diff --git a/modules/services/samba.nix b/modules/services/samba.nix
index 72ff605..56a15a2 100644
--- a/modules/services/samba.nix
+++ b/modules/services/samba.nix
@@ -11,13 +11,14 @@
     securityType = "user";
     openFirewall = true;
     extraConfig = ''
-        logging = systemd
-        log level = 1
-            hosts allow = 192.168.178. 127.0.0.1 10.0.0. localhost
+         logging = systemd
+         log level = 0 auth:2 passdb:2
+         hosts allow = 192.168.178. 127.0.0.1 10.0.0. localhost
          hosts deny = 0.0.0.0/0
          guest account = nobody
          map to guest = bad user
-      passdb backend = tdbsam:/tmp/smbpasswd.tdb
+         passdb backend = tdbsam:${config.age.secrets.smbpassdb.path}
+      server role = standalone
     '';
     shares = {
       ggr-data = {
@@ -52,16 +53,14 @@
       };
     };
   };
-  age.secrets.smbpasswd.rekeyFile = ../../secrets/smbpasswd.age;
-  system.activationScripts.importSMBPasswd = {
-    text = ''
-      ${config.services.samba.package}/bin/pdbedit -i smbpasswd:${config.age.secrets.smbpasswd.path} -e tdbsam:/tmp/smbpasswd.tdb
-    '';
+  # to get this file start a smbd add users using 'smbpasswd -a <user>'
+  # then export the database using 'pdbedit -e tdbsam:<location>'
+  age.secrets.smbpassdb = {
+    rekeyFile = ../../secrets/smbpassdb.tdb.age;
   };
   users.users.smb = {
     isSystemUser = true;
     group = "smb";
-    hashedPassword = config.secrets.secrets.global.users.smb.passwordHash;
   };
   users.groups.smb = {};
   environment.persistence."/panzer/persist".directories = [
diff --git a/secrets/smbpassdb.tdb.age b/secrets/smbpassdb.tdb.age
new file mode 100644
index 0000000..af7afbe
Binary files /dev/null and b/secrets/smbpassdb.tdb.age differ
diff --git a/secrets/smbpasswd.age b/secrets/smbpasswd.age
deleted file mode 100644
index 3072419..0000000
--- a/secrets/smbpasswd.age
+++ /dev/null
@@ -1,12 +0,0 @@
-age-encryption.org/v1
--> X25519 +UZl4Y69NOKiZi0MJJv2/3mGCgjZRXZdrEVfBRY2NF4
-CthaYoLtCoMLHiyS8L19HC77uuCj6aS/98qEdscRJMI
--> piv-p256 XTQkUA A3Tarwc4HTchv1AfPFSA9b+k3ZsTG92/MHZfQ9SdMZ1G
-U8fOA4rkZjBKDEvsrM+B4WuUMvglyL424kmOYsnKYDA
--> piv-p256 ZFgiIw Al8+gVzwlrMIreKKwaUN/nefUxXnBTwFbWK7bofuXeTN
-dkQzqvyI6UgyQFCkEuNjaN/fNDt+h9WVhlZCfmZ9hgg
--> :>hC-grease
-lzYcEp/H6m//Nh4i7BHCaIrledYuikG5NzA1VinqtyIgXFSVMNQzERL9cPz/XJu5
-il4xJbAR01BSJIRvX//JMNJEC7U+hEAP
---- XU8Jypn1JQeq8Y8YpFAtQWhJQR8bhvUndsReymbdqSY
-Ã�D�V!8:2?��b<cG�b[�N )��Ьc�s��A���B�p۠�T9��#�Г¤2�u��T'ff5W�S,y�aQ`���o����̛B�hn�'�_����I�,vP=�]���t]��U����
\ No newline at end of file
diff --git a/smbpasswd.tdb b/smbpasswd.tdb
new file mode 100644
index 0000000..caaa5b6
Binary files /dev/null and b/smbpasswd.tdb differ