There is probably not a single office that does not use shared local network resources, whether they are folders or printers. Large and medium-sized companies use the capabilities of Active Directory, while smaller companies use regular Windows or Samba tools on Linux servers. Let’s review all these cases.
How to configure Samba:
- What is Samba?
- How to set up a shared folder
- a) How to set up a shared folder in Linux
- b) How to set up a shared folder on Windows
- How to connect to a shared folder
- a) How to connect to a Linux shared folder
- b) How to connect to a Windows shared folder
- How to create a Network Share in Samba
What is Samba?
Samba is a server application that enables client computers to access shared folders, printers, and disks over the SMB/CIFS protocol, allowing seamless file and resource sharing between Linux and Windows systems.
Configuring shared folders
Linux
The installation and configuration of the Samba server on Ubuntu involves the following steps:
Update package information and upgrade existing software:
apt-get update && apt-get upgradeInstall Samba and its client utilities:
apt-get install -y samba samba-clientBackup the default Samba configuration file:
cp /etc/samba/smb.conf /etc/samba/smb.conf_sampleCreate the base directory for Samba shares, e.g., under /media:
mkdir /media/sambaImportant: By default, /media is part of the root partition, which may have limited space. To prevent disk space issues, it's recommended to mount a separate partition or drive at /media/samba.
Create a public directory accessible to all users:
mkdir /media/samba/publicSet appropriate permissions for the public folder:
chmod -R 0755 /media/samba/public(Optional) Change ownership or group with chown or chgrp if needed.
Create a private directory for restricted access:
mkdir /media/samba/privateCreate a user group to manage access:
groupadd smbgrpAdd Samba users:
useradd user1Add users to the group:
usermod -aG smbgrp user1Assign the private directory to the group:
chgrp smbgrp /media/samba/privateSet Samba passwords for the users:
smbpasswd -a user1Edit Samba configuration:
nano /etc/samba/smb.confClear the file and insert:
[global]
workgroup = WORKGROUP
security = user
map to guest = bad user
wins support = no
dns proxy = no
[public]
path = /media/samba/public
guest ok = yes
force user = nobody
browsable = yes
writable = yes
[private]
path = /media/samba/private
valid users = @smbgrp
guest ok = no
browsable = yes
writable = yes
Save with Ctrl + X, then Y, then Enter.
Explanation of important parameters:
- global — general server settings.
- public and private — define shared folders and their access rules.
- Parameters in the global section:
- workgroup — network workgroup name (default: WORKGROUP). Change if your network uses a different name.
- security — server authentication mode ("user" means username/password required).
- map to guest — handles invalid login attempts ("bad user" rejects incorrect passwords).
- wins support — enable/disable WINS server functionality.
- dns proxy — enable/disable DNS proxying.
- Parameters for each shared directory:
- path — absolute path to the shared folder.
- guest ok — allow guest (unauthenticated) access.
- browsable — whether the share is visible when browsing.
- force user — force all file operations to be performed by a specified user (usually "nobody" for security).
- writable — allow write operations.
- valid users — restrict access to specific users or groups (groups prefixed with @).
Check the Samba configuration for syntax errors:
testparm -sRestart Samba services:
service smbd restart
service nmbd restartConfigure firewall rules to allow Samba ports, restricting access to trusted subnets only:
iptables -A INPUT -p tcp --dport 445 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 139 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p udp --dport 137 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p udp --dport 138 -s 10.0.0.0/24 -j ACCEPTTo persist firewall rules across reboots, install:
apt-get install iptables-persistentDuring installation, confirm saving current rules.
Verify current firewall rules with:
iptables -LWindows
Shared folders setup in Windows is similar but done via GUI:
To share folders without password protection, disable password-protected sharing:
Control Panel → Network and Internet → Network and Sharing Center → Advanced sharing settings → All Networks → Disable "Password protected sharing" → Save changes.
To share a folder:
Right-click folder → Properties → Sharing tab → Advanced Sharing.
Check "Share this folder", set share name.
Click "Permissions", select "Everyone", enable "Full Control", then OK.
Back in Properties, click "Share", add "Everyone" with Read/Write permissions, then Share → Done.
To restrict sharing to specific users:
Right-click folder → Properties → Sharing tab → Advanced Sharing → Share this folder.
Permissions → Remove "Everyone".
Add users/groups by clicking "Add" → Advanced → Find Now → select users/groups.
Assign appropriate permissions.
Confirm all dialogs.
Connecting to shared folders
From Linux
Install smbclient:
sudo apt-get install smbclientConnect to share:
smbclient -U /// Example:
smbclient -U buhgalter //10.0.0.1/publicTo mount the share as a network drive automatically, install cifs-utils:
sudo apt-get install cifs-utilsMount using:
mount -t cifs -o username=Everyone,password= //10.0.0.1/public /mediaNote: For Windows shares without password, use username "Everyone". For Linux shares, use "nobody" or the assigned username with password for protected shares.
From Windows
To connect to shared folders:
Open File Explorer or press Windows + R.
Enter:
\Entering only the IP address lists all available shares.
If prompted for credentials on Windows shares, use username "Everyone" with no password for open shares.
To connect to Linux shares from Windows, use the same UNC path.
How to create a Network Share in Samba
Create the folder to share:
mkdir /home// Backup Samba config:
sudo cp /etc/samba/smb.conf ~/smb.conf.backupEdit Samba config:
sudo nano /etc/samba/smb.confAdd at the end:
[]
path = /home//
valid users =
read only = no
Save and exit.
Restart Samba:
sudo service smbd restartCheck config syntax:
testparmAccess share with smbclient:
sudo apt-get install smbclient
smbclient -L /// -U
smbclient /// -U
Notes:
