In my home setup, we have a mix of devices (Windows 8.x, Windows RT, Windows Phone, Linux, Android and iOS). As part of my home server setup, I’ve setup Samba to share folders with the other devices – there are a few subtleties with setting up the Samba shares so you can access them with Windows 8.x and this post details how to deal with them.
With Windows 8.x, you need to setup the machine with a Microsoft account (aka live ID) – this means that the Windows machines in our houses do not all use the same user account. My wife’s machines uses her Microsoft account while mine uses my own and on these devices the primary user id is therefore different. In addition, since Samba authentication works through username/password combination, it means we need to have users and passwords that match the corresponding Microsoft accounts.
To deal with these issues, I picked the following approach:
- Create one user corresponding to each Microsoft account (aka live ID) on the Linux server. This user will have the same password as the corresponding Microsoft account and will have no login shell so interactive login is not possible.
- Create one group that contains all these users who’ll be accessing Samba shares – the group will have appropriate permissions for the underlying directories in the Linux server.
- Change the group and group permissions for the directories that are accessible through Samba
So for e.g., let’s assume there are two Microsoft accounts – [email protected] and [email protected] who will need read/write access to three different shares – \\Server\Documents, \\Server\Pictures and \\Server\Music. Here are the commands to run:
# Create the group of Samba users sudo addgroup smbusers # Create the Linux user corresponding to [email protected] # Note that the username doesn't really matter much - just make sure # it conforms to all the Linux username restrictions sudo adduser --shell /bin/false user1smb # Create the Linux user corresponding to [email protected] sudo adduser --shell /bin/false user2smb # Add user1smb to smbusers group sudo adduser user1smb smbusers # Add user2smb to smbusers group sudo adduser user2smb smbusers # Set password for user1smb to the same as what you use for [email protected] # to login to Windows sudo passwd user1smb # Set password for user2smb to the same as what you use for [email protected] # to login to Windows sudo passwd user2smb # Setup access for the directories that will be shared through samba # Let's assume /storage/Documents, /storage/Pictures and /storage/Music # are to be shared through samba for read/write access with [email protected] # and [email protected] cd /storage sudo chgrp -R smbusers Pictures sudo chgrp -R smbusers Documents sudo chgrp -R smbusers Music sudo chmod -R g+rwx Pictures sudo chmod -R g+rwx Documents sudo chmod -R g+rwx Music
That sets up the local users and folders to allow access – now we need to setup samba. The only interesting part here is setting up a username map file that maps [email protected] to user1smb and [email protected] to user2smb. Edit /etc/samba/smb.conf and here’s what I’ve changed to enable the shares and access by Windows users:
# Use a username mapping file to allow windows logon to Linux user translation
username map = /etc/samba/username.map
[Documents]
comment = Server Documents
path = /storage/Documents
browsable = yes
read only = no
create mask = 0755
valid users = +smbusers
[Music]
comment = Server Music
path = /storage/Music
browsable = yes
read only = no
create mask = 0755
valid users = +smbusers
[Pictures]
comment = Server Pictures
path = /storage/Pictures
browsable = yes
read only = no
create mask = 0755
valid users = +smbusers
And finally, here’s the /etc/samba/username.map file to map the Windows usernames to Linux users:
user1smb = [email protected] user2smb = [email protected]
And with that you should be able to seamlessly access the Linux server’s Samba shares from Windows devices where you’re logged in as [email protected] or [email protected]. One downside here is that you still have to manually change the passwords for user1smb or user2smb whenever you change passwords for [email protected] or [email protected], so that the passwords are in sync.
An alternate approach would be to save Linux user credentials on the Windows devices machines for your Linux server in the control panel/credential manager.