Set Up a Samba
File Server on Arch
A complete, step-by-step guide to installing and configuring Samba on a bare-metal Arch Linux machine and sharing files with a Windows client over your local network.
📖Introduction
Samba is a free and open-source re-implementation of the SMB/CIFS networking protocol. It lets Linux and Unix machines share files and printers with Windows systems seamlessly — as if they were native Windows network shares.
This guide is written for a bare-metal Arch Linux installation (not a VM, not a container). You're working directly on real hardware, so every command and config tweak here applies to your actual system.
What you'll achieve
By the end, user potato will have access to the entire root filesystem (/) from Windows, and user asmit will have access to /mnt/sda1 — both over your LAN.
Bare Metal Note
Since this is a bare-metal install, all systemd services, network interfaces, and storage mounts reflect your physical machine. There are no hypervisor quirks or bridged adapters to worry about.
🌐Network Overview
Here's what we're building. The Arch Linux box is the server; the Windows machine is the client. Both are on the same LAN subnet.
[ Arch Linux Server ] [ Windows Client ] 192.168.1.12 192.168.1.4 ┌───────────────────┐ ┌─────────────────────┐ │ Samba (smbd) │◄────SMB─────►│ File Explorer │ │ │ port 445 │ net use command │ │ [rootfs] share │──────────────► \\192.168.1.12\rootfs│ │ path: / │ │ (user: potato) │ │ │ └─────────────────────┘ │ [data] share │ ┌─────────────────────┐ │ path: /mnt/sda1 │──────────────► \\192.168.1.12\data │ └───────────────────┘ │ (user: asmit) │ └─────────────────────┘ Router / Switch 192.168.1.1 ───────────────────────────────────── Both devices on the same /24 subnet
| Host | IP Address | Role | OS |
|---|---|---|---|
| archlinux | 192.168.1.12 | Server | Arch Linux (bare metal) |
| Windows PC | 192.168.1.4 | Client | Windows 10 / 11 |
| Linux User | Samba Share | Path | Access |
|---|---|---|---|
potato | rootfs | / | Full Root |
asmit | data | /mnt/sda1 | Data Drive |
🔧Fix Mirrors (if pacman fails)
On a fresh or long-idle Arch install, the default mirrorlist might be stale, giving you 404 errors when running pacman. Fix it with reflector, which automatically picks fast, up-to-date mirrors.
# Method 1 — Automatic (recommended)
sudo pacman -S reflector
sudo reflector --country India,Singapore,Japan --protocol https --latest 10 --sort rate --save /etc/pacman.d/mirrorlist
sudo pacman -Syy# Method 2 — Manual fallback
If reflector itself won't download, edit the mirrorlist by hand:
sudo nano /etc/pacman.d/mirrorlistDelete everything in the file and paste these three reliable mirrors:
Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch
Server = https://mirrors.kernel.org/archlinux/$repo/os/$arch
Server = https://mirror.pkgbuild.com/$repo/os/$archSave with Ctrl+O → Enter → Ctrl+X, then force-refresh:
sudo pacman -SyyuBare Metal Tip
On a bare-metal Arch install the system clock might be wrong after a long uptime gap. Run sudo timedatectl set-ntp true and wait a few seconds before pacman operations if you get certificate/time errors.
📦Install Samba
With mirrors working, install the samba package. This provides smbd (file/print sharing), nmbd (NetBIOS name service), and tools like smbpasswd and smbclient.
sudo pacman -S samba
which smbpasswdThe which smbpasswd command should return /usr/bin/smbpasswd. If it prints nothing, the installation failed — re-check your mirrors from the previous step.
👤Create Linux Users
Samba requires that users exist as real Linux system accounts before you can add them to Samba's own password database. Create both users and set their Unix passwords:
sudo useradd -m potato
sudo useradd -m asmit
sudo passwd potato
sudo passwd asmitThe -m flag
The -m flag creates a home directory (/home/potato, /home/asmit). It's not strictly needed for Samba, but it's good practice for real user accounts.
🔐Add Samba User Passwords
Samba keeps its own separate password database (/var/lib/samba/private/passdb.tdb). A user can have a different Samba password from their Unix login password. Register both users:
sudo smbpasswd -a potato
sudo smbpasswd -a asmitYou'll be prompted to enter and confirm a Samba password for each user. These are the credentials Windows will use to authenticate.
smbpasswd: command not found?
This means Samba didn't install correctly. Re-run sudo pacman -S samba and verify that which smbpasswd returns a path.
⚙️Configure smb.conf
The main Samba configuration file lives at /etc/samba/smb.conf. On a fresh Arch install this file does not exist — you create it from scratch. Open it in nano:
sudo nano /etc/samba/smb.confPaste the following configuration exactly as shown:
[global]
workgroup = WORKGROUP
server string = Arch Samba Server
netbios name = archlinux
security = user
map to guest = Bad User
[rootfs]
path = /
browsable = yes
writable = yes
valid users = potato
read only = no
[data]
path = /mnt/sda1
browsable = yes
writable = yes
valid users = asmit
read only = noSave with Ctrl+O → Enter → Ctrl+X. Then validate the config syntax:
testparmtestparm loads the config and reports any syntax errors. If it ends with "Loaded services file OK" you're good to go.
