If you’re looking for a secure online file-sharing platform, the ROCK 3A (256-3911) is powerful enough to run a low-power file server, allowing you to share files securely of any type, including various documents, audio & video files, and streaming media to multiple devices on Linux, MacOS & Windows over the local network using Samba.
This project shows how to set up Debian with a Samba server using a ROCK 3A board, paired with an NVMe SSD drive for storage. You could however choose any of the ROCK boards for this, depending on the level of performance you require.
We show how to install and configure Samba for sharing music files between a group of users. In addition, you can set up a secure private area for your documents that only individual users can access, across any of their devices.
What is the Samba server used for?
Although we’ve chosen to show how to share media files such as audio in this project, Samba is ideal for sharing any type of content and files to any device on the network. For example, it can be used for sharing documents in an office environment.
| Difficulty: Moderate | Time: 2 Hrs | Steps: 13 | Credits: None | License: None |
Parts Needed:
| Part | Description | RS Stock Number |
|---|---|---|
| ROCK 3A | ROCK 3 Model A (4GB) Single Board Computer | (256-3911) |
| QC Power Supply | 36 W PD + QC Multihead PSU Plug In Power Supply | (243-6356) |
| USB-C Cable | Deltaco USB 2.0 Cable USB C to USB C Cable, 2m | (276-7734) |
| SD Card | Sandisk 32 GB MicroSDHC Micro SD Card | (283-6581) |
| M.2 Extension Board | M.2 Extension Board V1.6 for ROCK 4 Model C+, ROCK 4 Model SE | (256-4998) |
| 2230 NVME SSD | Transcend MTE352T M.2 2230 128 GB Internal Hard Drive | (256-4684) |
| PC | Host computer Windows/Mac/Linux | |
| Ethernet Cable | Cat 5 Ethernet cable | |
| Internet | Internet connection and router |
Step 1: Debian
We assume that you have installed Debian on your ROCK 3A and that you can login directly if you have a Monitor and Keyboard attached, or via SSH from another Windows / Mac / Linux computer.
You can use the Desktop version of the OS but for the best performance on a server we recommend the CLI image.
There are step by step instructions on how to install Debian on the ROCK 3A in our Get Started guide: https://www.rs-online.com/designspark/get-started-with-radxa-rock-3a-on-debian
Step 2: SSD Storage
Most of the ROCK boards support NVMe Solid State Drives which are more suitable for this type of application than SD card storage. They are far more durable and are available in a much larger range of capacities.
We attached a 2230 format Transcend 128GB SSD (256-4684) to the ROCK 3A using the PCIe adapter board, whilst booting it from an SD card. We showed how to do this in detail in this article: How to add NVMe SSD storage to Radxa ROCK Single Board Computers
Step 3: Samba
Now it’s time to install the Samba package containing the server software which is available in the Debian repository, so this is easy:
- Bring the ubuntu repository up to date, install the packages, start the server and test that it’s running as expected:
sudo apt update
sudo apt install samba smbclient
sudo systemctl enable smbd
sudo systemctl start smbd
systemctl status smbdNow the software is setup and running as a service in the background
Step 4: Shared Directory
In this section we will set up a shared directory area on the Linux filesystem in which to store all our media files. Files in these directories will be shared only by authorised users who are members of the samba group. They will not be able to login to the rock server directly, but they will be able to access the files on their devices using SMB protocol.
This scenario allows anyone setup in the samba group to access media files in the shared directory but keeping everything else on the server secure. Users will need to authenticate with a Samba username and password before being granted access which will be illustrated later on.
- Add the samba group, create the media directory, change its group ownership from root to samba and set read / write privileges for the samba group:
cat /etc/group | grep samba
sudo mkdir -p /srv/samba/media
sudo chgrp -R sambashare /srv/samba/media
sudo chmod 2770 /srv/samba/media
- Check the group and permissions on the media directory, they should look similar to this:
ls -ld /srv/samba/media/
drwxrws--- 2 root sambashare 4096 Aug 8 19:50 /srv/samba/media
Tip: The media directory has the group id bit set (rws) so that any new subdirectories created will retain the sambashare group id
Step 5: Private Directory
Now let's add another directory called private that only our logged in user (radxa) can access. This scenario enables the rock user to access files from various devices on the network but keeping them secure and private.
- Create the private directory, then change ownership from root to our user:
sudo mkdir -p /srv/samba/private
sudo chown -R $USER:$USER /srv/samba/private
- Check the permissions on the private directory, they should look similar to this:
ls -ld /srv/samba/private
drwxr-xr-x 2 radxa radxa 4096 Aug 8 20:00 /srv/samba/private
Step 6: Samba Users
In order to use Password Authorisation in Samba, all users must be setup in the Linux system. They all need separate Samba passwords but users who will just have access to the shared directories don’t need to be able to login to the host Operating System.
For our own user, we already have the ability to login to the host, so we just need to be added to the sambashare group and have a samba password created. This is only effective once we log out and back in again:
sudo usermod -a -G sambashare $USER
sudo smbpasswd -a $USER
Now let us say we have two users who we want to share files with named Poppy and Oscar. We will give them access to the shared directories only but they won’t have logins to the host operating system, for security reasons.
