smb / samba Samba Setup on Linux (Home Server) A practical guide to installing and configuring Samba for a home network, covering a shared folder setup suitable for a home wiki or general file server. 1. Install Samba sudo apt update && sudo apt install samba samba-common-bin -y Verify it's running: sudo systemctl status smbd nmbd Both should be active. If not: sudo systemctl enable smbd nmbd --now 2. Create the Share Directory sudo mkdir -p /srv/samba/wiki sudo chown -R conor:conor /srv/samba/wiki sudo chmod 755 /srv/samba/wiki Adjust owner to your actual Linux username. 3. Configure Samba Back up the default config first: sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.bak Edit the config: sudo nano /etc/samba/smb.conf Global section — replace or update: [global] workgroup = WORKGROUP server string = Home Server server role = standalone server log file = /var/log/samba/log.%m max log size = 1000 logging = file panic action = /usr/share/samba/panic-action %d # Security security = user map to guest = never encrypt passwords = yes # Performance socket options = TCP_NODELAY IPTOS_LOWDELAY read raw = yes write raw = yes use sendfile = yes Share definition — add to the bottom: [wiki] comment = Home Wiki path = /srv/samba/wiki browseable = yes read only = no valid users = conor create mask = 0664 directory mask = 0775 force group = conor 4. Create Samba User Samba uses its own password store separate from Linux system passwords. The Linux user must already exist. sudo smbpasswd -a conor You'll be prompted to set a Samba-specific password. Enable the user: sudo smbpasswd -e conor 5. Validate Config and Restart Test the config for syntax errors: testparm If clean: sudo systemctl restart smbd nmbd 6. Firewall If UFW is active: sudo ufw allow samba This opens ports 137, 138 (UDP) and 139, 445 (TCP). 7. Connect From Clients Linux (Files / Nautilus): smb://SERVER_IP/wiki Or mount via CLI: sudo mount -t cifs //SERVER_IP/wiki /mnt/wiki -o username=conor,password=yourpass,uid=1000,gid=1000 Permanent via /etc/fstab : //SERVER_IP/wiki /mnt/wiki cifs credentials=/home/conor/.smbcredentials,uid=1000,gid=1000,_netdev,x-systemd.automount 0 0 /home/conor/.smbcredentials : username=conor password=yourpass chmod 600 /home/conor/.smbcredentials macOS: Finder → Go → Connect to Server → smb://SERVER_IP/wiki Windows: \\SERVER_IP\wiki in Explorer address bar, or map as a network drive. 8. Tailscale Consideration Since you're on Tailscale, use the Tailscale IP ( 100.x.x.x ) instead of the LAN IP for consistent access across all your machines regardless of which network you're on. This also avoids exposing Samba to the public internet — Samba should never be exposed publicly, it has a long CVE history (EternalBlue, etc.). Bind Samba only to your LAN + Tailscale interfaces to be safe: [global] interfaces = lo tailscale0 eth0 bind interfaces only = yes Replace eth0 with your actual LAN interface ( ip a to check). 9. Verify the Share is Visible From the server itself: smbclient -L localhost -U conor From another machine: smbclient -L //SERVER_IP -U conor You should see wiki listed under shares. 10. Troubleshooting Symptom Likely cause Fix "Permission denied" on connect Wrong Samba password or user not enabled smbpasswd -e username Share not visible browseable = no or firewall Check config + ufw status Can connect but can't write Directory permissions chmod 775 /srv/samba/wiki Works on LAN, not Tailscale Interfaces binding Add tailscale0 to interfaces testparm errors Config syntax Read the output carefully, it's specific Notes Samba passwords and Linux system passwords are independent — changing one doesn't change the other. For a multi-user setup, create a dedicated group (e.g., sambashare ) and use valid users = @sambashare in the share definition. If you're running this on the same machine as your wiki app (e.g., WikiJS, Obsidian vault server), Samba is a good way to access the underlying vault files directly from other machines for editing.