Samba

Samba is a free and open-source implementation of SMB that provides network file and print services by clients running Windows, Linux and macOS. The version of Samba included in the OpenWrt feeds is samba4.

Devices with 32MB of RAM will run into memory issues. Adding swap might help, but devices with at least 128MB is recommended and a 128-256MB swap if possible.

Presuming you want to connect a USB drive (flash, HDD, SSD) to the device and then access its contents over the network, you need to mount that drive first:

1. usb-installing obtain basic support for the USB.
2. usb-drives obtain support for USB storage and mount local filesystem
3. (optional) Configure firewall for remote access (not needed for LAN access) see wiki for ports explanation:

uci -q delete firewall.samba_nsds
uci set firewall.samba_nsds="rule"
uci set firewall.samba_nsds.name="Allow-Samba/NS/DS"
uci set firewall.samba_nsds.src="lan"
uci set firewall.samba_nsds.dest_port="137-138"
uci set firewall.samba_nsds.proto="udp"
uci set firewall.samba_nsds.target="ACCEPT"
uci -q delete firewall.samba_ss
uci set firewall.samba_ss="rule"
uci set firewall.samba_ss.name="Allow-Samba/SS"
uci set firewall.samba_ss.src="lan"
uci set firewall.samba_ss.dest_port="139"
uci set firewall.samba_ss.proto="tcp"
uci set firewall.samba_ss.target="ACCEPT"
uci -q delete firewall.samba_smb
uci set firewall.samba_smb="rule"
uci set firewall.samba_smb.name="Allow-Samba/SMB"
uci set firewall.samba_smb.src="lan"
uci set firewall.samba_smb.dest_port="445"
uci set firewall.samba_smb.proto="tcp"
uci set firewall.samba_smb.target="ACCEPT"
uci commit firewall
/etc/init.d/firewall restart

1. Install the luci-app-samba4 package in LuCI. Any dependencies, such as samba4-server, are installed automatically.

• (optional) Confirm current available version using opkg list | grep -i samba
• Alternatively install in shell via SSH: opkg update && opkg install luci-app-samba4

2. Configure Samba in LuCI on the Services → Network Shares page. It is recommended that you use LuCI for the initial configuration and only edit /etc/samba/smb.conf.template if needed via LuCI Edit Template tab or from the shell. Basic LuCI configuration guidance is provided below:

• Interface: lan
• Workgroup: WORKGROUP
• Enable Extra Tuning: checked (for more throughput. Note that for an Apple Time Machine do not check as the features are incompatible with macOS)
• Shared Directories: click Add
• Name: enter any name for the shared folder (e.g. your router name)
• Path: /mnt/sda1 (enter mount point for your USB/eSATA device, click Path→ if you still need to mount a drive)
• Browseable: checked
• Read-only: unchecked
• Force Root: checked (caution: use if your LAN is secure, otherwise set user account(s) described in sections below and enter under 'Allowed users')
• Allow guests: checked (unless using a user account as described above)
• Create Mask: 0666
• Directory Mask: 0777
• Save and Apply

3. You will now be able to read/write network shares on your network similar to Network-attached_storage. For example browsing your router IP serving a share named 'storage' with Windows file explorer: \\192.168.1.1\storage\.

Windows, most Linux distributions, and macOS include SMB support. Android (also Linux based) support can be added with apps such as X-plore or mounting the share in Kodi or VLC for media playback. If your OS is missing support, simply install some client software.

The basic configuration from the LuCI page described above should work well for most users. For further configuration keep reading and see samba.

After modifying any of the config files, restart the Samba server so that your changes take effect:

/etc/init.d/samba restart

When Samba is restarted this way, the file /etc/samba/smb.conf is (re)created from to the uci configuration file and /etc/samba/smb.conf.template.

1. Create Samba user(s) by first manually adding entries to /etc/passwd and /etc/group
2. Use smbpasswd -a username to create and assign a password for samba for that user (note that command write them to /etc/samba/smbpasswd)

Select a value for the uid/gid that is >=1000 to avoid possible collisions with system reserved values of <1000.

Example entry for /etc/passwd:

foo:x:1001:1001:smb user:/dev/null:/bin/false

Example entry for /etc/group:

foo:x:1001:foo

Set up shared directories permissions according to your needs using chown and chmod. Any unknown usernames used for authentication against Samba are mapped to a guest login silently by default.

