0TODO CMD SMB

Table of Contents

• ² Script installs + deploys SMB
  • ³ Domains
  • /etc/samba/smb.conf ==include below==
  • ³ Recommended user setups
    • Guest-only server (simple)
    • Mixed guest + private shares
    • Users-only server
  • ³ Start service
  • ³ Connect

² Script installs + deploys SMB #

³ Domains #

INFO :
ext we can talk permissions vs 777, or auto-sharing removable drives safely

Running file server, not domains (no AD)

No nmb in modern SMB: Completely unnecessary if

• DNS or hostname via /etc/hosts
• no Windows machines
• no legacy SMB discovery
• Linux clients use IP / DNS / Avahi /

It only does:

• NetBIOS name broadcasting (1990s tech)
• old Windows network browsing

.

/etc/samba/smb.conf ==include below== #

[global]
   guest account    = nobody
   map to guest     = Bad User
   security         = user
   server string    = Arch Samba
   smb passwd file  = "$_smb_pwfile"
   workgroup        = WORKGROUP

[share]
   browseable       = yes
   create mask      = 0777
   directory mask   = 0777
   guest ok         = yes
   path             = "$_smb_share_dir"   # /srv/samba/share
   writable         = yes

.

# Install 

gpg --list-keys E3BF84FA7D66E529595320C8F191C3B0CD4DA237

sudo pacman-key --init
sudo pacman-key --populate

sudo pacman -Syu samba


# Prepare dirs (log + share)

sudo mkdir -p  /var/log/samba/
sudo chmod 755 /var/log/samba/
# log file =   /var/log/samba/log.%m   # client NetBIOS name

sudo mkdir -p  /srv/samba/share/
sudo chmod 777 /srv/samba/share/

mkdir          ~/8/ ~/240/ ~/320/
sudo mount -B /run/media/mabox/dell8/   ~/8/
sudo mount -B /run/media/mabox/0240/    ~/240/
sudo mount -B /run/media/mabox/0320wd2/ ~/320/

server role =    # No AD DC

# Config

     smbpasswd [options]
sudo smbpasswd [options] [username]
sudo smbpasswd -a mabox   # add user
  -n                      # set no password
  -x                      # delete user
  
testparm 

sudo nano /etc/samba/smb.conf <<-EOG
[global]
    # = behavioral defaults
   server role = standalone server
   server string = BWN SMB Server
   workgroup = WORKGROUP

   security = user
   map to guest = Bad User

   smb ports = 445
   disable netbios = yes

   log file      = /tmp/log..samba.%m
#  max log size  = 50
   max log size  = 10
   read only = no
   guest ok  = yes

[home]
   path      = /home/mabox
#  path      = /srv/samba/share

[/run/media/mabox]
   path      = /run/media/mabox
   # better: /srv/samba/media  -> symlink to /run/media/mabox
EOG

If share removable media, consider:

INFO :
[media] path = /run/media/mabox follow symlinks = yes wide links = yes valid users = mabox

Force all (guest) writes as a real:

INFO :

force user = mabox
guest ok = yes

But:
- weak security
- harder to debug later

SUCCESS :
Samba options that help a lot, specifically for Files.app + background transfers + large videos

.

³ Recommended user setups #

Guest-only server (simple) #

1map to guest = Bad User
2guest account = nobody

Mixed guest + private shares #

1map to guest = Bad User

Then override per-share:

1guest ok = no

Users-only server #

1# remove map to guest entirely
2guest ok = no

browseable = yes is the default So w/o it shares are advertised and shown in client listings (where browsing exists)

Except:

• Printer shares
• IPC / admin shares
• Shares with 'browseable = no' explicitly set

If NetBIOS is disabled and nmb is masked, browsing itself largely disappears. So

• browseable = yes still means “allowed to be listed”
• but clients won’t auto-discover the server anyway
• connecting via [smb:]//hostname/share

Use 'browseable = yes' when

• nmb is re-enabled
• for clarity / self-documentation

³ Start service #

sudo systemctl disable samba nmb
sudo systemctl mask    samba nmb
sudo systemctl restart       smb
sudo systemctl status        smb
less /tmp/log..smb.%m 

³ Connect #

Port 445
smbclient -L //hostname -N
sudo mount -t cifs //hostname/share /mnt/share -o guest