Skip to content
Klutch.sh Docs

Deploying Samba

Introduction

Samba is an open-source implementation of the SMB/CIFS networking protocol, enabling file and print sharing between Linux/Unix and Windows systems. As the de facto standard for cross-platform file sharing, Samba allows seamless integration of Linux servers into Windows-dominated networks.

Beyond simple file sharing, Samba can function as an Active Directory Domain Controller, providing complete Windows domain services. Whether you need basic file shares or enterprise directory services, Samba delivers the compatibility and features required for modern mixed-platform environments.

Key highlights of Samba:

  • SMB/CIFS Protocol: Native Windows file sharing compatibility
  • Cross-Platform: Share files between Windows, macOS, and Linux
  • Active Directory: Full AD Domain Controller functionality
  • Print Services: Network printer sharing
  • User Authentication: Local and domain-based user management
  • Access Control: Fine-grained permission management
  • Network Browsing: Appear in Windows Network Places
  • Oplocks: Opportunistic locking for performance
  • Encryption: SMB3 encryption support
  • High Availability: Clustering support available

This guide walks through deploying Samba on Klutch.sh using Docker, configuring file shares, and managing access.

Why Deploy Samba on Klutch.sh

Deploying Samba on Klutch.sh provides several advantages for file sharing:

Simplified Deployment: Klutch.sh builds your Samba configuration automatically.

Persistent Storage: Attach volumes for shared files and configuration.

Scalable Resources: Allocate resources based on storage and user needs.

GitHub Integration: Store configuration in version control.

Centralized Storage: Provide network-accessible storage from the cloud.

Prerequisites

Before deploying Samba on Klutch.sh, ensure you have:

  • A Klutch.sh account
  • A GitHub account with a repository
  • Basic familiarity with Docker and SMB concepts
  • Understanding of your network access requirements
  • (Optional) VPN for secure remote access to SMB

Deploying Samba on Klutch.sh

    Create Your Repository

    Create a new GitHub repository for your Samba deployment. Add a Dockerfile:

    FROM dperson/samba:latest
    

    ENV USERID=1000
    ENV GROUPID=1000
    

    EXPOSE 445 139
    

    HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
      CMD smbclient -L localhost -U% || exit 1

    Create Samba Configuration

    Add an entrypoint script start.sh:

    #!/bin/bash
    

    # Create user and share
    samba.sh -u "user;password" -s "share;/share;yes;no;no;user"
    

    # Start samba
    exec smbd --foreground --no-process-group

    Push to GitHub

    Commit and push your files to your GitHub repository.

    Create a New Project on Klutch.sh

    Navigate to the Klutch.sh dashboard and create a new project.

    Create a New App

    Within your project, create a new app. Connect your GitHub account and select your repository.

    Configure TCP Traffic

    Samba uses TCP ports:

    • Port 445: SMB direct
    • Port 139: SMB over NetBIOS

    Note: SMB traffic requires TCP configuration or VPN access.

    Attach Persistent Volumes

    Add volumes for data:

    Mount PathRecommended SizePurpose
    /share100+ GBShared files
    /etc/samba100 MBConfiguration

    Deploy Your Application

    Click Deploy to start the build process.

Configuration

Basic smb.conf

Configure Samba in /etc/samba/smb.conf:

[global]
    workgroup = WORKGROUP
    server string = Samba Server
    security = user
    map to guest = Bad User
    log level = 1
    max log size = 50


[share]
    path = /share
    browsable = yes
    writable = yes
    valid users = @users
    create mask = 0755
    directory mask = 0755

User Management

Create and manage Samba users:

Terminal window
# Add Linux user
useradd -M smbuser


# Set Samba password
smbpasswd -a smbuser


# Enable user
smbpasswd -e smbuser

Share Configuration

Configure different share types:

Public Share

[public]
    path = /share/public
    browsable = yes
    writable = yes
    guest ok = yes
    create mask = 0777

Private Share

[private]
    path = /share/private
    browsable = yes
    writable = yes
    valid users = user1, user2
    create mask = 0770

Read-Only Share

[readonly]
    path = /share/docs
    browsable = yes
    writable = no
    guest ok = yes

Access Control

Permission Levels

Configure access permissions:

PermissionDescription
read only = yesRead-only access
writable = yesFull read/write
guest ok = yesAnonymous access
valid usersSpecific user access

Group-Based Access

Control access by group:

[finance]
    path = /share/finance
    valid users = @finance
    write list = @finance

Client Connection

Windows

Connect from Windows:

  1. Open File Explorer
  2. Enter \\server-address\share
  3. Provide credentials when prompted
  4. Map as network drive (optional)

macOS

Connect from macOS:

  1. Finder > Go > Connect to Server
  2. Enter smb://server-address/share
  3. Authenticate
  4. Access share

Linux

Mount on Linux:

Terminal window
# Install cifs-utils
apt install cifs-utils


# Mount share
mount -t cifs //server/share /mnt/share -o username=user

Security

SMB Protocol Version

Enforce secure protocols:

[global]
    min protocol = SMB2
    max protocol = SMB3

Encryption

Enable SMB3 encryption:

[global]
    smb encrypt = required

Network Security

Limit access by network:

[global]
    hosts allow = 192.168.1.0/24 10.0.0.0/8
    hosts deny = all

Performance Tuning

Buffer Configuration

Optimize for performance:

[global]
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
    read raw = yes
    write raw = yes

Oplocks

Enable opportunistic locking:

[share]
    oplocks = yes
    level2 oplocks = yes

Web-Based Management

Samba Web Admin

Deploy web interface for management:

FROM dperson/samba:latest


RUN apt-get update && apt-get install -y swat

Troubleshooting

Connection Refused

  • Verify port accessibility
  • Check firewall rules
  • Confirm Samba is running
  • Review logs

Authentication Failures

  • Verify user exists in Samba database
  • Check password with smbpasswd
  • Review security settings
  • Check valid users list

Permission Denied

  • Verify file system permissions
  • Check share configuration
  • Confirm user group membership
  • Review create/directory masks

Slow Performance

  • Check network connectivity
  • Optimize buffer settings
  • Review oplocks configuration
  • Monitor resource usage

Additional Resources

Conclusion

Deploying Samba on Klutch.sh enables Windows-compatible file sharing for your network. While SMB access typically requires VPN or direct network connectivity, Samba provides the foundation for cross-platform file sharing in mixed environments. Combined with Klutch.sh’s persistent storage, you get reliable, scalable network storage that works with Windows, macOS, and Linux clients.