# Set up a Samba container

## launch container

```
lxc launch ubuntu-base samba
```

## config container

```
lxc exec samba bash
mkdir /srv/media
addgroup --gid 60000 filesrv --system
adduser --uid 60000 --ingroup filesrv filesrv --disabled-password --gecos "LXD Files Owner" --system --no-create-home --shell /usr/sbin/nologin --home /srv
exit
```

### mount stuff

```
mkdir /srv/media
exit
lxc config device add samba media disk source=/tank/media path=/srv/media
lxc config device add samba home disk source=/tank/files path=/home
lxc config set samba raw.idmap 'both 60000 60000'
lxc restart samba
lxc exec samba bash
```

### install samba

```
apt update
apt upgrade
apt install samba
```

### config samba

disable NMB daemon
```
systemctl stop nmbd
systemctl disable nmbd
```

edit `/etc/samba/smb.conf` to have the following contents:
```
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic 
# errors. 

#======================= Global Settings =======================
[global]
### General ###
server string = medusa
server role = standalone server
disable netbios = yes
smb ports = 445

#### Logging ####
log file = /var/log/samba/smb.log
max log size = 1000

####### Authentication #######
passdb backend = tdbsam
map to guest = bad user

### Permissions ##
# The following settings configure all shares to use the filesrv user on the backend
force user = filesrv
force group = filesrv
create mask = 0644
directory mask = 0755
force create mode = 0644
force directory mode = 0755
unix extensions = yes
map archive = no
map system = no
map hidden = no

### Printing ###
# Disable all printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

#======================= Share Definitions =======================
[media]
comment = Shared media files
path = /srv/files/media
browsable = yes
guest ok = yes
read only = yes
write list = @filesrv

[homes]
comment = User homes
browsable = no
guest ok = no
read only = no
valid users = %S
```
finally, restart the Samba server with:
```
service smbd restart
```

## define users

### make script

first, we will write a script to automate adding users. Create a file `/usr/local/bin/smbadduser` with the contents:
```
#!/bin/sh

adduser "$1" --disabled-password --gecos "" --no-create-home --shell /usr/sbin/nologin
smbpasswd -a "$1"
```
don't forget to make it executable:
```
chmod +x /usr/local/bin/smbadduser
```

### add users

for each user you want to be able to connect to Samba, run
```
smbadduser ${username:?}
```

## configure reverse proxy

### hosts

in `/etc/hosts`:
```
10.160.228.47   samba.lxd
```

### haproxy

in `/etc/haproxy/haproxy.cfg`:
```
frontend samba
        bind :445 interface eno1
        mode tcp
        use_backend samba

backend samba
        mode tcp
        server smb-1 samba.lxd:445
```

### client

to mount a Samba share, put in your fstab something like this:
```
//medusa/media /net/media cifs noauto,user,rw,username=mar,file_mode=0644 0 0
```