Key directives explained
security = user — require username/password login. map to guest = Bad User — failed logins silently map to the guest account (harmless with no guest share). valid users — whitelist exactly which Linux users can access each share.
▶️Start Samba Services
Samba runs as two systemd services: smb (the SMB/CIFS file server) and nmb (NetBIOS name broadcasting — lets Windows discover the server by hostname). Enable and start both:
sudo systemctl enable --now smb nmb
sudo systemctl status smb
sudo systemctl status nmbBoth services should show active (running) in green. The --now flag means "enable at boot AND start immediately."
After every config change
If you edit smb.conf later, run sudo systemctl restart smb nmb to apply the changes without rebooting.
🔥Firewall Fix (Critical!)
This is the most common reason Samba "works" locally but Windows can't connect. UFW (Uncomplicated Firewall) blocks SMB ports by default. Open the four required ports:
| Port | Protocol | Purpose |
|---|---|---|
137/udp | UDP | NetBIOS Name Service |
138/udp | UDP | NetBIOS Datagram Service |
139/tcp | TCP | NetBIOS Session Service (legacy SMB) |
445/tcp | TCP | Direct SMB over TCP (modern, required) |
sudo systemctl enable --now ufw
sudo ufw allow 137/udp
sudo ufw allow 138/udp
sudo ufw allow 139/tcp
sudo ufw allow 445/tcp
sudo ufw reload
sudo ufw status# Temporary: disable firewall for testing
If Windows still can't connect after opening ports, temporarily disable UFW to confirm the firewall is the culprit:
sudo ufw disable # disable for testing only — re-enable after!Don't leave the firewall disabled
Re-enable it with sudo ufw enable once you've confirmed connectivity. Running Samba without a firewall on a shared network exposes your entire filesystem.
🧪Test Samba Locally
Before touching Windows, verify Samba is working from the Linux machine itself using smbclient:
smbclient -L localhost -U potatoEnter potato's Samba password when prompted. You should see a share list like:
Sharename Type Comment
--------- ---- -------
rootfs Disk
data Disk
IPC$ IPC IPC Service# Verify Samba is listening on port 445
ip a # confirm your IP is 192.168.1.12
ss -tulnp | grep 445 # confirm smbd is listeningThe ss command should show smbd listening on 0.0.0.0:445.
🪟Connect from Windows
Open Command Prompt on the Windows machine (Win + R → cmd → Enter):
# Step 1 — Verify network connectivity
ping 192.168.1.12You should get replies. If not, the machines can't reach each other — check your router/switch.
# Step 2 — Clear old Windows credentials
net use * /delete# Step 3 — Map the shares
net use \\192.168.1.12\rootfs /user:potato
net use \\192.168.1.12\data /user:asmitEnter the respective Samba passwords when prompted. A success message means the shares are mounted.
📂Access via Windows Explorer
Open File Explorer and type any of these directly into the address bar:
\\192.168.1.12 ← Browse all shares
\\192.168.1.12\rootfs ← potato's root share
\\192.168.1.12\data ← asmit's data shareYou can also right-click This PC → Map network drive → enter the path → check "Connect using different credentials" → enter the Samba user and password.
Persistent drive mapping
To auto-mount at login, check "Reconnect at sign-in" when mapping the drive in Explorer, or use net use Z: \\192.168.1.12\rootfs /user:potato /persistent:yes in CMD.
🚨Troubleshooting
Fix: Run
sudo pacman -S samba again. If pacman fails with 404 errors, fix your mirrors first (Section 03).
Fix: Follow Section 03 to update mirrors with
reflector or manually paste three working servers, then run sudo pacman -Syyu.
Fix: Run
testparm and read the output carefully. Common mistakes: wrong indentation, typos in key names, missing section headers. Make sure the file is at /etc/samba/smb.conf (not ~/.smb.conf).
Fix: Check in order: (1)
ping 192.168.1.12 from Windows — if this fails it's a network issue. (2) sudo ufw status on Linux — make sure ports 137–139 UDP/TCP and 445 TCP are ALLOW. (3) sudo systemctl status smb — make sure it's running.
sudo iptables -L # view raw iptables rules
sudo ufw status verboseufw allow commands from Section 10, then sudo ufw reload.
ip a # look for inet under your NIC (e.g. eth0, enp3s0)net use / Explorer path if the IP has changed (assign a static IP or DHCP reservation to avoid this).
Fix: Make sure the
path in smb.conf is accessible by the valid users account. For /mnt/sda1, confirm sudo chown -R asmit:asmit /mnt/sda1 was run. Check with ls -la /mnt/sda1.
Fix: Open Credential Manager (Control Panel → User Accounts → Credential Manager) → Windows Credentials → remove any entry for
192.168.1.12. Then in CMD:
net use * /delete