8.4 Managing Samba Users

The Users page displays the eDirectory users that have been granted access to this Samba server, along with their context and group membership information.

This section covers the following user-related tasks that are performed via the Samba management plug-in in iManager:

8.4.1 Adding Samba Users

Adding a user enables Samba access by making the user a member of the default Samba Users Group.

IMPORTANT:Before you add eDirectory users to give them access to this Samba server, make sure that the users have been created in a container with a Samba-compliant password policy and that they have Universal Passwords. You cannot assign a password policy to a group; only to containers, partitions, and individual users.

Adding users automatically LUM enables them if they are not already LUM-enabled and Samba enables them if they are not already Samba-enabled. It also makes each user a member of the default Samba group for this server (server_name-W-SambaUserGroup) and makes that group the primary group.

NOTE:The default Samba group denies access to the ssh service even if it has been LUM-enabled. It grants access to all other LUM-enabled services running on this server. The exact list depends on which services you selected when you configured Linux User Management. You can enable or disable access to these services by editing the Linux profile of the group (Groups > Modify Group > specify group > Linux Profile > Linux Services).

The Samba plug-in only adds and removes users from the default Samba group. If you want to use another group specifically for enabling Samba access, create a new group with the desired Samba users as members, then use the Linux User Management plug-in to enable the group for Linux. You can also modify the new group’s Linux profile to enable access to LUM-enabled services. Then use the smbbulkadd command-line tool, referencing the users in the new group, to Samba-enable the users.

If a user is already a member of another LUM-enabled group, adding the user as a Samba user changes the user’s primary group to the default Samba group. Depending on how you have set up group access to Linux services on this particular workstation, the user might lose access to Linux services that were previously allowed.

To add one or more new Samba users for this server:

Select the Users tab.
Click Add.
Use one of the following methods to select the users you want to give access to this server:
- To select a single User object to add, click Select a Single Object.
- To select multiple User objects to add, click Select Multiple Objects.
- To select User objects to add from a list, click Simple Selection.
- Click the Search icon to open the Object Selector and browse or search the list to locate the User objects you want to add.
- Click the Object History icon to select User objects you have recently managed.
Click OK to finish adding the users.

Or click Cancel to return to the previous page without adding the selected users.

8.4.2 Removing Samba Users

Removing a user revokes that user’s membership in the default Samba group, which disables that user’s Samba access. It does not delete the User object in eDirectory or remove the user’s UID.

IMPORTANT:Removing users does not disable Samba access if the users are members of other LUM-enabled groups associated with this Samba server. If a user is a member of only the default Samba Users Group, removing the user disables that user’s access to any Linux services that were enabled for the group. If the user is a member of other groups, the user retains LUM access to Linux services enabled for those groups.

To remove one or more users as Samba users for this server:

Select the Users tab.
Select the users you want to remove.
Click Remove.