Samba

Samba is a free and open-source implementation of SMB that provides network file and print services for clients running Windows, Linux, and macOS. The version included in the OpenWrt feeds is samba4.

Presuming you want to share a connected USB or eSATA drive (HDD, SSD, Flash) over your network, you need to mount that drive first:

1. usb-installing obtain support for USB 2.0 and 3.0.
2. usb-drives obtain support for USB storage and mount local filesystem
3. For LAN access, proceed with Installation. For Remote Access, see firewall configuration down below.

Note that devices with 32MB of RAM will have memory issues. Adding swap might help, but devices with at least 128MB is recommended and a 128-256MB swap if possible.

1. Install the luci-app-samba4 package in LuCI. Any dependencies, such as samba4-server, are installed automatically.

• Alternatively install via SSH: opkg update && opkg install luci-app-samba4
• Optional check available version using opkg list | grep -i samba

2. Configure Samba in LuCI on the Services → Network Shares page. It is recommended that you use LuCI for the initial configuration and only edit /etc/samba/smb.conf.template if needed via LuCI Edit Template tab or from the shell. Basic LuCI configuration guidance is provided below:

• Interface: lan
• Workgroup: WORKGROUP
• Enable Extra Tuning: checked (for more throughput. Note for Apple Time Machine do not check as it is incompatible with macOS)
• Shared Directories: click Add
• Name: enter a name for the shared folder (e.g. router name)
• Path: /mnt/sda1 (enter mount point for your drive, click Path→ if you still need to mount a drive)
• Browseable: checked
• Read-only: unchecked
• Force Root: checked (caution: use if your LAN is secure, otherwise set user accounts described in sections below and enter under 'Allowed users')
• Allow guests: checked (unless using a user account as described above)
• Create Mask: 0666
• Directory Mask: 0777
• Save and Apply

3. You will now be able to read/write network shares on your LAN similar to Network-attached_storage. For example browsing a share named 'storage' on your router default IP using Windows File Explorer: \\192.168.1.1\storage\.

Windows, most Linux distributions, and macOS include SMB support in their File Browsers. Android (like OpenWrt is also Linux based) is supported and shares can be browsed in free apps like X-plore, or VLC or Kodi for media playback. If your OS is missing support, simply install some client software.

LuCI页面上述的基本配置应该适用于大多数用户。如需进一步配置，请继续阅读并查看高级设置部分以获得更多选项和自定义。 samba.

在修改任何配置文件后，重新启动Samba服务器以使更改生效：

/etc/init.d/samba restart

当以这种方式重新启动Samba时，文件“/etc/samba/smb.conf”将从uci配置文件和“/etc/samba/smb.conf.template”中重新创建或更新。

1. 首先手动添加条目到 /etc/passwd 和 /etc/group 来创建Samba用户
2. 使用 smbpasswd -a username 为该用户创建并分配Samba密码（请注意，该命令将其写入 /etc/samba/smbpasswd 文件中）

选择uid/gid的值>=1000，以避免与系统保留的<1000的值可能冲突。

例如添加条目到 /etc/passwd:

foo:x:1001:1001:smb user:/dev/null:/bin/false

例如添加条目到 /etc/group:

foo:x:1001:foo

使用“chown”和“chmod”根据您的需求设置共享目录权限。 默认情况下，对Samba进行身份验证时使用的任何未知用户名都会被静默地映射到访客登录。

SMB是在运行Windows的计算机之间共享网络资源的内置方法，即使在专业环境中也是如此。因此，Samba的配置可能非常复杂，特别是如果使用Active Directory！在Linux或Mac环境中，这也不是完成此任务的首选协议。 因此，如果由于某种原因上述配置未能达到预期访问共享，您当然可以绕过uci系统，而是直接修改原始的Samba配置文件。 可能存在一些条目在UCI中没有对应项，因此只能以这种方式进行配置。 请记住，每次启动时，uci配置将覆盖使用其配置的值（但不覆盖整个配置）！如果想要直接使用/etc/samba/smb.conf而不是/etc/config/samba来配置Samba，则可以按照以下过操作对smb.conf的更改在重新启动后仍然存在。

首先，防止OpenWrt在启动时启动Samba，因为Samba会用/etc/config/samba中的uci文件中的设置覆盖/etc/samba/smb.conf：

/etc/init.d/samba disable

添加以下条目到 /etc/rc.local 以允许 smbd 和 nmbd 开机启动并使用 /etc/samba/smb.conf 作为配置文件

smbd -D
nmbd -D

现在你可以编辑 /etc/samba/smb.conf 重启后不会被覆盖。

The LuCI interface can be used to easily setup a share intended to be used as an Apple Time Machine Disk.

