http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
what is workgroup?[global] # replace "toltec" with your system's hostname netbios name = toltec # replace "METRAN" with the name of your workgroup
======================================workgroup = METRAN security = user encrypt passwords = yes # Run a WINS server wins support = yes # The following three lines ensure that the Samba # server will maintain the role of master browser. # Make sure no other Samba server has its OS level # set higher than it is here. local master = yes preferred master = yes os level = 65
Installing Samba
You have a few options to install Samba:
- Build Samba by yourself. If your Server will be a Member in an Active Directory, add the following parameters to your 'configure' command:
# ./configure --with-ads --with-shared-modules=idmap_ad .....
- Install packages (requires to install packages, that include smbd, nmbd and winbind!)
- Install from your distribution package manager.
- Install from SerNet Enterprise Samba package.
what is "a Member in an Active Directory"?
security (G)
- This option affects how clients respond to Samba and is one of the most important settings in the
smb.conf
file.The default issecurity = user
, as this is the most common setting, used for a standalone file server or a DC.The alternatives aresecurity = ads
orsecurity = domain
, which support joining Samba to a Windows domainYou should usesecurity = user
and map to guest if you want to mainly setup shares without a password (guest shares). This is commonly used for a shared printer server.The different settings will now be explained.This is the default security setting in Samba, and causes Samba to consult the server role parameter (if set) to determine the security mode.If server role is not specified, this is the default security setting in Samba. With user-level security a client must first "log-on" with a valid username and password (which can be mapped using the username map parameter). Encrypted passwords (see the encrypted passwords parameter) can also be used in this security mode. Parameters such as user and guest only if set are then applied and may change the UNIX user to use on this connection, but only after the user has been successfully authenticated.Note that the name of the resource being requested is not sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing the server to automatically map unknown users into the guest account. See the map to guest parameter for details on doing this.This mode will only work correctly if net(8) has been used to add this machine into a Windows NT Domain. It expects the encrypted passwords parameter to be set toyes
. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do.Note that a valid UNIX user must still exist as well as the account on the Domain Controller to allow Samba to have a valid UNIX account to map file access to.Note that from the client's point of viewsecurity = domain
is the same assecurity = user
. It only affects how the server deals with the authentication, it does not in any way affect what the client sees.Note that the name of the resource being requested is not sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing the server to automatically map unknown users into the guest account. See the map to guest parameter for details on doing this.See also the password server parameter and the encrypted passwords parameter.Note that the name of the resource being requested is not sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing the server to automatically map unknown users into the guest account. See the map to guest parameter for details on doing this.See also the password server parameter and the encrypted passwords parameter.In this mode, Samba will act as a domain member in an ADS realm. To operate in this mode, the machine running Samba will need to have Kerberos installed and configured and Samba will need to be joined to the ADS realm using the net utility.Note that this mode does NOT make Samba operate as a Active Directory Domain Controller.Read the chapter about Domain Membership in the HOWTO for details.Default:security
=USER
Example:security
=DOMAIN
No comments:
Post a Comment