How to install and configure Samba on Ubuntu 18.04

Update, Install and Configure Samba

First, update you Ubuntu system:

sudo apt-get update
sudo apt-get upgrade

Then, install Samba:

sudo apt-get install samba

Rename the default Samba configuration file and create a new file with the following content:

sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.backup
sudo nano /etc/samba/smb.conf

New Samba configuration content:

[global]
  disable netbios = yes
  workgroup = WORKGROUP
  server string = %h server (Samba, Ubuntu)
  dns proxy = no
  interfaces = 127.0.0.0/8 eth0
  bind interfaces only = yes
  smb ports = 445
  log file = /var/log/samba/log.%m
  max log size = 1000
  syslog = 0
  panic action = /usr/share/samba/panic-action %d

  ####### Authentication #######
  server role = standalone server
  passdb backend = tdbsam
  obey pam restrictions = yes
  unix password sync = yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
  pam password change = yes
  map to guest = bad user

  ############ Misc ############
  usershare allow guests = yes

#======================= Share Definitions =======================
[printers]
  comment = All Printers
  browseable = no
  path = /var/spool/samba
  printable = yes
  guest ok = no
  read only = yes
  create mask = 0700

[print$]
  comment = Printer Drivers
  path = /var/lib/samba/printers
  browseable = yes
  read only = yes
  guest ok = no

[hot-folders]
  path = /wwwroot/production/hot-folders
  browseable = yes
  readonly = no
  force create mode = 0660
  force directory mode = 2770
  valid users = hf_user

The section heading [hot-folders] is where we declare the share, where hot-folders will be the name of our share. This share will map to the folder /wwwroot/production/hot-folders (which we will create later) and the valid users lists all the system groups (prefixed with an @) and users that have permission to access this share. We are going to create a user call hf_user and give this user permission to access this share.

Create Samba Users

Create a new user called hf_user with no home folder, nologin script and assigned to an existing system group sambashare:

sudo adduser --no-create-home --shell /usr/sbin/nologin --ingroup sambashare hf_user

Now set the user's Samba password and enable the account. Note the Samba password can be different to the login password. But it is this password you will have to use to access the shared folder.

sudo smbpasswd -a hf_user
sudo smbpasswd -e hf_user

Create Shared Folder

Create shared folder, set ownership and permission for the share:

sudo mkdir -p /wwwroot/production/hot-folders
sudo chown -R hf_user:sambashare /wwwroot/production/hot-folders
sudo chmod -R 2770 /wwwroot/production/hot-folders

Update Firewall

If your firewall is enabled, you will need to add a rule to allow SMB traffic to passthrough. The simple option is just to use the following command:

sudo ufw allow samba

The rules for Samba can be found in the following folder: /etc/ufw/applications.d

You could also restrict access to specific IP addresses, ranges or subnets.

Restart Samba Server and Test Shared Folder

Restart the Samba service:

sudo service smbd start

To test the share, we will hop onto a Microsoft Windows Server and open File Explorer and type in the IP address of the Ubunto server in the address bar. In our case, the Samba server is \192.168.200.221.

Explorer will display the shared folder. If we attempt to open the folder, you will be challenged to enter valid credentials to access this folder.