Add Samba User in Linux with smbpasswd

Posted on

Before a file or folder shared which is defined through a samba service can really be accessed by someone else especially if it is already defined in the samba configuration that it need an account to access it, adding a new samba user is very important. Below is the shared definition of samba which need a specific account to access it :

Before adding samba user, we have to add the user itself to the system so that it can be recognized and is registered officially in the system. Below is the article which can be read for further explanation titled ‘Create User for specific purpose like Samba Sharing‘.

Try to add a user which is going to be used to access file sharing provided by samba service.

smbpasswd -a guest

The output of the execution is shown as below :

root@hostname:~# smbpasswd -a guest
New SMB password:
Retype new SMB password:
Failed to add entry for user guest.
You have new mail in /var/mail/root
root@hostname:~#

It is failed, because it seems that samba forbid to create user with the name of ‘guest’, there might be an explanation for that but in the mean time try to add another user as follows by executing certain command.

Create user with the name of user which is going to be created or registered as a samba user as shown below :

adduser --no-create-home --disabled-password --disabled-login myguest

This is the sample output of the command’s execution :

root@hostname:~# adduser --no-create-home --disabled-password --disabled-login guests
Adding user `myguests' ...
Adding new group `myguests' (1008) ...
Adding new user `myguests' (1007) with group `myguests' ...
Not creating home directory `/home/myguests'.
Changing the user information for myguests
Enter the new value, or press ENTER for the default
        Full Name []: MyGuests
        Room Number []: 
        Work Phone []: 
        Home Phone []: 
        Other []: 
Is the information correct? [Y/n] Y
root@hostname:~# 

After that, register the already created user on the system to samba service using the following command :

root@hostname:~#smbpasswd -a myguest
New SMB password:
Retype new SMB password:
Added user myguest.
root@hostname:~#

After successfully adding user with the above command execution. It is the time to test whether the user with the password authentication can really be used to access samba shared file and folder definition.

After successfully defining file and folder shared definition which the step to do it can be read in this article, try to access it by executing the command which is available by installing samba-client package that can be read in this article.

Below is the execution process for accessing file and folder shared definition :

smbclient -L //Server_IP_Address -Uusername

Description : 

smbclient : It is the command which can be used to access, to list file or folder shared definition
-L : It is a parameter which is used to list the file or folder shared definition
//Server_IP_Address : It is the IP Address of the host, server or workstation where the file or folder shared definition exists.
-U : It is a parameter which is used to specify the user which is going to be used for accessing the file or folder shared definition.
username : It is the value of the parameter -U, in this case we are using username to connect and access the file or folder shared definition. 

The example of the executed command can be shown below :

user@hostname:~$ smbclient -L //192.168.140.25/share -Umyguest
WARNING: The "syslog" option is deprecated
Enter myguest's password:
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu]

Sharename       Type      Comment
---------       ----      -------
share           Disk
print$          Disk      Printer Drivers
IPC$            IPC       IPC Service (sharing server (Samba, Ubuntu))
Officejet-100-Mobile-L411 Printer   HP Officejet 100 Mobile L411
HP_LaserJet_Professional_P1606dn Printer   HP LaserJet Professional P1606dn
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu]

Server               Comment
---------            -------
ADMIN-PC
ACKWELL
ANNE                 anne
BLAKE-HP
BLACKWELL            Blackwell's Stuff
CAT-PC
DELL
TOM-PC
DESKTOP-ALFRED
DESKTOP-MIKE
JOHN-FUJITSU
DJPK-15-HP
STEVE-DELL
MARK-PC
OFFICE3
OFFICE4
OFFICE6
OFFICE7
OFFICE8
OFFICE9
OFFICE10
GUY-PC
GANZ                 ganz
HITMAN               Silent Assasin
HP                   HRD-DIVISION
WAYNE-PC
PAUL-PC
JACK                 Jack
MARCO-DELL39         marco-Dell39 server (Samba, Linux Mint)
BIG-STAN-PC
MASTERCOOL           Master's cool's Computer
MEI-LING
DONNELL-DELL         Donnell's Dell

The above output shown not only the file or folder shared definition intented to access but also other host, workstation, server which is providing file or folder sharing.

6 thoughts on “Add Samba User in Linux with smbpasswd

  1. You have to create the user ‘guest’ as a system user before ‘smbpasswd -a guest’ will work. “adduser –no-create-home –disabled-password –disabled-login guest” worked for me.

    I find it rather annoying that Samba requires a system user. It’s probably because Samba’s default configuration uses PAM instead of doing something sane such as an isolated SQLite or MySQL database for personal use or asking to connect to an Active Directory server or offer any of a myriad of other modern options before offering the ever-archaic PAM as a solution. PAM also doesn’t scale at all beyond one or two users and keeping things in sync is a real pain in the neck. Real system users are a potential security violation, so anyone wanting to set up Samba should be extremely cautious about creating new user accounts and should take a similarly dim view of PAM being the default mode for Samba authentication.

    1. Thanks for the review. I always find it hard to provide an account just to access the folder sharing without having to give a system account which can cause a potential threat. Thanks for adding the thoughts regarding the article, I’ll make sure to look around to figure it out.

Leave a Reply