Samba: No connection between Windows 11 and Nixos

Hi there.

I have never set Samba, so, sorry in advance for stupids questions…

Here my config.nix (Samba config at the bottom):

{ config, pkgs, ... }:

#let
#  nix-software-center = (import (pkgs.fetchFromGitHub {
#    owner = "vlinkz";
#    repo = "nix-software-center";
#    rev = "0.1.2";
#    sha256 = "xiqF1mP8wFubdsAQ1BmfjzCgOD3YZf7EGWl9i69FTls=";
#  })) {};
#in

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ./nvidia.nix
      ./laptop.nix
    ];

  # Bootloader
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.efi.efiSysMountPoint = "/boot/efi";

  # Enable ntfs and EXT4 partitions
  boot.supportedFilesystems = [ "ntfs" "ext4" ];

  # Nix store optimisation
  nix.optimise.automatic = true;
  nix.optimise.dates = [ "03:45" ];

  # Bluetooth for Xbox One pad
  hardware.xpadneo.enable = true;

  # Partition automounting
  services.devmon.enable = true;
  services.gvfs.enable = true;
  services.udisks2.enable = true;

  # Joycon 
  services.joycond.enable = true;

  # Enable adb
  programs.adb.enable = true;

  # Add udev rules
  services.udev.packages = [
    pkgs.android-udev-rules
  ];

  # Data partition
  fileSystems."/mnt/Donnees" =
  { device = "/dev/disk/by-uuid/fe70ca5a-36e1-4555-bdc0-6eb31b0f015c";
    fsType = "ext4";
    options = ["rw"];
  };

  # Game partition
  fileSystems."/mnt/Jeux" =
  { device = "/dev/disk/by-uuid/01c3e298-9211-4ea8-afe0-bd206b8a9a72";
    fsType = "ext4";
    options = ["rw"];
  };

  networking.hostName = "nixos"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  # Enable networking
  networking.networkmanager.enable = true;

  # Set your time zone.
  time.timeZone = "Europe/Paris";

  # Select internationalisation properties.
  i18n.defaultLocale = "fr_FR.utf8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "fr_FR.UTF-8";
    LC_IDENTIFICATION = "fr_FR.UTF-8";
    LC_MEASUREMENT = "fr_FR.UTF-8";
    LC_MONETARY = "fr_FR.UTF-8";
    LC_NAME = "fr_FR.UTF-8";
    LC_NUMERIC = "fr_FR.UTF-8";
    LC_PAPER = "fr_FR.UTF-8";
    LC_TELEPHONE = "fr_FR.UTF-8";
    LC_TIME = "fr_FR.UTF-8";
  };

  # Enable the X11 windowing system.
  services.xserver.enable = true;

  # Enable the GNOME Desktop Environment.
  services.xserver.displayManager.gdm.enable = true;
  services.xserver.desktopManager.gnome.enable = true;

  # Enable the PLASMA Desktop Environment.
#  services.displayManager.sddm.wayland.enable = true;
#  services.desktopManager.plasma6.enable = true;
#  services.displayManager.defaultSession = "plasma";
#  hardware.bluetooth.enable = true; # enables support for Bluetooth
#  hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot

  # Enable the hyprland
#  programs.hyprland.enable = true;


  # Configure keymap in X11
  services.xserver = {
    xkb.layout = "fr";
    xkb.variant = "";
  };

  # Configure console keymap
  console.keyMap = "fr";

  # Enable CUPS to print documents.
  services.printing.enable = true;
  services.avahi.enable = true;
  services.avahi.nssmdns4 = true;
  # for a WiFi printer
  services.avahi.openFirewall = true;

  # Enable scanner
  services.saned.enable = true;
  hardware.sane.enable = true;
  hardware.sane.openFirewall = true;
  services.ipp-usb.enable = true;
  hardware.sane.extraBackends = [ pkgs.sane-airscan ];

