Samba (SIFS) How To
Warn: for public internet, use vpn/ssh-tunneling (with samba config-ed for vpn/local nic address) or SSHFS.
OBS: CIFS is new protocal, SMB is deprecated after win server 2003. ref
See Also Links
SFTP: FTP over SSH
UBUNTU AS SERVER #
sudo apt-get install -y samba samba-vfs-modules
CONFIG UBUNTU SERVER FOR GUEST/ANANOMOUS (NO PASSWORD) #
cp -pf /etc/samba/smb.conf /etc/samba/smb.conf.bak && \ cat /dev/null > /etc/samba/smb.conf && \ vim /etc/samba/smb.conf
Paste the foloowing config:
[global] # keep workgroup the same as windows client workgroup = WORKGROUP server string = Samba Server %v # the name will be used as \\<netbiosNmae> in windows, manual setup win hosts file for ip will not work if not matching this name. netbios name = ubuntu security = user map to guest = bad user dns proxy = no log level = 2 log file = /var/log/samba/all.log #log file = /var/log/samba/%S.%I.%m.log # serviceNmae.clientIp.clientDomain.log #============ Share Definitions ============# [Anonymous] path = /samba/anonymous browsable =yes writable = yes guest ok = yes read only = no force user = nobody
Ready to go:
# create the folder to share mkdir -p /samba/anonymous && \ chmod -R 0775 /samba/anonymous && \ chown -R nobody:nogroup /samba/anonymous # restart service service smbd restart && service nmbd restart; \ service smbd status && service nmbd status; # nmbd = NetBIOS name server.
Tip, to know win’s domain name, run
net config workstation.
CONFIG UBUNTU SERVER TO AUTH USER #
Append the following config to
[smbgp] path = /samba/smbgp valid users = @smbgp # OBS: samba uses sys users and groups, but different passwd. guest ok = no writable = yes browsable = yes
# create a user: smb1, and set passwd. addgroup smbgp && \ useradd smb1 -G smbgp && \ smbpasswd -a smb1 # OBS: samba uses sys users and groups, but different passwd. # create the folder to share mkdir -p /samba/smbgp && \ chmod -R 0770 /samba/smbgp && \ chown root:smbgp /samba/smbgp # restart service service smbd restart && service nmbd restart; \ service smbd status && service nmbd status;
UBUNTU 16 AS CLIENT #
mkdir /mnt/share/ sudo apt-get install cifs-utils && \ mount -t cifs -o username=winUser,password=winPass,uid=1000,iocharset=utf8,vers=2.0 //192.168.1.126/Users/myName/theFolder /mnt/share
(if err “host down”: server > powershell, run cmd below. //ubuntu needs smb v1).
OBS: win smb-v1 has security bug, DO security updates or do not use.
vers is needed when > 1.0
Set-SmbServerConfiguration -EnableSMB1Protocol $true
(if err 13 “permission denied”: add option
Tip1: C: is root dir.
uid give the client user write permission.
optional, hide passwd #
touch /root/cifsCredit && \ chmod 600 /root/cifsCredit; ll /root/cifsCredit echo 'username=winUser' > /root/cifsCredit echo 'password=winPass' >> /root/cifsCredit mount -t cifs -o credentials=/root/cifsCredit,uid=1000,iocharset=utf8 //192.168.1.126/Users/myName/theFolder /mnt/share
optional, permanent mount #
echo '//192.168.1.126/Users/myName/theFolder /mnt/share cifs credentials=/root/cifsCredit,uid=1000,iocharset=utf8 0 0' >> /etc/fstab mount -a # test it by "mounting all"
Ref & troubleshooting: wiki.ubuntu.
WINDOWS 10 AS SERVER #
Right click folder > “share” (do NOT use “advanced sharing”).
Warn: if userABC shared something, it will share all files in
To unshare, right click > “share with” > “stop sharing”. If this doesn’t work, run powershell as admin > show share:
net share > delete:
net share ShareName /delete.
To stop SAMBA service, disable the feature in win features, and:
Set-SmbServerConfiguration -EnableSMB1Protocol $false Set-SmbServerConfiguration -EnableSMB2Protocol $false
WINDOWS 7/10 AS CLIENT #
“My computer” > “Map network drive”
RESULTS IN WINDOWS 7 #
OBS: We can see that the label “[Anonymous]” in smb.conf is used instead of the folder name. (Z: is NFS, which shows “wrong” space usage, and display speed is much slower than SMB when mounted in windows.) For space usage, by default, ext2/3/4 filesystems reserve 5% of the space to be useable only by root, see ref.
Tip (remote mount): If the windows client is not in the same local network, dns/hosts file should be used to give server ip (hosts file’s server/domain name set to smb.conf’s “netbios name”).
Tip: Normal DNS or Dynamic DNS can also be used when domain name is used as “bios name” without adding hosts file record. However, SMB is not secure and log canNOT be used for fail2ban, though ref1 and ref2 claimed vfs should work, I can NOT get it working.
Tip: we can check if the config file is correct in format any time with
OBS: for one username, only one smb connection is allowed.
OBS: from one client, only one smb connection is allowed at one time.
xxx: official doc, which does not work.