Once the Domain Controller and File Sharing module is enabled (either as a Domain Controller or as an Additional Domain Controller), your server can act as an SMB/CIFS File server.

By default each LDAP user has a personal /home/<username> directory on the server. If the Users, Computers and File Sharing module is active this directory will be accessible to the specific user (and only to the user) through SMB/CIFS. Furthermore, if a Windows® client host is joined to the domain this directory will be automounted as drive H:.

To create a shared directory, use File Sharing, Shares tab and click Add new.

Adding a new share

Enabled:Leave it checked if this directory needs to be shared. Disable to stop sharing.

Share name:The name of the shared directory.

Share path:Directory path to be shared. You can create a sub-directory within the Zentyal specific directory /home/samba/shares, or use an existing file system pathway by selecting Filesystem path.

Comment:A more detailed description of the shared directory simplifies management of shared assets.

Guest access:Enabling this option allows a shared directory to be accessible without authentication. Any other access settings will be ignored.

Apply ACLs recursively:Also replaces all permissions on all subfolders of the new share.

List of shares

Shared directories can be edited using Access control. By clicking on Add new, you can assign read, read/write or administration permissions to a user or group. If a user is a shared directory administrator, he/she can read, write and delete any user files within that directory.

Adding a new ACL (Access Control List)

If you want to store deleted files in a special directory called RecycleBin, you can check the Enable recycle bin box using File Sharing, Recycle bin tab. If you do not want to use this for all shared resources, then you can add exceptions using Resources excluded from Recycle Bin. Other default settings for this feature, such as the directory name, can be modified using the file /etc/zentyal/samba.conf.

Recycle bin

Using File Sharing, Antivirus tab, virus scanning of shared resources can be enabled and disabled. Exceptions can also be defined where virus scanning is not required. To use this feature the Zentyal antivirus module must be installed and enabled.

Antivirus scanning shared folders

If a virus is detected in the configured shares, the file will be moved to an special quarantine folder /var/lib/zentyal/quarantine. This behavior blocks the spreading of the malware between the users, but the system administrator will still be able to inspect the file (sometimes the malware is embedded into to useful files, like spreadsheet macros)

Malware file moved to quarantine folder

SMB/CIFS is a really common protocol that can be used natively on any Windows® Client, most flavors of Linux® (Using the Nautilus file manager, for example), Android™ and iOS.

Furthermore, the File Sharing daemon is tightly integrated with the Kerberos® subsytem (See Kerberos® Authentication System on the previous chapter), meaning that if your client is joined to the domain or has acquired the Kerberos® TGT by other means, the ACL explained above will be honored without any user intervention.