File Server with Samba: Complete Setup Guide

Introduction

File sharing remains a fundamental requirement for businesses, organizations, and home networks. Samba, the open-source implementation of the SMB/CIFS protocol, enables Linux servers to seamlessly share files with Windows, macOS, and Linux clients, making it the de facto standard for cross-platform file sharing in heterogeneous network environments.

Originally developed by Andrew Tridgell in 1992 through reverse engineering of Microsoft's SMB protocol, Samba has evolved into a mature, feature-rich file server solution deployed in millions of organizations worldwide. From small home networks to Fortune 500 enterprises, Samba provides reliable, secure, and high-performance file sharing with Active Directory integration, advanced permissions, and comprehensive authentication options.

This comprehensive guide walks you through deploying a production-ready Samba file server on Linux. You'll learn installation procedures, share configuration, user authentication, permission management, Active Directory integration, performance optimization, security hardening, backup strategies, and troubleshooting techniques.

Whether creating a departmental file server, replacing expensive Windows file servers, building a home media server, implementing a centralized document repository, or integrating Linux file storage with Windows domains, this guide provides everything needed for professional Samba deployment.

Use Case Overview

Why Deploy a Samba File Server?

Samba file servers provide significant advantages for organizations and individuals:

Cross-Platform Compatibility: Seamlessly share files between Windows, macOS, and Linux systems using native protocols. Users access files through familiar Windows Network Neighborhood or macOS Finder without additional software.

Cost-Effective Alternative: Replace expensive Windows Server licenses and CALs with open-source Linux and Samba, dramatically reducing licensing costs while maintaining full functionality.

Centralized Storage: Consolidate files in a central location, simplifying backups, ensuring version control, enabling collaboration, and preventing data fragmentation across personal devices.

Advanced Permissions: Implement granular access controls combining UNIX permissions and Windows ACLs, controlling read, write, and execute access at user and group levels.

Active Directory Integration: Join Samba servers to existing Active Directory domains, leveraging existing user accounts and group policies for unified identity management.

High Performance: With proper tuning, Samba achieves near-line-speed performance, supporting hundreds of concurrent users and multi-gigabit network throughput.

Print Server Capabilities: Beyond file sharing, Samba provides network print server functionality, centralizing printer management for Windows clients.

Recycle Bin Functionality: Implement file recovery through Samba's recycle bin feature, protecting against accidental deletions without requiring backup restoration.

Audit and Logging: Comprehensive logging tracks file access, modifications, and deletions for security analysis, compliance, and user activity monitoring.

Common Deployment Scenarios

Small Business File Server: Central repository for company documents, spreadsheets, and shared resources with user authentication and permission controls.

Department File Shares: Dedicated shares for different departments (Accounting, HR, Engineering) with role-based access control and quota management.

Home Media Server: Personal file server storing photos, videos, and music accessible from computers, smart TVs, and media players throughout the home network.

Development Team Collaboration: Shared codebases, documentation, and project files for software development teams with version-controlled backups.

Educational Institution Storage: Student home directories, shared course materials, and collaborative project spaces for schools and universities.

Creative Agency File Sharing: High-capacity storage for graphic designers, video editors, and photographers sharing large media files within studios.

Backup Repository: Network-attached storage serving as backup destination for workstations, servers, and critical systems.

Virtual Desktop Infrastructure (VDI): User profile storage and application repositories for virtualized desktop environments.

