Each samba user must have a normal linux account as well.

  1. Make sure that every user can access the common media folder on the unix side (without samba); alternatively, you can set force user in smb.conf
  2. Make sure each user has a samba password set. You can set it with sudo smbpasswd -a your_user
  3. Look at /etc/samba/smb.conf: check if the line security = user is set in the [GLOBAL] section
  4. Set your shares in /etc/samba/smb.conf, see example

Example shares:

[allaccess]
    path = /media/common
    read only = no
    writeable = yes
    browseable = yes
    valid users = one, two, three, four
    create mask = 0644
    directory mask = 0755
    ; if you set this, all files get written as this user
    force user = one

This will be accessible via \\yourserver\allaccess

A single user share:

[special]
    path = /home/two/onlytwo
    read only = no
    writeable = yes
    browseable = yes
    valid users = one
    create mask = 0640
    directory mask = 0750

Restart the samba server after the changes with:

sudo service smbd restart
Answer from phoibos on askubuntu.com
🌐
Linux Mint Forums
forums.linuxmint.com › board index › main edition support › networking
Understanding "valid users" in smb.conf (SOLVED) - Linux Mint Forums
May 14, 2025 - This requires 2 things: [1] The valid user has to be a normal user on the server machine. [2] That user needs to be added to the samba password database. So for example if the user altair is a local login user on the Mint server I need to add that user to samba: ... sudo smbpasswd -a altair ...
🌐
Samba
samba.org › samba › docs › using_samba › ch09.html
Chapter 9. Users and Security
[dave] comment = %U home directory writable = yes valid users = dave path = %H · With a single user accessing a home directory, access permissions are taken care of when the user account is created. The home directory is owned by the user, and permissions on it are set appropriately. However, if you're creating a shared directory for group access, you need to perform a few more steps. Let's take a stab at a group share for the accounting department in the smb.conf file:
Discussions

