LinuxCommandLibrary

smbpasswd

Manage Samba user passwords

TLDR

Change the current user's SMB password

$ smbpasswd
copy

Add a specified user to Samba and set password (user should already exist in system)
$ sudo smbpasswd -a [username]
copy

Modify an existing Samba user's password
$ sudo smbpasswd [username]
copy

Delete a Samba user (use pdbedit instead if the Unix account has been deleted)
$ sudo smbpasswd -x [username]
copy

SYNOPSIS

smbpasswd [options] [username]

PARAMETERS

-a
    Add a new user to the Samba smbpasswd file.

-d
    Disable a Samba user account.

-e
    Enable a Samba user account.

-x
    Delete a Samba user account.

-n
    Set a NULL password for the specified user. Requires administrator privileges.

-s
    Synchronize the UNIX password with the Samba password. This typically requires root privileges.

-m
    Use machine account mode (for setting machine account passwords).

-r
    Operate on the smbpasswd database on a remote server.

-U
    Specifies the username for operations (especially when synchronizing passwords from root).

DESCRIPTION

The smbpasswd command is a utility for managing Samba user passwords stored in the smbpasswd database, which is used by Samba to authenticate users when accessing shared resources. It allows administrators to add, modify, and delete user passwords, and to enable or disable Samba user accounts. Unlike the traditional passwd command, smbpasswd interacts with Samba's security system rather than the system's user authentication. This ensures that users can authenticate to Samba services like file sharing and print services. It supports various functionalities, including synchronizing UNIX and Samba passwords, adding Samba users to the system, disabling Samba users, and forcing users to change their passwords on next logon. Proper management of Samba user passwords is crucial for maintaining the security and integrity of network resources shared via Samba.

CAVEATS

The smbpasswd file must be properly configured in smb.conf for the command to function correctly. Changes made using smbpasswd directly affect the Samba user authentication and might require restarting the Samba services. Also, using features like `-s` require root privileges, and failure to have sufficient permissions will lead to errors.

PASSWORD STORAGE

smbpasswd stores passwords in a hashed format, typically using algorithms like NT Hashing and LM Hashing, depending on the configuration and Samba version.
Administrators should be aware of the security implications of different hashing algorithms and choose the most secure option available.

INTEGRATION WITH PAM

Samba can be integrated with PAM (Pluggable Authentication Modules) to leverage existing authentication mechanisms.
This allows smbpasswd to utilize system authentication methods for Samba users.

HISTORY

The smbpasswd command has been a part of the Samba suite since its early development. It was created to manage user passwords within the Samba environment, providing a separate mechanism from the standard UNIX password management. This was crucial to ensure proper authentication and security when sharing resources via Samba across different operating systems. The command has evolved over time with Samba to incorporate features like remote server management and password synchronization to streamline administration.

SEE ALSO

smbd(8), nmbd(8), pdbedit(8), smb.conf(5)

Copied to clipboard