LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-06-2004, 10:04 PM   #1
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Rep: Reputation: 30
Samba questions


1) What is the use of security = share?

I've read up http://samba.linuxbe.org/en/samba/learn/security.html but I'm still confused.

2) What is the use of encrypt password = yes?

P.S I'm currently picking up samba. Might be posting more questions in this threads
I gonna use samba for roaming profile and printing (using cups) and will be implementing security policy. Anyone have a good webby for the above pls share with us. Thanks
 
Old 07-06-2004, 10:57 PM   #2
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50

encrypt passwords (G)
This boolean controls whether encrypted passwords will be nego-
tiated with the client. Note that Windows NT 4.0 SP3 and above
and also Windows 98 will by default expect encrypted passwords
unless a registry entry is changed. To use encrypted passwords
in Samba see the chapter "User Database" in the Samba HOWTO Col-
lection.

In order for encrypted passwords to work correctly smbd(8) must
either have access to a local smbpasswd(5) file (see the smb-
passwd(8) program for information on how to set up and maintain
this file), or set the security = [server|domain|ads] parameter
which causes smbd to authenticate against another server.


It ensures passwords are not sent in clear text on a windows network.
 
Old 07-07-2004, 08:54 PM   #3
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by ppuru

encrypt passwords (G)
This boolean controls whether encrypted passwords will be nego-
tiated with the client. Note that Windows NT 4.0 SP3 and above
and also Windows 98 will by default expect encrypted passwords
unless a registry entry is changed. To use encrypted passwords
in Samba see the chapter "User Database" in the Samba HOWTO Col-
lection.

In order for encrypted passwords to work correctly smbd(8) must
either have access to a local smbpasswd(5) file (see the smb-
passwd(8) program for information on how to set up and maintain
this file), or set the security = [server|domain|ads] parameter
which causes smbd to authenticate against another server.


It ensures passwords are not sent in clear text on a windows network.
So it simply means that the transmission of the password via the network is encrypted, hence more secure?
 
Old 07-07-2004, 11:01 PM   #4
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Quote:
So it simply means that the transmission of the password via the network is encrypted, hence more secure?
Partially, but the more important function of this is to enable Samba to communicate with NT, since if Samba isn't using password encryption, Windows will not send it a password and username, and you won't be able to access the share.

So basically, if you want to support NT, 2000, and XP clients, you have to have this enabled.
 
Old 07-07-2004, 11:05 PM   #5
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by MS3FGX
Partially, but the more important function of this is to enable Samba to communicate with NT, since if Samba isn't using password encryption, Windows will not send it a password and username, and you won't be able to access the share.

So basically, if you want to support NT, 2000, and XP clients, you have to have this enabled.
oh ic, thanx.

Few more questions.

1) How do I access my windows shared documents from my samba server using command line?

Tried smbclient //networkname/windows_login_name.

2)
Quote:
root# smbpasswd -a jackb
New SMB password: m0r3pa1n
Retype new SMB password: m0r3pa1n
Added user jackb.

Addition of this user to the smbpasswd file allows all files to be displayed in the Explorer Properties boxes as belonging to jackb instead of to User Unknown.
Can someone explain to me what the above explaination means?

Last edited by subaruwrx; 07-08-2004 at 01:44 AM.
 
Old 07-08-2004, 10:57 AM   #6
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
To mount a shared Windows drive, you would usually do:

mount -t smbfs //MachineName/ShareName /mnt/Mountpoint

That is an odd explanation of what adding a user means, but the point off adding users is so you can setup user-level security and permissions.

For instance, you could have a shared directory that only jackb can access. Or you could have a shared directory than anyone can browse and read the files within it, but only jackb would be able to modify or delete them.
 
Old 07-08-2004, 09:48 PM   #7
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by MS3FGX

That is an odd explanation of what adding a user means, but the point off adding users is so you can setup user-level security and permissions.

