Development repository for the samba cookbook
Fetching latest commit…
Cannot retrieve the latest commit at this time.

Samba Cookbook

Build Status Cookbook Version

Installs and configures Samba client or server.



  • Debian / Ubuntu derivatives
  • RedHat and derivatives

If you would like support for your preferred platform. Please think about creating a Vagrant Box and adding test platforms


  • Chef 12.15+

Known Limitations

  • Does not integrate with LDAP/AD.
  • Uses plaintext passwords for the user resource to create the SMB users if the password backend is tdbsam or smbpasswd. See below under usage.
  • Creates & manages the system user. The creation of the user is the trigger for smbpasswd.



Installs the samba client to provide access to SMB shares.


Sets up a Samba server. See below for more information on configurables.



This cookbook includes a resource/provider for managing samba users with the smbpasswd program. It will create the users home directory, and manage the user.

The creation of the user is the trigger for smbpasswd management.

The basis of this resource is the Core user resource.

samba_user 'jtimberman' do
  password 'plaintextpassword' # user password for samba and the system
  comment 'user_name_comment'
  home '/home/jtimberman' # Users home.
  shell '/bin/zsh' # User shell to set, e.g. /bin/sh, /sbin/nologin
  manage_home true # true/false, whether to manage the users home directory location

This resource can only create, enable or delete the user. It only supports setting the user's initial password. It assumes a password db backend that utilizes the smbpasswd program.

This will enforce the user system password set by the resource.


samba_server 'samba server' do
  workgroup # The SMB workgroup to use, default "SAMBA".
  interfaces # Interfaces to listen on, default "lo".
  hosts_allow # Allowed hosts/networks, default "".
  bind_interfaces_only # Limit interfaces to serve SMB, default "no"
  load_printers # Whether to load printers, default "no".
  passdb_backend # Which password backend to use, default "tdbsam".
  dns_proxy # Whether to search NetBIOS names through DNS, default "no".
  security # Samba security mode, default "user".
  map_to_guest # What Samba should do with logins that don't match Unix users, default "Bad User".
  socket_options # Socket options, default "`TCP_NODELAY`"
  config_file # Location of Samba configuration, see resource for platform default
  log_dir # Location of Samba logs, see resource for platform default
  realm # Kerberos realm to use, default: ''
  password_server # Use a specific remote server for auth, default: ''
  encrypt_passwords # Whether to negotiate encrypted passwords, default: yes
  kerberos_method # How kerberos tickets are verified, default: secrets only
  log_level # Sets the logging level from 0-10, default: 0
  winbind_separator # Define the character used when listing a username of the form of DOMAIN \user, default \
  idmap_config # Define the mapping between SIDS and Unix users and groups, default: none
  max_log_size # Maximum log file size, default: 5000, (5MB)
  options # list of additional options, e.g. 'unix charset' => 'UTF8'.


samba_share 'Share Name' do
  guest_ok # yes, no
  printable # yes, no
  write_list # An array of Unix users
  create_mask # e.g. 0644
  directory_mask # e.g. 0700
  read_only # yes, no, default no
  create_directory # Whether to create the directory being served, default true
  valid_users # space separated users or group, default ''
  force_group # Assign Unix group as default primary, default ''
  browseable # yes, no default: yes
  options # list of additional options, e.g. 'inherit permissions' => 'yes'
  path # String for the path of directory to be served. Required.


The samba::default recipe includes samba::client, which simply installs smbclient package.

Create a cookbook with the server, user & share resources as if you were using any other Chef resource.

For examples see the test/fixtures/cookbooks/test directory.

Unfortunately, smbpasswd does not take a hashed password as an argument - the password is echoed and piped to the smbpasswd program. This is a limitation of Samba.


Copyright 2010-2016, Chef Software, Inc.

Copyright 2017, Webb Agile Solutions Ltd.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.