Samba on Linux the Easy Way
Matt demonstrates how you can set up Samba the easy way - best read while listening to Iron Maiden - Run To The Hills.
Samba file sharing isn't tricky. There, I said it. End of the article? Not so fast home slice.
Intermediate to advanced Linux users would likely agree with the previous statement. And to a lesser degree, I do as well. Once you understand what is needed, a basic Samba share isn't a big deal.
Things go 43 degrees to "full funky-town" when you try to follow the ridiculous "guides" elsewhere on “the interwebs.” Imagine flocks of Linux newbies circling a single guide. Now picture newer Linux users getting Samba to work right (gasp) the first time, every time?!
"This is madness! No, this is Sparta; er, Samba!"
Setting up Samba Sharing Under Gnome
Like most desktop environments that offer GUI tools to get Samba working, Gnome forgets two simple steps - the user and the password. Yeah. Let this sink in a second. So why is it still an issue on otherwise newbie-friendly Linux distros in 2022? Consider the following tale of woe…
Imagine you're all settled in for the night. You have your favorite food on a TV tray. You've got the house to yourself, and you'll finally binge-watch your favorite streaming series.
Suddenly you hear a knock at the door. You put down the dinner you've been nibbling at to see who is bothering you at this late hour! You yell to the person on the other side of the door, "Who is it?" No answer. You open the door a crack and are shocked to witness something I hope no one ever has to experience.
There is some whackjob who is clearly "a few cards shy of a full deck" breakdancing on your porch with a KFC bucket on their head. Thankfully he's just there to pass out coupons for new customers. You got off lucky…this time.
Let's be honest here. The above example is why it is important to know who is accessing your shared files. Without a username and password authorizing access to your Samba files, you might end up with a KFC breakdancer man putting his “finger lickin' good” phalanges all over your shared files. No one needs this in their life - not even the KFC Colonel himself.
Understanding the risks and potential consequences of stranger-danger in your network shared directories, allow me to show you the simple steps to do the following:
Password protect your shares.
Access your shares in the first place.
Step one - install your Samba bits (this assumes Ubuntu-based distros and Gnome).
Open a terminal and paste the following:
sudo apt update && sudo apt install samba nautilus-share
Did I lose you? Hopefully, those instructions weren't too complex. Exactly - this isn't rocket surgery.
Step two - who am I?
Open a terminal and type the following:
whoami
That command won't help you figure out who you are as a person, but it will tell you your current username as your distro sees you.
Now let's add your Linux user to the appropriate Linux group.
Step three - Everyone wants to belong to the cool group.
Still in the terminal:
sudo gpasswd sambashare -a $USER
Where $USER is, you can leave it as is, or to understand how the pieces go together, replace it with the results of your whoami command previously.
Step four - Lock the doors behind you with a strong password.
Again, in the terminal:
sudo smbpasswd -a $USER
This command will allow you to set up a strong password for your Samba shares. And even though your Samba shares are only available on your local network, it's best to keep things locked down on a fundamental level.
Step five - Let's restart this circus.
sudo systemctl restart smbd.service nmbd.service
then…
reboot
I like restarting the above services, not because it's going to help get sharing going per se. Instead, I prefer to spot any errors now vs. later with the services themselves. So go ahead and restart then and then reboot. I also recommend rebooting the client computer with which you will be accessing the remote shares.
Step six - Let there be shares!
Back on the computer with the remote shares, we need to make them…shareable. This will once again assume Gnome for the sake of simplicity using Nautilus.
Locate the directory in Nautilus (Files on Pop OS).
Right-click on the directory and select Network Share.
Check off the Share this folder box.
Check off the Allow others to create and delete files in this folder box.
Click Create Share.
Should you end up with something that looks like this below:
If instead, you ended up with this:
Then you will likely want to run my script instead. Yes, running the script is fine after attempting to do this yourself. Your distribution of Linux won't care. Neither will KFC man.
Step seven - Access it the easy way!
smb://ip-address
Unsure of your LAN IP address on the Samba sharing computer? Run ip address in a terminal.
That's it. Browse to this share in Nautilus on your client machine by going to Nautilus, "+Other Locations", then at the bottom of Nautilus is "Enter server address," then enter smb://ip-address. You can bookmark it in Nautilus for easy access if you like. In a future article, I'll share CIFS mounting in fstab, etc. But this is covering the absolute basics instead.
So why not browse in "Other locations?" Because in many instances, it doesn't work reliably. My method above does. Leave the workgroup as WORKGROUP. Just stick to the defaults.
Script
Before you download and run this script, you may not be on a Gnome-based Ubuntu-type distro. And that's fine, but this script has only been tested on Ubuntu and Pop OS. Why weren't other desktop environments tested?
Look, it may also work on other desktop environments, but I haven't tested it yet. That said….my plans for user testing sort of went sideways on me.
See, I left out cookies overnight to see if I could get some elves to visit me and do some user testing on KDE. After all, it worked for this guy!
Instead, I woke up to what appeared to be goblin footprints on my laminate floors and a single phrase written in spray cheese on my desk - "I use Arch, btw." Upon closer inspection, it seems the goblins installed the window manager known as "ratpoison" onto my primary workstation.
Under normal circumstances, I would have dusted the keyboard for fingerprints…but as luck would have it, I didn't have to. The Cheetos dust left behind on the individual keys confirmed my suspicion of goblin intruders. After some reflection, this also explains why I have Cheetos added to my grocery list on the fridge. But I digress.
Let's get that script going for you, shall we?
Open…you guessed it! The terminal. For the sake of simplicity, we'll drop this into your /home directory "automagically."
wget https://matthartley.com/samba.sh
Now we're going to make this bad boy run like a guy chasing the KFC man down the street.
chmod +x samba.sh
Once you're ready, let's "make it so." In short, this will run the script.
./samba.sh
For those of you who don't need the script, you can see it in action in the video below:
What about port forwarding?
Depending on your LAN network and how your router/firewall is set up, you may need to do some port forwarding.
Ideally, forwarding ports 139 and 445 will get you going with most situations, even Windows accessing the shares. That's it. Again, this doesn't need to be super-complicated.
Edit: This should be obvious, but you're only port forwarding on the LAN. DO NOT forward ports over the internet. Again, should be obvious and you're not likely going to need to at all. But some LAN firewalls may require it.
But what about ______ when using Samba?
If you're looking for help setting up CIFS (Samba shares auto-mounting), more dialed-in security options, etc then here you go, knock yourself out.
This covers anything and everything. And it's not going to be simple. After all, that was the point of this article.
My job today was twofold.
Help you get a basic samba share setup so you can access it.
Give you a heads up about some weirdo breakdancing on porches in a KFC bucket.
Enjoy reading this? Have comments, hate my guts? Share and comment below. As for the script, yes, I am not a master bash artist - but I can make a script work.
Why cant someone develop a simple GUI. its so much easier on a MAC