Share files across your network with SAMBA

Overview 📊

Like Wikipedia says Samba is a free software re-implementation of the SMB networking protocol.

Now what is the SMB protocol? well It’s a way of sharing files across devices in a network, simple as that.

❗Important ❗ for any case, always use SMBv3 for security purposes even in LAN workflows.

Requirements 📓

To follow this article you are going to need

• A linux computer (debian based)

• A few minutes of your life

Use cases for SAMBA 🤔

Well you can guess there is a lot of use cases but I’m going to tell you the ones that worked for me :)

Having to share files with someone who uses a Windows computer 🪟

I could use NFS since my complete house is unix based, but what about when a friend comes with his laptop and uses Windows? well things become tricky so I’ll rather have the Samba over NFS so they don’t have to loss their mental like myself.

Obsidian vault 💜

Although obsidian doesn’t sync in real time for each device once you open the vault from another devices changes are there so that’s fine for me because I’ll do most of the things in my desktop and If I want to continue from bed in the laptop the progress is going to be synced from there so it’s quite effective.

Keepass db 💚

Somewhat same case as Obsidian, having a keepass db could be a pain in the ass to keep up to date across multiple devices, so this way becomes quite simple and keeps being private which is the idea of using keepass right? if I want sync with other devices and use the cloud I’ll rather use Bitwarden.

Stateful services (dev) 🧑‍💻

Do you have an application in your infra that needs to store something locally in the computer? like pictures, documents and stuff? while mounting the share via CIFS won’t be the fastest solution it could work perfectly for your lab especially on DEV environments

In my case I have some personal API rest that I’ve built for learning purposes and it stores things locally so using a only computer is fine but since the app is in a cluster across multiple computers the state needs to be shared across all of them or else all of them should access the samba right? to read and write from there.

Install the samba server 🧰

To accomplish this we are going to follow this guide https://ubuntu.com/tutorials/install-and-configure-samba#1-overview

Since I mention earlier we are using a debian based box (ubuntu in this case) we are going to install it this way

sudo apt update -y
sudo apt install samba

Simple as that! :)

Check that samba is installed with

samba --version
Version X-Debian

Create a Share 🍕

To create a share we should first create a file in a directory, in my case I’m using the home of the user

mkdir /home/user/sambashare

After that we need to modify the smb.conf

sudo nano /etc/samba/smb.conf

Once editing the file we are going to add this at the bottom

[sambashare]
    comment = Example
    path = /home/username/sambashare
    read only = no
    browsable = yes

Where sambashare is the name of the share (could be anything)

Once that is done save the file and sudo service smbd restart to restart the service

Secure the samba (optional) 🔐

Based on this article https://www.makeuseof.com/ways-to-secure-samba-server-on-linux/

We are going to at least ensure the followings for my case since usage is LAN only

• Encrypt the traffic

• Avoid the usage of SMBv1

• Ensure hosts base restrictions

• Restrict anonymous usage

To ensure that we are going to modify the same file as before /etc/samba/smb.conf

And in the [global] section make sure to include

[global]

## Browsing/Identification ###
   workgroup = WORKGROUP
   min protocol = SMB2
   restrict anonymous = 2
   hosts allow = 127.0.0.1 192.168.0.1/24
   hosts deny = 0.0.0.0/0
   smb encrypt = required
   server signing = mandatory

To ensure that traffic is being encrypted you can check it with

sudo smbstatus

Samba version X-Debian
PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing
----------------------------------------------------------------------------------------------------------------------------------------
32393   username       group       192.168.X.X (ipv4:192.168.X.X:X) SMB3_11            AES-128-GCM          AES-128-CMAC

Service      pid     Machine       Connected at                     Encryption   Signing
---------------------------------------------------------------------------------------------
sambashare   32393   192.168.X.X Sun Jul 13 16:53:03 2025 -03      AES-128-GCM  AES-128-CMAC

No locked files

From there we can also see that we are not using SMBv1

Also if we scan with nmap for example we can see that signing is required

Also we can see that is not possible to access with no creds

To secure even more the SMB and get more ideas of possible attacks I’ll suggest you check

https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-smb/index.html

Access the Share from linux 🐧

In ubuntu from your filemanager

In my case the NAS is the one we are looking for, in case the network part won’t find we can access it from the search far typing something like:

smb://<IP>/<SHARE> an example would be smb://192.168.0.5/sambashare

If is the first time we do it we have to authenticate

Remember here this is not your username, is the one created for the SMB/Share

After a successful login we can see our share mounted in the system and use it in applications

In case your FM can’t mount or access the share you will have to do it from the terminal

Ensure that you have cifs-utils installed, that the location to mount exists and to specify a version over 3.0 in order to use SMBv3

sudo mount -t cifs //<IP>/<SHARE> <LOCATION_TO_MOUNT> \
  -o user=USUARIO,password=PASSWORD,uid=$(id -u),gid=$(id -g),file_mode=0664,dir_mode=0775,ver=3.0

Conclusion 🏁

If you reach this means it means that your share must be working, congratz!! Hope you have a great day.

For any issue or suggestion you can contact me at https://links.jonathan.com.ar