• Interface: lan (or whatever interface is to be used)
• Workgroup: WORKGROUP (or whatever name you wish)
• Enable Extra Tuning: unchecked (this as it introduces features that are incompatible with current versions of MacOSX).
• Force synchronous I/o: unchecked
• Enable macOS compatible shares: checked
• Allow legacy (insecure) protocols/authentication: unchecked
• Disable netbios: unchecked
• Shared Directories: click Add
• Name: enter a name for the shared folder (e.g. router name)
• Path: /mnt/sda1 (enter mount point for your drive, click Path→ if you still need to mount a drive)
• Browseable: checked
• Read-only: unchecked
• Force Root: checked (caution: use if your LAN is secure, otherwise set user accounts described in sections below and enter under 'Allowed users')
• Allow users: define a user, see per_user_security
• Allow guests: unchecked
• Inherit owner: unchecked
• Create Mask: 0600
• Directory Mask: 0700
• Vfs objects: unchecked
• Apple Time-machine share: checked
• Time-machine size in GB: can be left blank or max size can be defined
• Save and Apply

1. If luci-app-samba4 is not working or can't be found in LuCI → execute “rm /tmp/luci-indexcache” or restart router.
2. Is the partition you want to share mounted correctly? In LuCI check System → Mount Points or /etc/config/fstab.
3. Does Samba have read/write access to the partition?
4. Is Samba running? ps aux should show smbd -D and nmbd -D up and running.
5. Is your Samba configuration right?
6. Does your firewall allow clients to access the service on your router?

Some hints in advance:

• If you installed all needed packages, configured Samba per UCI and it still does not work, have a look at the file /etc/samba/smb.conf.template.
• Change the entry security from user to share, restart the daemons and try accessing: In windows explorer type \\router_ip in the address bar.
• In nautilus or dolphin press <CTRL>+<L> and type smb://router_ip/ into the address bar.

Instead of looking up the whole configuration step by step, you maybe want to have a look at Samba.org: Example Network Configurations. Chapter 1: No-Frills Samba Servers. Notice that you can already achieve a great deal of security by neatly setting up the Firewall Documentation.

After installing the packages described in Installation, Samba will start on boot. This can be confirmed in the LuCI System → Startup page. If there is an issue, follow the same procedure as with most OpenWrt packages: The first command will create a symlink /etc/rc.d/S60samba, the second will only start samba right now.

/etc/init.d/samba enable
/etc/init.d/samba start

When Samba is configured, the shares are set browse-able, but they still don't appear when browsing the network, then it may be that local master = yes is missing from /etc/samba/smb.conf.template. Also check if preferred master = yes is in /etc/samba/smb.conf.template.

If you cannot write to the share, Samba may not have the proper permissions to write to the shared folder.

Some have reported success by modifying the permissions and owner of the folder:

chmod -R 777 /mnt/sda1
chown -R nobody /mnt/sda1

If you are sharing a drive mounted wish fstab, you may need to modify /etc/config/fstab to include 'umask=000' in the options section.

config 'mount'
        option 'options' 'rw,umask=000'
        option 'enabled_fsck' '0'
        option 'enabled' '1'
        option 'device' '/dev/scsi/host0/bus0/target0/lun0/part1'
        option 'target' '/mnt/usbdisk'
        option 'fstype' 'vfat'

More info here: https://forum.openwrt.org/viewtopic.php?id=26625

If you need to read/write files and folders with accented characters.

sed -i -e "/unix charset/s/ISO-8859-1/UTF-8/" /etc/samba/smb.conf.template

Since netfilter tracks every connection, it may improve throughput to disable conntrack for Samba connections if you use NAT.

