The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
A standalone Samba server can be a member of a workgroup. The
following [global]
section from
/etc/samba/smb.conf
shows an example of how
to configure a standalone server using share-level security:
[global] security = share workgroup =workgroup_name
netbios name =netbios_name
The client provides only a password and not a user name to the
server. Typically, each share is associated with a
valid users
parameter and the server
validates the password against the hashed passwords stored in
/etc/passwd
,
/etc/shadow
, NIS, or LDAP for the listed
users. Using share-level security is discouraged in favor of
user-level security, for example:
[global] security = user workgroup =workgroup_name
netbios name =netbios_name
In the user security model, a client must supply a valid user name and password. This model supports encrypted passwords. If the server successfully validates the client's user name and password, the client can mount multiple shares without being required to specify a password. Use the smbpasswd command to create an entry for a user in the Samba password file, for example:
#smbpasswd -a guest
New SMB password:password
Retype new SMB password:password
Added user guest.
The user must already exist as a user on the system. If a user is permitted to log into the server, he or she can use the smbpasswd command to change his or her password.
If a Windows user has a different user name from his or her
user name on the Samba server, create a mapping between the
names in the /etc/samba/smbusers
file, for
example:
root = admin administrator root nobody = guest nobody pcguest smbguest eddie = ejones fiona = fchau
The first entry on each line is the user name on the Samba server. The entries after the equals sign (=) are the equivalent Windows user names.
Only the user security model uses Samba passwords.
The server security model, where the Samba server relies on another server to authenticate user names and passwords, is deprecated as it has numerous security and interoperability issues.