Samba is the only built in way to share resources between computers running Microsoft Windows. Even in a professional environment. Thus it can be very complicated to configure! It is also not the protocol of choice to accomplish that task in a Linux/Mac environment. So, if for whatever reasons above configuration does not give you desired access to your configured shares, you can of course circumvent the uci system and hack the original Samba configuration files instead or in addition. There may be entries which do not have a counterpart in UCI (yet) and thus can only be configured that way. Just bear in mind, that the uci config will overwrite the values configured with it (but not the whole configuration) at every boot up! If you want configure Samba directly with /etc/samba/smb.conf instead of /etc/config/samba, it is possible to make changes to the smb.conf survive a reboot using the procedure below.

First, prevent OpenWrt from starting Samba at boot time, thus overwriting /etc/samba/smb.conf with the settings in the uci file /etc/config/samba:

/etc/init.d/samba disable

Then add the following lines to /etc/rc.local to allow smbd and nmbd to start at boot time, using /etc/samba/smb.conf as the configuration file

smbd -D
nmbd -D

Now edit your /etc/samba/smb.conf all you like without worrying they will be lost the next time you reboot!

After installing the packages described in Installation, Samba will start on boot. This can be confirmed in the LuCI System → Startup page. If there is an issue, follow the same procedure as with most OpenWrt packages: The first command will create a symlink /etc/rc.d/S60samba, the second will only start samba right now.

/etc/init.d/samba enable
/etc/init.d/samba start

The LuCI interface can be used to easily setup a share intended to be used as an Apple Time Machine Disk.

• Interface: lan (or whatever interface is to be used)
• Workgroup: WORKGROUP (or whatever name you wish)
• Enable Extra Tuning: unchecked (this as it introduces features that are incompatible with current versions of MacOSX).
• Force synchronous I/o: unchecked
• Enable macOS compatible shares: checked
• Allow legacy (insucure) protocols/authentication: unchecked
• Disable netbios: unchecked
• Shared Directories: click Add
• Name: enter any name for the shared folder (e.g. your router name)
• Path: /mnt/sda1 (enter mount point for your mounted USB/eSATA device, click Path→ if you still need to mount a drive)
• Browseable: checked
• Read-only: unchecked
• Force Root: checked (caution: only if your LAN is secure, otherwise setup user account(s) as described in Configuration section below and enter them under 'Allowed users')
• Allow users: define a user, see per_user_security
• Allow guests: unchecked
• Inherit owner: unchecked
• Create Mask: 0600
• Directory Mask: 0700
• Vfs objects: unchecked
• Apple Time-machine share: checked
• Time-machine size in GB: can be left blank or max size can be defined
• Save and Apply

1. If luci-app-samba4 is not working or can't be found in LuCI → execute “rm /tmp/luci-indexcache” or restart router.
2. Is the partition you want to share mounted correctly? In LuCI check System → Mount Points or /etc/config/fstab again.
3. Does the samba daemon have (read or write) access to the partition?
4. Is Samba running? ps aux should show smbd -D and nmbd -D up and running.
5. Is your Samba configuration right?
6. Does your firewall allow clients to access the service on your router?

If using a Windows 7 client, you may have trouble accessing the network shares when Samba is set to user security, especially when using the “Map Network Drive” option from within Explorer. To circumvent this problem, try logging, choose to login using different credentials and type your username all in caps. If this still doesn't work, on the Windows 7 client start a command shell (Win+R, type cmd and press enter), then issue the following command:

net use R: \\openwrt\<share> /USER:<USERNAME> <password>

If you changed your router hostname, openwrt must be changed accordingly.

• <share> is the name of the share, as you have configured it using Luci or otherwise.
• <USERNAME> is the username you have added to the /etc/passwd name, and must be spelled all in caps.
• <password> is the one you set using smbpasswd.

Some hints in advance:

• If you installed all needed packages, configured Samba per UCI and it still does not work at all, have a look at the file /etc/samba/smb.conf.template.
• Change the entry security from user to share, restart the daemons and try accessing it directly: In windows explorer type \\router_ip in the address bar.
• In nautilus or dolphin press <CTRL>+<L> and type smb://router_ip/ into the address bar.

