I first started using Samba when managing a small office — 15 Windows machines and 2 Ubuntu Servers acting as file servers. Back then I thought it was straightforward, just sharing a folder. But after 6 months in production, I realized there’s quite a lot to pay attention to if you want Samba to be both stable and secure.
Background and Why You Need Samba
At its core, Samba implements the SMB/CIFS protocol on Linux — the same protocol Windows uses for network file sharing. This means an Ubuntu server can communicate directly with Windows machines without requiring any additional software on the client side.
My specific use case: a Windows-based dev team wanted direct access to the code directory on the Ubuntu server — no SSH, no manual file copying. Samba solved this cleanly.
Some common use cases:
- Internal file server for Windows-based offices
- Folder sharing between a Linux VM and Windows host (VMware, VirtualBox)
- Self-hosted NAS replacing Synology/QNAP
- Backup destination from Windows machines over the network
Installing Samba on Ubuntu
I’ve tested this and run it on Ubuntu 22.04 LTS. Installation is fast with no complex dependencies:
sudo apt update
sudo apt install samba samba-common-bin -yCheck the version and service status:
smbd --version
sudo systemctl status smbdIf the service isn’t running, start and enable it to auto-start on boot:
sudo systemctl start smbd nmbd
sudo systemctl enable smbd nmbdnmbd is the NetBIOS Name Service — it lets Windows machines find the server by hostname instead of needing to remember the IP. If you’re managing your own internal name resolution, pairing this with a local DNS server like Bind9 gives you much cleaner hostname control across the network. Skipping nmbd still allows IP-based connections, but the server won’t appear in Network Neighborhood.
Detailed Samba Configuration
The main configuration file is at /etc/samba/smb.conf. Before making changes, back it up — a habit I picked up after the first time I broke the config and spent an entire afternoon restoring it:
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.backupConfiguring the [global] Section
The [global] section contains settings that apply to the entire server — workgroup, security mode, logging, and some performance tweaks. Open the file to edit:
sudo nano /etc/samba/smb.conf[global]
workgroup = WORKGROUP
server string = Ubuntu File Server
security = user
map to guest = bad user
dns proxy = no
# Log settings
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
# Performance tuning
socket options = TCP_NODELAY IPTOS_LOWDELAY
read raw = yes
write raw = yes
max xmit = 65535One commonly overlooked point: workgroup = WORKGROUP must match the workgroup on your Windows machines. Quick check on Windows: right-click This PC → Properties → Advanced system settings → Computer Name.
Creating Shared Folders
Real-world example: I create 2 shares — a public share for the whole team to read and write, and a private share for admins only:
# Create directories
sudo mkdir -p /srv/samba/public
sudo mkdir -p /srv/samba/private
# Permissions for public folder
sudo chown -R nobody:nogroup /srv/samba/public
sudo chmod -R 0775 /srv/samba/public
# Permissions for private folder
sudo chown -R root:root /srv/samba/private
sudo chmod -R 0770 /srv/samba/privateAdd the following to the end of smb.conf:
[Public]
comment = Public Share - Team Access
path = /srv/samba/public
browsable = yes
writable = yes
guest ok = yes
read only = no
create mask = 0664
directory mask = 0775
[Private]
comment = Private - Admin Only
path = /srv/samba/private
browsable = yes
writable = yes
guest ok = no
valid users = sambaadmin
create mask = 0660
directory mask = 0770Creating a Samba User
Samba uses its own user database — it doesn’t use /etc/passwd directly. The user must exist in the Linux system first, then be added to Samba:
# Create system user (no login shell needed)
sudo useradd -M -s /usr/sbin/nologin sambaadmin
# Add to Samba database and set password
sudo smbpasswd -a sambaadmin
# Enable user
sudo smbpasswd -e sambaadminSmall note: CentOS/RHEL typically uses /sbin/nologin, while Ubuntu uses /usr/sbin/nologin. On modern Ubuntu both work because /sbin is a symlink to /usr/sbin — but stick with /usr/sbin/nologin for consistency.
Configuring the Firewall
Opening ports for Samba takes just one command:
sudo ufw allow samba
sudo ufw statusufw allow samba automatically opens ports 137, 138 (UDP) and 139, 445 (TCP). In a production environment, it’s much safer to restrict this to your internal subnet only — especially since open SMB ports are a frequent attack vector (see this guide on detecting and responding to a hacked server for what that exposure can lead to):
sudo ufw allow from 192.168.1.0/24 to any app sambaTesting and Monitoring
Validate Config Before Restarting
Always check the syntax before restarting the service — a bad config will prevent smbd from starting, taking all shares down immediately:
testparmOnce you see Loaded services file OK, it’s safe to restart:
sudo systemctl restart smbd nmbdTesting the Connection Locally
# List all shares
smbclient -L localhost -U sambaadmin
# Connect to the Private share
smbclient //localhost/Private -U sambaadmin
# Connect anonymously to the Public share
smbclient //localhost/Public -NMonitoring Active Connections
smbstatus is the command I reach for most when troubleshooting — it shows who’s connected, which files are locked, and from which IP. Super handy when someone reports they can’t open a file: 9 times out of 10 it’s because someone else has it locked. For deeper visibility into which ports are actually listening and what connections are established on the server side, ss is a faster and more capable alternative to netstat worth having in your toolkit.
# View sessions and open files
smbstatus
# More detail
smbstatus --verbose
# Watch log realtime
sudo tail -f /var/log/samba/log.smbdCommon Errors
NT_STATUS_LOGON_FAILURE: The user exists in Linux but hasn’t been added to the Samba database. Run sudo smbpasswd -a username.
NT_STATUS_ACCESS_DENIED: Directory permissions are incorrect. Double-check that chown and chmod align with valid users in smb.conf.
Server not visible in Network Neighborhood: nmbd isn’t running or has crashed. Run sudo systemctl status nmbd and restart if needed.
Connecting from Windows
Open File Explorer and type in the address bar:
\\192.168.1.100\PublicReplace 192.168.1.100 with your Ubuntu server’s IP. Mapping as a drive letter is much more convenient — especially for users unfamiliar with UNC paths:
# Run on Windows (Command Prompt or PowerShell)
net use Z: \\192.168.1.100\Public /persistent:yes
# With authentication
net use Z: \\192.168.1.100\Private /user:sambaadmin /persistent:yesAfter 6 months running with around 20 simultaneous Windows connections, Samba on Ubuntu 22.04 has been remarkably stable. The memory footprint was lower than I expected — smbd + nmbd only consume around 50–80MB RAM. The only downside: nmbd occasionally needs a manual restart when the network interface changes, but that’s only come up once every few months.
