CONFIGURATION

VERSIONS

SETTINGS

Logosmb.conf

DANGEROUS SETTINGS

root@sa:~$ nano /etc/samba/smb.conf
 [global]
   workgroup = DEV.INFREIGHT.HTB
   server string = DEVSMB
   log file = /var/log/samba/log.%m
   max log size = 1000
   logging = file
   panic action = /usr/share/samba/panic-action %d

   server role = standalone server
   obey pam restrictions = yes
   unix password sync = yes

   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes

 [printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

 [print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
   
 [notes]
   comment = CheckIT
   path = /mnt/notes/
   browseable = yes
   read only = no
   writable = yes
   guest ok = yes
   enable privileges = yes
   create mask = 0777
   directory mask = 0777
   
root@sa:~$ sudo systemctl restart smbd


 * the above sets two global settings and three shares.
    - the global settings are the configuration of the available SMB server that is 
      used for all shares. 
    - In the individual shares, however, the global settings can be overwritten, which 
      can be configured with high probability even incorrectly.
       - the individual shares are two printer shares & one notes share

DISPLAY SAMBA SERVER STATUS

root@sa:~$ smbstatus
 Samba version 4.11.6-Ubuntu
 PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing              
 ----------------------------------------------------------------------------------------------------------------------------------------
 75691   sambauser    samba        10.10.14.4 (ipv4:10.10.14.4:45564)      SMB3_11           -                    -                    

 Service      pid     Machine       Connected at                     Encryption   Signing     
 ---------------------------------------------------------------------------------------------
 notes        75691   10.10.14.4   Do Sep 23 00:12:06 2021 CEST     -            -           

 No locked files
 
 * Apart from the Samba version, the following can be seen
    - see who, from which host, and which share the client is connected
    
 * with domain-level security, the samba server acts as a member of a Windows domain. 
    - the domain controllers keep track of users and passwords in their own NTDS.dit 
      and Security Authentication Module (SAM) and authenticate each user when they log 
      in for the first time and wish to access another machine's share.

CREATING SHARES

root@sa:~$ nano /etc/samba/smb.conf
 ...
 
 [notes]
   comment = CheckIT
   path = /mnt/notes/
   browseable = yes
   read only = no
   writable = yes
   guest ok = yes
   enable privileges = yes
   create mask = 0777
   directory mask = 0777

root@sa:~$ sudo systemctl restart smbd

DISPLAY SHARE LISTINGS

root@sa:~$ smbclient -N -L //10.129.14.128
 Sharename       Type      Comment
 ---------       ----      -------
 print$          Disk      Printer Drivers
 home            Disk      INFREIGHT Samba
 dev             Disk      DEVenv
 notes           Disk      CheckIT
 IPC$            IPC       IPC Service (DEVSM)

 SMB1 disabled -- no workgroup available
 
 * -L lists shares
 * -N attempts the connection with an empty (null) password.
 
 * the print$ and an IPC$ are already included by default in the basic setting
PreviousSAMBANextHGFS

Last updated