-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Grant Peel wrote, On 07-08-2007 10:42:> I have a working setup (apparently) using this configuration file:
> # Samba config file created using SWAT
> # from 192.168.1.101 (192.168.1.101)
> # Date: 2007/07/21 16:09:38
> [global]
> workgroup = OFFICE
> server string = Home UNIX
> log file = /var/log/samba/log.%m
> max log size = 50
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
> os level = 99
>
> [homes]
> read only = no
> guest ok = no
> browseable = no
>
> And a regular /usr/local/etc/samba/smbpassword file.
>
> Again, All I am looking for is the ability to have my
> users map thier unix folder on my servers to thier
> Windows Explorer as another drive, again, that appears
> to be working.
>
> A few last questions if anyone has time for them:
> 1. Are there any show stopper security risks I need to
> address with this type of setup?
Maybe, do you have your other parameters like
'security', 'invalid users', probably the result of
'testparm' and 'testparm -v' would make the trick. ;)
The default configuration of samba (from official
samba source) is pretty sane, but security is a process
not a product, so you may have more higher standards of
security than others.
> 2. How does Samba allow authenticating from the Samba
> file when it seems there is no (apparent) mapping to
> the master.passwd file?
'testparm' probably can answer that. ;)
> 3. For this simple setup, should I be adding any more
> Samba directives to the samba.conf file?
Long time ago, and 'old school' sysadmin said
to me that you should never trust the defaults, always
explicit add in the config file what you want, and if
the default change you will be safe.
testparm can show you the values as they are
now, you can them make the result of testparm your new
smb.conf, but there is no big point on doing that if
you trust the default values.
The Official Samba HOWTO has tips about security
all over the chapters, restrict the bind interfaces, the
IPs networks, the users, for example, some people use
'valid users = %S' in their [homes].
> I can't believe it was that simple to setup...should
> it have been, or am I missing something that created
> a big security hole?
Samba is simple, it just requires some patience,
care and attention. ;) And so far, I didn't see any
"big security hole", but again, your security is as
strong as the weakest link in the chain. The type of
your passwords, the measures to ensure they are safe
and with right permissions, and other small options can
make the difference.
> P.S. I AM reading all the howtos and Faqs and things!
That's good. ;)
Kind regards,
- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGuH8rCj65ZxU4gPQRCLyWAKCGdrUWKPG3pZ6SRuL2yuGRX4r7BgCeNFzR
FLb6WaEjLXq5XWhPoSn2+qE=Zpkt
-----END PGP SIGNATURE-----