on-line version.

On Windows side, be sure to change smb.conf to the Windows Workgroup. (Windows default: WORKGROUP)

Starting services

To provide basic file sharing through SMB start/enable smbd.service and nmbd.service services. See smbd and nmbd manpages for details.

Tip: Instead of having the service running since boot, you can enable smbd.socket so the daemon is started on the first incoming connection. Do not forget to disable smbd.service.

Creating usershare path

Note: This is an optional feature. Skip this section if you do not need it.

"Usershare" is a feature that gives non-root users the capability to add, modify, and delete their own share definitions.

This creates the usershares directory in /var/lib/samba:

# mkdir -p /var/lib/samba/usershares

This makes the group sambashare:

# groupadd sambashare

This changes the owner of the directory and group you just created to root:

# chown root:sambashare /var/lib/samba/usershares

This changes the permissions of the usershares directory so that users in the group sambashare can read, write and execute files:

# chmod 1770 /var/lib/samba/usershares

Set the following variables in smb.conf configuration file:

/etc/samba/smb.conf
...
[global]
  usershare path = /var/lib/samba/usershares
  usershare max shares = 100
  usershare allow guests = yes
  usershare owner only = yes
  ...

Add your user to the sambashare group. Replace your_username with the name of your user:

# usermod -a -G sambashare your_username

Restart smbd and nmbd services.

Log out and log back in. You should now be able to configure your samba share using GUI. For example, in Thunar you can right click on any directory and share it on the network. If you want to share pathes inside your home directory you must make it listable for the group others.

Adding a user

If it does not exist yet, create a Linux user account for the Samba user. Substitute samba_user with your preferred name:

# useradd samba_user

Samba users use a password separate from that of the Linux user accounts. Create the Samba user account with the same name as in the previous command:

# pdbedit -a -u samba_user

Changing Samba user's password

To change a user's password, use smbpasswd:

# smbpasswd samba_user

Required ports

If you are using a firewall, do not forget to open required ports (usually 137-139 + 445). For a complete list please check Samba port usage.

Client configuration

Only smbclient is required to access files from a Samba/SMB/CIFS server. See man smbclient for commonly used commands.

Shared resources from other computers on the LAN may be accessed and mounted locally by GUI or CLI methods. Depending on the desktop environment, GUI methods may not be available. See also #File manager configuration for use with a file manager.

There are two parts in sharing access. The first is the underlying file system mechanism, which some environments have built in. The second is the interface which allows the user to mount shared resources.

Note:
  • After installing cifs-utils or smbclient, you must restart or modprobe cifs
  • Otherwise mount fails with "cifs filesystem not supported by the system"

Manual mounting

For a lighter approach without support for listing public shares, only install cifs-utils to provide /usr/bin/mount.cifs.

To list public shares on a server:

$ smbclient -L hostname -U%

Create a mount point for the share:

# mkdir /mnt/mountpoint

Mount the share using the mount.cifs type. Not all the options listed below are needed or desirable (ie. password).

# mount -t cifs //SERVER/sharename /mnt/mountpoint -o user=username,password=password,workgroup=workgroup,ip=serverip
Note: If you get the output "mount error(13): Permission denied", this might be due to a bug in mount.cifs. See the following bug report. https://bugs.archlinux.org/task/43015#comment130771 Try specifying the option "sec=ntlmv2" to work around it.

SERVER

The Windows system name.

sharename

The shared directory.

mountpoint

The local directory where the share will be mounted.

-o [options]

See man mount.cifs for more information.
Note:
  • Abstain from using a trailing /. //SERVER/sharename/ will not work.
  • If your mount does not work stable, stutters or freezes, try to enable different SMB protocol version with vers= option. For example, vers=2.0 for Windows Vista mount.

Add Share to /etc/fstab

The simplest way to add an fstab entry is something like this:

/etc/fstab
//SERVER/sharename /mnt/mountpoint cifs username=username,password=password 0 0

However, storing passwords in a world readable file is not recommended! A safer method would be to use a credentials file. As an example, create a file and chmod 600 filename so only the owning user can read and write to it. It should contain the following information:

/path/to/credentials/sambacreds
username=username
password=password

and the line in your fstab should look something like this:

/etc/fstab
//SERVER/SHARENAME /mnt/mountpoint cifs credentials=/path/to/credentials/sambacreds 0 0

If using systemd (modern installations), one can utilize the x-systemd.automount option, which speeds up service boot by a few seconds. Also, one can map current user and group to make life a bit easier, utilizing uid and gid options.