- Add Poppy and Oscar to the system without logins, making them members of the sambashare group and setting up Samba Passwords for them:
sudo useradd poppy -s /usr/sbin/nologin -G sambashare
sudo useradd oscar -s /usr/sbin/nologin -G sambashare
sudo smbpasswd -a poppy
sudo smbpasswd -a oscar
- Check the list of Samba users:
sudo pdbedit -w -L
Step 7: Media Share
Now that the system directories and users are all set up, the Samba shares need configuring to make the directories available via SMB.
Samba stores its configuration in /etc/samba/smb.conf and there are a confusing number of permutations in which this can be setup. Entries should be added at the bottom of smb.conf for each shared directory which are mapped to a name in square brackets. The name = value pairs define the characteristics of each share.
We want to configure the media directory so that any members of the sambashare group can access it and be able to create their own shared sub-directories and files within it. Access will be restricted to users on the same network as the server and the media directory will be visible to file browsers.
- Open /etc/samba/smb.conf in vi or nano as super user
sudo vi /etc/samba/smb.conf
- Add an entry at the end of the file with the following contents and save the file:
[media]
comment = Shared media dir for sambashare group
allow hosts = 127.0.0.1/8 192.168.10.0/24 192.168.1.0/24
path = /srv/samba/media
valid users = @sambashare
directory mode = 770
create mode = 770
read only = no
browseable = yes
Tip: Our network has private addresses 192.168.10.0/24 - yours may be different, set it accordingly
Step 8: Private Access
Finally let’s create a private share for just your user. No other users will be able to view or access files owned by you.
- Add another entry at the end of smb.conf to allow the radxa user access to the private directory
[private]
comment = Private dir for radxa user only
allow hosts = 127.0.0.1/8 192.168.10.0/24
path = /srv/samba/private
valid users = radxa
read only = no
browseable = yes
- Now restart samba so the changes take effect
sudo systemctl restart smbd.serviceBoth the shares should now be accessible from any device that supports SMB on the network.
Step 9: Linux Remote Access
If you have a PC or Laptop running a Linux desktop, you can access the shared directories remotely using SMB protocol used by Samba.
Open the File Manager type the following into the address bar, where rock-3a is the hostname of your Samba Server. The media and private directories should be visible. Entering either directory will prompt for the Samba username and password you set up earlier:
smb://rock-3aTip: This command should work on a Mac - you may need to add .local to the hostname or use the IP address of your Samba Server in place of the hostname
Step 10: Adding Media
We ripped some audio CD’s using RipperX on a Linux desktop and copied them to the media directory on the Samba Server. If you tag the metadata carefully your media player will pull in the Album Art and Track names automatically.
sudo apt install ripperxHere’s my directory structure in tree:
Step 11: Windows Media Player
If you have a Windows PC you can access the shared directories remotely in Windows 11. It seems to block access to network shares by default so I had to go into the network configuration and allow Network Discovery and Media Streaming. How you do this changes regularly so I’ll leave you to Windows Help for how to do this.
Now open a File Explorer and Right Click on the This PC icon and select the Add a network location option, so in our example the path to the media share is like this (note the back slashes):
\\rock-3a\mediaYou will then be prompted for the Samba username and password you set up earlier. You should now have access to the shared directories.
If you open Media Player and add the directory path to your music folders containing albums they will be indexed by the app and show up in the GUI. For example, the path to my music collection is:
\\rock-3a\media\musicClick play and enjoy your music!
Step 12: VLC on Android
If you have an Android phone you can install the VLC app from the Playstore which supports SMB shares.
Just open the app and it will scan the local network and add the Samba share as a directory that you can browse into.
If you click the Audio option in the menu and select the path to your music directory, VLC will scan the contents and display your album art.
Once the music is playing on your mobile, just turn on your Bluetooth speaker and it will play through that if you want a higher quality sound!
Step 13: Troubleshooting
Configuring a secure server Samba is not trivial and the steps above need to be performed in the correct order for everything to work. If you can’t access the share via SMB double check the steps above and try these suggestions:
Check that directory and file permissions are correct. Your unprivileged shares must have sambashare group ownership with read / write / execute (s) permissions as shown above:
sudo ls -l /srv/sambaCheck each user belongs to the samba group
radxa@rock-3a:~$ groups poppy
poppy : poppy sambashareCheck each user has a password setup in Samba. Remember this is a separate password from your Linux user account.
sudo pdbedit -w -L Validate /etc/samba/smb.conf and fix any reported errors
sudo testparm -sSet the log level in the Globals section of /etc/samba/smb.conf
[global]
log level = 1
The restart the server
sudo systemctl restart smb.serviceNow you can check the log file in /var/log/samba/<hostname or ip>
sudo tail /var/log/samba/log.gigabyteSummary
This guide has shown how to create a useful low power, networked file server using the ROCK 3A and Samba. We created secure shares that can be accessed over the local network using the ubiquitous SMB protocol from devices including Linux, Window, Mac & Android.
Although we demonstrated how to share and stream media files, the same process applies to sharing any kind of file for a small office or home network, giving you full control over who has access to your documents across different operating systems.
Hopefully you will have picked up some valuable Linux permissions skills along the way and been initiated into the mystical art of Samba configuration.
ROCK on!
Comments