It's not an easy job to configure Samba share in standard DD-WRT because by default, the /etc folder is read-only. So before start, please following the previous tutorial to set a writable /etc. Also, might to your surprise, DD-WRT does have a Samba3 built in the firmware and it works just fine. In this article, you'll be guided through the whole process to set up a password protected samba share with customized username/password.
- Check if there is a Samba server built in
Log in the router, then run
Output should be "Version 3.0.24", which means the firmware has Samba 3.0.24 included.
If the Samba server is missing, install it by running
opkg install samba3
- Add dedicated users for Samba
For security reasons, I strongly suggest NOT to use "root" to access your Samba share. Instead, here we'll create users for Samba(and ftp) only with minimal privilege and no login shell.
First, add the following lines to file /etc/passwd
Save the /etc/passwd file, then run
to change the password for user "share". Now check the content of the updated /etc/passwd file, the line for user "share" will look like:
The red part is the encrypted password. In the example line above, the password is also set to "share".
To make the change permanent, create a new script /opt/etc/init.d/adduser
grep -q nobody /etc/passwd || echo 'nobody:x:65534:65534:nobody:/mnt:/bin/false' >> /etc/passwd
grep -q share /etc/passwd || echo 'share:$1$2zhNidn9$DJK7SG8aqMg2hDsBYv6yZ.:65534:65534:share:/mnt/share:/bin/false' >> /etc/passwd
Don't forget to change the red part. Then set it to run during boot up:
chmod a+x /opt/etc/init.d/adduser
ln -s /opt/etc/init.d/adduser /opt/etc/init.d/S05adduser
The Home folder for user share will be /mnt/share, create it if its not present.
mkdir -m 777 /mnt/share
Then use smbpasswd to add a samba user with username "share" and password "share"
smbpasswd share share
#replace the red part with your own password
Copy the newly created /etc/samba/smbpasswd to /opt/etc/samba/smbpasswd to keep the /etc/ folder clean and in the future all configuration files will be stored in /opt/etc/samba folder. Please leave /etc/samba folder there(don't delete it) as its also required by Samba.
mkdir -p /opt/etc/samba/
cp -a /etc/samba/* /opt/etc/samba/
chmod 644 /opt/etc/samba/smbpasswd
smb.conf, the configuration file for Samba
Use vi or nano, create file /opt/etc/samba/smb.conf with contents below:
netbios name = DD-WRT
workgroup = WORKGROUP
server string = DD-WRT
syslog = 10
encrypt passwords = true
passdb backend = smbpasswd
obey pam restrictions = yes
socket options = TCP_NODELAY
preferred master = no
os level = 20
security = user
guest account = nobody
invalid users = root
smb passwd file = /opt/etc/samba/smbpasswd
unix charset = UTF-8
dos charset = UTF-8
comment = Home Directories
browseable = no
read only = no
create mode = 0750
path = /mnt/
read only = no
guest ok = no
create mask = 0700
directory mask = 0700
Now test the file by running
smbd -s /opt/etc/samba/smb.conf
and access the Samba server by typing \\192.168.1.1 in the address bar. Login with user "share". You should see two folders: "Share"(/mnt/share) and "USBDrive"(the whole /mnt folder).
For Windows Vista/7 machine, a compatibility bit must be set to work with the Linux Samba share. See the end of the post.
- Run Samba as a service
If everything works out, it's time for the startup script
Create file /opt/etc/init.d/samba(delete all previous contents if its not empty).
kill -9 $(pidof smbd)
kill -9 $(pidof nmbd)
/usr/sbin/smbd -s /opt/etc/samba/smb.conf
#if you installed samba3 through opkg, use
#/opt/bin/smbd -s /opt/etc/samba/smb.conf
Then set it to run upon bootup:
chmod a+x /opt/etc/init.d/samba
ln -s /opt/etc/init.d/samba /opt/etc/init.d/S50samba
- (Optional)Fix Samba and Windows Vista/7
When accessing Samba from a Windows Vista/7 machine, the password will always be rejected regardless whatever you input. That's because the Samba we used here does not support the new password authorization scheme in Windows.
Go to: Local Policies -> Security Options
Find "Network Security: LAN Manager authentication level" and change setting from "Send NTLMv2 response only" to "Send LM & NTLM - use NTLMv2 session security if negotiated"
Some Windows versions may not have secpol.msc, in this case, save these 3 lines below to file sambafix.reg and run it:
Windows Registry Editor Version 5.00
Reboot the Windows to make the change take effect.