uci -q delete firewall.samba_nsds_nt
uci set firewall.samba_nsds_nt="rule"
uci set firewall.samba_nsds_nt.name="NoTrack-Samba/NS/DS"
uci set firewall.samba_nsds_nt.src="lan"
uci set firewall.samba_nsds_nt.dest="lan"
uci set firewall.samba_nsds_nt.dest_port="137-138"
uci set firewall.samba_nsds_nt.proto="udp"
uci set firewall.samba_nsds_nt.target="NOTRACK"
uci -q delete firewall.samba_ss_nt
uci set firewall.samba_ss_nt="rule"
uci set firewall.samba_ss_nt.name="NoTrack-Samba/SS"
uci set firewall.samba_ss_nt.src="lan"
uci set firewall.samba_ss_nt.dest="lan"
uci set firewall.samba_ss_nt.dest_port="139"
uci set firewall.samba_ss_nt.proto="tcp"
uci set firewall.samba_ss_nt.target="NOTRACK"
uci -q delete firewall.samba_smb_nt
uci set firewall.samba_smb_nt="rule"
uci set firewall.samba_smb_nt.name="NoTrack-Samba/SMB"
uci set firewall.samba_smb_nt.src="lan"
uci set firewall.samba_smb_nt.dest="lan"
uci set firewall.samba_smb_nt.dest_port="445"
uci set firewall.samba_smb_nt.proto="tcp"
uci set firewall.samba_smb_nt.target="NOTRACK"
uci commit firewall
/etc/init.d/firewall restart

For remote access configure your firewall as per below. See port explanation. Use caution here, as you may eventually expose your network to security concerns. Samba and many other packages are not always updated to the latest CVEs between releases. This is not needed for LAN access to your shares, file sharing such as SMB and NAS are typically best used for LAN access for this reason.

uci -q delete firewall.samba_nsds
uci set firewall.samba_nsds="rule"
uci set firewall.samba_nsds.name="Allow-Samba/NS/DS"
uci set firewall.samba_nsds.src="lan"
uci set firewall.samba_nsds.dest_port="137-138"
uci set firewall.samba_nsds.proto="udp"
uci set firewall.samba_nsds.target="ACCEPT"
uci -q delete firewall.samba_ss
uci set firewall.samba_ss="rule"
uci set firewall.samba_ss.name="Allow-Samba/SS"
uci set firewall.samba_ss.src="lan"
uci set firewall.samba_ss.dest_port="139"
uci set firewall.samba_ss.proto="tcp"
uci set firewall.samba_ss.target="ACCEPT"
uci -q delete firewall.samba_smb
uci set firewall.samba_smb="rule"
uci set firewall.samba_smb.name="Allow-Samba/SMB"
uci set firewall.samba_smb.src="lan"
uci set firewall.samba_smb.dest_port="445"
uci set firewall.samba_smb.proto="tcp"
uci set firewall.samba_smb.target="ACCEPT"
uci commit firewall
/etc/init.d/firewall restart

Apple Spotlight connections was resolved in 2023 versions of Samba with 4.17.6 and 4.18.0.

Some older versions of macOS (e.g. Yosemite) have problems discovering SMB network shares broadcasted by each client over the LAN, you can set up a WINS server on your router which will help them out.

A WINS server is a central name server analogous to DNS but for a local network. This service will discover SMB shares then make them available over WINS. Macs will connect to WINS to receive the list of network shares, hopefully with more success than discovering network shares themselves.

We will edit the UCI template (/etc/samba/smb.conf.template) instead of directly changing /etc/samba/smb.conf so as to maintain compatibility with UCI and LuCI.

Log into LuCI, go to Services > Network Shares, go to the Edit Template tab, and add or change the following entries in the “[global]” section in the template.

[global]
	domain master = yes
	local master = yes
	name resolve order = wins lmhosts hosts bcast
	os level = 99
	preferred master = yes
	wins support = yes

Save & Apply the changes.

You can also configure dnsmasq to broadcast the WINS server address via DHCP:

uci add_list dhcp.lan.dhcp_option="44,$(uci get network.lan.ipaddr)"
uci commit dhcp
/etc/init.d/dnsmasq restart

SMB network shares should appear in Network home a few minutes after rebooting the Mac.

• Samba user administration script
• Storage Administration Tool
• Samba website