It’s an entertaining way of writing, but please don’t do any of the port forwarding stuff mentioned towards the end. I can’t imagine any scenario where I’d want to have a Samba share exposed to the internet. If you need remote access to a local shared folder, use a VPN.
Now the same person should write a “wireguard on Linux — the easy way”. (Which would probably be — use tailscale)
Once I figured it out, over 20 years ago, I’ve found it trivial since. Though not as simple as sharing on Windows.
A friend of mine has been trying to learning Linux this month, and he came to me frustrated, losing his mind. A whole day going all over the place on the Internet, obviously following tutorials he didn’t understand, and installing who knows what, and I asked, did you install SAMBA? He asked, what’s that? However the package was installed and I explained smb.conf file and SMB user.
The problem is people are lazy and don’t want to look stupid. So they will spend days searching the web, reading through the endless ‘blind leading the blind’ user forums (Ubuntu comes to mind), instead of RTFM. And won’t ask someone for help until they have wrapped their brain into a frustrated knot.
The other thing that is worth saying is that TFM of RTFM fame is usually really quite good, but also really quite large. I read all of nmap's documentation as a teenager and learnt a lot about networking. I'm sure 99% of the time all I need is -sS -O, and sometimes -P, but I'm very happy with the knowledge/time rato. It's a wonderful, huge tool and I know that if I need to use a bit more functionality I can do do.
A lot of the shitty guides do the equivalent of saying "nmap? Just run sudo nmap -sS HOSTNAME to do a port scan!", but spread out across ten pages of SEO crap. It's not exactly wrong, but it's not exactly helpful either. The trouble is, of course, that now if you Google "how to do a port scan Linux" you get that guide, rather than the manual that explains in detail why it's a hard problem and a bunch of ways and subtleties about doing it. Fast forward ten years and anything other than -sS looks weird.
Samba is the same, but somehow, infinitely more complex in detail and, because the tools have different names, less searchable. Want to mount and active directory share? You probably need kinit and to know the word "Kerberos". Browse other shares? Smbtree. Make them persistent together and mount on boot? That's another silly, overly detailed guide. And each one of these guides comes with its own lack of detailed understanding by the authors, focus on ads and SEO, and further obscures the fact that the original FM covers all of this in detail, but it's long and complicated, because, well, it's complicated!
I personally think that open source projects would do well to maintain a cookbook FAQ of "here is a set of common usages of this tool". Many man pages do, with one liners, but anything more complex tends to be hidden. It would be great if those who understand the complex subtleties involved write a definitive way to do things, rather than expecting everyone to read all of TFM all the time -- and I equally realise that, as someone who makes complex software to do complex things, half the time you really would rather your users RTFM you spent so long writing at any rate...
Don't lead people to believe manuals/manpages are good, complete or readable. I often fine that coming up with an option line that does what I want requires more study than is presented in the manual. A quick forum search will probably be a much better starting point.
Also, I recall that reading though a Samba config file (it's been a decade, maybe it's gotten better) while instructive, is nearly equivalent to reading a novella. Sure I can configure domains and users, but I don't need any of that.
A mandatory half pager trying to setup a typical newbie use case would be a huge improvement for most manuals that I have seen.
Manuals are written by the people who know the software better than anyone else. But that knowledge comes at a price of being completely unable to shift their perspective to that of someone coming in with fresh eyes.
Documentation needs two parts, a reference written by the authors and a tutorial written by someone with no prior experience with the software going though their process learning it from scratch.
I remember doing something like this on Ubuntu recently. All I needed to do was right click a folder, hit properties, then share. Samba wasn't installed so there was a prompt that says "required software not installed, want to install it?" and after hitting yes and giving it my password it just worked.
I don't know if Ubuntu 22.04 changed this process or if your friend is using a less user friendly distro but I found this to be one of the easier things to do in Linux. You don't need to bother with smb.conf or whatever if your software ecosystem has built in SMB integrations (like they should, if they target the non-technically minded).
I do know that recent GNOME installs come with built in remote desktop over RDP which is a godsent. xrdp works great once you get it working but to do that you should be prepared to take the three hour deep dive into display/windows manager terminology, internals, and configuration files unless you're running a minimalist DE.
