Samba is a free and open-source implementation of SMB/CIFS. As of version 3, Samba provides file and print services over network which can be accessed by Windows, Unix and MacOS X clients. Alternatives are NFS and SSHFS.
It is strongly recommended that you use LuCI to establish the initial configuration and then edit the template file (/etc/samba/smb.conf.template) via LuCI Edit Template tab or from the shell as needed.
On devices with 32Mbyte of RAM you will most likely run into memory issues, adding swap might help but devices with at least 128Mbyte is recommended and a 128-256Mbyte swap if possible.
Presuming you want to connect a USB hard disk to the device and then access its contents over the cifs protocol, you need to mount that drive first:
/etc/config/firewallto open the following ports (if your LAN access is rejected by default):
Windows and most GNU/Linux distribution come with pre-installed support for this. So does MacOS X since version 10.2. In case your distribution is missing support, you need to install the client software. ArchLinux offers a Wikipage: https://wiki.archlinux.org/index.php/Samba#Configuration.
After modifying any of the config files, restart the Samba server so that your changes take effect:
Info: When Samba is restarted this way, the file
/etc/samba/smb.conf is (re)created from to the uci configuration file and
Create Samba users by adding them to /etc/passwd and /etc/group, then using
smbpasswd to set passwords and add to Samba. Set up shared directories permissions according to your needs using
chmod. Any unknown usernames used for authentication against Samba are mapped to a guest login silently by default.
Samba is the only built in way to share resources between computers running Microsoft Windows. Even in a professional environment. Thus it can be very complicated to configure! It is also not the protocol of choice to accomplish that task in a Linux/Mac environment. So, if for whatever reasons above configuration does not give you desired access to your configured shares, you can of course circumvent the uci system and hack the original Samba configuration files instead or in addition. There may be entries which do not have a counterpart in UCI (yet) and thus can only be configured that way. Just bear in mind, that the uci config will overwrite the values configured with it (but not the whole configuration) at every boot up! If you want configure Samba directly with
/etc/samba/smb.conf instead of
/etc/config/samba, it is possible to make changes to the smb.conf survive a reboot using the procedure below.
First, prevent OpenWrt from starting Samba at boot time, thus overwriting
/etc/samba/smb.conf with the settings in the uci file
Then add the following lines to /etc/rc.local to allow smbd and nmbd to start at boot time, using
/etc/samba/smb.conf as the configuration file
smbd -D nmbd -D
Now edit your
/etc/samba/smb.conf all you like without worrying they will be lost the next time you reboot!
Same procedure as with most OpenWrt packages: The first command will create a symlink
/etc/rc.d/S60samba, the second will only start samba right now.
/etc/init.d/samba enable /etc/init.d/samba start
ps auxshould show
nmbd -Dup and running
When using a Windows 7 client, you may have trouble accessing the network shares when Samba is set to user security, especially when using the “Map Network Drive” option from within Explorer. To circumvent this problem, try logging, choose to login using different credentials and type your username all in caps.
If this still doesn't work, on the Windows 7 client(s) start a command shell (Win+R, type cmd and press enter), then issue the following command:
net use R: \\openwrt\<share> /USER:<USERNAME> <password>
If you changed your router hostname, openwrt must be changed accordingly. <share> is the name of the share, as you have configured it using Luci or otherwise. <USERNAME> is the username you have added to the /etc/passwd name, and must be spelled all in caps. <password> is the one you set using smbpasswd.
Some hints in advance: If you installed all needed packages, configured Samba per UCI and it still does not work at all, have a look at the file /etc/samba/smb.conf.template. Change the entry security from
share, restart the daemons and try accessing it directly: In windows explorer type
\\router_ip in the address bar. In nautilus or dolphin press <CTRL>+<L> and type
smb://router_ip/ into the address bar.
Instead of looking up the whole configuration step by step, you maybe want to have a look at Samba.org: Example Network Configurations. Chapter 1: No-Frills Samba Servers. Notice that you can already achieve a great deal of security by neatly setting up the firewall
If Samba does not start, try adding your router's name and ip in /etc/hosts. (see also http://forum.openwrt.org/viewtopic.php?id=5401)
When Samba is configured, the shares are set browse-able, but they still don't appear when browsing the network, then it may be that
local master = yes is missing from
/etc/samba/smb.conf.template. Also check if
preferred master = yes is in
If you cannot write to the share, Samba may not have the proper permissions to write to the shared folder.
