This guide explains how to configure samba server in Ubuntu 14.04 with anonymous & secured samba servers. Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. Samba is freely available, unlike other SMB/CIFS implementations, and allows for interoperability between Linux/Unix servers and Windows-based clients. I’ll be logged in as root.
Step 1 – Update repositories.
Step 2 – Install samba.
Step 3 – Backup config file .
Main Configuration
Step 4 – Open config file.
Step 5 – Configuration of Samba server.
1 – [global] – The rules defined here apply for all shared folders
2 – follow symlinks = yes //allow using shortcut
3 – unix extensions – no //denied using unix extention
4 – [ftp] // name of share
5 – path = /srv/samba/ftp //path of share
6 – create mask = 0775
– force create mode = 0775
– directory mask = 0775
– force create mode = 0775 // These are the permissions, which will be used for creation of files and folders. In this way the files and folders will be edited only by the users of the particular group. If you want these files and folders to be edited by all users, you have to change the permissions to 777
7 -valid users
– write list = mslavov // The users who will have permission to write in this directory
8 – [yoursharedfolder]
– comment = yoursharedfolder
– path = /srv/samba/yoursharedfolder //If you want to create your own shared folder, you just have to change the folders names with your folders names and to add the rules which you want for your folder.
This is mine config file.
follow symlinks = yes
wide links = yes
unix extensions = no
[ftp]
comment = ftp
path = /srv/samba/ftp
browseable = yes
valid users = mslavov, YOURUSER, test, test1
write list = mslavov, YOURUSER, test, test1
create mask = 0775
force create mode = 0775
public = no
guest only = no
directory mask = 0775
force directory mode = 0775
store dos attributes = Yes
hide unreadable = yes
hide files = /examples.desktop
[yoursharedfolder]
comment = yoursharedfolder
path = /srv/samba/yoursharedfolder
Step 6 – Add users in Samba Server and after that add the user for particular folder in config file /etc/samba/smb.conf. Then you must restart samba service.
Step 7 – Now you must restart samba service.
root@mail:/# restart smbd
Step 8 – Create folder for your share and give full right.
root@mail:/# chmod 777 /etc/samba/ftp
Step 9 – Add share folder on Windows.
My Computer -> Map network drive -> \\Ip address of samba server\\name of your shared folder -> add your samba user and password.
Advanced Configuration
In this part I will show you how to configure .
Step 10 – Open config file nano /etc/samba/smb.conf and add the following line:
vfs objects = full_audit
full_audit:success = mkdir rmdir read pread write pwrite rename unlink
full_audit:prefix = %u|%I|%m|%S
full_audit:failure = none
full_audit:facility = local5
full_audit:priority = notice
recycle:repository = /home/recycle/
recycle:keeptree = yes
recycle:versions = yes
log file = /var/log/samba/samba.log
You can add more attries but I strongly recommended to add only this mkdir rename unlink rmdir write. These are other attributes for full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir lock symlink
After this your file will look like:
comment = ftp
path = /srv/samba/ftp
browseable = yes
valid users = mslavov, YOURUSER, test, test1
write list = mslavov, YOURUSER, test, test1
create mask = 0775
force create mode = 0775
public = no
guest only = no
directory mask = 0775
force directory mode = 0775
store dos attributes = Yes
hide unreadable = yes
hide files = /examples.desktop
vfs objects = full_audit
full_audit:success = mkdir rmdir read pread write pwrite rename unlink
full_audit:prefix = %u|%I|%m|%S
#full_audit:failure = none
full_audit:failure = connect
full_audit:facility = local5
full_audit:priority = notice
recycle:repository = /home/recycle/
recycle:keeptree = yes
recycle:versions = yes
log file = /var/log/samba/samba.log
Step 11 – Create log file for samba audit. Execute the following command nano /etc/rsyslog.d/50-default.conf and find *.* …..line and make the changes to look like this:
*.*;local5,auth,authpriv.none* -/var/log/syslog
local5.notice* /var/log/samba-audit.log
Step 12 – Create file for audit and change permission.
root@mail:/# chown syslog:adm /var/log/samba-audit.log
Step 13 – Open this file /etc/logrotate.d/samba and add the following lines:
weekly
missingok
rotate 7
postrotate
reload rsyslog > /dev/null 2>&1 || true
endscript
compress
notifempty
}
Step 13 – Restart rsyslog and samba service.
Step 14 – Now you can see audit for test folder for Jun 12
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|rename|ok|New folder|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|fstat|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|test|user.DOSATTRIB
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|close|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|./test|user.DOSATTRIB
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|./test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|./test|user.DOSATTRIB
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|test|user.DOSATTRIB
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|open|ok|r|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|fstat|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|create_file|ok|0x100080|file|open|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|test
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|test|user.DOSATTRIB
Jun 12 16:23:36 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|close|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|getxattr|ok|test|user.DOSATTRIB
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|get_nt_acl|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|open|ok|r|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|fstat|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|close|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|stat|ok|test
Jun 12 16:23:38 mail smbd_audit: mslavov|10.10.11.230|ftp|martin-pc|sys_acl_get_file|ok|test
8 Theme – How to create script for BACKUP and use crontab on Ubuntu (Server) 14.04 LTS Step-by-Step