Securing-Optimizing-RH-Linux-1_2_422
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
422
·
To run a Samba server, the following files are require and must be create or copied to
their appropriated directories on your server.
Copy the smb.conf and lmhosts files in the /etc/ directory.
Copy the smb script file in the /etc/rc.d/init.d/ directory.
Copy the samba file in the /etc/logrotate.d/ directory.
Copy the samba file in the /etc/pam.d/ directory.
You can obtain configuration files listed bellow on our floppy.tgz archive. Copy the following files
from the decompressed floppy.tgz archive to their appropriated places or copy and paste them
directly from this book to the concerned file.
Configuration of the /etc/smb.conf file
The /etc/smb.conf file is the main configuration file for Samba server, you can specify which
directory you want to access from windows machine, which IP addresses are authorized and so
on. The first few lines of the file under the [global] line contain global configuration directives,
which are common to all shares (unless they are over-ridden on a per-share basis), followed by
share sections. A lot options exist and its important to read the documentation that come with
Samba for more information of different setting and parameters. The following configuration
example is a minimal working configuration file for Samba with encrypted password support. Also
its important to note that we comment in this Samba configuration only parameters that relate to
security and optimization and let all the others to your own research and knowledge.
In our example we are created just one directory [tmp] and are allowed only class C machine IP
address range to connect on the Samba server. Also, we dont use printer-sharing capability over
Samba and Windows on this server.
Edit the smb.conf file (vi /etc/smb.conf) and add/change the following parameters:
[global]
workgroup = OPENARCH
server string = R&D of Open Network Architecture Samba Server
encrypt passwords = True
security = user
smb passwd file = /etc/smbpasswd
log file = /var/log/samba/log.%m
socket options = IPTOS_LOWDELAY TCP_NODELAY
domain master = Yes
local master = Yes
preferred master = Yes
os level = 65
dns proxy = No
name resolve order = lmhosts host bcast
bind interfaces only = True
interfaces = eth0 192.168.1.1
hosts deny = ALL
hosts allow = 192.168.1.0/24 127.0.0.1
debug level = 1
create mask = 0640
directory mask = 0750
level2 oplocks = True
read raw = no
[homes]