|
|
< Day Day Up > |
|
Recipe 23.5. Adding Authentication to a Samba Server23.5.1 ProblemYou are not comfortable with the freewheeling, wide-open methods of file sharing described in the previous recipes. You want a nice central file server with all the shares tucked safely away on it, and you want to control who has access to the shares. 23.5.2 SolutionFirst of all, you must edit smb.conf to add user-level security and to require encrypted passwords. (Both of these are the 3.0 defaults, but it's always good to be explicit.) Then you must create Samba users with smbpasswd. Your Samba users must also have Linux system accounts on the server, so these must be created first. Both Windows and Linux users must have Samba accounts. This example modifies the configuration from Recipe Recipe 23.2: [global] workgroup = workgroup netbios name = windbag server string = lan file server security = user encrypt passwords = yes browseable = yes hosts allow = 192.168.1. [share1] path = /sharedstuff comment = testfiles read only = No Restart Samba after editing smb.conf. Now you can create a Samba user and password: # smbpasswd -a andrew
New SMB password:
Retype new SMB password:
Added user andrew.
Continue adding users and defining your shares. Don't forget to write down the passwords to give to your users. 23.5.3 DiscussionThis two-password-database clunkiness is due to the difference between Unix and Windows passwords, and the way each platform manages file permissions. They are very different critters, so the smbpasswd file is a bridge between the two. The next recipe shows how to use mksmbpasswd to convert /etc/passwd to /etc/samba/smbpasswd. Samba also supports XML, LDAP, and MySQL for password backends. See Chapter 10 in The Official Samba-3 HOWTO and Reference Guide on samba.org for details. 23.5.4 See Also
|
|
|
< Day Day Up > |
|