Technical Capabilities

A properly configured Samba file server provides:

• SMB/CIFS Protocol Support: SMB1, SMB2, and SMB3 protocol versions with encryption
• Multi-User Access: Simultaneous access by hundreds of users with connection persistence
• Authentication Options: Local users, LDAP, Active Directory, or Kerberos authentication
• Permission Models: UNIX permissions, POSIX ACLs, and Windows-style ACLs
• Share Types: Standard file shares, home directories, print shares, and hidden administrative shares
• File Locking: Opportunistic locking and strict locking preventing data corruption
• Quota Management: Per-user and per-share disk quota enforcement
• Recycle Bin: Soft-delete protection with configurable retention policies
• Auditing: Comprehensive access and modification logging
• High Availability: Clustering and failover support for mission-critical deployments

Requirements

System Requirements

Minimum Requirements (Home/Small Office, 5-10 users):

• CPU: 2 cores at 2.0+ GHz
• RAM: 2GB
• Storage: Depends on storage needs (minimum 100GB)
• Network: 1 Gbps Ethernet
• OS: Ubuntu 20.04/22.04, Debian 11/12, CentOS 8, Rocky Linux 8/9

Recommended Requirements (Medium Business, 25-100 users):

• CPU: 4 cores at 2.5+ GHz
• RAM: 8GB
• Storage: 1TB+ (RAID recommended for redundancy)
• Network: 1 Gbps Ethernet (multiple interfaces for bonding)
• OS: Ubuntu 22.04 LTS

High-Performance Requirements (Enterprise, 200+ users):

• CPU: 8+ cores at 3.0+ GHz
• RAM: 16-32GB
• Storage: 10TB+ with RAID 6 or RAID 10, SSD cache tier
• Network: 10 Gbps Ethernet or multiple bonded 1 Gbps interfaces
• OS: Ubuntu 22.04 LTS with kernel tuning

Storage Considerations

Storage Capacity Planning:

• Small office: 100GB-1TB
• Medium business: 1TB-10TB
• Enterprise: 10TB-100TB+

Storage Performance:

• HDD RAID: Standard for most deployments, balance of capacity and cost
• SSD: Ideal for performance-critical applications or databases
• Hybrid: HDD for bulk storage with SSD cache tier for hot data
• NAS Appliances: Pre-built solutions with optimized storage arrays

RAID Recommendations:

• RAID 1: Mirror for 2-drive setups (100% redundancy, 50% capacity)
• RAID 5: Striping with parity (1 drive failure tolerance, good performance)
• RAID 6: Dual parity (2 drive failure tolerance, better reliability)
• RAID 10: Mirrored stripes (best performance, 50% capacity)

Network Requirements

Network Speed: Minimum 1 Gbps recommended for modern file servers. 10 Gbps ideal for large deployments or media production environments.

Switch Requirements: Managed switches supporting VLANs, link aggregation (LACP), and jumbo frames for optimal performance.

Port Configuration: Samba uses multiple ports:

• 139/TCP: NetBIOS Session Service (legacy)
• 445/TCP: Microsoft-DS (modern SMB)
• 137/UDP: NetBIOS Name Service (legacy)
• 138/UDP: NetBIOS Datagram Service (legacy)

Modern deployments primarily use port 445/TCP.

Software Requirements

Samba Version: Samba 4.x recommended (Active Directory support, SMB3).

File System: ext4, XFS, or Btrfs with ACL support enabled.

Optional Components:

• winbind: Active Directory integration
• samba-vfs-modules: Extended functionality (recycle bin, auditing)
• samba-tool: Domain management utilities
• smbclient: Testing and client utilities

Prerequisites Knowledge

• Linux system administration fundamentals
• User and group management concepts
• File permissions and ownership understanding
• Basic networking knowledge
• Windows file sharing familiarity

Step-by-Step Setup

Step 1: System Preparation

Update system packages:

# Ubuntu/Debian
sudo apt update && sudo apt upgrade -y

# CentOS/Rocky Linux
sudo dnf update -y

Step 2: Install Samba

Ubuntu/Debian:

sudo apt install samba samba-common-bin smbclient cifs-utils -y

CentOS/Rocky Linux:

sudo dnf install samba samba-client cifs-utils -y

Verify installation:

smbd --version

Should display Samba version (4.x).

