Welcome to Manjaro Linux - I have similar experience and certification for Windows Networking (sysadmin hosting virtual SMB).
If you want your system to be invisible (won’t respond to requests, ping included) - install firewalld and set the default zone to drop.
sudo pacman -Syu firewalld python-pyqt6
sudo systemctl enable --now firewalld
sudo firewall-cmd --set-default-zone drop
When you are using NetworkManager - you may need to verify that NetworkManager has picked up the new zone assignment.
Be aware that this may block any services you may have intentionally activated.
You need to deliberately enable and configure samba for this to be true.
A default Manjaro system has no active network services (opening ports)
samba service is not needed to be able to access shares on remote systems - this is a separate package - smbclient - which is included by default.
You need to deliberately install the package manjaro-settings-samba for this to be true.
Samba package may be provided by default; it needs to be enabled and configured before it can be used; this can be tricky for those new to samba therefore a package exist manjaro-settings-samba (non default).
- the package is not default installed
- the smb and nmb service is not default enabled
When you sync that package you get a working samba configuration and the relevant services are started and enabled.
The provided configuration /etc/samba/smb.conf is providing restricted access to the system and further configuration may be required by the system administrator
[global]
workgroup = WORKGROUP
dns proxy = no
log file = /var/log/samba/%m.log
max log size = 1000
client min protocol = SMB2
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
map to guest = Bad Password
usershare allow guests = yes
name resolve order = lmhosts bcast host wins
security = user
guest account = nobody
usershare path = /var/lib/samba/usershare
usershare max shares = 100
usershare owner only = yes
force create mode = 0070
force directory mode = 0070
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
show add printer wizard = no
[homes]
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
The package adds existing user(s) to a group named sambashare. The group membership takes effect after rebooting the Manjaro system (or restarting userspace)
systemctl soft-reboot
The configuration allows existing users to access their home (readonly) from another system using the network address smb://<hostname>/<username>
using the credentials from the connecting system - if applicable - otherwise they are challenged to provide the correct credentials.
The configuration also allows existing users to share any home folder to the network using the folder /var/lib/samba/usershare as starting point.
If that was not your intention, remove the package to roll back.
- smb and nmb will be disabled
- the configuration will be removed (or in case of changes, renamed with .pacsave extension)
- the folder /var/lib/samba/usershare may not be removed if it contains data