  # Enable sound with pipewire.
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.eyome = {
    isNormalUser = true;
    description = "eyome";
    extraGroups = [ "networkmanager" "wheel" "scanners" "lp" "adbusers" ];
    packages = with pkgs; [
      firefox
      fuse
      gnomeExtensions.just-perfection      
      gnomeExtensions.valent
      gnome-boxes
      gnome-software
      gnome-tweaks
      gvfs
      joycond
      libreoffice-fresh
#      mousai
      neofetch
      nix-diff
      nixos-option
#      nix-software-center
      noto-fonts-emoji
      ntfs3g
      ocs-url
      rustdesk-flutter
      samba
      sane-airscan
      scrcpy
      steam
      ungoogled-chromium
      ventoy-full
      widevine-cdm
    ];
  };

  # Enabled Gsconnect
  programs.kdeconnect = {
  enable = true;
  package = pkgs.valent;
  };

  # WideVine
 #  environment.systemPackages = with pkgs; [
 #  (chromium.override { enableWideVine = true; })
 #  ];
  # nixpkgs.config.ungoogled-chromium = {
  # proprietaryCodecs = true;
  # enableWidevine = true;
  # };


  # Flatpak
  services.flatpak.enable = true;

  # Fwupd
  services.fwupd.enable = true;

  # Gnome paquets exlusion
  environment.gnome.excludePackages = [ pkgs.gnome-tour pkgs.geary ];

  # Others paquets exlusion 
  services.xserver.excludePackages = [ pkgs.xterm ];

  # Virtualisation
  virtualisation.libvirtd.enable = true;

  # Experimental paquet inclusion
  # nix.extraOptions = ''experimental-features = nix-command flakes'';

  # Automatic login for the user.
  services.displayManager.autoLogin.enable = true;
  services.displayManager.autoLogin.user = "eyome";

  # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
  systemd.services."getty@tty1".enable = false;
  systemd.services."autovt@tty1".enable = false;

  # Unfree packages
  nixpkgs.config.allowUnfree = true;
  
  programs.steam = {
  enable = true;
  remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
  dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
  };


 services.samba = {
  enable = true;
  openFirewall = true;
  settings = {
    global = {
      "workgroup" = "WORKGROUP";
      "server string" = "smbnix";
      "netbios name" = "smbnix";
      "security" = "user";
      #"use sendfile" = "yes";
      #"max protocol" = "smb2";
      # note: localhost is the ipv6 localhost ::1
      "hosts allow" = "192.168.0. 127.0.0.1 localhost";
      "hosts deny" = "0.0.0.0/0";
      "guest account" = "nobody";
      "map to guest" = "bad user";
    };
    "public" = {
      "path" = "/mnt/Shares/Public";
      "browseable" = "yes";
      "read only" = "no";
      "guest ok" = "yes";
      "create mask" = "0644";
      "directory mask" = "0755";
      "force user" = "username";
      "force group" = "groupname";
    };
  };
};
  
  environment.systemPackages = [ pkgs.cifs-utils ];
  fileSystems."/mnt/Shares" = {
    device = "//192.168.1.133/mnt/Shares";
    fsType = "cifs";
    options = let
      # this line prevents hanging on network split
        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";

    in ["${automount_opts},credentials=/etc/nixos/smb-secrets"];
  };

  services.samba-wsdd = {
    enable = true;
    openFirewall = true;
   };

  services.avahi = {
    publish.enable = true;
    publish.userServices = true;
    # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
    # nssmdns4 = true;
    # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
    # enable = true;
    # openFirewall = true;
   };

   #Firewall configuration for Samba
   networking.firewall.extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; 

   networking.firewall.enable = true;
   networking.firewall.allowPing = true;


  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.05"; # Did you read the comment?

}

(Few remarks regarding the wiki:

  • “securityType = “user”” is written twice;
  • there is an extra space at the end of the second “security” = "user "; )

I created a new user “eyome” with:

smbpasswd -a eyome

I created a new etc/nixos/smb-secrets, but I didn’t know how to fill it, is it right?

username=<USERNAME>
domain=<DOMAIN>
password=<PASSWORD>

So, If I run:

[eyome@nixos:~]$ smbclient --list localhost
Password for [WORKGROUP\eyome]:

	Sharename       Type      Comment
	---------       ----      -------
	public          Disk      
	IPC$            IPC       IPC Service (smbnix)
SMB1 disabled -- no workgroup available

But, when I try to connect it on Win11, I can’t open my “public” folder:

“NIXOS (why is it called NIXOS as I called it “smbnix”…) is not available. Permission denied. User name unknown…”

So, what did I wrong guys :sweat_smile:?
Thank you.

Here the configuration I got with the help on Discord channel:

{ config, pkgs, ... }:

#let
#  nix-software-center = (import (pkgs.fetchFromGitHub {
#    owner = "vlinkz";
#    repo = "nix-software-center";
#    rev = "0.1.2";
#    sha256 = "xiqF1mP8wFubdsAQ1BmfjzCgOD3YZf7EGWl9i69FTls=";
#  })) {};
#in

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ./nvidia.nix
      ./laptop.nix
    ];

  # Bootloader
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.efi.efiSysMountPoint = "/boot/efi";

  # Enable ntfs and EXT4 partitions
  boot.supportedFilesystems = [ "ntfs" "ext4" ];

  # Nix store optimisation
  nix.optimise.automatic = true;
  nix.optimise.dates = [ "03:45" ];

  # Bluetooth for Xbox One pad
  hardware.xpadneo.enable = true;

  # Partition automounting
  services.devmon.enable = true;
  services.gvfs.enable = true;
  services.udisks2.enable = true;

  # Joycon 
  services.joycond.enable = true;

  # Enable adb
  programs.adb.enable = true;

  # Add udev rules
  services.udev.packages = [
    pkgs.android-udev-rules
  ];

  # Data partition
  fileSystems."/mnt/Donnees" =
  { device = "/dev/disk/by-uuid/fe70ca5a-36e1-4555-bdc0-6eb31b0f015c";
    fsType = "ext4";
    options = ["rw"];
  };

  # Game partition
  fileSystems."/mnt/Jeux" =
  { device = "/dev/disk/by-uuid/01c3e298-9211-4ea8-afe0-bd206b8a9a72";
    fsType = "ext4";
    options = ["rw"];
  };

  networking.hostName = "nixos"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  # Enable networking
  networking.networkmanager.enable = true;

  # Set your time zone.
  time.timeZone = "Europe/Paris";

  # Select internationalisation properties.
  i18n.defaultLocale = "fr_FR.utf8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "fr_FR.UTF-8";
    LC_IDENTIFICATION = "fr_FR.UTF-8";
    LC_MEASUREMENT = "fr_FR.UTF-8";
    LC_MONETARY = "fr_FR.UTF-8";
    LC_NAME = "fr_FR.UTF-8";
    LC_NUMERIC = "fr_FR.UTF-8";
    LC_PAPER = "fr_FR.UTF-8";
    LC_TELEPHONE = "fr_FR.UTF-8";
    LC_TIME = "fr_FR.UTF-8";
  };

  # Enable the X11 windowing system.
  services.xserver.enable = true;

  # Enable the GNOME Desktop Environment.
  services.xserver.displayManager.gdm.enable = true;
  services.xserver.desktopManager.gnome.enable = true;

  # Enable the PLASMA Desktop Environment.
#  services.displayManager.sddm.wayland.enable = true;
#  services.desktopManager.plasma6.enable = true;
#  services.displayManager.defaultSession = "plasma";
#  hardware.bluetooth.enable = true; # enables support for Bluetooth
#  hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot

  # Enable the hyprland
#  programs.hyprland.enable = true;


  # Configure keymap in X11
  services.xserver = {
    xkb.layout = "fr";
    xkb.variant = "";
  };

  # Configure console keymap
  console.keyMap = "fr";

  # Enable CUPS to print documents.
  services.printing.enable = true;
  services.avahi.enable = true;
  services.avahi.nssmdns4 = true;
  # for a WiFi printer
  services.avahi.openFirewall = true;

  # Enable scanner
  services.saned.enable = true;
  hardware.sane.enable = true;
  hardware.sane.openFirewall = true;
  services.ipp-usb.enable = true;
  hardware.sane.extraBackends = [ pkgs.sane-airscan ];

  # Enable sound with pipewire.
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.eyome = {
    isNormalUser = true;
    description = "eyome";
    extraGroups = [ "networkmanager" "wheel" "scanners" "lp" "adbusers" ];
    packages = with pkgs; [
      firefox
      fuse
      gnomeExtensions.just-perfection      
      gnomeExtensions.valent
      gnome-boxes
      gnome-software
      gnome-tweaks
      gvfs
      joycond
      libreoffice-fresh
#      mousai
      neofetch
      nix-diff
      nixos-option
#      nix-software-center
      noto-fonts-emoji
      ntfs3g
      ocs-url
      rustdesk-flutter
      samba
      sane-airscan
      scrcpy
      steam
      ungoogled-chromium
      ventoy-full
      widevine-cdm
    ];
  };

  # Enabled Gsconnect
  programs.kdeconnect = {
  enable = true;
  package = pkgs.valent;
  };

  # WideVine
 #  environment.systemPackages = with pkgs; [
 #  (chromium.override { enableWideVine = true; })
 #  ];
  # nixpkgs.config.ungoogled-chromium = {
  # proprietaryCodecs = true;
  # enableWidevine = true;
  # };


  # Flatpak
  services.flatpak.enable = true;

  # Fwupd
  services.fwupd.enable = true;

  # Gnome paquets exlusion
  environment.gnome.excludePackages = [ pkgs.gnome-tour pkgs.geary ];

  # Others paquets exlusion 
  services.xserver.excludePackages = [ pkgs.xterm ];

  # Virtualisation
  virtualisation.libvirtd.enable = true;

  # Experimental paquet inclusion
  # nix.extraOptions = ''experimental-features = nix-command flakes'';

  # Automatic login for the user.
  services.displayManager.autoLogin.enable = true;
  services.displayManager.autoLogin.user = "eyome";

  # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
  systemd.services."getty@tty1".enable = false;
  systemd.services."autovt@tty1".enable = false;

  # Unfree packages
  nixpkgs.config.allowUnfree = true;
  
  programs.steam = {
  enable = true;
  remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
  dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
  };


 services.samba = {
  enable = true;
  openFirewall = true;
  settings = {
    global = {
      "workgroup" = "WORKGROUP";
      "server string" = "smbnix";
      "netbios name" = "smbnix";
      "security" = "user";
      #"use sendfile" = "yes";
      #"max protocol" = "smb2";
      # note: localhost is the ipv6 localhost ::1
      "hosts allow" = "192.168.1. 127.0.0.1 localhost";
      "hosts deny" = "0.0.0.0/0";
      "guest account" = "nobody";
      "map to guest" = "bad user";
    };
    "public" = {
      "path" = "/mnt/Shares/Public";
      "browseable" = "yes";
      "read only" = "no";
      "guest ok" = "yes";
      "create mask" = "0644";
      "directory mask" = "0755";
      "force user" = "eyome";
      # "force group" = "groupname";
    };
  };
};
  
  services.samba-wsdd = {
    enable = true;
    openFirewall = true;
   };

  services.avahi = {
    publish.enable = true;
    publish.userServices = true;
    # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
    # nssmdns4 = true;
    # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
    # enable = true;
    # openFirewall = true;
   };

   #Firewall configuration for Samba 
   networking.firewall.enable = true;
   networking.firewall.allowPing = true;


  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.05"; # Did you read the comment?

}

I also forgot to mount the drive:

mkdir -p /mnt/Shares/Public

As I created Shares/Public with root, I fixed the right…:

sudo chown eyome:users /mnt/Shares/Public

And on Nautilus the path is:

smb://192.168.1.133/Shares/public

\o/