Samba server

How to setup a simple samba server on OpenBSD

In this post, we show how to setup a simple/small LAN samba server. The setup is done on an OpenBSD distribution. First we start by installing the samba package. This is done by first defining which mirror we will use to download the package and it dependencies.

1	export PKG_PATH=http://openbsd.cs.fau.de/pub/OpenBSD/`uname -r`/packages/`uname -m`/
2	pkg_add -r samba-3.6.15p15

The commands above install samba and its dependencies. One of these dependencies is python 2.7. To make this version of python the default one, we need to create the following symbolic links:

1	ln -sf /usr/local/bin/python2.7 /usr/local/bin/python
2	ln -sf /usr/local/bin/python2.7-2to3 /usr/local/bin/2to3
3	ln -sf /usr/local/bin/python2.7-config /usr/local/bin/python-config
4	ln -sf /usr/local/bin/pydoc2.7  /usr/local/bin/pydoc

We have now installed the samba package. The next step is to configure it. We are going to configure two shared folders. The first is a public share accessible on read and write for everyone. The second is accessible only to members of pre-defined group.

The following commands create the directory, set up the permissions and configure the required group and user.

1	mkdir -p /pub
2	chmod -R 777 /pub
3	mkdir -p /smb
4	chmod -R 777 /smb
5
6	groupadd staff
7	useradd samba
8	usermod -G staff samba
9	smbpasswd -a samba

The next step is changing the samba configuration file to reflect the setup we described above. The file /etc/samba/smb.conf should looks like the following:

 1	[global]
 2   		workgroup = WORKGROUP
 3   		server string = Samba Server
 4   		security = user
 5   		log file = /var/log/samba/smbd.%m
 6   		max log size = 50
 7   		dns proxy = no
 8   		allow insecure wide links = no
 9   		map to guest = bad user
10
11	[pub]
12   		comment = Public file space
13   		path = /pub
14   		read only = no
15   		public = yes
16   		force user = nobody
17   		max connections = 10
18
19	[share]
20   		comment = Shared directory
21   		path = /smb
22   		public = no
23   		valid users = samba, @staff
24   		writable = yes
25   		browseable = yes
26   		create mask = 0765

Most of the configuration above are default and self explanatory. It is worth mentioning that map to guest = bad user is necessary to have Windows user access the public share without being prompted an authentication popup.

Finally, we need to add some configuration flags to the samba service and enable it to auto start at boot time.

1	echo '
2	smbd_flags="-D"
3	nmbd_flags="-D"
4	' >> /etc/rc.conf.local
5	rcctl enable samba

After restarting the samba service rcctl restart samba, the shared folder should be accessible for our LAN users. You should also have the ports 139 and 445 open and on listening mode.

References: https://www.samba.org/samba/docs/man/manpages/smb.conf.5.html