How to tweak Samba on ASUSWRT with both public and protected folders

How to tweak Samba on ASUSWRT with both public and protected folders

ASUSWRT does a decent job at providing Samba shares to the Windows clients on the network and this will work in most cases. However, if you need to mix password protected with public (open) folders, the firmware cannot handle this scenario.

Fortunately, Asus made a decent job at making the firmware customizable enough that this functionality can be enabled with a bit of custom tweaking.

Prerequisites

Enable password-protected Samba functionality and add the necessary users you want to use for login (the admin user is included by default). Configuring the shared folder can be done at this point but is not necessary as this can also be done later.

Start by enabling SSH access to the router – to be able to modify internal configuration files.

Either use SSH (with the built-in vi editor) or a SCP file manager to edit the necessary files on the router’s filesystem:

The files setup final result

Make Samba’s configuration changes permanent

We’ll need a script to restore the customized samba configuration file after every (re)boot. David Longenecker already did all the hard work and found the necessary steps for this. Thanks, David!

I used the fixsamba script from David’s Github and placed it in the router’s /jffs (non-volatile) storage. The script takes care of killing Samba, restoring the tweaked configuration file from the backup copy and then restarting Samba with the customized configuration file.

For make the router run the script when necessary, execute the following 3 commands via SSH:

chmod 775 /jffs/fixsamba
nvram set script_usbmount="/jffs/fixsamba"
nvram commit

Tweak Samba’s configuration

Copy Samba’s configuration file to the jffs storage:

cp /etc/smb.conf /jffs/smb.conf

Edit the /jffs/smb.conf configuration file to re-enable guest access (by mapping bad users to the guest user) by editing the map to guest parameter:

map to guest = Bad User

Now define your shared folders with their appropriate configuration and access. In the example below, the first folder is password protected with read/write access, while the second one has public read-only access:

[data]
comment = My Stick
path = /tmp/mnt/Data/media
dos filetimes = yes
fake directory create times = yes
valid users = admin, user
invalid users =
read list = admin, user
write list = admin, user
[public]
path = /tmp/mnt/Data/media/public
read list = guest, nobody
browsable = yes
guest ok = yes
read only = yes
create mask = 0755

See the official documentation for more configuration parameters.

 

Notes

  • By default, the script waits for 3 minutes before restarting Samba. If that is too long (and you restart your router often) the value can be tweaked down. I changed it to 30s and it was enough for my AC58U router.
  • Files stored on the /jffs partition are kept across reboots. However, they can get lost during firmware resets or updates, so keep a copy of those files somewhere safe.
  • Modifying Samba’s configuration via the web interface options can override some or all of the tweaks. The tweaks will be restored on reboot (from the separate configuration file) and any changes made via the web interface will be lost – you’ll need to compare/transfer any of the needed configuration changes to the /jffs/smb.conf file.
  • After prolonged runtime Samba may lose the configuration tweaks or restart without them – configuring the router to periodically restart (weekly?) ensures the tweaks are reapplied.

Leave a Reply