How to Install Samba on Ubuntu for File Sharing on Windows

Samba is a free/open source and popularly used software for sharing files and print services between Unix-like systems including Linux and Windows hosts on the same network.

In this guide, we will show how to setup Samba4 for basic file sharing between a Ubuntu systems and Windows machines. We will cover two possible scenarios: anonymous (unsecure) as well as secure file sharing.

Suggested Read: How to Install Samba4 on CentOS/RHEL 7 for File Sharing on Windows

Note that starting from version 4.0, Samba can be used as an Active Directory (AD) domain controller (DC). We have organized a special series for setting up Samba4 Active Directory Domain Controller, which comprises of key topics under Ubuntu, CentOS, and Windows.

  1. Setting Up Samba4 Active Directory Domain Controller

Install and Configure Samba in Ubuntu

Samba server is available to install from the default Ubuntu repositories using the apt package manager tool as shown.

$ sudo apt install samba samba-common python-dnspython

Once samba server installed, now its time to configure samba server as: unsecure anonymous and secure file sharing.

For this, we need to edit the main Samba configuration file /etc/samba/smb.conf (which explain various configuration directives).

First backup the original samba configuration file as follows.

$ sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.orig

Afterwards, we’ll proceed to configure samba for anonymous and secure file sharing services as explained below.

Important: Before moving any further, ensure that the Windows machine is in the same workgroup which will be configured on the Ubuntu server.

Check Windows Machine WorkGroup Settings

Login into your Windows machine, right click on “This PC” or “My Computer Properties Advanced System Settings Computer Name to verify the workgroup.

Check Windows WorkGroup
Check Windows WorkGroup

Alternatively, open the command prompt and view it by running the command below and look for “workstation domain”.

>net config workstation
Verify Windows WorkGroup
Verify Windows WorkGroup

Once you know your Windows workgroup its time to move ahead and configure samba server for file sharing.

Anonymous Samba File Sharing

First start by creating a shared samba directory where the files will be stored.

$ sudo mkdir -p /srv/samba/anonymous_shares

Then set the appropriate permissions on the directory.

$ sudo chmod -R 0775 /srv/samba/anonymous_shares
$ sudo chown -R nobody:nogroup /srv/samba/anonymous_shares

Now open the configuration file.

$ sudo vi /etc/samba/smb.conf
OR
$ sudo nano /etc/samba/smb.conf

Next edit or modify the directive settings as described below.

global]
	workgroup = WORKGROUP
	netbios name = ubuntu
	security = user
[Anonymous]
	comment = Anonymous File Server Share
	path = /srv/samba/anonymous_shares
	browsable =yes
	writable = yes
	guest ok = yes
	read only = no
	force user = nobody

Now verify current samba settings by running the command below.

$ testparm
Samba Current Configuration Settings
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "syslog" option is deprecated
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Shares]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
	netbios name = UBUNTU
	server string = %h server (Samba, Ubuntu)
	server role = standalone server
	map to guest = Bad User
	obey pam restrictions = Yes
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	unix password sync = Yes
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	dns proxy = No
	usershare allow guests = Yes
	panic action = /usr/share/samba/panic-action %d
	idmap config * : backend = tdb

[printers]
	comment = All Printers
	path = /var/spool/samba
	create mask = 0700
	printable = Yes
[print$]
	comment = Printer Drivers
	path = /var/lib/samba/printers
	browseable = No
[Anonymous]
	comment = Anonymous File Server Share
	path = /srv/samba/anonymous_shares
	force user = nobody
	read only = No
	guest ok = Yes

Then restart Samba services to effect the above changes.

$ sudo systemctl restart smbd   [Systemd]
$ sudo service smbd restart     [Sys V]

Testing Anonymous Samba File Sharing

Go to the Windows machine, and open “Network” from a Windows Explorer window. Click on the Ubuntu host (TECMINT for our case), or else try to access the samba server using its IP address.

\\192.168.43.168

Note: Use the ifconfig command to get your Ubuntu server IP address.

Connect to Samba Share
Connect to Samba Share

Then open the Anonymous directory and try to add files in there to share with other users.

Add Files to Samba Share
Add Files to Samba Share

Secure Samba File Sharing

To password-protect a samba share, you need to create a group “smbgrp” and set a password for each user. In this example I use aaronkilik as user and password as “tecmint“.

$ sudo addgroup smbgrp
$ sudo usermod aaronkilik -aG smbgrp
$ sudo smbpasswd -a aaronkilik

Note: The samba security mode: security = user requires clients to enter a username and password to connect to shares.

