linux, networking, nextcloud, nextcloudpi, raspberrypi

Share your files in your LAN with SAMBA

In order to complement last post about the NFS remote file system, in this post we will cover SAMBA. The main focus of this series is to document the possibilities of NextCloudPi, but it aims to be a general introduction to the technology.

Like NFS, SAMBA provides a remote file system that allows us to mount locally folders that are in reality in another computer.

SAMBA is a free and open source implementation of the SMB/CIFS (Server Message Block/Common Internet File System) by MicroSoft that was started in 1992.

SMB/CIFS is the protocol used in Windows networks to share files and printers, so SAMBA allows us to host files and printers that can be accessed from a Windows computer, as well as it allows a Linux computer to access files and printers shared in a Windows system.

Actually, it is so popular that Mac computers can also access SMB/CIFS remote filesystems, which makes SAMBA a good choice for “mixed” networks where we want to serve files to Linux, Windows, Mac computers… and even some Android applications are able to mount SMB/CIFS folders over the network.

Features

This is a highlight of its features

  • The SAMBA server is implemented in userspace.
  • It is supported by multiple platforms
  • Its traffic is not encrypted, although it is in the roadmap of features
  • It provides authenticated access.
  • It can also share printers, combined with the CUPS printing server.

While the beauty of NFS its it’s simplicity, low resources requirements and the fact that it is implemented in the kernel, SAMBA is way more flexible, featureful and more appropriate for many setups except the most simple ones.

We have more control over the setup, as we can define different permissions for different users and the access is authenticated via username/password. Public shares can also be defined.

While installing the nfs-kernel-server only takes up 300 KB of our space, the smbd server takes around 40 MB.

Installation

Just install the appropriate package for your distribution, normally just samba.

In the case of NextCloudPi, just update to the latest version with

As usual, the generic installer can be used on any Debian based running server to install and configure through SSH, or on a Raspbian image through QEMU.

Default configuration (NextCloudPi only)

In the specific case of NextCloudPi, we usually want to share the data folder on the local network, so select samba in

DIR is the directory to share. The default will be /var/www/nextcloud/data/admin/files for user admin on a fresh installation. If you have moved the data folder to an external drive, then it might be more similar to the default /media/USBdrive/ncdata/admin/files. Note that this is the path for the files belonging to the user admin.

If you would like a different setup, read the next section.

Manual configuration

The main configuration file is located at /etc/samba/smb.conf. There are many resources online about the configuration of this file, but the comments inside it are pretty much self-explanatory.

A share is defined by a configuration block that can be as simple as this

If you want to be able to modify and delete files and folders from both Nextcloud and SAMBA mounts, you can add the following to the share

Users are controlled by smbpasswd, and smb.conf can be configured to synchronize their credentials with the Linux user credentials.

In order to add the user pi, type

Make sure that the shared folder can be accessed by allowed users through the regular system permissions system.

Usage

Once the share is in place, we can browse it from Windows, Mac, and such.

In order to browse shares in Linux, we make use of smbclient.

We can see the NextCloudPi share defined earlier. We can use smbclient to login to a terminal interface that allows us to browse, push and pull files.

However, this is not very comfortable to use. It is better to mount the remote share.

, or at boot from /etc/fstab

That is not ideal though, as the password will be shown in our history for the mount command, and  fstab is visible to all users.

It is better to save our credentials in a read-only file and use the option credentials.

The folder in the server at location /media/USBdrive/mysharedfolder will now be available in /mnt with those access permissions of user pi on that server.

Code

github

References

https://www.samba.org/samba/docs/using_samba/ch06.html

https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html

Author: nachoparker

Humbly sharing things that I find useful
[ github dockerhub ]

6 Comments on “Share your files in your LAN with SAMBA

  1. That’s great, but I couldn’t understand well how I’d do a setup like what I’ll describe. Could you please help me?
    – there’s only one user on the RPi, which is the default user Pi with changed password. I can add other users, if necessary;
    – NextCloudPi users are: admin (just admin stuff, I’d delete it if I could, but no big deal); me (username ‘alc’, with admin privileges); my partner (username ‘lif’, belongs to group ‘users’, no admin privileges);
    – user ‘lif’ should access her NextCloud data folder from her Macbook, and only her data folder, not ‘alc”s or ‘admin”s;
    – user ‘alc’ should only access his NC data folder, and only this folder, not the other users’;
    – users should be able to share files with each other through NC’s sharing feature, no need for sharing through samba, in principle.

    So, is it attainable? Could you please help me?

    On a side note, this NextCloudPi installation is just on the local network, no internet access – this is just for local wireless handling of files. Should I worry about SSL? Because I disabled ‘force HTTPS’.

    Thank you and props for the great work!

    1. I would create two samba users with smbpasswd, then two shares, one for each user ( valid users line ) at their Nextcloud data locations ( /media/USBdrive/ncdata/alc/files ).

      Finally, grant system permissions over the data folder, but always keep Nextcloud (user www-data) able to access. You can for example, change the group for the folder ( group alc ), and grant it read/write permissions.

      Regarding HTTPS… I think you can never be too paranoid, specially with private data. I would leave it on, because nowadays everything can access the internet. Say you have cheap chinese IoT toaster at home… it will be able to sniff your data and send it to the internet.

  2. hey nacho,

    do you know or/and would you be so kind an tell me on which protocol the installed samba bases? smb1, smb2 or smb3?

      1. thanks for your answer.

        >It would probably be a good idea to disable SMB1

        that was the reason for asking. how do i do that? and/or couldn’t you do that on default? just for security reasons?

Leave a Reply

Your email address will not be published. Required fields are marked *