Linux Networking

Samba share for Windows clients

Practical Linux guide: samba share for Windows clients without the usual guesswork.

10 min read Beginner Updated 9 Jun 2026
Linux library Start the guide

Step-by-step guide

Work through each section in order. Stop when your issue is resolved — you do not need every step for every situation.

What you will achieve

Samba SMB shares from Linux accessible by Windows clients — authenticated shares for home lab file storage.

1) Install Samba

sudo apt install samba
sudo mkdir -p /srv/samba/share
sudo chown nobody:nogroup /srv/samba/share

2) Add user to Samba password db

sudo smbpasswd -a youruser

3) /etc/samba/smb.conf

[share]
   path = /srv/samba/share
   browseable = yes
   read only = no
   valid users = youruser
sudo testparm
sudo systemctl restart smbd nmbd

4) Firewall

sudo ufw allow samba

Verify

smbclient -L localhost -U youruser
# Windows: \\server-ip\share

5) SMB version and Windows 11

[global]
   server min protocol = SMB2_02
   server max protocol = SMB3

6) Time sync requirement

Kerberos and Samba auth fail when clock skew exceeds five minutes — timedatectl set-ntp true on Linux, sync Windows time.

7) SELinux on Fedora

sudo semanage fcontext -a -t samba_share_t "/srv/samba/share(/.*)?"
sudo restorecon -Rv /srv/samba/share

macOS clients

Connect via Finder → Go → Connect to Server → smb://server/share. Same credentials as Windows — test with smbclient from Linux first to isolate server vs client issues.

8) guest ok never on production

Anonymous guest shares are convenient in lab; production needs authenticated shares and firewall restricted to LAN subnet.

Prerequisites

samba package. Share directory permissions. Samba user (smbpasswd -a) separate from system user password unless synced. Windows client on same LAN or VPN. UFW allows Samba.

Workgroup name

[global]
   workgroup = WORKGROUP

Match Windows workgroup or AD domain name for browse list visibility on older Windows versions.

nmbd WINS

Legacy NetBIOS name resolution — ensure nmbd running if Windows browse list does not show Linux host by name.

force user for legacy apps

force user = www-data

All writes appear as www-data — simplifies web upload dirs but obscures actual Windows user audit — document trade-off.

macOS smb versioning

macOS defaults SMB3 — older Samba may need min protocol bump. Test smbclient first then Windows then Mac when triaging mixed LAN.

audit logging

vfs objects = full_audit
 full_audit:prefix = %u|%I|%m|%S
 full_audit:success = open opendir

Who deleted files on share — forensic trail for ransomware investigation.

smb encrypt desired

server smb encrypt = desired

Encrypt SMB3 traffic on untrusted LAN segments — Windows 10+ negotiates automatically when server requests.

map to guest bad

map to guest = bad allows anonymous — disable on any share reachable from untrusted network segment including guest Wi‑Fi VLAN.

Related guides

linux samba share windows

Related guides

Continue with these next if you are building a fuller setup or troubleshooting path.

Networking
Set up Wi‑Fi from the command line
Practical Linux guide: set up Wi‑Fi from the command line without the usual guesswork.
Read guide
Networking
iptables vs nftables overview
Practical Linux guide: iptables vs nftables overview without the usual guesswork.
Read guide