Implementing File Sharing with Samba on Linux

Architecture and Core Components

Samba facilitates file and printer sharing between Linux and Windows systems, operating primarily over the NetBIOS protocol. The functionality relies on two critical daemons: smbd and nmbd.

  • smbd: The core service responsible for file transfer, authentication, and resource locking. It establishes the session between the server and client, listening on TCP port 139 (and optionally 445). Without this daemon, file sharing is impossible.
  • nmbd: This daemon handles NetBIOS name resolution, allowing clients to locate the server by its name rather than just its IP address. It operates over UDP ports 137 and 138.

When Samba starts, the system activates these ports. If nmbd is inactive, clients must connect using the server's IP address directly.

Installation and Service Management

Install the Samba suite and its client utilities using the package manager.

yum -y install samba samba-client

Key configuration files are located in /etc/samba/, primarily smb.conf. The default installation provides systemd service unit files for managing the daemons.

Enable and start the services:

systemctl enable --now smb nmb

Verify the status and version:

smbstatus

Adjust the firewall to permit Samba traffic:

firewall-cmd --permanent --add-service=samba
firewall-cmd --reload

Ensure SELinux is configured appropriately, typically set to Permissive for initial testing or configured with correct boolean contexts for production.

Configuration File Structure

The main configuration file, /etc/samba/smb.conf, is divided into two distinct sections: [global] and Share definitions.

Global Settings

This section defines server-wide parameters.

  • workgroup: Specifies the Windows workgroup name (e.g., WORKGROUP).
  • security: Defines the authentication mode. user level security requires a valid username and password, while share level (deprecated) allowed anonymous access. domain and server modes delegate authentication to external controllers.
  • passdb backend: Determines how user passwords are stored. The default tdbsam uses a local TDB database, suitable for small networks. ldapsam integrates with an LDAP directory.
  • log file: Defines the log path. Macros like %m create individual logs per client machine.

Example Global Configuration:

[global]
    workgroup = CORPNET
    server string = Samba Server Version %v
    security = user
    passdb backend = tdbsam
    log file = /var/log/samba/log.%m
    max log size = 50

Share Definitions

Shares define specific directories exposed to clients. Common parameters include:

  • path: The absolute path to the shared directory on the local filesystem.
  • browseable: Controls whether the share is visible in the network neighborhood list.
  • writable or read only: Sets write permissions.
  • valid users: Lists users or groups permitted access.
  • public or guest ok: Allows access without a password.

Example Share Configuration:

[project_files]
    comment = Project Data Repository
    path = /srv/shares/project
    browseable = yes
    writable = yes
    valid users = @developers
    create mask = 0640
    directory mask = 0750

User Management

When using security = user, Samba maintains its own password database separate from the system shadow file. A user must exist as a system user before being added to Samba.

Create a system user (with no login shell for security):

useradd -s /sbin/nologin dev_user

Add the user to the Samba database:

smbpasswd -a dev_user

Alternatively, use pdbedit for management:

pdbedit -L    # List all Samba users
pdbedit -x dev_user  # Delete a user

Client Access and Mounting

Linux clients require the cifs-utils package to mount Samba shares.

yum -y install cifs-utils

Manual mounting requires the server IP, share name, and credentials:

mount -t cifs //192.168.1.10/project_files /mnt/data -o username=dev_user

For persistent mounting across reboots, configure /etc/fstab. It is best practice to store credentials in a secure file rather than the fstab file directly.

Create a credentials file (/etc/samba/creds):

username=dev_user
password=your_password

Secure the file:

chmod 600 /etc/samba/creds

Add the entry to /etc/fstab:

//192.168.1.10/project_files /mnt/data cifs credentials=/etc/samba/creds 0 0

This ensures the share is mounted automatically during the boot process.

Tags: Linux Samba File Sharing System Administration networking

Posted on Wed, 10 Jun 2026 16:52:50 +0000 by gooney0

Hot Tags

©2026 Freaks City