Samba (SIFS) How To

Samba (SIFS) How To

2016-12-31. Category & Tags: Samba, CIFS, SMB

Warn: for public internet, use vpn/ssh-tunneling (with samba config-ed for vpn/local nic address) or SSHFS.
OBS: CIFS is new protocal, SMB is deprecated after win server 2003. ref

See Also Links
SFTP: FTP over SSH
SSHFS
NFS

UBUNTU AS SERVER #

sudo apt-get install -y samba samba-vfs-modules

CONFIG UBUNTU SERVER FOR GUEST/ANANOMOUS (NO PASSWORD) #

cp -pf /etc/samba/smb.conf /etc/samba/smb.conf.bak && \
cat /dev/null  > /etc/samba/smb.conf && \
vim /etc/samba/smb.conf

Paste the foloowing config:

[global]
# keep workgroup the same as windows client
workgroup = WORKGROUP
server string = Samba Server %v
# the name will be used as \\<netbiosNmae> in windows, manual setup win hosts file for ip will not work if not matching this name.
netbios name = ubuntu
security = user
map to guest = bad user
dns proxy = no
log level = 2
log file = /var/log/samba/all.log
#log file = /var/log/samba/%S.%I.%m.log # serviceNmae.clientIp.clientDomain.log

#============ Share Definitions ============#
[Anonymous]
path = /samba/anonymous
browsable =yes
writable = yes
guest ok = yes
read only = no
force user = nobody

Ready to go:

# create the folder to share
mkdir -p /samba/anonymous && \
chmod -R 0775 /samba/anonymous && \
chown -R nobody:nogroup /samba/anonymous
# restart service
service smbd restart && service nmbd restart; \
service smbd status && service nmbd status; # nmbd = NetBIOS name server.

Tip, to know win’s domain name, run net config workstation.

CONFIG UBUNTU SERVER TO AUTH USER #

Append the following config to vim /etc/samba/smb.conf

[smbgp]
path = /samba/smbgp
valid users = @smbgp # OBS: samba uses sys users and groups, but different passwd.
guest ok = no
writable = yes
browsable = yes

Run:

# create a user: smb1, and set passwd.
addgroup smbgp && \
useradd smb1 -G smbgp && \
smbpasswd -a smb1 # OBS: samba uses sys users and groups, but different passwd.
# create the folder to share
mkdir -p /samba/smbgp && \
chmod -R 0770 /samba/smbgp && \
chown root:smbgp /samba/smbgp
# restart service
service smbd restart && service nmbd restart; \
service smbd status && service nmbd status;

UBUNTU 16 AS CLIENT #

mkdir /mnt/share/
sudo apt-get install cifs-utils && \
 mount -t cifs -o username=winUser,password=winPass,uid=1000,iocharset=utf8,vers=2.0 //192.168.1.126/Users/myName/theFolder /mnt/share

(if err “host down”: server > powershell, run cmd below. //ubuntu needs smb v1).
OBS: win smb-v1 has security bug, DO security updates or do not use.
Tip: vers is needed when > 1.0

Set-SmbServerConfiguration -EnableSMB1Protocol $true

(if err 13 “permission denied”: add option sec=ntlm)
Tip1: C: is root dir.
Tip2: uid give the client user write permission.

optional, hide passwd #

touch /root/cifsCredit && \
chmod 600 /root/cifsCredit; ll /root/cifsCredit
 echo 'username=winUser' > /root/cifsCredit
 echo 'password=winPass' >> /root/cifsCredit
mount -t cifs -o credentials=/root/cifsCredit,uid=1000,iocharset=utf8 //192.168.1.126/Users/myName/theFolder /mnt/share

optional, permanent mount #

echo '//192.168.1.126/Users/myName/theFolder /mnt/share cifs credentials=/root/cifsCredit,uid=1000,iocharset=utf8 0 0' >> /etc/fstab
mount -a # test it by "mounting all"

Ref & troubleshooting: wiki.ubuntu.

WINDOWS 10 AS SERVER #

Right click folder > “share” (do NOT use “advanced sharing”).
Warn: if userABC shared something, it will share all files in C:\Users\userABC and C:\Users\public.
To unshare, right click > “share with” > “stop sharing”. If this doesn’t work, run powershell as admin > show share: net share > delete: net share ShareName /delete.

To stop SAMBA service, disable the feature in win features, and:

Set-SmbServerConfiguration -EnableSMB1Protocol $false
Set-SmbServerConfiguration -EnableSMB2Protocol $false

WINDOWS 7/10 AS CLIENT #

“My computer” > “Map network drive”

\\UBUNTU\smbgp

RESULTS IN WINDOWS 7 #

OBS: We can see that the label “[Anonymous]” in smb.conf is used instead of the folder name. (Z: is NFS, which shows “wrong” space usage, and display speed is much slower than SMB when mounted in windows.) For space usage, by default, ext2/3/4 filesystems reserve 5% of the space to be useable only by root, see ref.
Tip (remote mount): If the windows client is not in the same local network, dns/hosts file should be used to give server ip (hosts file’s server/domain name set to smb.conf’s “netbios name”).
Tip: Normal DNS or Dynamic DNS can also be used when domain name is used as “bios name” without adding hosts file record. However, SMB is not secure and log canNOT be used for fail2ban, though ref1 and ref2 claimed vfs should work, I can NOT get it working.

PS #

Tip: we can check if the config file is correct in format any time with testparm.
OBS: for one username, only one smb connection is allowed.
OBS: from one client, only one smb connection is allowed at one time.

ref: how.to.forge
xxx: official doc, which does not work.