Who still fiddles with Samba in 2015?

625px-NewTux.svg

I do!

Don’t know what Samba is?

tldr; It provides file and print functionality over networks, providing inter-operability with protocols adopted by windows.

tldr;tldr; Access linux files from windows and vice-versa

I recently had the misfortune of having to redo my smb.conf (Samba configuration) on my Raspberry Pi and ran into some issues getting everything running smoothly. After lots and lots of internet searches, and conferring with a friend that’s pretty amazing at networking, I finally got it working. Here are some mistakes I made that you may be able to learn from:

  • Ensure that network discovery is on, on your Windows computer I’m not 100% sure this is necessary but shouldn’t do much harm for private networks (that are secure… if you’re worried about that).

  • Ensure that you have samba-common-bin or it’s equivalent (bundle that comes with useful tools like smbpasswd) installed

    I found this wasn’t particularly well documented on the net (or at least where I searched) — at some point a package called samba-common-bin started to contain all the utility programs associated with samba. Maybe this was always the case. Either way, make sure you have it installed.

  • Make a backup of your current/working smb.conf

  • You can find samba logs in /var/log/samba/

    I found I actually didn’t need this, but it was nice to know what was happening with the server when I connected. I even went so far as to raise the log level to 3, and watch messages. Early on in my debugging session, I saw that messages weren’t being generated when I attempted to connect from my windows computer – this lead to realization that I must not have been making it to the samba server after all.

  • Check your samba configuration with testparm

    testparm is wonderful, it even shows you the optimal (reduced) set of configuration that your handwritten config represents!

  • Ensure you can connect to your samba configuration server by using smbclient //<netbios name>/<share name>

    After being prompted for the password, and successfully connecting to the server, I was sure of everything on the linux side.

  • Ensure that your computer is listening on port 445 by using netstat -plant

    For me, this was as easy as running the command and ensuring that 445 did contain a line like this:

    tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      15339/smbd
    ...
    tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      15339/smbd
    
  • Ensure your firewall isn’t blocking port 445

    Since I use ufw, I was able to quickly open some ports required for Samba. I found a great site that laid out the appropriate commands for UFW. I’ve reproduced what I ran here:

    sudo ufw allow proto udp to any port 137 from 192.168.1.0/24
    sudo ufw allow proto udp to any port 138 from 192.168.1.0/24
    sudo ufw allow proto tcp to any port 139 from 192.168.1.0/24
    sudo ufw allow proto tcp to any port 445 from 192.168.1.0/24
    

Here are some of the most informative sites I had open while I was ripping my hair out:

How to Create a Network Share Via Samba Via CLI (Command-line interface/Linux Terminal) – Uncomplicated, Simple and Brief Way!

smb.org docs – how to install

And here’s what my smb.conf looked like at the end (non-optimized):

[global]
workgroup = WORKGROUP
netbios name = raspberrypi
server string = %h server (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
name resolve order = lmhosts host wins bcast
wins support = yes

log level = 3

## Only bind ipv4 to prevent errors in log
# bind interfaces only = yes
# interfaces = lo eth0 wlan

## Host security
hosts allow = 127.0.0.1 192.168.1.0/24
hosts deny = 0.0.0.0/0

# Remove CUPS connection error from log
printing = bsd
printcap name = /dev/null

## Guest security
# security = share
# map to guest = bad user
# guest account = pi

## User security
security = user
# encrypt passwords = true
passdb backend = tdbsam
#obey pam restrictions = yes

[media]
path = /path/to/folder/with/data
comment = Media
browsable = yes
read only = yes
create mask = 0777
directory mask = 0777
public = yes
available = yes
valid users = pi
only guest = no
# guest ok = yes
# guest only = yes