Setting up and Configuring a basic Samba Server in AWS

From very old days Samba is opted as a secure file transfer protocol native to Linux Operating system. In this article I will setup a basic samba server in AWS public Subnet and access the share from a Linux server in the private subnet.

First thing first, Let’s create an EC2 server with Amazon Linux 2 AMI in the public subnet. In security group open port 22and port 445 to anywhere i.e 0.0.0.0/0 range.

Security Group

Launch the instance and wait for status check to be 2/2 passed.

SSH into the server. and change the hostname to a convenience name for ease.

* As this is an Amazon Linux 2 AMI we need to follow the below steps to change the hostname to an user friendly name.

$ sudo vi /etc/cloud/cloud.cfg

In the end of the file add the below line and save.

preserve_hostname: true

Then run the hostnamectl command to change the hostname. The run the update and finally reboot the system to get the change affect.

$ sudo hostnamectl set-hostname samba-server
$ sudo yum update -y
$ sudo reboot

Re login the server over ssh . This time we will install Samba, samba-client, and cifs-utils as Root user.

$ sudo su -
# yum install -y samba samba-client cifs-utils

Edit the samba configuration file smb.conf for adding the samba details.

# vim /etc/samba/smb.conf

Edit and add the entries like below.

        security = user
        hosts allow = 127. 172.  
*** Add the loopback IP and the VPC starting ip as shown above
        interfaces = lo eth0
        passdb backend = smbpasswd:/etc/samba/sambapasswd.txt
        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw
[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes
[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No
[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @printadmin root
        force group = @printadmin
        create mask = 0664
        directory mask = 0775
[devdocs]
        comment = Development documentation
        read only = no
        available = yes
        path = /devdocs
        public = yes
        valid users = devdocsuser
        write list = devdocsuser
        writable = yes
        browseable = yes

Create samba user and set the password. After that add the user to use samba service.

# useradd devdocsuser
# passwd devdocsuser
# smbpasswd -a devdocsuser
# service smb restart

when we set the password for samba user it will throw the below warning. can be ignored.

Create a directory to be use by Samba for sharing purpose. Change the permission to 0777.

# mkdir /devdocs
# chmod 777 /devdocs

After adding the directory restart the samba service and check the parameters are valid or not by running testparm command. If it shows below output then the configuration file is syntactically valid.

# service smb restart
# testparm

Now launch another Amazon Linux 2 VM in the same VPC and in private subnet.

Do the same steps to change the hostname and update the package and install the samba, samba-client and cifs-utils.

Create a directory to mount the samba share and change the permission of that directory to 0775.

$ sudo mkdir /mnt/devdocs
$ sudo chmod 777 /mnt/devdocs/

After creating the directory needs to mount the samba share into that directory to use the share as samba sharing. Use the samba server private ip in the smbclient command.

$ smbclient //<private ip of server>/devdocs -U devdocsuser

If the above command gives you a smb prompt then everything is working as excepted.

To use samba share as a file system we need to mount that into the directory using cifs protocol.

$ sudo mount -t cifs -o username=devdocsuser //<private ip of the server>/devdocs /mnt/devdocs/

After mounting run the df -hT to see if the filesystem is populating or not.

For permanent mounting and make the file system available at the time of booting need the add the entry in fstab.

//172.31.93.191/devdocs  /mnt/devdocs/ cifs 
credentials=/home/ec2-user/.samba_cred,_netdev 0 0

The “ _netdev” option is important since we are mounting a network device. Clients may hang during the boot process if the system encounters any difficulties with the network.

Create a file to store the credentials of the samba.

$ vim /home/ec2-user/.samba_cred
username=devdocsuser
password=devdocsuser

After creating the samba credentials file mount the file system.

$ sudo mount -a

Cross check if the file system is mounted or not by running df -hT command. It will show the output like below.

Finally we have mounted a samba share in a Linux server successfully. Now let’s mount the same share in a Windows server to check it’s functionality in windows as well.

For that use case let’s launch a Windows VM in the same VPC and in the private subnet.

After the instance pass 2/2 check RDP into it.

After getting into the server right click on This PC in Windows Explorer and click on Add a network location.

Click on Choose a custom network location and then click Next.

Enter the Samba share private ip and share name like \\<samba server private ip>\<share name>

Click on Next. It will ask the credentials to connect the server. Put samba user name and password. then press OK.

Name the location as per your convenience. I am leaving as it is. Click onNext then Finish.

Now we have mounted the samba share in both Linux and Windows. To test the functionality create a file in the samba server in the directory where samba share is mounted i.e. /devdocs.

As we can see the file we created in the samba server is populating in both the Linux and Windows machine.

*** To add more security we can change the samba share ownership to devdocsuser and change the permission to 0755. It will enhance the security if the share is used for any financial purpose.

* to know more about cifs protocol please read the document. https://cifs.com/