Step 1 : Install samba packages after updating repositories
root@hackthesec:~$ sudo apt-get update
root@hackthesec:~$ sudo apt-get install samba samba-common python-glade2
Creating Anonymous share
Everyone can access and store files without username and password .
Step 2 : Create folder for Anonymous share.
root@hackthesec:~$ sudo mkdir -p /shares/anonymous
Step 3 : Change the ownership to nobody so that everyone can access and store files in that folder.
root@hackthesec:~$ sudo chown nobody:nogroup /shares/anonymous/
Step 4 : Now define values in samba configuration to share /shares/anonymous/folder. /etc/samba/smb.conf is the main configurion file for samba .
Take a backup before editing that file .
root@hackthesec:~$ sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.org
now add the below code at the end of the file to enable share.
root@hackthesec:~$ sudo vim /etc/samba/smb.conf
Example : -
[Anonymous]
comment = Anonymous share access
path = /shares/anonymous
browsable = yes
writable = yes
guest ok = yes
read only = no
force user = nobody
force group = nogroup
Step 5 : Now restart smbd service .
root@hackthesec:~$ sudo service smbd restart
After restarting service . Try to access share from windows client (Goto -> RUN ->\serverIP ) . you could access anonymous share folder without username and password, try to create or copy files to that folder.
Creating secured share
Secured shares can be accessed using username and password .Here for example, I’m going to create share project1.
Step 6 : Create a folder for share .
root@hackthesec:~$ sudo mkdir -p /shares/project1
Step 7 : Create a new group smbproj1,so that Users added to this group can access project1 share.
root@hackthesec:~$ sudo addgroup smbproj1
Step 8 : Modify ownership and permission for the folder.
root@hackthesec:~$ sudo chown root:smbproj1 /shares/project1/
root@hackthesec:~$ sudo chmod 770 /shares/project1/
Step 9 : Now define values in the configuration file .
root@hackthesec:~$ sudo vim /etc/samba/smb.conf
Example : -
[Project1]
comment = Project1 Share
path = /shares/project1
valid users = @smbproj1
guest ok = no
writable = yes
browsable = yes
Step 10 : Now restart smbd service .
root@hackthesec:~$ sudo service smbd restart
After restarting service, you could see Project1 share . Additional secured shares can be created in the same way.
User creation
Add new user john for accessing project1 share
Step 11 : Create a user john .
root@hackthesec:~$ sudo useradd john -s /usr/sbin/nologin -G smbproj1
-s /usr/sbin/nologin : Restricting shell access
-G smbproj1 : Added to smbproj1 group
Step 12 : Create samba password for user john
root@hackthesec:~$ sudo smbpasswd -a john
Now user john can access Project1 share. Additional users can be added in the same way.
For existing users use usermod command to add user in smbproj1 group and create samba password using smbpasswd.
root@hackthesec:~$ sudo usermod mike -G smbproj1
For accessing multiple shares. Example: dave has access to multiple project groups like smbproj1 and smbproj2.
root@hackthesec:~$ sudo usermod dave -G smbproj1,smbproj2
For troubleshooting, Use testparm command