Samba, NFS, or SFTP — Which One for Your Local Network?
When you need to share files between Linux and Windows machines on the same LAN, there are three main options: Samba (SMB/CIFS), NFS, and SFTP over SSH. I’ve been using Fedora as my primary development machine for two years and have tried all three. Each has its own strengths and fits different scenarios — no single option is perfect for every situation.
Pros and Cons of Each Option
NFS (Network File System) is the ideal choice if you’re working in a purely Linux-to-Linux environment. High performance, simple configuration. The downside: Windows doesn’t support NFS natively — you have to install additional software on the Windows side and the experience is still choppy, especially on Windows 10/11 Home.
SFTP over SSH is extremely secure, requiring only port 22 to be open. Great for manual file transfers. The downside is that you can’t mount it as a network drive in Windows Explorer — you have to open WinSCP or FileZilla every time, which isn’t convenient for daily work.
Samba uses the SMB protocol — the same protocol Windows uses internally for file sharing. Windows Explorer recognizes it immediately, you can mount it as a network drive without installing anything extra, and it supports printer sharing too. The only downside: configuration on Fedora is more complex because SELinux and firewalld are very restrictive by default.
When Is Samba the Right Choice?
- Hybrid Linux + Windows environment with frequent file sharing needs
- Want to mount as a network drive in Windows Explorer without third-party software
- Need to share printers over the local network
- Team uses Windows, server runs Fedora
Pure Linux environments should use NFS. If you only need occasional file transfers, SFTP is sufficient. This article focuses on Samba because it’s the most complex case and the one most prone to silent failures on Fedora.
Why Is Fedora “Harder” Than Other Distros for Running Samba?
If you’ve installed Samba on Ubuntu and found it quick and easy, switching to Fedora will be a surprise. The two biggest headaches are SELinux and firewalld — both are enabled by default and both can block Samba without displaying any obvious error messages.
The classic failure: smb.conf is configured correctly, the service is running, but from Windows you either can’t see the share at all, or you can see it but get access denied when you try to open it — all because of a wrong SELinux context or firewalld not being opened for the right zone. This is the cause of roughly 80% of “Samba not working on Fedora” questions on technical forums.
Installing Samba on Fedora
Step 1: Install Samba Packages
sudo dnf install samba samba-common samba-client -yThe samba-client package isn’t required for the server, but it’s useful for testing the connection directly from the Fedora machine without needing a Windows machine.
Step 2: Enable and Start the Service
sudo systemctl enable --now smb nmbsmb is the main Samba service that handles SMB/CIFS. nmb is the NetBIOS name service — it helps Windows find the server by name rather than having to remember the IP address.
Configuring the Shared Directory
Create the Folder and Set Permissions
# Create the shared directory
sudo mkdir -p /srv/samba/shared
# Create a group to manage Samba users
sudo groupadd sambashare
# Set read/write permissions for the group
sudo chmod 0775 /srv/samba/shared
sudo chgrp sambashare /srv/samba/sharedConfigure smb.conf
The main configuration file is located at /etc/samba/smb.conf. Always back it up before editing — a good habit that costs nothing:
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
sudo nano /etc/samba/smb.confAdd the following section to the end of the file:
[global]
workgroup = WORKGROUP
server string = Fedora Samba Server
security = user
passdb backend = tdbsam
log file = /var/log/samba/log.%m
max log size = 50
[shared]
comment = Shared Folder
path = /srv/samba/shared
browseable = yes
read only = no
valid users = @sambashare
create mask = 0664
directory mask = 0775Check the syntax immediately after saving:
testparmCreate a Samba User
Samba uses its own user database, separate from the system users. However, the Samba user must already exist in Linux — you can’t create a Samba password for an account that doesn’t exist in /etc/passwd.
# Add the current user to the sambashare group
sudo usermod -aG sambashare $(whoami)
# Create a Samba password for the user
sudo smbpasswd -a $(whoami)Restart Samba to apply the new configuration:
sudo systemctl restart smb nmbHandling SELinux — The Most Important Part on Fedora
This is the step that most guides on the internet skip or reduce to “just disable SELinux.” I don’t recommend disabling it — you need to set the right context and booleans. It takes 5 minutes, keeps your system security intact, and saves you from having to figure it out again after a server audit.
Set the SELinux Context for the Shared Directory
# Install SELinux policy management tools if not already installed
sudo dnf install policycoreutils-python-utils -y
# Assign the samba_share_t context to the directory
sudo semanage fcontext -a -t samba_share_t "/srv/samba/shared(/.*)?"
# Apply the context to the filesystem
sudo restorecon -Rv /srv/samba/sharedCheck that the context was applied correctly:
ls -Z /srv/samba/sharedThe output should show samba_share_t in the context column. If you still see default_t or user_home_t, Samba will be denied access — even if the service is running normally.
Enable the Required SELinux Booleans
# Allow Samba to read/write directories labeled samba_share_t
sudo setsebool -P samba_export_all_rw on
# Allow Samba to access home directories (enable only if needed)
sudo setsebool -P samba_enable_home_dirs onThe -P flag makes the boolean persist across reboots. Forget this flag and the setting will reset to its default after the next boot — and you’ll spend another debugging session starting from scratch.
Configuring firewalld
firewalld organizes network interfaces into zones. Samba uses 4 ports: 137/UDP, 138/UDP (NetBIOS) and 139/TCP, 445/TCP (SMB). Before opening them, identify which zone your interface belongs to:
# Check the current zone
sudo firewall-cmd --get-active-zonesOpen the Samba service for the appropriate zone (usually public or internal):
# Open Samba on the public zone
sudo firewall-cmd --permanent --add-service=samba --zone=public
# Apply immediately
sudo firewall-cmd --reloadVerify the configuration:
sudo firewall-cmd --list-services --zone=publicYou should see samba in the list. Purely internal LAN? Assign the interface to the internal zone instead of public — more permissive policy, better suited for a company network.
Sharing a Printer with Windows (Optional)
Want to share a printer with the whole team? Install CUPS and enable the print server in Samba:
sudo dnf install cups samba-common-tools -y
sudo systemctl enable --now cupsAdd to smb.conf:
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
printable = yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = noCreate the spool directory and assign the SELinux context:
sudo mkdir -p /var/spool/samba
sudo chmod 1777 /var/spool/samba
sudo chcon -t samba_spool_t /var/spool/sambaConnecting from Windows
From your Windows machine, open Run (Win+R) and enter directly:
\\192.168.1.100\sharedReplace 192.168.1.100 with your Fedora machine’s actual IP address. To mount it as a persistent network drive:
- Open File Explorer → This PC → Map Network Drive
- Choose a drive letter (e.g., Z:)
- Enter the path:
\\192.168.1.100\shared - Check Connect using different credentials if your Windows username differs from your Samba username
- Click Finish and enter the Samba username/password you created earlier
Debugging Connection Issues
Can’t connect? Check in this order — from simple to complex:
# 1. Check if the service is running
sudo systemctl status smb nmb
# 2. Test the connection from the Fedora machine itself
smbclient -L localhost -U $(whoami)
# 3. Check SELinux logs — usually the main culprit
sudo ausearch -m avc -ts recent | grep samba
# 4. Check if the firewall is open
sudo firewall-cmd --list-all
# 5. Check if Samba ports are listening
ss -tlnp | grep -E '139|445'
# 6. View active connections (confirm who has access)
sudo smbstatusSELinux errors appear in the ausearch output as denied { write } ... samba_t .... When you see this, check the context with ls -Z and the booleans with getsebool -a | grep samba. In most cases, running restorecon again is all it takes.
