Adding users to the Samba server

In the previous recipe, we installed the Samba server and created a public share accessible to everyone. In this recipe, we will learn how to add authentication to the Samba server and password protect shared directories.

Getting ready

You will need access to a root account or an account with sudo privileges.

Make sure that the Samba server is installed and running.

How to do it…

Follow these steps to add users to the Samba server:

1. Create a new user account. You can use any existing account or add a new Samba only account with the following command. Change smbuser to your desired username:

   $ sudo useradd -d /home/smbuser -s /sbin/nologin smbuser
   

2. Now, we need to allocate a Samba password to this new user. First, enter your sudo password, followed by the new password for your Samba account, and then verify the password:

   $ sudo smbpasswd -a smbuser
   

   
3. Create a shared directory for this user and change its ownership:

   $ sudo chown smbuser:smbuser /var/samba/share/smbuser
   

4. Next, edit the Samba configuration to add the preceding share:

   [Private]
   path = /var/samba/shares/smbuser
   browsable = yes
   writable = yes
   valid users = smbuser
   

5. Save the changes to the configuration file and reload the Samba server:

   $ sudo service smbd reload
   

6. Now, check in Windows Explorer. You should see the new shared directory. On trying to open that directory, you will be asked for a Samba username and password:
   

How it works…

Samba allows various different types of configuration for shared resources. In the previous recipe, we learned how to set up a public share, and in this recipe we have created a private share for a single user. We have created a new user with the nologin permission. This will allow smbuser to access only the Samba shared directory and nothing else. You can also use existing user accounts on the Ubuntu server.

After adding a user, we set a password to be used with the Samba server. Samba maintains a database of passwords separately from Ubuntu passwords. You can enable or disable Samba users with the following commands:

• Enable a Samba user:

  $ sudo smbpasswd -e username
  

• Disable a Samba user:

  $ sudo smbpasswd -d username
  

• Remove a Samba user:

  $ sudo smbpasswd -x username
  

To enable multiple users to access a shared resource, you can specify the list of users under the valid users line, as follows:

valid users = userone, usertwo, userthree

Similarly, you can limit write permissions to a set of users, as follows:

write list = userone, usertwo

Samba also supports the sharing of users, home directories. This will enable users to create shares for all existing Ubuntu users with a single block of configuration. Add the following lines to the Samba configuration to enable the sharing of home directories:

[homes]
browseable = No
valid users = %S

After this configuration, user's home directories will be available at //server-name/user-name. You will be required to provide a username and password to access these shares. Home directories are by default shared as read only. To enable write permissions, add the following line to the preceding block:

writable = yes

Note that on Windows, you will not be able to access multiple home directories from a single Windows system. Windows does not allow multiple user authentications to a single host.

Alternatively, to share a directory with a group of users, you can use group sharing. Use the following line to share a directory with a group of users:

path=/var/samba/shares/group-share
valid users = @groupname

Then, set group ownership on the directory, group-share:

$ sudo chgrp groupname /var/samba/shares/group-share

There are some other directives such as create mask, directory mask, force user, and force group. These directives can be used to determine the permissions and ownership of the newly created files under Samba share.

After any changes to the Samba configuration file, use testparm to check the configuration for any syntax errors:

$ testparm

It should show the Loaded services file OK message, as listed in following screenshot:

There's more…

With the release of version 4, Samba can be set as a domain controller. Check the official documentation for more details at the following link:

https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller

You can also configure the Samba server to authenticate against the LDAP server. LDAP installation and configuration is covered in Chapter 14, Centralized Auth Service. For more details on Samba and LDAP integration, check out the Ubuntu server guide at https://help.ubuntu.com/lts/serverguide/samba-ldap.html.

See also

• Linux home server Samba guide at http://www.brennan.id.au/18-Samba.html#useraccounts