Share files across your network with SAMBA
Overview 📊
Like Wikipedia says Samba is a free software re-implementation of the SMB networking protocol.
Now what is the SMB protocol? well It’s a way of sharing files across devices in a network, simple as that.
❗Important ❗ for any case, always use SMBv3 for security purposes even in LAN workflows.
Requirements 📓
To follow this article you are going to need
A linux computer (debian based)
A few minutes of your life
Use cases for SAMBA 🤔
Well you can guess there is a lot of use cases but I’m going to tell you the ones that worked for me :)
Having to share files with someone who uses a Windows computer 🪟
I could use NFS since my complete house is unix based, but what about when a friend comes with his laptop and uses Windows? well things become tricky so I’ll rather have the Samba over NFS so they don’t have to loss their mental like myself.
Obsidian vault 💜
Although obsidian doesn’t sync in real time for each device once you open the vault from another devices changes are there so that’s fine for me because I’ll do most of the things in my desktop and If I want to continue from bed in the laptop the progress is going to be synced from there so it’s quite effective.
Keepass db 💚
Somewhat same case as Obsidian, having a keepass db could be a pain in the ass to keep up to date across multiple devices, so this way becomes quite simple and keeps being private which is the idea of using keepass right? if I want sync with other devices and use the cloud I’ll rather use Bitwarden.
Stateful services (dev) 🧑💻
Do you have an application in your infra that needs to store something locally in the computer? like pictures, documents and stuff? while mounting the share via CIFS won’t be the fastest solution it could work perfectly for your lab especially on DEV environments
In my case I have some personal API rest that I’ve built for learning purposes and it stores things locally so using a only computer is fine but since the app is in a cluster across multiple computers the state needs to be shared across all of them or else all of them should access the samba right? to read and write from there.
Install the samba server 🧰
To accomplish this we are going to follow this guide https://ubuntu.com/tutorials/install-and-configure-samba#1-overview
Since I mention earlier we are using a debian based box (ubuntu in this case) we are going to install it this way
sudo apt update -y
sudo apt install samba
Simple as that! :)
Check that samba is installed with
samba --version
Version X-Debian
Create a Share 🍕
To create a share we should first create a file in a directory, in my case I’m using the home of the user
mkdir /home/user/sambashare
After that we need to modify the smb.conf
sudo nano /etc/samba/smb.conf
Once editing the file we are going to add this at the bottom
[sambashare]
comment = Example
path = /home/username/sambashare
read only = no
browsable = yes
Where sambashare is the name of the share (could be anything)
Once that is done save the file and sudo service smbd restart to restart the service
Now it’s needed to create an user for the SMB
$ smbpasswd -help
When run by root:
smbpasswd [options] [username]
otherwise:
smbpasswd [options]
options:
-L local mode (must be first option)
-h print this usage message
-s use stdin for password prompt
-c smb.conf file Use the given path to the smb.conf file
-D LEVEL debug level
-r MACHINE remote machine
-U USER remote username (e.g. SAM/user)
extra options when run by root or in local mode:
-a add user
-d disable user
-e enable user
-i interdomain trust account
-m machine trust account
-n set no password
-W use stdin ldap admin password
-w PASSWORD ldap admin password
-x delete user
-R ORDER name resolve order
## So we are going to do this
sudo smbpasswd -a <USER>
sudo smbpasswd -e <USER>
Secure the samba (optional) 🔐
Based on this article https://www.makeuseof.com/ways-to-secure-samba-server-on-linux/
We are going to at least ensure the followings for my case since usage is LAN only
Encrypt the traffic
Avoid the usage of SMBv1
Ensure hosts base restrictions
Restrict anonymous usage
To ensure that we are going to modify the same file as before /etc/samba/smb.conf
And in the [global] section make sure to include
[global]
## Browsing/Identification ###
workgroup = WORKGROUP
min protocol = SMB2
restrict anonymous = 2
hosts allow = 127.0.0.1 192.168.0.1/24
hosts deny = 0.0.0.0/0
smb encrypt = required
server signing = mandatory
To ensure that traffic is being encrypted you can check it with
sudo smbstatus
Samba version X-Debian
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
32393 username group 192.168.X.X (ipv4:192.168.X.X:X) SMB3_11 AES-128-GCM AES-128-CMAC
Service pid Machine Connected at Encryption Signing
---------------------------------------------------------------------------------------------
sambashare 32393 192.168.X.X Sun Jul 13 16:53:03 2025 -03 AES-128-GCM AES-128-CMAC
No locked files
From there we can also see that we are not using SMBv1
Also if we scan with nmap for example we can see that signing is required
Also we can see that is not possible to access with no creds
To secure even more the SMB and get more ideas of possible attacks I’ll suggest you check
https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-smb/index.html
Access the Share from linux 🐧
In ubuntu from your filemanager
In my case the NAS is the one we are looking for, in case the network part won’t find we can access it from the search far typing something like:
smb://<IP>/<SHARE> an example would be smb://192.168.0.5/sambashare
If is the first time we do it we have to authenticate
Remember here this is not your username, is the one created for the SMB/Share
After a successful login we can see our share mounted in the system and use it in applications
In case your FM can’t mount or access the share you will have to do it from the terminal
Ensure that you have cifs-utils installed, that the location to mount exists and to specify a version over 3.0 in order to use SMBv3
sudo mount -t cifs //<IP>/<SHARE> <LOCATION_TO_MOUNT> \
-o user=USUARIO,password=PASSWORD,uid=$(id -u),gid=$(id -g),file_mode=0664,dir_mode=0775,ver=3.0
Conclusion 🏁
If you reach this means it means that your share must be working, congratz!! Hope you have a great day.
For any issue or suggestion you can contact me at https://links.jonathan.com.ar
