Recipe 23.6. Batch-Converting System Users to Samba Users

23.6.1 Problem

You're not too thrilled at the idea of manually creating Samba accounts for all of your users, like the previous recipe describes. Isn't there a utility to make the conversion automatically?

23.6.2 Solution

Yes, sort of. Samba comes with the mksmbpasswd script, which converts all the entries in /etc/passwd to the correct smbpasswd format and copies them to /etc/samba/smbpasswd. It does not copy the passwords (it can't, because they are encrypted and stored in /etc/shadow), so you still need to set these individually. The new accounts are disabled until you create passwords.

First, make a copy of /etc/passwd:

# cp /etc/passwd /etc/passwd-old

Now go through /etc/passwd-old and delete all the system user accounts, and any users you don't want to use the Samba server. They don't need to have Samba accounts; they're just potential security holes. Next, make the conversion to /etc/samba/smbpasswd:

# cat /etc/passwd-old | /usr/sbin/mksmbpasswd > /etc/samba/smbpasswd

To activate the new Samba accounts, use smbpasswd:

# smbpasswd henna

New SMB password:

Retype new SMB password:

Don't forget to write the passwords down to give to your users.

23.6.3 Discussion

The usual advice is to run mksmbpasswd only once, to make the first conversion. If you edit your working copy of /etc/passwd-old carefully, to avoid duplications, you can use mksmbpasswd to append additional users, with the double angle brackets:

# cat /etc/passwd-old | /usr/sbin/mksmbpasswd >> /etc/samba/smbpasswd

Remember to preserve and protect your original copy of /etc/passwd.

23.6.4 See Also

• mksmbpasswd(8), smbpasswd(5), smbpasswd(8)

• Chapter 10 of The Official Samba-3 HOWTO and Reference Guide