11

I am configuring a Samba share on my Debian server and I'd like to create some simple username:password accounts that could access the shares without having to add UNIX users to my machine.

Can I do that ?

Thanks a lot in advance !

Quentin

Quentin Barrand
  • 111
  • 1
  • 1
  • 3

3 Answers3

2

Here is a good explanation: http://ubuntuforums.org/showthread.php?t=825686

"The reason you need a unix account is so samba can restrict access to files according to permissions set on the filesystem. If the unix user doesn't have local permission to read a file, the samba user with the same name won't be able to read it either, regardless of the share's settings. I think you can disable the unix account, as long as the samba user is listed in /etc/passwd with a UID."

René Höhle
  • 1,438
  • 3
  • 17
  • 26
  • 4
    I was afraid of that answer. However, I find it quite surprising that you can't at least map some non-UNIX usernames to one. Every Samba account has to have its UNIX equivalent, which is a non-sense to me since it's non praticable at all. – Quentin Barrand Sep 24 '13 at 21:54
1

Check your [global] section. There is a security = user parameter. If you have this section set to = user you'll be asked for a password anyway. You have to change it to security = share, but note that this option was deprecated!

obohovyk
  • 111
  • 3
0

you can map multiple virtual users to the "nobody" unprivileged unix account:

more details here: http://htyp.org/smbusers

so it would look like:

nobody = user1 user2 user2

conversely, you could add these unix accounts and set /sbin/nologin as the shell.

nandoP
  • 2,021
  • 14
  • 15
  • That's actually what I tried, but then when I add the user `nobody` the `valid users` parameter, I'm still asked for a password upon connection, and I get the following error message : `Unable to find suitable address.` – Quentin Barrand Sep 24 '13 at 22:04
  • paste your samba mount command.... ie. mount -t cifs -o user=user1 //10.0.0.1/mount /mnt/smbmount – nandoP Sep 24 '13 at 23:26
  • This is exactly what I am doing. And I'm asked for a password. – Quentin Barrand Sep 25 '13 at 10:16