Step 3: Backup Default Configuration

Create backup of original configuration:

sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.original

Step 4: Create Basic Samba Configuration

Create new simplified configuration:

sudo nano /etc/samba/smb.conf

Add the following basic configuration:

[global]
   workgroup = WORKGROUP
   server string = Samba File Server
   netbios name = fileserver
   security = user
   map to guest = never
   dns proxy = no

   # Logging
   log file = /var/log/samba/log.%m
   max log size = 1000
   log level = 1

   # Performance tuning
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
   read raw = yes
   write raw = yes
   max xmit = 65535
   dead time = 15
   getwd cache = yes

   # SMB protocol versions
   server min protocol = SMB2
   server max protocol = SMB3

   # File system settings
   unix extensions = no
   wide links = no

# Example public share (read-only for everyone)
[Public]
   path = /srv/samba/public
   browseable = yes
   read only = yes
   guest ok = yes
   create mask = 0644
   directory mask = 0755

# Example private share (authentication required)
[Private]
   path = /srv/samba/private
   browseable = yes
   read only = no
   valid users = @users
   create mask = 0660
   directory mask = 0770
   force group = users

Save and exit.

Configuration Breakdown:

• workgroup: Windows workgroup/domain name
• server string: Description shown in network browse lists
• security = user: Require username/password authentication
• path: Filesystem directory to share
• browseable: Show share in network browse lists
• read only: no = writable, yes = read-only
• valid users: Who can access (@group or username)
• create mask: Permissions for new files
• directory mask: Permissions for new directories

Step 5: Create Share Directories

Create directories for shares:

sudo mkdir -p /srv/samba/public
sudo mkdir -p /srv/samba/private

Set ownership and permissions:

# Public share (readable by all)
sudo chown -R nobody:nogroup /srv/samba/public
sudo chmod 755 /srv/samba/public

# Private share (owned by users group)
sudo chown -R root:users /srv/samba/private
sudo chmod 770 /srv/samba/private

Step 6: Create Samba Users

Create Linux users first:

sudo useradd -m -s /bin/bash john
sudo useradd -m -s /bin/bash sarah

Add users to Samba database with passwords:

sudo smbpasswd -a john
sudo smbpasswd -a sarah

Enter and confirm passwords when prompted.

Enable users:

sudo smbpasswd -e john
sudo smbpasswd -e sarah

List Samba users:

sudo pdbedit -L -v

Step 7: Test Configuration

Verify configuration syntax:

testparm

Should display "Loaded services file OK" and show configuration.

Step 8: Start and Enable Samba

Enable Samba services:

# Ubuntu/Debian
sudo systemctl enable smbd nmbd
sudo systemctl start smbd nmbd

# CentOS/Rocky
sudo systemctl enable smb nmb
sudo systemctl start smb nmb

Check status:

# Ubuntu/Debian
sudo systemctl status smbd nmbd

# CentOS/Rocky
sudo systemctl status smb nmb

Step 9: Configure Firewall

Allow Samba through firewall:

# UFW (Ubuntu/Debian)
sudo ufw allow Samba

# Firewalld (CentOS/Rocky)
sudo firewall-cmd --permanent --add-service=samba
sudo firewall-cmd --reload

Step 10: Test from Client

Windows Client:

1. Open File Explorer
2. Type in address bar: \\FILESERVER_IP\Public
3. Press Enter
4. For private share: \\FILESERVER_IP\Private
5. Enter username and password

macOS Client:

1. Open Finder
2. Press Cmd+K
3. Enter: smb://FILESERVER_IP/Public
4. Click Connect

Linux Client:

# Install cifs-utils if not already installed
sudo apt install cifs-utils -y

# List shares
smbclient -L //FILESERVER_IP -U john

# Connect to share
smbclient //FILESERVER_IP/Private -U john

Mount permanently:

sudo mkdir /mnt/private
sudo mount -t cifs //FILESERVER_IP/Private /mnt/private -o username=john,password=secret

Configuration

User Home Directories

Create individual home directories for each user:

Add to smb.conf:

[homes]
   comment = Home Directories
   browseable = no
   read only = no
   create mask = 0700
   directory mask = 0700
   valid users = %S

Users access via \\FILESERVER\username.

