Basic Samba Setup and Troubleshooting

What is SAMBA

Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Content

What can you learn from this?

This document from my notepad[0] is intended as a help to setup simple client connection to home NAS and simple file sharing from your Manjaro desktop to other computers in your home network. If you are looking for domain specific setup and integration to Microsoft AD you must refer to the official samba documentation[1].

Occasional sharing


If you only occasionally need to serve files - you can do so using the default Python installation.

Copy the files to you want to share to ~/Public then open a terminal in the folder and run two commands.

The first displays your IP address [utility script 2]


~/Public $ check-network
192.168.30.20

The second run the http service exposing the content of your ~/Public folder


~/Public $ python -m http.server 8080
Serving HTTP on 0.0.0.0 port 8080 (http://0.0.0.0:8080/) ...

Then share the IP and port. The person(s) can fetch the file(s) using their browser and navigating to - the slash at the end is important (otherwise the browser runs a search using the configured searchengine)

http://$IPADDRESS:8080/

When you are finished sharing, close the terminal or press Ctrlc to stop sharing.

Samba Client

Linux client

For simple client connection to shares provided by a NAS or maybe your router only a few packages are needed. The package smbclient provides the tools necessary for accessing samba fileshares.

There is several packages which builds upon the client and makes it easier to connect and automount a share from a file manager. Packages such as gvfs-smb and smb4k extends the file manager with seamless mount of Samba shares.

Ensure the packages are up-to-date by running below command in a terminal

sudo pacman -Syu smbclient gvfs gvfs-smb --needed

smbclient

Before attempting a connection either reboot your system or manually load the kernel module

sudo modprobe cifs

Also a configuration file /etc/samba/smb.conf must be present. The client doesn't require any content - just the presence and can thus be created by the touch utility.

sudo mkdir /etc/samba
sudo touch /etc/samba/smb.conf

GVFS

Open your file manager and enter the server name or IP address in location bar.

If the location bar is not visible it is often activated using the hot key-combo CtrlL. Input the server name and share using the protocol format

smb://server-name/share

When you are challenged for credentials input those to access the content. Do not save your credentials just yet. Later on you will return here to store the credentials in your keyring.

This method is using gvfs which creates the mountpoint in the /run tree and therefore the mount will not persist across reboot.

You can inspect the file structure by opening the folder matching the uid for your user. If you have a mounted share you can run ls on the gvfs folder - it will yield an output similar to below example


$ ls /run/user/$UID/gvfs
'smb-share:server=nas.net.nix.dk,share=data'

System Automount

systemd units

When mounting one or more network shares on boot one need to take into account when the network is up and connected - otherwise the system will hang for 90s for each share.

This can be done using fstab or using systemd units [ systemd unit ] [ sample units ].

User Mount

As demonstrated, a file manager can utilize gvfs to create a user mounted samba share, and this can use be used to create some automation.

As shown the gio mountpoint takes the following form where $UID, $HOST and $SHARE represents the variable factors

/run/user/$UID/gvfs/'smb-share:server=$HOST,share=$SHARE'

First we will create the a mount script using the gio smb mount script to mount the share. Use the template provided in the topic to create your own script. When you have the script in place and working come back here.

The script asks for username, workgroup and password when you run it in the terminal and that is fine for the occasional mount but you will likely want to automount the share when you log into your system.

User Automount

You can run the script when you login in a number of ways

  • Add the script to your environment's autostart configuration
  • Manually create a desktop launcher in ~/.config/autorun
This topic will propose another metod a somewhat different methoed by means of a systemd user service.

spiral_notepad: To be able to automount the share the following conditions must be met:

  • Yuu are able to connect to the share using your file manager.
  • You have stored the credentials in your keyring when challenged for those on first connect.

As the success of the service depends on your stored credentials - now is a good time to save your smb credentials in your keyring.

The user service

Create the folder ~/.config/systemd/user and create a service file named e.g. gio-smb-share-name.service - use the same name as the script you are calling - thus making the dependency obvious and simplify future maintenance.


mkdir -p ~/.config/systemd/user
touch ~/.config/systemd/user/gio-smb-share-name.service

Open the file in your favorite editor and paste below content.


[Unit]
Description=GIO mount smb share-name

[Service]
Type=oneshot
ExecStart=/home/%u/.local/bin/gio-smb-share-name.sh
ExecStop=/home/%u/.local/bin/gio-smb-share-name.sh umount
RemainAfterExit=true

[Install]
WantedBy=multi-user.target

Watch your SMBLinks folder and start the service

systemctl --user start gio-smb-share-name.service

Note the symlink is created. Stop the service to watch the symlink disappear

systemctl --user stop gio-smb-share-name.service

When everything works - start and enable the user service

systemctl --user enable --now gio-smb-share-name.service

Manjaro Samba Server


:warning:

  1. Sharing data will open ports to the network.
  2. Only run a Samba file service on a trusted secure network or zone.
  3. Esnure firewalld is set up to only allow share traffic when connected to a trusted and secure network or zone.
  4. Never run a samba file server on a laptop (it's portable and smb service is easy to forget).
  5. Avoid NT1 aka SMB1 - it is unsafe and exploited by numerous ransomware projets.

Install samba package

Install the samba package and ensure your system is fully updated in the process.

sudo pacman -Syu samba

Basic Server configuration

Create the configuration file /etc/samba/smb.conf - the folder may need to be created beforehand.


sudo mkdir -p /etc/samba
sudo touch /etc/samba/smb.conf

Edit the file - using superuser privilige - insert below contant and save the file (need superuser). If you are connecting an existing network of servers change the WORKGROUP to match the existing network.


[global]
   workgroup = MANJARO
   server string = Manjaro Samba Server
   server role = standalone server
   log file = /var/log/samba/log.%m
   max log size = 50
   guest account = nobody
   map to guest = Bad Password

   min protocol = SMB2
   max protocol = SMB3

[public]
   path = /srv/samba
   public = yes
   writable = yes
   printable = no

Test your config

sudo testparm /etc/samba/smb.conf

Create share and set permissions

Create the shared folder

sudo mkdir -p /srv/samba

Set permissions to any and all

sudo chmod ugo+rwx /srv/samba -R

Start the services

sudo systemctl enable --now smb nmb

Troubleshooting

Client

Samba client requires the file /etc/samba/smb.conf even if it is empty.

sudo mkdir /etc/samba
sudo touch /etc/samba/smb.conf

Initial share lookup

If you find browsing the network from your filemanager is causing permission issues it may be helpful to add the following content - replace the WORKGROUP if necessary


[global]
     workgroup = WORKGROUP

Samba protocol version

Upstream Samba disabled SMB1 due to a vulnerability exploited by a widespread ransomware. Yet many ISP provided routers has not been upgraded and you may have difficulties connecting the router's samba service using a default samba client.

To gain access to such share you need to add a samba configuration which sole purpose is to enable the deprecated samba version. Add the following line in the [global] section of the configuration file


[global]
    client min protocol = NT1

More reading

  • My notepad [[0]]
  • Samba website [[1]]
  • LAN IP utility script [[2]]
  • Using systemd mount units [[3]]
  • Sample mount units [[4]]
  • Samba on Arch Wiki [[5]]
  • Sample Samba configuration with comments [[6]]
  • Microsoft's documentation [[7]]
  • GIO mount SMB utility script [[8]]