Warning: Using the uid and gid options may cause input ouput errors in programs that try to fetch data from network drives.
/etc/fstab
//SERVER/SHARENAME /mnt/mountpoint cifs credentials=/path/to/smbcredentials,x-systemd.automount,uid=username,gid=usergroup 0 0
Note: Space in sharename should be replaced by \040 (ASCII code for space in octal). For example, //SERVER/share name on the command line should be //SERVER/share\040name in /etc/fstab.

User mounting

/etc/fstab
//SERVER/SHARENAME /mnt/mountpoint cifs users,credentials=/path/to/smbcredentials,workgroup=workgroup,ip=serverip 0 0
Note: The option is users (plural). For other filesystem types handled by mount, this option is usually user; sans the "s".

This will allow users to mount it as long as the mount point resides in a directory controllable by the user; i.e. the user's home. For users to be allowed to mount and unmount the Samba shares with mount points that they do not own, use smbnetfs, or grant privileges using sudo.

WINS host names

The smbclient package provides a driver to resolve host names using WINS. To enable it, add “wins” to the “hosts” line in /etc/nsswitch.conf.

Automatic mounting

There are several ways to easily browse shared resources:

smbnetfs

Note: smbnetfs needs an intact Samba server setup. See above on how to do that.

First, check if you can see all the shares you are interested in mounting:

$ smbtree -U remote_user

If that does not work, find and modify the following line in /etc/samba/smb.conf accordingly:

domain master = auto

Now restart smbd.service and nmbd.service.

If everything works as expected, install smbnetfs from the official repositories.

Then, add the following line to /etc/fuse.conf:

user_allow_other

and load the fuse kernel module:

# modprobe fuse

Now copy the directory /etc/smbnetfs/.smb to your home directory:

$ cp -a /etc/smbnetfs/.smb ~

Then create a link to smb.conf:

$ ln -sf /etc/samba/smb.conf ~/.smb/smb.conf

If a username and a password are required to access some of the shared folders, edit ~/.smb/smbnetfs.auth to include one or more entries like this:

~/.smb/smbnetfs.auth
auth			"hostname" "username" "password"

It is also possible to add entries for specific hosts to be mounted by smbnetfs, if necessary. More details can be found in ~/.smb/smbnetfs.conf.

If you are using the Dolphin or Nautilus file managers, you may want to add the following to ~/.smb/smbnetfs.conf to avoid "Disk full" errors as smbnetfs by default will report 0 bytes of free space:

~/.smb/smbnetfs.conf
free_space_size 1073741824

When you are done with the configuration, you need to run

$ chmod 600 ~/.smb/smbnetfs.*

Otherwise, smbnetfs complains about 'insecure config file permissions'.

Finally, to mount your Samba network neighbourhood to a directory of your choice, call

$ smbnetfs mount_point
Daemon

The Arch Linux package also maintains an additional system-wide operation mode for smbnetfs. To enable it, you need to make the said modifications in the directoy /etc/smbnetfs/.smb.

Then, you can start and/or enable the smbnetfs daemon as usual. The system-wide mount point is at /mnt/smbnet/.

autofs

See Autofs for information on the kernel-based automounter for Linux.

File manager configuration

GNOME Files, Nemo, Caja, Thunar and PCManFM

In order to access samba shares through GNOME Files, Nemo, Caja, Thunar or PCManFM, install the gvfs-smb package, available in the official repositories.

Press Ctrl+l and enter smb://servername/share in the location bar to access your share.

The mounted share is likely to be present at /run/user/your_UID/gvfs or ~/.gvfs in the filesystem.

KDE

KDE, has the ability to browse Samba shares built in. Therefore do not need any additional packages. However, for a GUI in the KDE System Settings, install the kdenetwork-filesharing package from the official repositories.