Really, common distros should have a button in the installer that says "install the software packages I'll probably need" to install all of this stuff and not rely on the user knowing what arbitrarily named packages they need. Let the purists disable that stuff if they want to, but let the normal people start out with a desktop that Just Works.
> reading through the endless ‘blind leading the blind’ user forums (Ubuntu comes to mind)
The first party Ubuntu tutorials are especially bad... It seems like for things like SAMBA and NFS they are at least 10 years out of date. Arch Linux and RHEL docs are a lot more reliable, even if you have to figure out the the Debian/Ubuntu ways to do things when they've diverged
Absolutely seen this on more than one occasion. Makes me glad that I was fortunate enough to have had a really exceptionally awesome early grade-school teacher instill in us the statement that "the only truly stupid question is the one you don't ask when you really need an answer".
Assuming the documentation is up to date, we'll written, and easy to follow.
Of course I'm more of a tinker, so I'll mess with something first intentionally before going to the manual. What you get stuck on is what teaches you what part of the manual is most important for you.
Idk, I've been using Linux and Mac since the early 00s, and I've recently been running into a bunch of mysterious issues accessing SMB shares from a Windows 11 server.
I have docker clients on the linux boxes that use the samba share for storage. Eventually I figured out that didn't work well with sqlite files, so I mapped those to local folders instead. But there are still issues with permissions when the linux clients reboot. I usually have to shut down docker, unmount the share, and re-mount with `sudo mount -a`.
Fwiw, this is my fstab line below. I think the network is up when the fstab gets mounted, because there are files visible in the /media/data tree - it just sometimes needs to be unmounted and remounted for everything to work correctly. Haven't found anything in the logs.
Entertaining writing, but also a bunch of fluff I don't see the point of?
It's not like setting up a share is hard, I'm missing the point of why something that's already easy would need an "easy way".
Now, Samba as an AD DC, across multiple sites, integrating with Kerberos and LDAP, so that users can have a single sign on experience across platforms... That, I'd be impressed at an "easy way" guide. ;-)
Maybe I'm weird, but what's difficult with Samba as an AD DC, with multiple sites or trusts? It seems easy to me, all you need to know is on the samba wiki.
The biggest "problem" is that distros do not ship Samba packages with DC support, you either have to use 3rd-party build like Tranquil's or build your own.
There is a nasty, confusing mix of Heimdal and MIT Kerberos tools, bind and Samba internal dns, winbindd and sssd, the realm command and the net command and the samba-tool command and a million outdated howtos in between, fighting with tools that are editing configuration under you. And no standardized management tool, LDAP with its text based but unusable interface and different, opaque ways of storing machine credentials.
Creating a domain on a Samba domain controller is not too difficult if you follow the documents. But choosing the right way to join a client to the domain and then using SPNs? Synchronized uids? User management? I haven’t found it to be easy at all.
You're probably right, AND, I'm speaking about doing this ~a decade ago. I expect things have improved, but if I recall correctly, the challenge was all the integration with external systems (krb5, LDAP, print stuff). Took more than a month, but was a thing of beauty to have windows and linux desktops, where you type your password _once_, and then everything just works, and you have the same experience regardless of computer. For some reason I remember spending a lot of time on getting the printing to be one click working... shrug
I guess my only point was that samba for just sharing files is already super easy, so I don't get what an "easy way" is for. :) You might be saying "but hard things are easy too", implying that you're more experienced than me at samba and/or the software itself has improved. I wouldn't be surprised if both were true.
Personally, I think that SFTP can be a decent option. Though on Windows hosts that want to access said files, I've found myself needing something like RaiDrive or a similar piece of software: https://www.raidrive.com/
That said, the performance is pretty good and it seems rather stable, I haven't had many issues to date at all. Though my use case is also decidedly simple: just a "push" setup for files/backups when I want to move things from one of my local HDDs to another one that's running on a homelab server. Some might go for a NAS setup, though the simplicity of a SSH key for SFTP is hard to beat.