Departmental Shares

Create department-specific shares with group permissions:

Create groups and users:

sudo groupadd accounting
sudo groupadd engineering
sudo groupadd management

sudo usermod -aG accounting john
sudo usermod -aG engineering sarah

Create share directories:

sudo mkdir -p /srv/samba/departments/{accounting,engineering,management}

sudo chown root:accounting /srv/samba/departments/accounting
sudo chown root:engineering /srv/samba/departments/engineering
sudo chown root:management /srv/samba/departments/management

sudo chmod 2770 /srv/samba/departments/*

The 2770 sets the setgid bit (2) ensuring new files inherit group ownership.

Add shares to smb.conf:

[Accounting]
   path = /srv/samba/departments/accounting
   browseable = yes
   read only = no
   valid users = @accounting
   force group = accounting
   create mask = 0660
   directory mask = 0770

[Engineering]
   path = /srv/samba/departments/engineering
   browseable = yes
   read only = no
   valid users = @engineering
   force group = engineering
   create mask = 0660
   directory mask = 0770

[Management]
   path = /srv/samba/departments/management
   browseable = yes
   read only = no
   valid users = @management
   force group = management
   create mask = 0660
   directory mask = 0770

Reload Samba:

sudo smbcontrol all reload-config

Recycle Bin Configuration

Implement recycle bin to recover accidentally deleted files:

Add to share configuration:

[Engineering]
   path = /srv/samba/departments/engineering
   browseable = yes
   read only = no
   valid users = @engineering

   # Recycle bin configuration
   vfs objects = recycle
   recycle:repository = .recycle/%U
   recycle:keeptree = yes
   recycle:versions = yes
   recycle:touch = yes
   recycle:exclude = *.tmp, *.temp, *.o, *.obj, ~$*
   recycle:exclude_dir = /tmp, /cache
   recycle:maxsize = 0

Parameters Explained:

• recycle:repository: Location of recycle bin (%U = username)
• recycle:keeptree: Preserve directory structure
• recycle:versions: Keep multiple versions of same file
• recycle:touch: Update timestamp on deletion
• recycle:exclude: File patterns to skip recycling
• recycle:maxsize: Maximum file size to recycle (0 = unlimited)

Audit Logging

Enable comprehensive auditing:

[Engineering]
   path = /srv/samba/departments/engineering
   browseable = yes
   read only = no
   valid users = @engineering

   # Audit logging
   vfs objects = full_audit
   full_audit:prefix = %u|%I|%m|%S
   full_audit:success = mkdir rmdir read write rename unlink
   full_audit:failure = all
   full_audit:facility = local5
   full_audit:priority = notice

View audit logs:

sudo tail -f /var/log/syslog | grep smbd_audit

Read-Only Shares with Upload Dropbox

Create share where users can upload but not read others' files:

[Dropbox]
   path = /srv/samba/dropbox
   browseable = yes
   read only = no
   valid users = @users
   create mask = 0600
   directory mask = 0700

   # Write-only configuration
   write list = @users
   force user = dropbox
   force create mode = 0600
   hide unreadable = yes

Create dropbox user and directory:

sudo useradd -r -s /bin/false dropbox
sudo mkdir /srv/samba/dropbox
sudo chown dropbox:users /srv/samba/dropbox
sudo chmod 1770 /srv/samba/dropbox

The sticky bit (1) ensures users can only delete their own files.

