1.4 Samba Security: Difference between revisions
No edit summary |
m (Reverted edit of Whitеcraig, changed back to last version by Asender) |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
[[1.0: Configuring Samba]] |
|||
[[2.0: Configuring LDAP]] |
|||
[[3.0: Initialization LDAP Database]] |
|||
[[4.0: User Management]] |
|||
[[5.0: Heartbeat HA Configuration]] |
|||
[[6.0: DRBD]] |
|||
[[7.0: BIND DNS]] |
|||
---- |
|||
<u>'''Table of Contents'''</u> |
|||
[[1.1 smb.conf PDC]] |
|||
[[1.2 smb.conf BDC]] |
|||
[[1.3 /etc/hosts]] |
|||
[[1.4 Samba Security]] |
|||
There are many additional features we can add to Samba to make it more secure. We can add some additional comments to our smb.conf to achieve this. |
There are many additional features we can add to Samba to make it more secure. We can add some additional comments to our smb.conf to achieve this. |
||
| Line 9: | Line 35: | ||
## /etc/samba/smb.conf |
## /etc/samba/smb.conf |
||
## Global parameters |
## Global parameters |
||
[global] |
[global] |
||
workgroup = DDESIGN |
workgroup = DDESIGN |
||
security = user |
security = user |
||
hosts allow = 192.168.0.0/24 |
hosts allow = 192.168.0.0/24 |
||
For the enthusiast, we can use this option on a per share basis, which provides us with greater flexability. |
For the enthusiast, we can use this option on a per share basis, which provides us with greater flexability. |
||
| Line 21: | Line 48: | ||
This limits access to this share to the client with the 192.168.0.100/24 IP address; you of course can use multiple addresses. |
This limits access to this share to the client with the 192.168.0.100/24 IP address; you of course can use multiple addresses. |
||
## /etc/samba/smb.conf |
## /etc/samba/smb.conf |
||
## ==== Share Definitions ===== |
## ==== Share Definitions ===== |
||
[Documents] |
[Documents] |
||
comment = share to test samba |
comment = share to test samba |
||
path = /data/documents |
path = /data/documents |
||
writeable = yes |
writeable = yes |
||
browseable = yes |
browseable = yes |
||
read only = no |
read only = no |
||
valid users = "@Domain Users" |
valid users = "@Domain Users" |
||
hosts allow = 192.168.0.100/24 |
hosts allow = 192.168.0.100/24 |
||
Latest revision as of 02:55, 26 February 2007
3.0: Initialization LDAP Database
5.0: Heartbeat HA Configuration
Table of Contents
There are many additional features we can add to Samba to make it more secure. We can add some additional comments to our smb.conf to achieve this.
One of the great features of Samba is the “host allow =” option. This can be applied on a global scale to all the shares in the smb.conf by placing the global section of the smb.conf or to specific shares, but not both.
The example limits access to Samba shares to clients on the 192.168.0.0/24 network as it is defined it in the glocal section of the smb.conf.
## /etc/samba/smb.conf ## Global parameters [global] workgroup = DDESIGN security = user hosts allow = 192.168.0.0/24
For the enthusiast, we can use this option on a per share basis, which provides us with greater flexability.
This limits access to this share to the client with the 192.168.0.100/24 IP address; you of course can use multiple addresses.
## /etc/samba/smb.conf ## ==== Share Definitions ===== [Documents] comment = share to test samba path = /data/documents writeable = yes browseable = yes read only = no valid users = "@Domain Users" hosts allow = 192.168.0.100/24