Configuring User Access

The next important step in configuring the Samba server is to specify how user accounts should be handled. Basically, the issue is that the user connecting to a Samba share usually is a Windows user. Being a Windows user, he comes in with Windows credentials, such as a password that is encrypted with the Windows NTLM password hash. Unfortunately, this way of encrypting passwords is not compatible with the way Linux encrypts its passwords, so something must be done to allow the Windows user to log in with his Windows password. Basically, this means you need to configure some additional authentication service. In the following list, you see an overview of the available options:

• Configure an additional file in which the names of the Windows users are stored.

• Don't use user authentication at all, but work with share level security. This is an unsecure option that you should never use on a server.

• Centralize the management of Windows user credentials on one server in the network.

• Hook the Samba server up with a Windows domain to handle user authentication.

• Make the Samba server a Windows NT-style domain controller.

• Set up an LDAP directory service, and put the local Linux users as well as the Samba users in that.

I won't discuss all of these options here; that would require a book on its own. In this chapter, I'll discuss the easy method of creating an additional file in which the names of Windows users are stored. Later you'll also read how to configure your Samba server as a domain controller. In Chapter 17 of this book, you can read how to integrate Samba information in your local LDAP server.

To set up a local Samba user database, you need the command smbpasswd. With this command, you can create and later add to a Samba user database file with the name of /etc/samba/smbpasswd. For every user you want to allow access to the Samba server, you need to create an entry in this file. Before doing so, you must make sure the user already exists in the local Linux user database. If the user doesn't exist already, smbpasswd will give an error indicating that it is impossible to create the user. After verifying that the user you want to create as a Samba user already exists as a local user, use smbpasswd -a username to create the Samba user. This adds the user with its new credentials to the /etc/samba/smbpasswd file and makes sure the user can log in to your server.

Was this article helpful?

0 0

Post a comment