31.7. Encrypted Samba password file for clients

The /etc/smbpasswd file is the Samba encrypted password file. It contains the username; Unix UID and SMB hashed passwords of the allowed users to your Samba server, as well as account flag information and the time the password was last changed. It's important to create this password file and include all allowed users to it before your clients try to connect to your Samba server. Without this step, no one will be able to connect to your Samba server.

  1. To create a Samba account you must first have a valid Linux account for them, so create in your etc/passwd file all the users you want to connect to your Samba server first before generating the smbpasswd file of Samba.

    1. To add a new users to your /etc/passwd file, use the following commands:
              [root@deep ] /# useradd smbclient

    2. To add password for users in your /etc/passwd file, use the following commands:
              [root@deep ] /# passwd smbclient
              Changing password for user smbclient
                    New UNIX password:
                    Retype new UNIX password:
                    passwd: all authentication tokens updated successfully

  2. Once we have added all Samba clients in our /etc/passwd file on the Linux server, we can now generate the smbpasswd file from the /etc/passwd file. To generate smbpasswd file from the /etc/passwd file, use the following commands:
          [root@deep ] /# cat /etc/passwd | mksmbpasswd.sh > /etc/smbpasswd

  3. Finally, the last step we must perform is to create the Samba user account in our /etc/smbpasswd file before we are able to use it. To create the Samba user account, use the following commands:
          [root@deep ] /# smbpasswd -a smbclient  (1)

    Remember that smbclient must be a valid Linux account.
          New SMB password:
              Retype new SMB password:
              Added user smbclient.
              Password changed for user smbclient.

  4. Don't forget to change the permission of your new smbpasswd file to be readable and writable only by the super-user root, and nothing for group and other 0600/-rw------- This is a security measure.
          [root@deep ] /# chmod 600 /etc/smbpasswd
              [root@deep ] /# testparm    (1)

    This will verify the smb.conf file for error.
    See ENCRYPTION.txt in samba/doc/texts/ for more information.