If when navigating with Dolphin you get a "Time Out" Error, you should uncomment and edit this line in smb.conf:
name resolve order = lmhosts bcast host wins

as shown in this page.

Other graphical environments

There are a number of useful programs, but they may need to have packages created for them. This can be done with the Arch package build system. The good thing about these others is that they do not require a particular environment to be installed to support them, and so they bring along less baggage.

  • pyneighborhood is available in the official repositories.
  • LinNeighborhood, RUmba, xffm-samba plugin for Xffm are not available in the official repositories or the AUR. As they are not officially (or even unofficially supported), they may be obsolete and may not work at all.

Troubleshooting

Windows clients keep asking for password even if Samba shares are created with guest permissions

Try to add

 [global]
 map to guest = Bad User

to /etc/samba/smb.conf

Windows 7 connectivity problems - mount error(12): cannot allocate memory

A known Windows 7 bug that causes "mount error(12): cannot allocate memory" on an otherwise perfect cifs share on the Linux end can be fixed by setting a few registry keys on the Windows box as follows:

  • HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\LargeSystemCache (set to 1)
  • HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Size (set to 3)

Alternatively, start Command Prompt in Admin Mode and execute the following:

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "LargeSystemCache" /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v "Size" /t REG_DWORD /d 3 /f

Do one of the following for the settings to take effect:

  • Restart Windows
  • Restart the Server service via services.msc
  • From the Command Prompt run: 'net stop lanmanserver' and 'net start lanmanserver' - The server may automatically restart after stopping it.
Note: Googling will reveal another tweak recommending users to add a key modifying the "IRPStackSize" size. This is incorrect for fixing this issue under Windows 7. Do not attempt it.

Original article.

Trouble accessing a password-protected share from Windows

For trouble accessing a password protected share from Windows, try adding this to /etc/samba/smb.conf:[1]

Note that this needs to be added to the local smb.conf, not to the server's smb.conf

[global]
# lanman fix
client lanman auth = yes
client ntlmv2 auth = no

Getting a dialog box up takes a long time

I had a problem that it took ~30 seconds to get a password dialog box up when trying to connect from both Windows XP/Windows 7. Analyzing the error.log on the server I saw:

[2009/11/11 06:20:12,  0] printing/print_cups.c:cups_connect(103)
Unable to connect to CUPS server localhost:631 - Interrupted system call

This keeps samba from asking cups and also from complaining about /etc/printcap missing:

printing = bsd
printcap name = /dev/null

Error: Failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL

If you are a home user and using samba purely for file sharing from a server or NAS, you are probably not interested in sharing printers through it. If so, you can prevent this error from occurring by adding the following lines to your /etc/samba/smb.conf:

load printers = No
printing = bsd
printcap name = /dev/null
disable spoolss = Yes

Restart the samba service, smbd.service, and then check your logs:

cat /var/log/samba/smbd.log

and the error should now no longer be appearing.

Sharing a folder fails

It means that while you are sharing a folder from Dolphin (file manager) and everything seems ok at first, after restarting Dolphin the share icon is gone from the shared folder, and also some output like this in terminal (Konsole) output:

‘net usershare’ returned error 255: net usershare: usershares are currently disabled

To fix it, enable usershare as described in #Creating usershare path.

"Browsing" network fails with "Failed to retrieve share list from server"

And you are using a firewall (iptables) because you do not trust your local (school, university, hotel) local network. This may be due to the following: When the smbclient is browsing the local network it sends out a broadcast request on udp port 137. The servers on the network then reply to your client but as the source address of this reply is different from the destination address iptables saw when sending the request for the listing out, iptables will not recognize the reply as being "ESTABLISHED" or "RELATED", and hence the packet is dropped. A possible solution is to add:
iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns

to your iptables setup.

You are not the owner of the folder

Simply try to reboot the system.

protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE

The client probably does not have access to shares. Make sure clients' IP address is in hosts allow = line in /etc/samba/smb.conf.

Connection to SERVER failed: (Error NT_STATUS_UNSUCCESSFUL)

You are probably passing wrong server name to smbclient. To find out the server name, run hostnamectl on the server and look at "Transient hostname" line.

See also