Securing-Optimizing-RH-Linux-1_2_423
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
423
comment = Home Directories
browseable = no
read only = no
invalid users = root bin daemon nobody named sys tty disk mem kmem users
[tmp]
comment = Temporary File Space
path = /tmp
read only = No
valid users = admin
invalid users = root bin daemon nobody named sys tty disk mem kmem users
This tells smb.conf file to set itself up for this particular configuration setup with:
[global]
workgroup = OPENARCH
This option workgroup specifies the workgroup your server will appear to be in when queried by
clients. Its important to have the same workgroup name on both clients and server machines.
server string = R&D of Open Network Architecture Samba Server
This option server string specifies the string that you wish to show to your users in the printer
comment box in print manager or to the IPC connection in "net view" command under Windows
machines.
encrypt passwords = True
This option encrypt passwords if set to True specifies Samba to use encrypted password
instead of plain text password to negotiated with the client. Sniffer program will not be able to
detect your password when it is encrypted. This option always must be set to True for security
reason.
security = user
This option security if set to user specifies that a client must first "log-on" with a valid
username and password or the connection will be refused. This mean, a valid username and
password for the client must exit in your /etc/passwd file on the Linux server and in the
/etc/smbpasswd file of Samba server or the connection from the client will fail. See Securing
samba in this chapter for more information about smbpasswd file.
smb passwd file = /etc/smbpasswd
This option smb passwd file specifies the path to the encrypted smbpasswd file. The
smbpasswd file is a copy of the /etc/passwd file of Linux system containing valid username
and password of client allowed to connect to the Samba server. The Samba software read this
file (smbpasswd) when a connection is requested.
log file = /var/log/samba/log.%m
This option log file specifies the location and name of Samba log files. With the name extension
%m it allow you to have separate log files for each user or machine that log on your Samba
server (i.e. log.machine1).
socket options = IPTOS_LOWDELAY TCP_NODELAY
This option socket options specifies parameters you can include in your Samba configuration to
tune and improve your samba server for optimal performance. By default we chose to tune the
connection for a local network and improve the performance of the Samba server for transferring
files.
domain master = Yes