linux - Link samba valid users to text file - Unix & Linux Stack Exchange
In my samba config - I would like it to link "valid users" in the example share below to the example text file: security = user [example share] path = /example/path/here read only = no guest ok = no valid users = (LINK TO TEXT FILE) ... No, you cannot do that, you could use a group instead and make the required users members of that group. ... Include a syntactically valid smb... More on unix.stackexchange.com
🌐 unix.stackexchange.com
linux - How do I define a samba share so that every user can only see its own home? - Unix & Linux Stack Exchange
I would like to make every user's home directory from Debian machine to be available by its owner only (using Samba) but for now (with default Samba configuration) I can access other users /homes. ... More on unix.stackexchange.com
🌐 unix.stackexchange.com
April 19, 2012
SMB share only works in read-only
Better to ask in r/linux But I will ask this. What are the permissions on those directories set as and is your myusername part of the group or user with permissions there? More on reddit.com
🌐 r/selfhosted
4
0
February 17, 2024
Cannot restrict SMB share access to Active Directory Group
For SSSD you also want to use security = ADS. Example: security = ADSrealm = EXAMPLE.COM If you look up examples online you will often see them also setting "password server = some.kerberos.server". You don't need that. Edit: nice little trick to test if authentification is working is to use smbclient. smbclient -L -U It will prompt you for a password and show available shares as long as your password is either empty or correct. Edit2: I am not 100% sure on that but I think you will also need to configure your nsswitch.conf to use sssd. I believe there were a few things that didn't work with samba otherwise. passwd: compat sss group: compat sss More on reddit.com
🌐 r/linuxadmin
13
3
May 27, 2021
🌐
Red Hat
access.redhat.com › solutions › 2262051
How to secure samba share access using 'valid users' parameters along with local samba groups with security=ads. - Red Hat Customer Portal
[root@rhel6 ]# cat /etc/samba/smb.conf [global] workgroup = EXAMPLE realm = EXAMPLE.COM security = ADS winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No idmap config * : backend = autorid idmap config * : range = 1000000-19999999 idmap config * : rangesize = 1000000 template shell = /bin/bash winbind use default domain = yes [share] comment = Test Share path = /share read only = no public = yes valid users = +localgroup <---- 3] I tried to access the share and it was successful .
🌐
Samba
samba.org › samba › docs › current › man-html › smb.conf.5.html
smb.conf
Otherwise, the requested section ... is a valid printer share name. If a match is found, a new printer share is created by cloning the [printers] section. A few modifications are then made to the newly created share: ... If the share does not permit guest access and no username was given, the username is set to the located printer name. The [printers] service MUST be printable - if you specify otherwise, the server will refuse to load the configuration ...
🌐
O'Reilly
oreilly.com › openbook › samba › book › ch06_02.html
[Chapter 6] 6.2 Controlling Access to Shares
WARNING: Again, if you are connecting with Windows 98 or NT 4.0 with Service Pack 3 (or above), those clients will send encrypted passwords to the Samba server. If Samba is not configured for this, it will continually refuse the connection. This chapter describes how to set up Samba for encrypted passwords. See the Section 6.4, Passwords" section. We've seen what happens when you specify valid users.
🌐
SUSE
suse.com › support › kb › doc
valid users with AD group | SUSE | Support Center
wbinfo -u" and "wbinfo -g" all ... happens when setting the following in /etc/samba/smb.conf valid users = @"<domain>\<AD group>" It works when the "valid users" line is deleted....
Find elsewhere
🌐
Arch Linux Forums
bbs.archlinux.org › viewtopic.php
Samba is ignoring "Valid Users"? / Networking, Server, and Protection / Arch Linux Forums
# Global parameters [global] dns proxy = No log file = /usr/local/samba/var/log.%m max log size = 50 server role = standalone server server string = Samba Server workgroup = RXXXXXXXYXXXX idmap config * : backend = tdb · [homes] browseable = No comment = Home Directories read only = No · [printers] browseable = No comment = All Printers path = /usr/spool/samba printable = Yes · [share] comment = Staff path = /data/share read only = No valid users = ry staff
🌐
LinuxQuestions.org
linuxquestions.org › questions › linux-networking-3 › smb-conf-valid-users-=-g-405933
SMB.Conf --> valid users = %G????
What I really want is for my users to be able to access certain directories on my one share without having to enter a password...ever. So, of course,
🌐
O'Reilly
oreilly.com › openbook › samba › book › ch06_01.html
[Chapter 6] Users, Security, and Domains
With a single user accessing a home directory, access permissions are taken care of when the operating system creates the user account. However, if you're creating a shared directory for group access, there are a few more steps you need to perform. Let's take a stab at a group share for the accounting department in the smb.conf file: [accounting] comment = Accounting Department Directory writeable = yes valid users = @account path = /home/samba/accounting create mode = 0660 directory mode = 0770
🌐
Jaytaala Confluence
confluence.jaytaala.com › display › TKB › Create+samba+share+writeable+by+all,+group,+or+only+a+user
Create samba share writeable by all, group, or only a user - Tech Knowledge Base - jaytaala.com Confluence
August 25, 2020 - This samba password does not need to be the same as the Linux user password: ... Follow the interative prompts to enter a samba password. ... # share [share] path = /media/share valid users = shareuser writeable = yes browseable = yes create mask = 0644 directory mask = 0755 force user = shareuser ...
🌐
Samba
samba.samba.narkive.com › KaKEH7VB › valid-users-and-groups-with-winbind
[Samba] valid users and groups with winbind
Post by Michael MacIsaac Hi, Just starting on this list. I have samba (2.2.5a) on Linux/s390 and winbind authenticating and providing shares. Winbind groups start with DOMAIN\, and as a quirk, don't need the @ prefix. So valid users = 'domain\domain users' should do what you want.
🌐
Server Fault
serverfault.com › questions › 1029721 › samba-valid-users-ignores-local-samba-user
samba4 - SAMBA: valid users ignores local samba user - Server Fault
Unfortunately I can't access the share with a local samba user, if valid users is active. >useradd -r -g tomcat test >smbpasswd -a test >systemctl restart smb.service >getent passwd test test:x:480:1002::/home/test:/bin/bash · smb.conf ·
🌐
Delinea
docs.delinea.com › online-help › server-suite › integrate › samba › config › modify.htm
Modifying the Samba smb.conf Configuration File | Delinea
# and when the user or group is in AD , the setting syntaxes is: # valid users = CPUBS\username +CPUBS\group writable = yes [MyShare] path = /samba-test browsable = yes writable = yes guest ok = yes read only = no [homes] comment = Home directories read only = No browseable = No · Some platforms will have slight variations in the smb.conf file, as follows:
🌐
Raspberry Pi Forums
forums.raspberrypi.com › board index › projects › networking and servers
Samba share invalid user not working - Raspberry Pi Forums
sudo chown user1:users -R /path/share1 sudo chown user1:users -R /path/share1/share2 sudo chown user1:users -R /path/share1/share3 In the group 'users' we only have user1 and user2 As a following step, I then adjusted the smb.conf like that: ... [share1] path=/path/share1 group=users valid users=user1 user2 writeable=Yes create mask=0777 directory mask=0777 public=no [share2] path=/path/share1/share2 group=users valid users=user1 user2 writeable=Yes create mask=0777 directory mask=0777 public=no [share3] path=/path/share1/share3 group=users valid users=user1 invalid user=user2 writeable=Yes create mask=0777 directory mask=0777 public=no Now, for user1 still everything works fine but user2 has no access to any share.
🌐
OneUptime
oneuptime.com › home › blog › how to configure samba user authentication and permissions on rhel
How to Configure Samba User Authentication and Permissions on RHEL
March 4, 2026 - [confidential] path = /srv/samba/confidential valid users = @samba_admins invalid users = tempuser baduser ... # Test authentication smbclient //localhost/projects -U smbuser1 # At the smbclient prompt, test operations smb: \> ls smb: \> put /tmp/test.txt test.txt smb: \> mkdir testdir smb: \> quit # Check resulting Linux permissions ls -la /srv/samba/projects/
🌐
Linuxtopia
linuxtopia.org › online_books › network_administration_guides › using_samba_book › ch06_01_00.html
Using Samba - 6.1 Users and Groups
Contents: Users and Groups Controlling Access to Shares Authentication Security Passwords Windows Domains Logon Scripts · This chapter discusses how to configure users with the Samba server. This topic may seem straightforward at first, but you'll soon discover that there are several ancillary ...