For instance, you could have a shared directory that only jackb can access. Or you could have a shared directory than anyone can browse and read the files within it, but only jackb would be able to modify or delete them.
Don't really understand what you mean.

But when I tried accessing the share on the samba server w/o adding the user to the smbpasswd, I can't. Only when I "smbpasswd user" then I can access the share.

Is smbpasswd that simple only?
 
Old 07-08-2004, 11:01 PM   #8
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
All smbpasswd does is add users to Samba's user database.

You can't have any share or user security without users and passwords. Samba doesn't use the standard Linux username database, so it has to create it's own.

The reason you couldn't access the share before using smbpasswd was because there was no users on the Samba system. And without a valid username and password combination, Samba will not give you access to the file shares, unless you setup a share that has no security on it at all (a public share, for instance).
 
Old 07-08-2004, 11:24 PM   #9
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by MS3FGX
All smbpasswd does is add users to Samba's user database.

You can't have any share or user security without users and passwords. Samba doesn't use the standard Linux username database, so it has to create it's own.

The reason you couldn't access the share before using smbpasswd was because there was no users on the Samba system. And without a valid username and password combination, Samba will not give you access to the file shares, unless you setup a share that has no security on it at all (a public share, for instance).
Oh, then whats the difference between security = user and security = share?
 
Old 07-10-2004, 08:24 AM   #10
seow_ming
Member
 
Registered: Mar 2004
Location: Currently in China
Distribution: Fedora 9
Posts: 130

Rep: Reputation: 15
hello, is samba is just for file sharing between windows and Linux? What is the another function it does provide? Recently Im looking the way of making win98 can share the internet connection via Linux, can samba help me to enable this?

thankyou~~


adam
 
Old 07-11-2004, 03:47 AM   #11
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by subaruwrx
Oh, then whats the difference between security = user and security = share?
Ok I tried both option.

What I see was "security = user" will prompt for both user name and password whereas "security = share" will only prompt for the password.

Whats the advantages of each?
 
Old 07-11-2004, 09:34 AM   #12
Yorthen
LQ Newbie
 
Registered: Jun 2004
Posts: 14

Rep: Reputation: 0
Quote:
Originally posted by seow_ming
hello, is samba is just for file sharing between windows and Linux? What is the another function it does provide? Recently Im looking the way of making win98 can share the internet connection via Linux, can samba help me to enable this?

thankyou~~


adam
If I don't remember totally wrong you can share printers too.
Samba is basicly a tool for accessing SMB-features (Windows file and printer-sharing) under *NIX systems. I belive that it has support for some more advanced fetures such as Windows NT domain-controler and maybe even Active Directory but I'm not sure.

For internet sharing you use Linux as a router, usually with the help of IP-tables. You might be interested in reading somethings about NAT-routing with Linux, there's a tutorial on the Netfilter site. (www.netfilter.org)
 
Old 07-15-2004, 12:34 AM   #13
subaruwrx
Member
 
Registered: Mar 2004
Distribution: Ubuntu Feisty
Posts: 641

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by subaruwrx
Ok I tried both option.

What I see was "security = user" will prompt for both user name and password whereas "security = share" will only prompt for the password.

Whats the advantages of each?
bump
 
Old 07-16-2004, 07:06 AM   #14
Yorthen
LQ Newbie
 
Registered: Jun 2004
Posts: 14

Rep: Reputation: 0
I believe that the answer to your question can be found in the man-pages for the smbconf-file, under te section that describes the security option.

Take a look at: http://se.samba.org/samba/docs/man/s....html#SECURITY for more information.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[Samba] some questions billiejoex Linux - Software 10 10-31-2005 01:04 PM
Samba Questions robertwolfe Debian 6 07-13-2005 10:50 AM
SAMBA questions gulo Linux - Networking 2 09-07-2004 06:28 PM
Samba Questions Flipn Linux - Newbie 1 11-12-2003 11:51 AM
Questions about Samba 3? gsmonk Linux - Networking 0 08-08-2003 11:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration