A standalone Samba server can be a member of a workgroup. The following [global] section from /etc/samba/smb.conf shows an example of how to configure a standalone server using share-level security:

[global]
security = share
workgroup = workgroup_name
netbios name = netbios_name

The client provides only a password and not a user name to the server. Typically, each share is associated with a valid users parameter and the server validates the password against the hashed passwords stored in /etc/passwd, /etc/shadow, NIS, or LDAP for the listed users. Using share-level security is discouraged in favor of user-level security, for example:

[global]
security = user
workgroup = workgroup_name
netbios name = netbios_name

In the user security model, a client must supply a valid user name and password. This model supports encrypted passwords. If the server successfully validates the client's user name and password, the client can mount multiple shares without being required to specify a password. Use the smbpasswd command to create an entry for a user in the Samba password file, for example:

# smbpasswd -a guest
New SMB password: password
Retype new SMB password: password
Added user guest.

The user must already exist as a user on the system. If a user is permitted to log into the server, he or she can use the smbpasswd command to change his or her password.

If a Windows user has a different user name from his or her user name on the Samba server, create a mapping between the names in the /etc/samba/smbusers file, for example:

root = admin administrator root
nobody = guest nobody pcguest smbguest
eddie = ejones
fiona = fchau

The first entry on each line is the user name on the Samba server. The entries after the equals sign (=) are the equivalent Windows user names.

The server security model, where the Samba server relies on another server to authenticate user names and passwords, is deprecated as it has numerous security and interoperability issues.