Install and configure samba on ubuntu
Samba is a free software re-implementation of the SMB/CIFS networking protocol, and was originally developed by Andrew Tridgell. Samba provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. As of version 4, it supports Active Directory and Microsoft Windows NT domains.
Samba runs on most Unix, OpenVMS and Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple's OS X Server, and OS X client (version 10.2 and greater). Samba is standard on nearly all distributions of Linux and is commonly included as a basic system service on other Unix-based operating systems as well. Samba is released under the terms of the GNU General Public License. The name Samba comes from SMB (Server Message Block), the name of the standard protocol used by the Microsoft Windows network file system.

Step 1 : Install samba packages after updating repositories
root@hackthesec:~$ sudo apt-get update
root@hackthesec:~$ sudo apt-get install samba samba-common python-glade2
Creating Anonymous share
Everyone can access and store files without username and password .
Step 2 : Create folder for Anonymous share.
root@hackthesec:~$ sudo mkdir -p /shares/anonymous
Step 3 : Change the ownership to nobody so that everyone can access and store files in that folder.
root@hackthesec:~$ sudo chown nobody:nogroup /shares/anonymous/
Step 4 : Now define values in samba configuration to share /shares/anonymous/folder. /etc/samba/smb.conf is the main configurion file for samba .
Take a backup before editing that file .
root@hackthesec:~$ sudo cp /etc/samba/smb.conf /etc/samba/
now add the below code at the end of the file to enable share.
root@hackthesec:~$ sudo vim /etc/samba/smb.conf
Example : - 
       comment = Anonymous share access
       path = /shares/anonymous
       browsable = yes
       writable = yes
       guest ok = yes
       read only = no
       force user = nobody
       force group = nogroup
Step 5 : Now restart smbd service .
root@hackthesec:~$ sudo service smbd restart
After restarting service . Try to access share from windows client (Goto -> RUN ->\serverIP ) . you could access anonymous share folder without username and password, try to create or copy files to that folder.

Creating secured share
Secured shares can be accessed using username and password .Here for example, I’m going to create share project1.
Step 6 : Create a folder for share .
root@hackthesec:~$ sudo mkdir -p /shares/project1
Step 7 : Create a new group smbproj1,so that Users added to this group can access project1 share.
root@hackthesec:~$ sudo addgroup smbproj1
Step 8 : Modify ownership and permission for the folder.
root@hackthesec:~$ sudo chown root:smbproj1 /shares/project1/
root@hackthesec:~$ sudo chmod 770 /shares/project1/
Step 9 : Now define values in the configuration file .
root@hackthesec:~$ sudo vim /etc/samba/smb.conf
Example : - 
         comment = Project1 Share
         path = /shares/project1
         valid users = @smbproj1
         guest ok = no
         writable = yes
         browsable = yes
Step 10 : Now restart smbd service .
root@hackthesec:~$ sudo service smbd restart
After restarting service, you could see Project1 share . Additional secured shares can be created in the same way.

User creation
Add new user john for accessing project1 share
Step 11 : Create a user john .
root@hackthesec:~$ sudo useradd john -s /usr/sbin/nologin -G smbproj1
-s /usr/sbin/nologin : Restricting shell access
-G smbproj1 : Added to smbproj1 group

Step 12 : Create samba password for user john
root@hackthesec:~$ sudo smbpasswd -a john
Now user john can access Project1 share. Additional users can be added in the same way.
For existing users use usermod command to add user in smbproj1 group and create samba password using smbpasswd.
root@hackthesec:~$ sudo usermod mike -G smbproj1
For accessing multiple shares. Example: dave has access to multiple project groups like smbproj1 and smbproj2.
root@hackthesec:~$ sudo usermod dave -G smbproj1,smbproj2
For troubleshooting, Use testparm command

About Author:

I am a Linux Administrator and Security Expert with this site i can help lot's of people about linux knowladge and as per security expert i also intersted about hacking related news.TwitterFacebook

Newer Post
Older Post


Post a Comment