This repository contains a basic Dockerfile for installing Samba 4 on Alpine Linux.

This is a solution for network filesharing. I use it on my self-built, zfs-based NAS server and connect up OSX, Linux, and Windows clients.

I was previously running Netatalk for Apple AFP support, however I've found that Samba works reasonably well for me and it appears that Apple may start prefering Samba over AFP.

Create the smb.conf configuration file. The following is an example:

[global]
  workgroup = WORKGROUP
  server string = %h server (Samba, Alpine)
  security = user
  map to guest = Bad User
  encrypt passwords = yes
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes
  disable netbios = yes
  server role = standalone
  server services = -dns, -nbt
  smb ports = 445
  ;name resolve order = hosts
  ;log level = 3

[Dozer]
  path = /dozer
  comment = ZFS
  browseable = yes
  writable = yes
  valid users = carol

[Shared]
  path = /share
  comment = Shared Folder
  browseable = yes
  read only = yes
  write list = carol
  guest ok = yes

For added security, you can control which interfaces Samba binds to and which networks are allowed access. This is important if you're using --net=host because Samba will bind to all interfaces by default and may bind to an interface you hadn't intended. Add to the [global] section:

  hosts allow = 192.168.11.0/24 10.0.0.0/24
  hosts deny = 0.0.0.0/0
  interfaces = 192.168.11.0/24 10.0.0.0/24
  bind interfaces only = yes

I'm experimenting with the following settings (in the [global] section) to add default permissions for windows clients, to enable extended features for OSX clients, to enable recycle bins, and to be able to use ZFS's posix-style ACLs.:

  create mask = 0664
  directory mask = 0775
  veto files = /.DS_Store/
  nt acl support = no
  inherit acls = yes
  ea support = yes
  vfs objects = catia fruit streams_xattr recycle
  acl_xattr:ignore system acls = yes
  recycle:repository = .recycle
  recycle:keeptree = yes
  recycle:versions = yes

Add/update the -v volumes below to match the shares defiend in your smb.conf file and run:

docker run -dt \
  -v $PWD/smb.conf:/etc/samba/smb.conf \
  -v $PWD/dozer:/dozer \
  -v $PWD/share:/share \
  -p 445:445 \
  --name samba \
  --restart=always \
  stanback/alpine-samba

You can replace -p 445:445 with --net=host above if you want to use your host's networking stack instead of Docker's proxy but it's not necessary. You can append additional arguments for smbd or append --help for a list of options.

Once the server is running, you can add your users using the following:

docker exec -it samba adduser -s /sbin/nologin -h /home/samba -H -D carol
docker exec -it samba smbpasswd -a carol

Check the logs for startup errors (adjust log level in smb.conf if needed), then connect a client and check the status:

docker logs -f --tail=100 samba
docker exec -it samba smbstatus

For auto-discovery on Linux and OSX machines, we can use the multicast-based mDNS and DNS-SD protocls (also known as Bonjour) using Avahi daemon.

The main use-case for this project is for a standalone, personal or small workgroup file server with a majority of clients on OSX or Linux. I've made a choice to not support legacy protocols, including NetBIOS, WINS, and the old Samba port 139. Some of the issues with NetBIOS include excessive broadcast packets, lack of IPV6 support, and easy spoofing.

Because of this, it means:

• For Windows clients, your Samba server won't be shown under network browsing. Microsoft has been adding support for DNS-SD functionality recently, so it's possible they will eventually support finding Samba shares using mDNS and DNS-SD. In the meantime, you can still connect directly to the IP or hostname to use the shares.

• Samba can act as a domain controller or join an NT domain but that is not supported with this configuration. I may put together a separate project that supports NetBIOS/WINS and can either join or act as a domain controller.

To announce Samba on your network, setup a file called smb.services (below) in a new folder services/. You can announce more services here, such as SSH or SFTP.

<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
 <name replace-wildcards="yes">%h</name>
 <service>
   <type>_smb._tcp</type>
   <port>445</port>
 </service>
 <service>
   <type>_device-info._tcp</type>
   <port>0</port>
   <txt-record>model=RackMac</txt-record>
 </service>
</service-group>

docker run -d \
  -v $PWD/services:/etc/avahi/services \
  --net=host \
  --name=avahi \
  --restart=always \
  stanback/alpine-avahi

It's possible to not use --net=host, and instead specify the port mapping -p 5353:5353/udp and optionally giving your Docker container a hostname with --hostname=myhostname but I haven't gotten it to work correctly.

Nothing special should need to happen on your clients, below are some settings that may be tweaked.

Disable writing .DS_Store files on network shares:

defaults write com.apple.desktopservices DSDontWriteNetworkStores true

Disable netbios (be careful with this one):

sudo launchctl disable system/netbiosd