Tags
file share

This guide explains how to configure a Samba share on Debian 13 (Trixie) and connect to it from a Windows 10 laptop in the local LAN (192.168.0.0/24). It also covers integration with FireHOL firewall rules and using the share with BorgBackup.

1. Install Required Packages

apt install samba smbclient cifs-utils gvfs-backends gvfs-fuse

2. Create a Shared Directory

mkdir -p /mnt/raid1/laptop/samba
chown sambauser:sambauser /mnt/raid1/laptop/samba
chmod 2775 /mnt/raid1/laptop/samba

3. Create a Samba User

useradd sambauser -M -s /usr/sbin/nologin
passwd sambauser
smbpasswd -a sambauser

4. Configure Samba (/etc/samba/smb.conf)

Append at the end:

[laptop]
   path = /mnt/raid1/laptop/samba
   browsable = yes
   writable = yes
   guest ok = no
   valid users = sambauser
   create mask = 0664
   directory mask = 0775

Restart Samba:

systemctl restart smbd

5. FireHOL Firewall Rule

Edit /etc/firehol/firehol.conf:

version 6

interface4 lan enp3s0 src 192.168.0.0/24
    server tcp/139,445 accept
    server udp/137,138 accept
    server udp/3702 accept   # WS-Discovery for Win10
    client all accept

Reload:

systemctl restart firehol

6. Connect from Windows 10

  • Open Explorer → \\192.168.0.31\laptop
  • Enter credentials:
    • Username: sambauser
    • Password: (set with smbpasswd)

Or map drive permanently:

net use Z: \\192.168.0.31\laptop /user:sambauser YourPassword /persistent:yes

7. Using the Share with BorgBackup

On Debian (mounting the Samba share locally)

mkdir -p /mnt/laptop_backup
mount -t cifs //192.168.0.31/laptop /mnt/laptop_backup \
    -o credentials=/root/.smbcredentials,iocharset=utf8,vers=3.0

/root/.smbcredentials:

username=sambauser
password=YourPassword

Initialize Borg repo:

borg init --encryption=repokey /mnt/laptop_backup/borgrepo

Create backup:

borg create --progress --stats /mnt/laptop_backup/borgrepo::$(date +%F) /path/to/data

8. Notes

  • Windows guest access is disabled by default → always use a Samba user.
  • WS-Discovery (3702/udp) makes the server visible in Windows Network.
  • Borg over SMB works for home LAN use but may be slower; SSH/NFS is more robust for production.