LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   samba security: user vs share (https://www.linuxquestions.org/questions/linux-security-4/samba-security-user-vs-share-294939/)

jiml8 02-25-2005 07:46 PM
samba security: user vs share
 
When I set security = share in samba, home directories do not show up in "my network places" on Windows boxes.

When I set security = user the appropriate home directory shows up for the appropriate user.

Problem is, security = share allows the window on the Linux box to open and populate very quickly, while security = user causes a delay of up to 30 seconds before the window is open and populated.

Ideally I could have fast response AND have the proper home directory appear. Anyone know how I should set things? Here is the global section of my smb.conf. Testparm is happy with it.

ldap ssl = yes
passwd chat = *New*UNIX*password* %n\n ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
passwd program = /usr/bin/smbpasswd %u
user = jiml,monica,lali,julie,jimuser
root preexec close = no
allow hosts = 192.168.0.
dns proxy = no
printing = cups
print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
default = homes
workgroup = HOMEGROUP
debug level = 0
os level = 33
printcap name = cups
security = user
max log size = 50
log file = /var/log/samba/log.%m
load printers = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
map to guest = never
domain master = no
encrypt passwords = yes
dead time = 0
password level = 0
printable = Yes
server string = Dadsbox
password server = %m
only user = yes
message command = csh -c 'xedit %s;rm %s' &
unix password sync = yes
domain logons = no
pam password change = no
netbios name = Dadsbox
remote browse sync=192.168.0.255
remote announce = 192.168.0.255
wins support = yes
dns proxy = no

hob 02-27-2005 03:48 PM
I don't think that this is right:

remote browse sync=192.168.0.255
remote announce = 192.168.0.255

The remote options are for sending browsing broadcasts to *another* subnet. If your Windows PCs are on the same subnet as your server then you should remove these.

Also, you should set the OS Level to 65. The default of 33 is so that any real Windows system will "outrank" your Samba server rather than Samba automatically taking control of network browsing. In this case you do want Samba to outrank all of the Windows systems and become browse master for your network.

Edit: Security = share is strictly to emulate Windows 95, so you should definitely set security = user.

Hope that helps

jiml8 02-27-2005 05:35 PM
OK, thanks. What I don't get though is why it takes so long to open a window with security=user.

I really would like for them to snap open as quickly as they do in a windows to windows environment.

hob 02-28-2005 09:21 AM
The window is populated by the system using WINS or NetBEUI browsing to get a list of what's on the network.

You've already enabled WINS support on the the server, and this should work fine with the OS Level set correctly. You will also have to add the IP address of the Samba server in the WINS section of the TCP/IP networking properties (you need to click "Advanced" to get to it) on each Windows system - I forgot to mention this bit.

jiml8 03-01-2005 06:12 AM
Making these changes has greatly improved performance of shares that have been mapped as network drives in Windows, but doesn't help at all when merely browsing shares via network neighborhood. I suppose I just have to live with it. Thanks for your help.


All times are GMT -5. The time now is 12:57 PM.