Friday, February 26, 2010

Samba Tutorial: Create Private User Shares

SkyHi @ Friday, February 26, 2010

If you use Samba you certainly want to create shares which provide users with private shares.  This tutorial will show you how to create a share that is accessible to one user to store their information.

Security Mode
The typical security mode that you will use for a simple user share is security = user.

Choosing a Database Type for Passwords
smbpasswd–A text-mode flat database.  You can use this on a stand-alone Samba server, but you don’t want to use it in a domain.
tdbsam–This is a regular database file, which can store a richer set of attributes than what the smbpasswd file can.  You can use it for either stand-alone Samba servers, or in a domain that’s running a single domain controller.
ldapsam–This type of database is set up with an ldap directory for its backend.  You can use this in a domain with multiple domain controllers.  You don’t want to use it for either stand-alone Samba servers, or for domains with single domain controllers.

Home Directories
This will create home directories on your Samba server that users can access from their Windows clients.  That way, everyone can have one central directory that they can access regardless of which client station they use to log on.  As a security precaution for the Linux server, users when created will not have access to login to the Linux server and get a shell, they will only be able to access their shares, typically from Windows.

Edit the /etc/smb.conf file.

netbios name = linuxserver
workgroup = WORKGROUP
server string = Public File Server
security = user
map to guest = bad user
guest account = smbguest
encrypt passwords = yes
passdb backend = tdbsam

comment = Home Directory
path = /home/tom
valid users = tom
browsable = no
guest ok = no
read only = no

path = /share/public
guest ok = yes
read only = no

In the [global] section, encrypted passwords are used  and stored  in a “tdbsam”-type file.  You could get by with using an “smbpasswd”-type file for this example.

The [tom] share is a simple share for a user on the samba server.  In the [tom] section,  a comment line was added , which specifies what shows up in the comment column of a Windows Explorer detail display.  The “valid users = tom” line is what keeps people out of other people’s home directories.  And, you don’t want users’ home directories to show up in a Network Neighborhood display, so the “browsable = no” line is added.

Next, create a Linux-type user account for  tom.

# useradd -c “tom” -m -s /bin/false tom

The “-s” option switch, followed by the “/bin/false”, is what prevents tom from logging on to the Linux system.  The “-m” switch is what creates tom’s home directory.  There’s no need to give tom a password for this account as the password that is used will be with smnpasswd.

Next, create tom’s Samba account and give it a password.

smbpasswd -a tom
New SMB password:
Retype new SMB password:
Added user tom.

This command will add tom’s account information to the “passdb.tdb” file that’s found in the /var/lib/samba directory.

Restart Samba to reload the new configuration.

# service samba restart
* Stopping Samba daemons…                                                         [ OK ]
* Starting Samba daemons…                                                         [ OK ]

That should do it, tom now should be able to login to a user share just set up for him.

Login From Windows
Right click your My Computer and select “Map Network Drive”.  Select a drive letter, like “L” and then enter your Samba server IP and the share name.


Connect and it should ask for user and password.