Before a file or folder shared which is defined through a samba service can really be accessed by someone else especially if it is already defined in the samba configuration that it need an account to access it, adding a new samba user is very important. Below is the shared definition of samba which need a specific account to access it :
Before adding samba user, we have to add the user itself to the system so that it can be recognized and is registered officially in the system. Below is the article which can be read for further explanation titled ‘Create User for specific purpose like Samba Sharing‘.
Try to add a user which is going to be used to access file sharing provided by samba service.
smbpasswd -a guest
The output of the execution is shown as below :
root@hostname:~# smbpasswd -a guest New SMB password: Retype new SMB password: Failed to add entry for user guest. You have new mail in /var/mail/root root@hostname:~#
It is failed, because it seems that samba forbid to create user with the name of ‘guest’, there might be an explanation for that but in the mean time try to add another user as follows by executing certain command.
Create user with the name of user which is going to be created or registered as a samba user as shown below :
adduser --no-create-home --disabled-password --disabled-login myguest
This is the sample output of the command’s execution :
root@hostname:~# adduser --no-create-home --disabled-password --disabled-login guests
Adding user `myguests' ...
Adding new group `myguests' (1008) ...
Adding new user `myguests' (1007) with group `myguests' ...
Not creating home directory `/home/myguests'.
Changing the user information for myguests
Enter the new value, or press ENTER for the default
Full Name []: MyGuests
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
root@hostname:~#
After that, register the already created user on the system to samba service using the following command :
root@hostname:~#smbpasswd -a myguest New SMB password: Retype new SMB password: Added user myguest. root@hostname:~#
After successfully adding user with the above command execution. It is the time to test whether the user with the password authentication can really be used to access samba shared file and folder definition.
After successfully defining file and folder shared definition which the step to do it can be read in this article, try to access it by executing the command which is available by installing samba-client package that can be read in this article.
Below is the execution process for accessing file and folder shared definition :
smbclient -L //Server_IP_Address -Uusername Description : smbclient : It is the command which can be used to access, to list file or folder shared definition -L : It is a parameter which is used to list the file or folder shared definition //Server_IP_Address : It is the IP Address of the host, server or workstation where the file or folder shared definition exists. -U : It is a parameter which is used to specify the user which is going to be used for accessing the file or folder shared definition. username : It is the value of the parameter -U, in this case we are using username to connect and access the file or folder shared definition.
The example of the executed command can be shown below :
user@hostname:~$ smbclient -L //192.168.140.25/share -Umyguest WARNING: The "syslog" option is deprecated Enter myguest's password: Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu] Sharename Type Comment --------- ---- ------- share Disk print$ Disk Printer Drivers IPC$ IPC IPC Service (sharing server (Samba, Ubuntu)) Officejet-100-Mobile-L411 Printer HP Officejet 100 Mobile L411 HP_LaserJet_Professional_P1606dn Printer HP LaserJet Professional P1606dn Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu] Server Comment --------- ------- ADMIN-PC ACKWELL ANNE anne BLAKE-HP BLACKWELL Blackwell's Stuff CAT-PC DELL TOM-PC DESKTOP-ALFRED DESKTOP-MIKE JOHN-FUJITSU DJPK-15-HP STEVE-DELL MARK-PC OFFICE3 OFFICE4 OFFICE6 OFFICE7 OFFICE8 OFFICE9 OFFICE10 GUY-PC GANZ ganz HITMAN Silent Assasin HP HRD-DIVISION WAYNE-PC PAUL-PC JACK Jack MARCO-DELL39 marco-Dell39 server (Samba, Linux Mint) BIG-STAN-PC MASTERCOOL Master's cool's Computer MEI-LING DONNELL-DELL Donnell's Dell
The above output shown not only the file or folder shared definition intented to access but also other host, workstation, server which is providing file or folder sharing.
You have to create the user ‘guest’ as a system user before ‘smbpasswd -a guest’ will work. “adduser -no-create-home -disabled-password -disabled-login guest” worked for me.
I find it rather annoying that Samba requires a system user. It’s probably because Samba’s default configuration uses PAM instead of doing something sane such as an isolated SQLite or MySQL database for personal use or asking to connect to an Active Directory server or offer any of a myriad of other modern options before offering the ever-archaic PAM as a solution. PAM also doesn’t scale at all beyond one or two users and keeping things in sync is a real pain in the neck. Real system users are a potential security violation, so anyone wanting to set up Samba should be extremely cautious about creating new user accounts and should take a similarly dim view of PAM being the default mode for Samba authentication.
Thanks for the review. I always find it hard to provide an account just to access the folder sharing without having to give a system account which can cause a potential threat. Thanks for adding the thoughts regarding the article, I’ll make sure to look around to figure it out.