Some have reported success by modifying the permissions and owner of the folder:
chmod -R 777 /mnt/sda1 chown -R nobody /mnt/sda1
If you are sharing a drive mounted wish fstab, you may need to modify /etc/config/fstab to include 'umask=000' in the options section.
More info here: https://forum.openwrt.org/viewtopic.php?id=26625
/etc/samba/smb.conf.template file and I can now read and write files and folders with accented characters.
Since netfilter will track every connection, if you use MASQUERADING for example, you should disable con-tracking for data connections. The basic idea looks likes this, you must adapt this to your firewall setting.
iptables -t raw -A OUTPUT -o interface -s LAN_IP -p tcp --sport 139 -j CT --notrack #------------------ don't track SMB iptables -t raw -A OUTPUT -o interface -s LAN_IP -p tcp --sport 445 -j CT --notrack #------------------ don't track SMB iptables -t raw -A PREROUTING -o interface -s LAN_IP -p tcp --dport 139 -j CT --notrack #------------------ don't track SMB iptables -t raw -A PREROUTING -o interface -s LAN_IP -p tcp --dport 445 -j CT --notrack #------------------ don't track SMB
Replace interface and LAN_IP with the appropriate values.
It's recommended to add the following to the UCI configuration file
... config 'rule' option '_name' 'Don'\''t track NETBIOS Service' option 'src' 'lan' option 'src_port' '137-139' option 'dest' 'lan' option 'target' 'NOTRACK' config 'rule' option '_name' 'Don'\''t track NETBIOS Service' option 'src' 'lan' option 'dest' 'lan' option 'dest_port' '137-139' option 'target' 'NOTRACK' config 'rule' option '_name' 'Don'\''t track Windows Filesharing' option 'src' 'lan' option 'src_port' '445' option 'dest' 'lan' option 'target' 'NOTRACK' config 'rule' option '_name' 'Don'\''t track Windows Filesharing' option 'src' 'lan' option 'dest' 'lan' option 'dest_port' '445' option 'target' 'NOTRACK'
As the latest version of Mac OS X (Yosemite) has problems discovering SMB network shares broadcasted by each client over the LAN, you can set up a WINS server on your router which will help them out.
A WINS server is a centralised name server for SMB network shares. The objective is to make the router the master browser which means it will discover SMB network shares then make them available over the WINS service. Macs will connect to the WINS service to receive the list of network shares, hopefully with more success than discovering network shares themselves.
We will edit the UCI template (
/etc/samba/smb.conf.template) instead of directly changing
/etc/samba/smb.conf so as to maintain compatibility with UCI and LuCI.
Log into LuCI, go to Services > Network Shares, go to the Edit Template tab, and add or change the following entries in the “[global]” section in the template.
[global] domain master = yes local master = yes name resolve order = wins lmhosts hosts bcast os level = 99 preferred master = yes wins support = yes
Finally Save & Apply the changes.
You can also configure dnsmasq to broadcast the WINS server address via DHCP so that clients on the LAN don’t have to be manually configured.
As there is no template editor in LuCI for
/etc/config/dhcp it has to be edited in the terminal instead. ssh into your router then enter the following:
root@router:/# cd /etc/config root@router:/etc/config# vi dhcp
Now add the following entry to the “config 'dhcp' 'lan'” section in the template:
... config 'dhcp' 'lan' list 'dhcp_option' '44,192.168.1.1' ...
If your router has a different IP address to 192.168.1.1 then put your router's address.
Use “:wq” to save and quit then reboot the router (type
reboot on the command line) and reboot the Macs. SMB network shares should appear in Network home a few minutes after rebooting the Mac.
A video demonstration of how Samba 3.6 from the repositories can be installed on OpenWrt 14.07 Barrier Breaker: https://www.youtube.com/watch?v=1tEROyfvkv4