Samba user accounts are separate from system accounts, however, you can optionally install the libpam-winbind package which is used to sync system users and passwords with the samba user database.

$ sudo apt install libpam-winbind

Then create the secure directory where the shared files will be kept.

$ sudo mkdir -p /srv/samba/secure_shares

Next, set the appropriate permissions on the directory.

$ sudo chmod -R 0770 /srv/samba/secure_shares
$ sudo chown -R root:smbgrp /srv/samba/secure_shares

Now open the configuration file.

$ sudo vi /etc/samba/smb.conf
OR
$ sudo nano /etc/samba/smb.conf

Next edit or modify the directive settings as described below.

[Secure]
	comment = Secure File Server Share
	path =  /srv/samba/secure_shares
	valid users = @smbgrp
	guest ok = no
	writable = yes
	browsable = yes

Just like before, run this command to see your current samba settings.

$ testparm
Samba Current Configuration Settings
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "syslog" option is deprecated
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Shares]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
	netbios name = UBUNTU
	server string = %h server (Samba, Ubuntu)
	server role = standalone server
	map to guest = Bad User
	obey pam restrictions = Yes
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	unix password sync = Yes
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	dns proxy = No
	usershare allow guests = Yes
	panic action = /usr/share/samba/panic-action %d
	idmap config * : backend = tdb
[printers]
	comment = All Printers
	path = /var/spool/samba
	create mask = 0700
	printable = Yes
[print$]
	comment = Printer Drivers
	path = /var/lib/samba/printers
	browseable = No
[Anonymous]
	comment = Anonymous File Server Share
	path = /srv/samba/anonymous_shares
	force user = nobody
	read only = No
	guest ok = Yes
[Secure]
	comment = Secure File Server Share
	path = /srv/samba/secure_shares
	valid users = @smbgrp
	read only = No

Once you done with the above configurations, restart Samba services to apply the changes.

$ sudo systemctl restart smbd   [Systemd]
$ sudo service smbd restart     [Sys V]

Testing Secure Samba File Sharing

As before, in the Windows machine, and open “Network” from a Windows Explorer window. Click on the Ubuntu host (TECMINT for our case). You may get the error below, if not proceed to the next step.

Connect to Secure Samba Share
Connect to Secure Samba Share

Try to access the server using its IP address, e.g. \\192.168.43.168 like this. Then enter the credentials (username and password) for user aaronkilik and click OK.

Samba Share User Login
Samba Share User Login

You’ll now view all the shared directories, click on Secure to open it.

Samba Secure Share
Samba Secure Share

You can securely share some files with other permitted users on the network by dropping them in this directory.

Add Files on Samba Share
Add Files on Samba Share

Enable Samba in UFW Firewall in Ubuntu

If you have UFW firewall enabled/active on your system, you must add the rules to allow Samba to pass through your firewall.

To test this, we’ve used the 192.168.43.0 network scheme. Run the commands below specifying your network address.

$ sudo ufw allow proto udp to any port 137 from 192.168.43.0/24
$ sudo ufw allow proto udp to any port 138 from 192.168.43.0/24
$ sudo ufw allow proto tcp to any port 139 from 192.168.43.0/24
$ sudo ufw allow proto tcp to any port 445 from 192.168.43.0/24

You can also check out these useful articles concerning Samba file sharing on a network.

  1. Setting Up Samba4 Active Directory Domain Controller- Part 1 to 14
  2. How to Mount/Unmount Local and Network (Samba & NFS) Filesystems in Linux
  3. Using ACLs (Access Control Lists) and Mounting Samba / NFS Shares
  4. How to Fix SambaCry Vulnerability (CVE-2017-7494) in Linux Systems

That’s all! In this guide, we showed you how to setup Samba4 for anonymous and secure file sharing between Ubuntu and Windows machines. Use the feedback form below to share any thoughts with us.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

5 Comments

Leave a Reply
  1. Well, that did not work: Anonymous shares, delete folder failed, permission denied.

    Need to add: create mask = 0775, directory mask = 0775

    [Anonymous]
    	comment = Anonymous File Server Share
    	path = /srv/samba/anonymous_shares
    	browsable =yes
    	writable = yes
    	guest ok = yes
    	read only = no
    	force user = nobody
            create mask = 0775
           directory mask = 0775
    

    Samba is the DEFAULT file-sharing protocol on Linux. Why does it have to be so damned hard to get it to work? It should work “out of the box” as it does on windows. That is the principle reason Linux lags so far behind Windows in market share.

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.