A few questions regarding samba from a samba and windows rookie

From: Madhusudan Singh (spammers-go-here_at_spam.invalid)
Date: 03/30/05

  • Next message: 7: "Re: SAMBA" 
    Date: Wed, 30 Mar 2005 12:54:13 -0500

    Hi

    I am trying to implement a simple Samba server on a Slackware 10.1 machine
    running for a bunch of Windows users that also have unix accounts on the
    machine. Using webmin, I did convert the unix users to samba users
    (smbpasswd is located in /etc/samba/private). A possible problem is that I
    have very little experience using windows (haven't used any windows version
    regularly since windows 95, or at all since windows 2000), so please be
    patient with me.

    The client machines all run Windows XP Professional. I do not have a machine
    running any version of windows but can request any one of my users to test
    out the setup.

    I want the users to have read and write permissions only
    in /home/<username>. They are currently using sftp to transfer their files
    back and forth, but having the same appear as a network mounted drive
    would make things a little easier for them. How does one accomplish this ?

    The o/p of smbclient -L localhost -U% :

    Domain=[OMEGA] OS=[Unix] Server=[Samba 3.0.10]

            Sharename Type Comment
            --------- ---- -------
            IPC$ IPC IPC Service (Samba Server on Molectron)
            ADMIN$ IPC IPC Service (Samba Server on Molectron)
    Domain=[OMEGA] OS=[Unix] Server=[Samba 3.0.10]

            Server Comment
            --------- -------
            MOLECTRON Samba Server on Molectron

            Workgroup Master
            --------- -------
            OMEGA

    My /etc/samba/smb.conf read as :

    [global]
            dns proxy = no
            log file = /var/log/samba.%m
            load printers = no
            server string = Samba Server on Molectron
            socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
            local master = no
            workgroup = OMEGA
            encrypt passwords = yes
            smb passwd file = /etc/samba/private/smbpasswd
            unix password sync = Yes
            passwd program = /usr/bin/passwd %u
            os level = 255
            domain master = no
            security = user
            preferred master = yes
            max log size = 50
            password server = None
            winbind use default domain = no
            bind interfaces only = yes
            template shell = /bin/false

    [homes]
       comment = Home Directories
       browseable = no
       writable = yes

    Is the above configuration suitable for the setup I have described earlier ?
    (The part about home directories is still not done as I indicated above).

    There are no printers, so I did not define a [printers] section. In general,
    do any of samba controlled printers have to be physically connected to the
    machine ? In our setup, the server and the printers I might want to add are
    located quite a distance apart from each other (a few hundred feet). The
    printers are setup on the web using a gotdns.com type of scheme (I did not
    set them up). Can I add those somehow as windows printers through samba ?
    (Just makes things a little tighter than having to set things up over the
    Internet through http).

    In my firewall, I have opened the following ports :

    SAMBAPORT1=137
    SAMBAPORT2=138
    SAMBAPORT3=139
    $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport $SAMBAPORTx -j allowed

    I am not comfortable with opening any more ports than are strictly
    necessary. Ease of use is nice, but not at the cost of security. Can't I
    just tunnel samba over the ssh port (22) ?

    Another security concern is that users may install some windows software
    that helps them emulate rsync with the mapped network drive as the target.
    I could care less about what they store in their own areas, but if they
    store passwords (plain text or otherwise) on their windows client machines
    so that the backups may run unattended, and given the "legendary security"
    of windows *.*, the contents of their windows machines can be considered to
    be compromised from day one. In that case, how do I restrict the amount of
    damage that compromised users can cause to the server (put them into a low
    privilege group that does not permit logins directly to the server via ssh,
    etc. ) ? In the past, I have not had to deal with clients running windows,
    so I felt a little more comfortable than I am right now.

    Thanks.

  • Next message: 7: "Re: SAMBA"

    Relevant Pages

    • Re: mount Linux directory on Windows
      ... and its for mounting Windows directory on Linux using Windows Samba Server. ... I want mount linux directory using Linux Samba Server on Windows Client. ...
      (RedHat)
    • Re: Connection to a SAMBA Active Directory
      ... I built a new Windows 2003 Server in a brand new domain. ... I am able to define a 2 way Realm trust using the Active Directory ... There is a bit of confusing on the SAMBA side. ...
      (microsoft.public.exchange.connectivity)
    • Re: Network printing - HowTo?
      ... Microsoft Windows Debugger Version 5.2.3790.3959 ... Please check your debugger configuration and/or network access. ... Guess I'm wondering if sharing my network printers off of a server is ...
      (microsoft.public.windowsxp.print_fax)
    • Re: [opensuse] How to get samba working?
      ... use the same password as the windows password for the user and the login ... writing in the samba directory itself, then make all subdirectories 0775 so ... change the wins server IP to your linux box IP. ... When prompted for a driver, ...
      (SuSE)
    • Re: Multiple issues (Server & Desktop) since last Windows Updates
      ... and I am still fighting problems since the reboot after the updates. ... since SP1 on our main Domain controller, which is also DNS server for itself ... I have another two Windows Server 2003 Standard servers that I ... Lexmark printers printer, ...
      (microsoft.public.windows.file_system)