mar
/
sysadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
How to set up/manage services on a computer
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
179 KiB
 
Tree: 3b75c73b9d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3b75c73b9d'
${ noResults }
sysadmin/samba/Build.md

3.0 KiB
Raw Blame History

Set up a Samba container

launch container

lxc launch ubuntu-base samba

config container

lxc exec samba bash
mkdir /srv/media
addgroup --gid 60000 filesrv --system
adduser --uid 60000 --ingroup filesrv filesrv --disabled-password --gecos "LXD Files Owner" --system --no-create-home --shell /usr/sbin/nologin --home /srv
exit

mount stuff

mkdir /srv/media
exit
lxc config device add samba media disk source=/tank/media path=/srv/media
lxc config device add samba home disk source=/tank/files path=/home
lxc config set samba raw.idmap 'both 60000 60000'
lxc restart samba
lxc exec samba bash

install samba

apt update
apt upgrade
apt install samba

config samba

disable NMB daemon

systemctl stop nmbd
systemctl disable nmbd

edit /etc/samba/smb.conf to have the following contents:

# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic 
# errors. 

#======================= Global Settings =======================
[global]
### General ###
server string = medusa
server role = standalone server
disable netbios = yes
smb ports = 445

#### Logging ####
log file = /var/log/samba/smb.log
max log size = 1000

####### Authentication #######
passdb backend = tdbsam
map to guest = bad user

### Permissions ##
# The following settings configure all shares to use the filesrv user on the backend
force user = filesrv
force group = filesrv
create mask = 0644
directory mask = 0755
force create mode = 0644
force directory mode = 0755
unix extensions = yes
map archive = no
map system = no
map hidden = no

### Printing ###
# Disable all printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

#======================= Share Definitions =======================
[media]
comment = Shared media files
path = /srv/files/media
browsable = yes
guest ok = yes
read only = yes
write list = @filesrv

[homes]
comment = User homes
browsable = no
guest ok = no
read only = no
valid users = %S

finally, restart the Samba server with:

service smbd restart

define users

make script

first, we will write a script to automate adding users. Create a file /usr/local/bin/smbadduser with the contents:

#!/bin/sh

adduser "$1" --disabled-password --gecos "" --no-create-home --shell /usr/sbin/nologin
smbpasswd -a "$1"

don't forget to make it executable:

chmod +x /usr/local/bin/smbadduser

add users

for each user you want to be able to connect to Samba, run

smbadduser ${username:?}

configure reverse proxy

hosts

in /etc/hosts:

10.160.228.47   samba.lxd

haproxy

in /etc/haproxy/haproxy.cfg:

frontend samba
        bind :445 interface eno1
        mode tcp
        use_backend samba

backend samba
        mode tcp
        server smb-1 samba.lxd:445

client

to mount a Samba share, put in your fstab something like this:

//medusa/media /net/media cifs noauto,user,rw,username=mar,file_mode=0644 0 0