OpenWrt ( 2019-2 ) supports two versions of Samba. Samba3 and Samba4. Many of the existing guides are based on Samba3…
It's important before beginning samba setup that you get your disks sorted.
Installing filesystem support, mounting, basic os level permissions are all something Samba sits on top of.
Beginning the setup of the Samba server before mounting and verifying a working disk setup will make things much harder in the long run.
( : Add links to various usb / filesystem setup guides )
see: NTFS Tips
see: Setting up storage devices
When done setting up your mount point, verify (e.g. with
ls /mnt in the command line) that at least one mount point exists, before continuing.
To find out, if samba is already installed on your device, try to query the samba version:
or query opkg:
opkg list-installed | grep samba
if this fails, you have to install samba. To do so, first identify the samba version available for your installation:
opkg update opkg list | grep samba
In our example the available version is “samba36”:
luci-app-samba - git-17.219.28675-9ee26ac-1 - Network Shares - Samba SMB/CIFS module ... samba36-client - 3.6.25-6 - Samba 3.6 SMB/CIFS client samba36-server - 3.6.25-6 - The Samba software suite is a collection of programs that implements the SMB protocol for UNIX systems, allowing
Mandatory: Now install the samba server package:
opkg install samba36-server
Optional: if you need a command line samba client for debugging problems, also install:
opkg install samba36-client
Optional: If you want a simple LuCi GUI config for samba, also install:
opkg install luci-app-samba
Usually you will not have to change defaults provided in this section. In some cases, you may want to adapt the “interface” parameter, in case the samba service should listen on different interfaces.
This config section determines values and options relevant to the overall operation of samba. The following table lists all available options, their default value and respectively a short characterization. See smb.conf man page for further details. These are the default settings for the common options:
config 'samba' option 'name' 'lede' option 'workgroup' 'lede' option 'description' 'Samba on lede' option 'charset' 'UTF-8' option 'homes' '0' option 'interface' 'loopback lan'
|name||string||no||hostname or lede||Name of the Server|
|workgroup||string||no||hostname or lede||Name of the Workgroup|
|description||string||no||Samba on hostname or lede||Description of the Server|
|charset||string||no||UTF-8||Display charset & unix charset|
|homes||boolean||no||0||0, 1||Share the user directory|
|interface||string||no||loopback lan||Interfaces samba should listen on.|
SAMBA will be reachable via NetBIOS by default. In this section you need to configure the disk folders you intend to make accessible to users in your LAN. Ensure that you have already have attached a USB harddisk to the USB-Port and correctly mounted a partition. You can choose to share the partition as a whole, or just individual directories on it. For each entry you need to create an individual config sambashare section.
In the following example, the SMB sharename Sharename is mapped to a connected drive that is mapped to /mnt/sda3.
config 'sambashare' option 'name' 'Sharename' option 'path' '/mnt/sda3' option 'create_mask' '0700' option 'dir_mask' '0700' option read_only 'no' ...
ls /mntin the command line, if you need to debug/identify your available mount points.
|name||string||yes||(none)||Name of the SMB file share. Will be shown in the filebrowser of the client.|
|path||file path||yes||(none)||The complete path of the directory. path|
|users||string||no||guest account or from global template||the samba-users allowed access to this entry; use smbpasswd to create a user-pwd combination! Several users can be specified, separated by a coma (ex : option users root,nobody ). Translated to valid users|
|read_only||string||no||yes or from global template||no, yes||no allows for read/write, else only read access is granted; (for rw, you also need to mount fs rw!). read only|
|guest_ok||string||no||no or from global template||no, yes||Specifies if you need to login via samba-username and password to access this share. guest ok.|
|create_mask||integer||no||0744 or from global template||chmod mask for files created (needs write access). create mask|
|dir_mask||integer||no||0755 or from global template||chmod mask for directories created (need write access). directory mask.|
Each samba share can be configured at either share level access or user level access.
By default Samba is configured for user level access (this is also the recommended way).
To set share level access
option 'read_only' 'yes' to
'no', to enable unrestricted anonymous access including write permission.
config 'sambashare' ... option 'read_only' 'yes' option 'guest_ok' 'yes'
Make sure that guest ok is set to no and allow your created user to access the fileshare with the option users by adding the usernames.
If you want to add more than one user, use a comma separated list.
In the following example we will allow newuser to access the share.
config 'sambashare' ... option guest_ok 'no' option users 'newuser'
To access a samba share with user level access there must be users added to the system by editing
Add a line for each required user. Choose a unique user id (the first number in the line) of 1000 or higher that does not exist yet. Set the group identification number (the second number) to '65534' (the same number as the user nobody). Copy the rest.
e.g. to create a user:
root:0:0:root:/root:/bin/ash nobody:*:65534:65534:nobody:/var:/bin/false daemon:*:65534:65534:daemon:/var:/bin/false newuser:*:1000:65534:newuser:/var:/bin/false
For seamless access when using Microsoft Online accounts in Windows 8/10, edit /etc/samba/smb.conf.template and add username map = /etc/samba/username.map:
[global] [...] username map = /etc/samba/username.map
Then create /etc/samba/username.map which links the Linux User loginname to your Microsoft Account loginname:
newuser = firstname.lastname@example.org
samba does not rely on passwords stored in /etc/shadows. By adding the following, you will only enable users for SMB file share access. With these passwords, your users will not get SSH or LuCi access to your LEDE system (unless you give them another additional password in the file /etc/shadows)
smbpasswd -a newuser
Reload samba by issueing the following command
service samba restart
In addition to the UCI file (/etc/config/samba), modifications can be made to the /etc/samba/smb.conf.template file.
In usual default operation, this configuration can be left untouched.
e.g. to allow users with null password (can authenticate without providing a password), edit /etc/samba/smb.conf.template and add null passwords = yes:
ls -l /mnt/sha3has “rwx” bits set.
chmodcan be used to change that if in doubt.
Press Windows key + R Type: optionalfeatures.exe Hit Enter Scroll down to SMB 1.0/CIFS File Sharing Support Tick the SMB 1.0/CIFS Client Untick SMB 1.0/CIFS Automatic Removal and Untick SMB 1.0/CIFS Server Click OK Restart if prompted.