Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
----- Original Message ----- From: <trlists at clayst.com> To: <discuss at blu.org> Sent: Friday, March 07, 2003 11:37 AM Subject: Samba Help > I hoep there are some Samba gurus out there. > > I am trying to set up a file server for an in-house windows network, > using Samba. The Windows machines are Win98 or Win2K, and there are > only a few of them. The server is behind a firewall and access from > the net will not be allowed -- the ports are blocked. > > I want a few public shares (e.g. tmp, pub) and I also want a share for > each user that can be used for private data. A "user" is pretty close > to equivalent to a physical Windows system. Being able to access a > person's data from a different physical system would be a very minor > plus but is not at all essential. > > I have to say I've gotten quite lost in the various flavors of possible > samba configurations. At the moment I have share-level security, and > the public shares work, but that required enabling guest access. The > private ones do not. Here are some of the questions I've run into: > > - Should I be using user- or share-level security for this > configuration? I suggest user, unless you have a high number of Windows accounts. > > - When a Windows machine connects where does it get the username and > password passed to the server? It's part of network negotiation. You won't see it unless you turn Samba's loglevel up to Debug, or you run a sniffer such as etherreal. You get a pop-up password box whenever transparent authentication is not successful. This doesn't always indicate a problem, since you could be logged on to Win98 as "bob", and the Linux share is property of Linux user "sue". If you know sue's password, you have no problem putting in credentials and trying again. > > - Is samba going to condition access rights on machine name, user name, > or some combination? Or are they the same? username. > > - Do I need a separate Linux user name for every Windows user? No, but I suggest it unless you have a high number of Windows users, and they change passwords often. > Or > should I be mapping them all to the same Unix user? This is an alternative. You'd use "force user = john" then "allowed users = bill bob john". You'd still need all three accounts on the Linux box. What this does is on the Linux box, all the files would all be owned as john. > Do I need a samba > user for each as well? You mean making a samba password? Yes. > > - Should I be using encrypted passwords? YES, unless you have something very old like Win for Workgroups 3.11, or Win95 OSR1. Unencrypted is not any easier really. > > - What should the owner and group be for the private directories? For > the public ones? Assuming authentication is successful, file access is still restricted by permissions on the files. There is an exception to this where Samba can bypass standard security, but don't worry about this. > > - Is it possible to give access to the public diorectories without > using "guest ok"? Or is setting guest access the best method? Why don't you want to use guest? Just curious. > > Thanks ... > > ---------- > Tom Rawson > > > > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://www.blu.org/mailman/listinfo/discuss
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |