smb / samba
Samba Setup on Linux (Home Server)
A practical guide to installing and configuring Samba for a home network, covering a shared folder setup suitable for a home wiki or general file server.
1. Install Samba
sudo apt update && sudo apt install samba samba-common-bin -y
Verify it's running:
sudo systemctl status smbd nmbd
Both should be active. If not:
sudo systemctl enable smbd nmbd --now
2. Create the Share Directory
sudo mkdir -p /srv/samba/wiki
sudo chown -R conor:conor /srv/samba/wiki
sudo chmod 755 /srv/samba/wiki
Adjust owner to your actual Linux username.
3. Configure Samba
Back up the default config first:
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
Edit the config:
sudo nano /etc/samba/smb.conf
Global section — replace or update:
[global]
workgroup = WORKGROUP
server string = Home Server
server role = standalone server
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
# Security
security = user
map to guest = never
encrypt passwords = yes
# Performance
socket options = TCP_NODELAY IPTOS_LOWDELAY
read raw = yes
write raw = yes
use sendfile = yes
Share definition — add to the bottom:
[wiki]
comment = Home Wiki
path = /srv/samba/wiki
browseable = yes
read only = no
valid users = conor
create mask = 0664
directory mask = 0775
force group = conor
4. Create Samba User
Samba uses its own password store separate from Linux system passwords. The Linux user must already exist.
sudo smbpasswd -a conor
You'll be prompted to set a Samba-specific password. Enable the user:
sudo smbpasswd -e conor
5. Validate Config and Restart
Test the config for syntax errors:
testparm
If clean:
sudo systemctl restart smbd nmbd
6. Firewall
If UFW is active:
sudo ufw allow samba
This opens ports 137, 138 (UDP) and 139, 445 (TCP).
7. Connect From Clients
Linux (Files / Nautilus):
smb://SERVER_IP/wiki
Or mount via CLI:
sudo mount -t cifs //SERVER_IP/wiki /mnt/wiki -o username=conor,password=yourpass,uid=1000,gid=1000
Permanent via /etc/fstab:
//SERVER_IP/wiki /mnt/wiki cifs credentials=/home/conor/.smbcredentials,uid=1000,gid=1000,_netdev,x-systemd.automount 0 0
/home/conor/.smbcredentials:
username=conor
password=yourpass
chmod 600 /home/conor/.smbcredentials
macOS:
Finder → Go → Connect to Server → smb://SERVER_IP/wiki
Windows:
\\SERVER_IP\wiki in Explorer address bar, or map as a network drive.
8. Tailscale Consideration
Since you're on Tailscale, use the Tailscale IP (100.x.x.x) instead of the LAN IP for consistent access across all your machines regardless of which network you're on. This also avoids exposing Samba to the public internet — Samba should never be exposed publicly, it has a long CVE history (EternalBlue, etc.).
Bind Samba only to your LAN + Tailscale interfaces to be safe:
[global]
interfaces = lo tailscale0 eth0
bind interfaces only = yes
Replace eth0 with your actual LAN interface (ip a to check).
9. Verify the Share is Visible
From the server itself:
smbclient -L localhost -U conor
From another machine:
smbclient -L //SERVER_IP -U conor
You should see wiki listed under shares.
10. Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
| "Permission denied" on connect | Wrong Samba password or user not enabled | smbpasswd -e username |
| Share not visible | browseable = no or firewall |
Check config + ufw status |
| Can connect but can't write | Directory permissions | chmod 775 /srv/samba/wiki |
| Works on LAN, not Tailscale | Interfaces binding | Add tailscale0 to interfaces |
testparm errors |
Config syntax | Read the output carefully, it's specific |
Notes
- Samba passwords and Linux system passwords are independent — changing one doesn't change the other.
- For a multi-user setup, create a dedicated group (e.g.,
sambashare) and usevalid users = @sambasharein the share definition. - If you're running this on the same machine as your wiki app (e.g., WikiJS, Obsidian vault server), Samba is a good way to access the underlying vault files directly from other machines for editing.