No idea why Windows doesn't support something like that natively.
I have given up on Samba on my home network. It's just 2 pi, 2 laptops but client randomly loses connection to folders or dolphin/nautilus stop seeing folders, hit refresh, there it is again, etc.
I just use sshfs and I am done with it.
I just want to easily move files around my network and samba took too many hours of my life to look at what's wrong this year with client version or spaces in shared folders. It's always something.
I took the time to debug all the Samba issues between my Pis and Linux + Windows desktop computers. Most of the time there are two separate problems:
1. Samba share is not discovered in the network. All my problems were gone after installing wsdd2.
2. Permissions. Especially Windows clients implicitly try to login with an empty password to check if the share can accessed without one. This can lead to problems with the "map to guest" directive in the Samba configuration. Also the Windows credential storage sometimes saves passwords that did not work and implicitly tries to login.
But don't get me started on the Gnome/gvfs client implementation of Samba. I have given up on that.
- gvfs might not support ws-discovery for smb discovery, but neither does macos. They both support dns-sd/bonjour/zeroconf for that; so getting up avahi up and running with advertising the smb service is the easiest way to handle both. Synology does this OOB, for example.
- gvfs is not an implementation of samba. It is a frontend to libsmbclient library from the samba package. Unfortunately, libsmbclient does read smb.conf and adjusts itself accordingly, without the consumers of the library having a say in it. The best way to debug gvfs problems is to start with empty smb.conf.
NFS gets a bad rep. I use it everywhere with 0 problems or configuration headaches. Sure, I wouldn't use it in situations where security is a concern, but for me and all my computers? It's wonderful. And SO much faster than sshfs.
Sorry for the rant, obviously NFS is fine for a homelab.
Nobody should use NFS ever if it can be avoided. Run screaming. The entire idea of “remote file system that is transparent to applications that just write files normally” fundamentally just does not work on Linux. There is too much software that assumes the characteristics and reliability of local filesystems like ext4 and xfs and there not enough control exposed by the kernel to handle when things go wrong. It’s the wrong layer.
Remote block storage as well as application layer object storage work really really well but the filesystem APIs are a mess intertwined with so many different parts of the system and assumptions made 40 years ago.
I came here to say roughly the same thing. I really just use sftp these days.
For years I used Avahi to run afp shares on my Linux machines for my Macs, but I don’t even bother anymore. I have ssh setup on all my computers, it’s all I really need. Sometimes I’ll mount it, but 90% of the time I just scp over the file I want.
This is my Samba config https://gist.github.com/benpye/34b3a788d90c259528885943029d0... . I've also got it configured so that ZFS snapshots are visible in file history. I use this most for storing my Lightroom catalogue, and then have B2 backups setup from the home server as well.
So. I don't know if it's a samba thing, an ubuntu thing, a gnome thing, or yet another thing. But accessing smb folders with a large amount of files is waaaay slower with Ubuntu than with windows. Also: will we ever get thumbnails?
It could very likely be Gnome. I would try accessing the same smb folders using a different desktop environment and file manager (eg. Thunar under XFCE, etc).
The fastest one I'm aware of out there is Rox Filer which is already available on many distros and can be used in place of the stock one, but as far as I can tell it doesn't know anything about network shares, that is, it won't mount the share when the relevant mount point is accessed, the user has to provide an already mounted directory or implement automount. That's the price to pay for something that is like orders of magnitude faster than most used file managers.
Isn't there a setting in nautilus for the thumbnails? I can't test it at the moment unfortunately as my server's SSD died recently and I haven't set up samba again. I remember it working, but being slow depending on the type of file. I guessed at the time some files seemed to need to read the entire file first.
A related point is that I recently discovered that, with the right incantations in the config file, macOS clients to a samba server can store their metadata in filesystem extended attributes, preventing them from vomiting dotfiles all over your share.
Brings back memories of horror and achievement from my PFY-Geeks-Days while "chanting" smb.conf files and clicking on Network Neighbourhood (hoping against all hope) ! #goodtimes :)
Now the same person should write a “wireguard on Linux — the easy way”. (Which would probably be — use tailscale)