ksmbd
KSMBD is a server which implements SMB3 protocol in kernel space for sharing files over your network and can be used as a Samba alternative. Ksmbd tends to use fewer resources than Samba, but also has less features.
Installation
To use ksmbd with LuCI install the package luci-app-ksmbd which will automatically install the server and dependencies too. To use ksmbd only on the command line instead install ksmbd-server and ksmbd-tools.
To share an external drive plugged into USB/eSATA first install the drivers, filesystem, and mount it as outlined in the Samba prerequisites section.
Configuration
In LuCI, go to Services → Network Shares. Here you can add shared directories, name the shares, set the drive path (e.g. /mnt/sda1), set allowed users, etc.
For security it's recommended to add a user account for access. This can only be set from the command line via ksmbd.adduser. See below for details.
The command line configuration file is at /etc/config/ksmbd, with some options hardcoded at /etc/ksmbd/ksmb.conf.template.
Per user security
User account access: (recommended) to access shares with a user account, SSH in and use ksmbd.adduser [username] then set a password. The file /etc/ksmbd/ksmbdpwd.db will be created. Enter your username on the LuCI Services → Network Shares page in the Allowed users box. Save & apply.
Guest access: to allow guest access without a user account check force root and allow guests on the LuCI page.
Annonymous access: to access shares anonymously using the nobody/nogroup user, first assign ownership for all files and directories at these mounting points to that user:
chown -R nobody:nogroup /mnt/sda1
Example
This example uses the command-line and assumes you have a block device attached on /mnt/sda1.
root@OpenWrt:~# ksmbd.adduser --help
Usage: ksmbd.adduser [-v] [-P PWDDB] [-c CONF] [-a | -u | -d] [-p PWD] USER
If neither `-a', `-u', nor `-d' is given, either add or update USER.
USER must be UTF-8 and [1, 48) bytes.
USER cannot contain colon (`:').
-a, --add add USER to user database
-u, --update update USER in user database
-d, --delete delete USER from user database
-p, --password=PWD use PWD as user password instead of prompting;
PWD must be UTF-8 and [0, 129) bytes
-P, --pwddb=PWDDB use PWDDB as user database instead of
`/etc/ksmbd/ksmbdpwd.db'
-C, --config=CONF use CONF as configuration file instead of
`/etc/ksmbd/ksmbd.conf'
-v, --verbose be verbose
-V, --version output version information and exit
-h, --help display this help and exit
See ksmbd.adduser(8) for more details.
Configure shares in LuCI → Services → Network Shares or by editing /etc/config/ksmbd:
config globals option workgroup 'WORKGROUP' option description 'Ksmbd on OpenWrt' option interface 'lan' config share option name 'ssd' option path '/mnt/sda1' option read_only 'no' option guest_ok 'yes' option create_mask '0666' option dir_mask '0777'
or the above config will look similar to this when allowed users have been added:
config globals option workgroup 'WORKGROUP' option description 'Ksmbd on your_router_name' config share option name 'router-USB1' option path '/mnt/sda1' option read_only 'no' option guest_ok 'no' option create_mask '0666' option dir_mask '0777' option users 'user1'
Multiple devices and shares may be added by adding a config share section with a name and mount location for each.
Global section
The globals section contains share-independent options.
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
workgroup | string | no | WORKGROUP | Workgroup name |
description | string | no | Ksmbd on OpenWrt | Server description |
allow_legacy_protocols | boolean | no | 0 | Enables support for insecure versions of SMB3 protocol |
Share sections
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
name | string | yes | (none) | Share name that will be displayed in a file browser |
path | string | yes | (none) | Directory path |
comment | string | no | (none) | |
users | string | no | (none) | |
create_mask | number | no | (none) | chmod mask for created files |
dir_mask | number | no | (none) | chmod mask for created directories |
browseable | string | no | (none) | |
read_only | string | no | (none) | |
writeable | string | no | (none) | |
guest_ok | string | no | (none) | |
force_root | boolean | no | (none) | |
write_list | string | no | (none) | |
read_list | string | no | (none) | |
users | string | no | (none) | |
hide_dot_files | string | no | (none) | |
veto_files | string | no | (none) | |
inherit_owner | string | no | (none) | |
force_create_mode | string | no | (none) | |
force_directory_mode | string | no | (none) |
Performance
Most modern devices have fast enough CPU and RAM to saturate 1Gbps LAN (100-120MB/s read/write) with Ksmbd or Samba using a USB3 drive, and some will serve much faster using 2.5Gbps ports.
On devices with adequate RAM (>256MB) performance can be improved by increasing (or comment out) the preset buffer limits in LuCI → Services → Network Shares → Edit Template. Save and apply.
These values are adjusted automatically when running 25.12 onward as of commit 25519. For 24.10 or older you can edit the values or comment out the 5 lines as desired:
#smb2 max read = 512K #smb2 max write = 512K #smb2 max trans = 512K 32 ~ 64MB RAM, set the value to 64K 64 ~ 128MB, set it to 128KB 128 ~ 256MB, set it to 1MB More than 256MB leave default size to 4MB With 64MB and 128MB it is better also to disable the read/write cache #cache read buffers = no #cache write buffers = no