In this chapter, we cover the basic concepts of managing security in Samba so that you can set up your Samba server with a security policy suited to your network.
One of Samba’s most complicated tasks lies in reconciling the security models of Unix and Windows systems. Samba must identify users by associating them with valid usernames and groups, authenticate them by checking their passwords, then control their access to resources by comparing their access rights to the permissions on files and directories. These are complex topics on their own, and it doesn’t help that there are three different operating system types to deal with (Unix, Windows 95/98/Me, and Windows NT/2000/XP) and that Samba supports multiple methods of handling user authentication.
out as simply as possible and add support for a single user. The
easiest way to set up a client user is to create a Unix account (and
home directory) for that individual on the server and notify Samba of
the user’s existence. You can do the latter by
creating a disk share that maps to the user’s home
directory in the Samba configuration file and restricting access to
that user with the
users option. For example:
[dave] path = /home/dave comment = Dave's home directory writable = yes valid users = dave
users option lists
the users allowed to access the share. In this case, only the user
dave is allowed to access the share. In some situations it is possible to specify ...