LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 07-31-2004, 10:24 PM   #1
Lleb_KCir
Senior Member
 
Registered: Nov 2003
Location: Orlando FL
Distribution: Debian
Posts: 1,765

Rep: Reputation: 45
please review my smb.conf and tell me how to make it more secure


Code:
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors. 
#
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name
	workgroup = ssma.local

# server string is the equivalent of the NT Description field
	server string = Samba Server

# This option is important for security.  It allows you to restrict
# connections to machiens which are on your loacl network.
	hosts allow = 192.168.2.

# If you want to autmatically load your printer list rather
# than setting them up individually then you'll need this
	printcap name = /etc/printcap
	load printers = yes

# It should not be necessary to spell out the print system type unless
# yours is non-standard.  Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx, cups
	printing = cups

# This tells Samba to use a separate log file for each machine
# that connects
	log file = /var/log/samba/%m.log

# Put a capping on the size of the log files (in Kb).
	max log size = 50

# Security mode.  Most people will want user level security.  See
# security_level.txt for details.
	security = user

# You may wish to use password encryption.  Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
	encrypt passwords = yes
	smb passwd file = /etc/samba/smbpasswd

# The following is neede to keep smbclient from spouting spurious errors
# when Samba is built with support for SSL.
	ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt

# The following are needed to allow password changing from Windows to
# update the Linux system password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
#	the encrypted SMB paswords.  They allow the Unix password
#	to be kept in sync with the SMB password.
		unix password sync = Yes
		passwd program = /usr/bin/passwd %u
		passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*

# You can use PAM's password change control flags for Samba.  If
# enabled, then PAM will be used for password changes when requested
# by a SMB client instead of the program listed in passwd program.
# It should be possible to enable this without changing your passwd
# chat parameter for most setups.

	pam password change = yes

	obey pam restrictions = yes

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

	dns proxy = no

#============================== Share Definitions ===============================
[homes]
	comment = Home Directories
	browseable = no
	writable = yes
	valid users = %S
	create mode = 0644
	directory mode = 0755

# printers
[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = no
	guest ok = no
	writable = no
	printable = yes

# uncomment if useing /tmp/*
;[tmp]
;	comment = Temporary file space
;	path = /tmp/samba
#  in the path place what ever subdirectory you want
;	read only = no
;	public = yes
i would like to make that a bit more secure. for now this is the code i am using at my home between my XP box, and RH9. i am using the most current vs of Samba available for RH9 via yum.

also do i have to keep my share dir set to chmod 777???
 
Old 08-01-2004, 12:29 AM   #2
WMD
Member
 
Registered: Jul 2004
Location: Florida
Distribution: Slackware, Debian
Posts: 484

Rep: Reputation: 30
Smile

That file looks pretty good already, actually.
 
Old 08-01-2004, 01:07 AM   #3
Lleb_KCir
Senior Member
 
Registered: Nov 2003
Location: Orlando FL
Distribution: Debian
Posts: 1,765

Original Poster
Rep: Reputation: 45
thanks, how can i add more ppl to access the share, without having to logout of the M$ system into a new user? can i do that and still access my share?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
smb.conf nkeever Linux - Newbie 1 05-03-2005 09:35 AM
samba conf smb.conf regnier Mandriva 5 02-17-2005 04:27 AM
where is the smb.conf?? willigi Linux - Software 4 01-12-2005 10:48 AM
Creating Secure SMB Connections scottpioso Linux - Networking 17 12-03-2003 08:07 AM
where is my smb.conf pallocca Linux - General 14 03-04-2003 08:35 AM


All times are GMT -5. The time now is 03:56 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration