Samba Standalone Server Installation on Debian 9 (Stretch)
This tutorial explains the installation of a Samba fileserver on Debian 9 (Stretch) and how to configure it to share files over the SMB protocol as well as how to add users. Samba is configured as a standalone server, not as a domain controller. In the resulting setup, every user has his own home directory accessible via the SMB protocol and all users have a shared directory with read-/write access.
1 Preliminary Note
I'm using a Debian 9 system here with the hostname debian.example.com and the IP address 192.168.1.100. I'll use this minimal Debian system as basis for this tutorial: https://www.howtoforge.com/tutorial/debian-minimal-server/
I will use the nano editor in this tutorial to edit config files on the shell. Nano can be installed with the command:
apt-get install nano
If you have a different favorite shell editor like joe or vi, then use that instead.
To make the Linux server accessible by name from my Windows workstation, I will add a line to the hosts file on Windows. Run this command as Administrator user on Windows to edit the hosts file:
notepad C:\Windows\System32\drivers\etc\hosts
and add a line like this:
192.168.1.100 debian.example.com debian
at the end of the file. Replace the IP address with the server IP and the hostname with the hostname that you have chosen for your server.
Rename 'administrator' user, if exists
My Debian 9 server has a user named "administrator", this username may cause problems with Samba, so I rename it to 'howtoforge' here. Feel free to use a different name for your user, the name does not matter as long as it is not 'administrator'. Skip this step when your system has no user with the name 'administrator'.
usermod -l howtoforge -m -d /home/howtoforge administrator
groupmod -n howtoforge administrator
2 Installing Samba
Connect to your server on the shell as root user and install the Samba packages:
apt-get -y install libcups2 samba samba-common cups
Move the current smb.conf file to smb.conf.bak:
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
And then create a new file smb.conf file:
nano /etc/samba/smb.conf
With the following content:
[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = debian
security = user
map to guest = bad user
dns proxy = no
Replace WORKGROUP with the workgroup name that is used on your Windows clients. If you don't know the name of the workgroup, run this command on the Windows client to get the workgroup name:
net config workstation
Then close the Samba configuration file on the server and restart Samba:
systemctl restart smbd.service
3 Adding Samba Shares
Now I will add a share that is accessible by all users.
Create the directory for sharing the files and change the group to the users group:
mkdir -p /home/shares/allusers
chown -R root:users /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/allusers/
mkdir -p /home/shares/anonymous
chown -R root:users /home/shares/anonymous/
chmod -R ug+rwx,o+rx-w /home/shares/anonymous/
At the end of the file /etc/samba/smb.conf add the following lines:
nano /etc/samba/smb.conf
3.1 Group share
This is a share that is accessible and writable for all members of our "users" group. Add the following config at the end of the smb.conf file.
[allusers] comment = All Users path = /home/shares/allusers valid users = @users force group = users create mask = 0660 directory mask = 0771 writable = yes
3.2 Home directories
If you want all users to be able to read and write to their home directories via Samba, add the following lines to /etc/samba/smb.conf (make sure you comment out or remove the existing [homes] section):
[homes] comment = Home Directories browseable = no valid users = %S writable = yes create mask = 0700 directory mask = 0700
3.3 Anonymous share
You like to have a share were all users in your network can write to? Be careful, this share is open to anyone in the network, so use this only in local networks. Add an anonymous share like this:
[anonymous] path = /home/shares/anonymous force group = users
create mask = 0660
directory mask = 0771
browsable =yes writable = yes guest ok = yes
Now we restart Samba:
systemctl restart smbd.service
4 Adding and Managing Users
In this example, I will add a user named tom. You can add as many users as you need, in the same way, just replace the username tom with the desired username in the commands.
useradd tom -m -G users
Set a password for tom in the Linux system user database. If the user tom should not be able to log into the Linux system, skip this step.
passwd tom
-> Enter the password for the new user.
Now add the user to the Samba user database:
smbpasswd -a tom
-> Enter the password for the new user.
Now you should be able to log in from your Windows workstation with the file explorer (address is \\192.168.1.100 or \\192.168.1.100\tom for tom's home directory) using the username tom and the chosen password and store files on the Linux server either in tom's home directory or in the public shared directory.
5 Accessing Samba from Windows
Now you can access the samba shares from your Windows Desktop. Open the command prompt and enter "\\debian" to open a file explorer:
6 Virtual Machine Image Download of this Tutorial
This tutorial is available as ready to use virtual machine image in ovf/ova format that is compatible with VMWare and Virtualbox. The virtual machine image uses the following login details:
SSH / Shell Login
Username: howtoforge
Password: howtoforge
Username: root
Password: howtoforge
Samba Example User Login
Username: tom
Password: howtoforge
The IP of the VM is 192.168.1.100, it can be changed in the file /etc/network/interfaces. Please change all the above passwords to secure the virtual machine.