Previous Section  < Day Day Up >  Next Section

Recipe 23.5. Adding Authentication to a Samba Server

23.5.1 Problem

You are not comfortable with the freewheeling, wide-open methods of file sharing described in the previous recipes. You want a nice central file server with all the shares tucked safely away on it, and you want to control who has access to the shares.

23.5.2 Solution

First of all, you must edit smb.conf to add user-level security and to require encrypted passwords. (Both of these are the 3.0 defaults, but it's always good to be explicit.) Then you must create Samba users with smbpasswd. Your Samba users must also have Linux system accounts on the server, so these must be created first. Both Windows and Linux users must have Samba accounts.

This example modifies the configuration from Recipe Recipe 23.2:

[global]

   workgroup = workgroup

   netbios name = windbag

   server string = lan file server

   security = user

   encrypt passwords = yes

   browseable = yes

   hosts allow = 192.168.1.

   

[share1]

   path = /sharedstuff

   comment = testfiles

   read only = No

Restart Samba after editing smb.conf.

Now you can create a Samba user and password:

# smbpasswd -a andrew

New SMB password:

Retype new SMB password:

Added user andrew.

Any users that you add with smbpasswd must already have system accounts on the Samba server. If they are not in /etc/passwd, you will get this error:

Failed to initialise SAM_ACCOUNT for user <foo>.

Failed to modify password entry for user <foo>


Continue adding users and defining your shares. Don't forget to write down the passwords to give to your users.

23.5.3 Discussion

This two-password-database clunkiness is due to the difference between Unix and Windows passwords, and the way each platform manages file permissions. They are very different critters, so the smbpasswd file is a bridge between the two. The next recipe shows how to use mksmbpasswd to convert /etc/passwd to /etc/samba/smbpasswd.

Samba also supports XML, LDAP, and MySQL for password backends. See Chapter 10 in The Official Samba-3 HOWTO and Reference Guide on samba.org for details.

23.5.4 See Also

  • smb.conf(5), smbpasswd(5), smbpasswd(8)

  • Chapter 8

    Previous Section  < Day Day Up >  Next Section