It's not easy to configure Samba in standard DD-WRT because, by default, the /etc folder is read-only. So before starting, please set a writable /etc. Also, DD-WRT does have a Samba3 built in the firmware and it works just fine, you're just not able to configure it fully. In this guide, you'll be guided through the whole process to set up a password protected samba share with custom usernames and passwords.
- Check if there is a Samba server built in
Log in to the router, then run
smbd --version
Output should be:
Version 3.0.24
This means the firmware already has Samba 3.0.24 included.
If the Samba server is missing, install it by running:
opkg install samba3
- Add dedicated users for Samba
For security reasons, I strongly suggest NOT to use "root" to access your Samba share. Instead, here we'll create users for Samba (and ftp) only with minimal privileges and no login shell.
First, add the following lines to '/etc/passwd':
nobody:x:65534:65534:nobody:/mnt:/bin/false
share:x:65534:65534:share:/mnt/share:/bin/false
Save the file, then run:
passwd share
This will change the password for user "share".
Now check the content of the updated /etc/passwd file, the line for user "share" will look like:
share:$1$2zhNidn9$DJK7SG8aqMg2hDsBYv6yZ.:65534:65534:share:/mnt/share:/bin/false
The red part is the encrypted password. In the example line above, the password is also set to "share".
To make the change persistent, create a new start-up script, /opt/etc/init.d/adduser:
grep -q nobody /etc/passwd || echo 'nobody:x:65534:65534:nobody:/mnt:/bin/false' >> /etc/passwd
grep -q share /etc/passwd || echo 'share:$1$2zhNidn9$DJK7SG8aqMg2hDsBYv6yZ.:65534:65534:share:/mnt/share:/bin/false' >> /etc/passwd
Don't forget to change the red part. There are only two long lines above, starting with grep.
Then set it to run during boot up:
chmod a+x /opt/etc/init.d/adduser
ln -s /opt/etc/init.d/adduser /opt/etc/init.d/S05adduser
The Home folder for user share will be /mnt/share, create it if its not present.
mkdir -m 777 /mnt/share
Then use smbpasswd to add a samba user with username "share" and password "share"
mkdir /etc/samba
touch /etc/samba/smbpasswd
smbpasswd share share (replace the red part with your own password)
Copy the newly created /etc/samba/smbpasswd to /opt/etc/samba/smbpasswd to keep the /etc/ folder clean, in the future all configuration files will be stored in /opt/etc/samba. Please leave the /etc/samba folder as its also required by Samba.
mkdir -p /opt/etc/samba/
cp -a /etc/samba/* /opt/etc/samba/
chmod 644 /opt/etc/samba/smbpasswd
- Setting smb.conf, the configuration file for Samba
Use vi or nano (or use your scp client), create file /opt/etc/samba/smb.conf with contents below:
[global]
netbios name = DD-WRT
workgroup = WORKGROUP
server string = DD-WRT
syslog = 10
encrypt passwords = true
passdb backend = smbpasswd
obey pam restrictions = yes
socket options = TCP_NODELAY
preferred master = no
os level = 20
security = user
guest account = nobody
invalid users = root
smb passwd file = /opt/etc/samba/smbpasswd
unix charset = UTF-8
dos charset = UTF-8 [homes]
comment = Home Directories
browseable = no
read only = no
create mode = 0750 [USBDrive]
path = /mnt/
read only = no
guest ok = no
create mask = 0700
directory mask = 0700
Now test the file by running
smbd -s /opt/etc/samba/smb.conf
and access the Samba server by typing \\192.168.1.1 in the address bar. Login with user "share". You should see two folders: "Share" (/mnt/share) and "USBDrive" (the whole /mnt folder).
For Windows Vista/7 machine, compatibility must be set to work with the Linux Samba share. See the end of the post.
- Run Samba as a service
If everything works out, it's time for the startup script
Create file /opt/etc/init.d/samba(delete all previous contents if its not empty).
kill -9 $(pidof smbd)
kill -9 $(pidof nmbd)
/usr/sbin/smbd -s /opt/etc/samba/smb.conf
#if you installed samba3 through opkg, use
#/opt/bin/smbd -s /opt/etc/samba/smb.conf
Then set it to run upon bootup:
chmod a+x /opt/etc/init.d/samba
ln -s /opt/etc/init.d/samba /opt/etc/init.d/S50samba
- (Optional)Fix Samba and Windows Vista/7
When accessing Samba from a Windows Vista/7 machine, the password will always be rejected regardless whatever you input. That's because the Samba we used here does not support the new password authorization scheme in Windows.
To fix:
Run secpol.msc Go to: Local Policies -> Security Options
Find "Network Security: LAN Manager authentication level" and change setting from "Send NTLMv2 response only" to "Send LM & NTLM - use NTLMv2 session security if negotiated"
Some Windows versions may not have secpol.msc, in this case, save these 3 lines below to file sambafix.reg and run it:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LmCompatibilityLevel"=dword:00000001
Reboot the Windows to make the change take effect.
5 comments:
Thank you for post. I am looking for sollution to fix a error in samba dd-wrt. From all computers is working, also from a old Porteus linux distribution. But, from a new linux Porteus distribution, with the same settings is not working. In log samba file I found that the connection wasn't negiciated (something like that)
I do not know that do I have to change.
But thank you for this article!
Have a nice day,
amplatfus
Sorry, I am not familiar with the Porteus distro, but it seems that the newer versions are missing support for SMB connections in the default build.
http://forum.porteus.org/viewtopic.php?f=41&t=1361
Thank you so much. I can confirm here that I managed to make it work in Porteus 1.2. But I do not why is not working with Porteus 2.1 RC.
Here is the topic link: http://forum.porteus.org/viewtopic.php?f=81&t=1725&p=11774#p11774
Extras: "cifs-utils were recompiled under rc1 to get rid of additional deps.
please install this package from standard slackware-14.0 and let us know if that helped." But it did not help.
Have a nice day on.
I forgot to say. This is the new error from terminanl when trying to mount DDWRT share: "mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)", but the share is working from other systems....
Hi again. I have begin to follow this tutorial.
At the step: "Save the file, then run: passwd share" I am receiving:
[code]root@ddwrt:~# smbpasswd share sharepassword
When run by root:
smbpasswd [options] [username]
otherwise:
smbpasswd [options]
[/code]
Could you please post advice?
I am on root@DDWRT:~# smbd --version Version 3.5.21
Post a Comment
Note: Only a member of this blog may post a comment.