Ubuntu Samba Install

Following on from my efforts building a dedicated data recovery box, I decided to use Samba as an easy way of looking through the recovered data, in addition to the local client disks.

First of all, a quick update as always to check the latest packages in the repo:

root@moe:~# apt update && apt upgrade -y

Next the samba install:

root@moe:~# apt install samba -y

The samba setup required is very simple, I want one account with write access, then a guest account with read access for everyone else. Make sure you understand the implications of this insecure configuration before blindly following it. My folder structure is very basic, with everything from the /media directory being visible.

Rather than wade through the sea of options in the default config file, I simply backed it up and started from a blank slate.

root@moe:~# mv /etc/samba/smb.conf /etc/samba/smb.conf.original
root@moe:~# vi /etc/samba/smb.conf

I then used the following config in the new smb.conf file

======================= Global Settings =======================
[global]
workgroup = WORKGROUP
dns proxy = no
load printers = no
printcap name = /dev/null
disable spoolss = yes

#### Networking ####
interfaces = 127.0.0.0/8
bind interfaces only = yes

#### Debugging/Accounting ####
log file = /var/log/samba/log.%m
max log size = 1000

####### Authentication #######
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user

############ Misc ############
usershare allow guests = yes

#======================= Share Definitions =======================
[media]
comment = Media Share on Moe
path = /media
valid users = "jon"
write list = "jon"
guest ok = no
browseable = no


[store]
comment = Data Store on Moe
path = /media/store/
read only = yes
guest ok = yes

Once you have saved the file, use the testparm command to check for configuration errors. Then simply restart as below:

root@moe:~# service smbd restart
root@moe:~# service smbd status
● smbd.service - Samba SMB Daemon
   Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-05-07 11:04:22 UTC; 4s ago
     Docs: man:smbd(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 28444 (smbd)
   Status: "smbd: ready to serve connections..."
    Tasks: 3 (limit: 4915)
   CGroup: /system.slice/smbd.service
           ├─28444 /usr/sbin/smbd --foreground --no-process-group
           ├─28479 /usr/sbin/smbd --foreground --no-process-group
           └─28480 /usr/sbin/smbd --foreground --no-process-group


May 07 11:04:22 moe systemd[1]: Starting Samba SMB Daemon...
May 07 11:04:22 moe systemd[1]: Started Samba SMB Daemon.
May 07 11:04:22 moe smbd[28444]: [2020/05/07 11:04:22.166574,  0] ../lib/util/become_daemon.c:124(daemon_ready)
May 07 11:04:22 moe smbd[28444]:   STATUS=daemon 'smbd' finished starting up and ready to serve connections
root@moe:~# 
root@moe:~# 

I can’t stress enough that this is far from a secure or recommended setup. However in my single use case it is fine, I’m only working on data believed to be lost, and this isn’t my livelyhood.