Samba 

yay -S samba wsdd2 avahi;
groupadd --system smbuser;
useradd --system -c 'smbuser' -g smbuser -d / -s /bin/nologin smbuser;
systemctl mask nmb;
Copy conf before next steps.
smbpasswd -a -n smbuser;
systemctl --now enable smb.service wsdd2.service avahi-daemon.service;

avahi is needed for browser listing

wsdd2 says it req CAP_NET_RAW CAP_NET_ADMIN but works even if it’s unable to get those

List smb db users

pdbedit -L -v

Config sample

[global]
    workgroup = Takhis.net
    map to guest = Bad User
    obey pam restrictions = Yes
    guest account = smbuser
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
    
    ## DEBUG (set to 4 for debug)
    log level = 1 nmbd:0
    # nmbd:4 smb:4 rpc_parse:4 rpc_srv:4 auth:4 winbind:4 acls:4 smb2:4 dns:3
    #
    # all tdb printdrivers lanman smb rpc_parse rpc_srv rpc_cli sam auth winbind vfs
    # idmap quota acls locking msdfs dmapi registry scavenger dns ldb tevent auth_audit
    # auth_json_audit kerberos drs_repl smb2 smb2_credits
    #log level = 1 passdb:4 auth:4 winbind:4
    logging = systemd
    ## END

    name resolve order = wins, lmhosts, host, bcast
    os level = 99
    preferred master = Yes
    domain master = Yes
    dns proxy = No
    wins support = No
    #server min protocol = SMB2
    #server max protocol = SMB2_10
    client min protocol = SMB2
    client max protocol = SMB2_10
    idmap config * : backend = tdb
    idmap config * : range = 1000000-2000000
    invalid users = root
    username map script = /bin/echo
    guest ok = Yes
    server multi channel support = yes
    deadtime = 30
    use sendfile = Yes
    min receivefile size = 16384
    aio read size = 1
    aio write size = 1
    unix extensions = No

# disable DOS mangled filenames
#   mangled names = no
#   dos charset = CP850
#   unix charset = UTF-8
#   dos charset = ISO8859-1
#   unix charset = UTF-8
    
# Disable printing
    load printers = No
    printing = bsd
    printcap name = /dev/null
    disable spoolss = Yes

[Upload]
    comment = Upload on kerflooey
    path = /media/incoming/public
    force user = vociferous
    force group = users
    read only = No
    create mask = 0644

[Shared]
    comment = Shared on kerflooey
    path = /srv/samba_meta/
    force user = vociferous
    force group = users
    create mask = 0644
    read only = yes

Last modified: Wed Jul 30 08:52:26 2025