Instead of looking up the whole configuration step by step, you maybe want to have a look at Samba.org: Example Network Configurations. Chapter 1: No-Frills Samba Servers. Notice that you can already achieve a great deal of security by neatly setting up the Firewall Documentation

If Samba does not start, try adding your router's name and ip in /etc/hosts. (see also http://forum.openwrt.org/viewtopic.php?id=5401)

When Samba is configured, the shares are set browse-able, but they still don't appear when browsing the network, then it may be that local master = yes is missing from /etc/samba/smb.conf.template. Also check if preferred master = yes is in /etc/samba/smb.conf.template.

If you cannot write to the share, Samba may not have the proper permissions to write to the shared folder.

Some have reported success by modifying the permissions and owner of the folder:

chmod -R 777 /mnt/sda1
chown -R nobody /mnt/sda1

If you are sharing a drive mounted wish fstab, you may need to modify /etc/config/fstab to include 'umask=000' in the options section.

config 'mount'
        option 'options' 'rw,umask=000'
        option 'enabled_fsck' '0'
        option 'enabled' '1'
        option 'device' '/dev/scsi/host0/bus0/target0/lun0/part1'
        option 'target' '/mnt/usbdisk'
        option 'fstype' 'vfat'

More info here: https://forum.openwrt.org/viewtopic.php?id=26625

If you need to read/write files and folders with accented characters.

sed -i -e "/unix charset/s/ISO-8859-1/UTF-8/" /etc/samba/smb.conf.template

Since netfilter tracks every connection, disable conntrack for Samba connections if you use NAT.

uci -q delete firewall.samba_nsds_nt
uci set firewall.samba_nsds_nt="rule"
uci set firewall.samba_nsds_nt.name="NoTrack-Samba/NS/DS"
uci set firewall.samba_nsds_nt.src="lan"
uci set firewall.samba_nsds_nt.dest="lan"
uci set firewall.samba_nsds_nt.dest_port="137-138"
uci set firewall.samba_nsds_nt.proto="udp"
uci set firewall.samba_nsds_nt.target="NOTRACK"
uci -q delete firewall.samba_ss_nt
uci set firewall.samba_ss_nt="rule"
uci set firewall.samba_ss_nt.name="NoTrack-Samba/SS"
uci set firewall.samba_ss_nt.src="lan"
uci set firewall.samba_ss_nt.dest="lan"
uci set firewall.samba_ss_nt.dest_port="139"
uci set firewall.samba_ss_nt.proto="tcp"
uci set firewall.samba_ss_nt.target="NOTRACK"
uci -q delete firewall.samba_smb_nt
uci set firewall.samba_smb_nt="rule"
uci set firewall.samba_smb_nt.name="NoTrack-Samba/SMB"
uci set firewall.samba_smb_nt.src="lan"
uci set firewall.samba_smb_nt.dest="lan"
uci set firewall.samba_smb_nt.dest_port="445"
uci set firewall.samba_smb_nt.proto="tcp"
uci set firewall.samba_smb_nt.target="NOTRACK"
uci commit firewall
/etc/init.d/firewall restart

Some older versions of macOS (e.g. Yosemite) have problems discovering SMB network shares broadcasted by each client over the LAN, you can set up a WINS server on your router which will help them out.

A WINS server is a centralized name server for SMB network shares. The objective is to make the router the master browser which means it will discover SMB network shares then make them available over the WINS service. Macs will connect to the WINS service to receive the list of network shares, hopefully with more success than discovering network shares themselves.

We will edit the UCI template (/etc/samba/smb.conf.template) instead of directly changing /etc/samba/smb.conf so as to maintain compatibility with UCI and LuCI.

Log into LuCI, go to Services > Network Shares, go to the Edit Template tab, and add or change the following entries in the “[global]” section in the template.

[global]
	domain master = yes
	local master = yes
	name resolve order = wins lmhosts hosts bcast
	os level = 99
	preferred master = yes
	wins support = yes

Finally Save & Apply the changes.

You can also configure dnsmasq to broadcast the WINS server address via DHCP:

uci add_list dhcp.lan.dhcp_option="44,$(uci get network.lan.ipaddr)"
uci commit dhcp
/etc/init.d/dnsmasq restart

SMB network shares should appear in Network home a few minutes after rebooting the Mac.

• Samba user administration script
• Storage Administration Tool
• Samba website