Samba config help

bgibson · September 6, 2021, 7:47pm

Hello, I’ve been unable to get Samba working on my two NixOS workstations. I can ssh from one system to the other, rsync files between them, but can’t connect via Samba. Below is my current config. Anyone see anything obviously wrong with it?

networking = {
  networkmanager.enable = true;
  
  ...

  firewall = {
    enable = true;
  
    # 22 = ssh
    # 139 = netbios-ssn (samba)
    # 445 = microsoft-ds (samba)
    # 631 = ipp
    # 873 = rsyncd
    # 34445 = unknown (samba?)
    # 60022 = qemu ssh port forwarding
    allowedTCPPorts = [ 22 139 445 631 873 34445 60022 ];

};

...

# https://search.nixos.org/options?channel=21.05&query=services.samba
services.samba = {
  enable = true;
  securityType = "user";  
  # Verbatim contents of smb.conf. If null (default), use the autogenerated file from NixOS instead. 
  #configText = {};
  # A set describing shared resources. See man smb.conf for options.
  shares = {
    zdata1 = {
      path = "/zdata1/";
      "read only" = true;
      browseable = "yes";
      "guest ok" = "no";
      comment = "/zdata1 public samba share.";
    };
  };
};

dnr · September 7, 2021, 3:15am

Looking at Samba - NixOS Wiki, it suggests these firewall rules:

networking.firewall.allowedTCPPorts = [ 445 139 ];
networking.firewall.allowedUDPPorts = [ 137 138 ];

So maybe try adding the UDP ports?

Also, if you’re not allowing guest access, have you set up passwords for the users you’re using with smbpasswd (-a)?

bgibson · September 7, 2021, 8:10pm

Thanks, I actually do have the UDP ports enabled too, just forgot to include in my copy-paste.

Regarding users, all I want to do is to connect to Samba on machine1 using my user account on machine1. Is there a way to configure that in configuration.nix, without having to run any additional commandline commands? Do I need to add my user account to a Samba group or something like that?

dnr · September 7, 2021, 8:44pm

I’m not a samba expert (I just happened to set it up recently), but as far as I know, your two options for authentication are AD and smbpasswd. There’s no way to make samba use the regular unix user database. You can poke around in the docs for more info: smb.conf

I haven’t seen any nix modules to do declarative smb passwords, though maybe someone has written one.

azazel75 · September 7, 2021, 8:53pm

No, the NixOS module by default configures the security = user parameter, with all its consequences.

frank87 · December 15, 2021, 9:47pm

Can’t you use “force user” to fix the user of your guest-share?