Disk Quotas

Implement per-user disk quotas:

Enable quotas on filesystem:

# Edit /etc/fstab, add usrquota,grpquota to options
sudo nano /etc/fstab

Find line for your Samba partition and modify:

/dev/sdb1 /srv/samba ext4 defaults,usrquota,grpquota 0 2

Remount filesystem:

sudo mount -o remount /srv/samba

Initialize quota database:

sudo quotacheck -cum /srv/samba
sudo quotaon -v /srv/samba

Set quota for user:

# Set 10GB soft limit, 12GB hard limit for john
sudo setquota -u john 10000000 12000000 0 0 /srv/samba

Check quota usage:

sudo quota -vs john

Windows ACL Support

Enable Windows-style ACLs for granular permissions:

Install ACL support:

sudo apt install acl attr -y

Mount filesystem with ACL support (add to /etc/fstab):

/dev/sdb1 /srv/samba ext4 defaults,acl 0 2

Remount:

sudo mount -o remount /srv/samba

Configure Samba for Windows ACLs:

[Engineering]
   path = /srv/samba/departments/engineering
   read only = no
   valid users = @engineering

   # Windows ACL support
   vfs objects = acl_xattr
   map acl inherit = yes
   store dos attributes = yes

Set permissions from Windows:

1. Right-click folder/file
2. Properties → Security
3. Configure permissions as needed

Optimization

Performance Tuning

Socket Buffer Optimization

[global]
   # Increase socket buffers
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288

   # Increase max transfer size
   max xmit = 65535

   # Enable async I/O
   aio read size = 16384
   aio write size = 16384

   # Read and write optimizations
   read raw = yes
   write raw = yes

   # Cache optimizations
   getwd cache = yes
   kernel oplocks = yes
   level2 oplocks = yes

SMB3 Multi-Channel

Enable SMB3 multi-channel for increased throughput:

[global]
   server multi channel support = yes

   # Bind to specific interfaces
   interfaces = 192.168.1.100/24 192.168.2.100/24
   bind interfaces only = yes

Requires multiple network interfaces.

Oplocks and Caching

[Engineering]
   path = /srv/samba/departments/engineering

   # Enable oplocks for better performance
   oplocks = yes
   level2 oplocks = yes
   kernel oplocks = yes

   # Strict locking for data integrity (disable for performance)
   strict locking = auto

Note: Disable oplocks for database files to prevent corruption.

Kernel Parameter Tuning

Optimize Linux kernel for file server performance:

sudo nano /etc/sysctl.conf

Add:

# Increase file handles
fs.file-max = 2097152

# Increase network buffers
net.core.rmem_max = 134217728
net.core.wmem_max = 134217728
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864

# Optimize connection handling
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_max_syn_backlog = 8192

# Faster file system access
vm.dirty_ratio = 15
vm.dirty_background_ratio = 5
vm.vfs_cache_pressure = 50

Apply changes:

sudo sysctl -p

Storage Optimization

Use XFS for Large Files

XFS performs better than ext4 for large files and high concurrency:

# Format partition with XFS
sudo mkfs.xfs -L samba-data /dev/sdb1

# Mount with optimal options
sudo mount -o noatime,nodiratime,logbsize=256k /dev/sdb1 /srv/samba

Add to /etc/fstab:

/dev/sdb1 /srv/samba xfs defaults,noatime,nodiratime,logbsize=256k 0 2

SSD Optimization

For SSD-based storage:

# Mount with SSD-optimized options
sudo mount -o noatime,nodiratime,discard /dev/sdb1 /srv/samba

Load Balancing

Distribute load across multiple Samba servers using DNS round-robin or load balancer:

DNS Round-Robin:

Create multiple A records for same hostname:

fileserver.local. IN A 192.168.1.10
fileserver.local. IN A 192.168.1.11
fileserver.local. IN A 192.168.1.12

Clients connecting to fileserver.local will be distributed across servers.

DFS (Distributed File System):

Configure Samba with DFS support:

[global]
   host msdfs = yes

[dfs_root]
   path = /srv/samba/dfs
   msdfs root = yes

Create DFS links:

sudo mkdir -p /srv/samba/dfs
cd /srv/samba/dfs
sudo ln -s msdfs:server1\\share1,server2\\share1 share1

Troubleshooting

Cannot Connect to Shares

Verify Samba is running:

sudo systemctl status smbd nmbd

Check firewall:

# Test port 445
telnet FILESERVER_IP 445

Verify share exists:

testparm -s

Should list all shares.

Test from server locally:

smbclient -L localhost -U username

If works locally but not remotely, firewall issue.

Check SELinux (CentOS/Rocky):

sudo getsebool -a | grep samba

Allow Samba home directories:

sudo setsebool -P samba_enable_home_dirs on

Permission Denied Errors

Check Linux file permissions:

ls -la /srv/samba/private

Ensure user has read/write access.

Verify Samba user exists:

sudo pdbedit -L

Check share configuration:

testparm -s --section-name=ShareName

Force permissions:

[Share]
   force user = root
   force group = users
   create mask = 0660
   directory mask = 0770

Authentication Failures

Reset Samba password:

sudo smbpasswd -a username

Enable user:

sudo smbpasswd -e username

Verify user is in valid_users:

Check smb.conf share configuration:

valid_users = @groupname username

Clear Windows credentials (Windows client):

net use * /delete

Then reconnect with correct credentials.

Slow Performance

Check network speed:

iperf3 -s  # On server
iperf3 -c SERVER_IP  # On client

Monitor Samba processes:

sudo smbstatus

Check disk I/O:

sudo iotop

High iowait indicates disk bottleneck.

Verify oplocks enabled:

testparm -sv | grep oplock

Increase buffer sizes in smb.conf (see Optimization section).

File Locking Issues

View locked files:

sudo smbstatus -L

Unlock specific file:

Get PID from smbstatus, then:

sudo kill -HUP PID

Disable strict locking (use cautiously):

strict locking = no

Security Hardening

Disable SMB1 Protocol

SMB1 has known vulnerabilities:

[global]
   server min protocol = SMB2
   server max protocol = SMB3

Enable SMB Encryption

Force encryption for sensitive shares:

[Finance]
   path = /srv/samba/finance
   smb encrypt = required

Restrict Network Access

Limit access to specific networks:

[global]
   hosts allow = 192.168.1.0/24 10.0.0.0/8
   hosts deny = 0.0.0.0/0

Or per-share:

[Engineering]
   hosts allow = 192.168.10.0/24

Implement Strong Passwords

Enforce password complexity (requires pam_pwquality):

sudo nano /etc/pam.d/common-password

Add:

password requisite pam_pwquality.so retry=3 minlen=12 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1

Regular Security Audits

Monitor logs for suspicious activity:

sudo tail -f /var/log/samba/log.smbd | grep -i "failed\|denied\|error"

Review connected users:

sudo smbstatus -b

Conclusion

You now have a fully operational Samba file server providing cross-platform file sharing with robust authentication, granular permissions, and enterprise features. This production-ready solution offers the flexibility and performance needed for organizations of all sizes.

Key achievements from this guide:

• Cross-platform file sharing seamlessly serving Windows, macOS, and Linux clients
• Granular access control using UNIX permissions, groups, and Windows ACLs
• Advanced features including recycle bins, audit logging, and disk quotas
• Performance optimization through tuning, caching, and protocol enhancements
• Security hardening with encryption, access restrictions, and protocol limitations
• Scalable architecture ready for expansion with load balancing and clustering

Regular maintenance includes monitoring disk usage, reviewing access logs, updating share permissions as team structures change, and keeping Samba packages updated for security patches. Implement regular backups of both share data and Samba configuration files to ensure quick recovery from failures.

Whether replacing expensive Windows file servers, building departmental collaboration platforms, or creating personal media storage, Samba provides the foundation for professional file sharing infrastructure.

Share wisely!