Securing-Optimizing-RH-Linux-1_2_424
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
424
This option domain master specifies to set nmbd the Samba server daemon as a domain
master browser for its given workgroup. This option usually must be set to Yes only on one
Samba server for all other samba server on the same network and workgroup.
local master = Yes
This option local master allows nmbd the Samba server daemon to try and become a local
master browser on a subnet. Like the above, usually this option must be set to Yes only on one
Samba server that act as a local master on a subnet for all the other Samba server on your
network.
preferred master = Yes
This option preferred master specifies and controls if nmbd the Samba server daemon is a
preferred master browser for its workgroup. Once again must usually be set to Yes on one
server for all the other on your network.
os level = 65
This option os level specifies by its value whether nmbd the Samba server daemon has a
chance of becoming a local master browser for the WORKGROUP in the local broadcast area.
The number 65 will win against any NT Server. If you have a NT Server on your network and
want to set your Linux Samba server to be and win NT server for becoming a local master
browser for the workgroup in the local broadcast area then you must set the os level option to
65. Also this option must be set on one Linux Samba server and must be disable on all other
Linux Samba server you may have on your network.
dns proxy = No
This option dns proxy if set to Yes specifies that nmbd the Samba server daemon when
acting as a WINS server and finding that a Net BIOS name has not been registered, should treat
the Net BIOS name word-for-word as a DNS name and do a lookup with the DNS server for that
name on behalf of the name-querying client. Since we are not configured the Samba server for
acting as a WINS server, we dont need to set this option to Yes. Also setting this option to
Yes will degrade your Samba performance.
name resolve order = lmhosts host bcast
This option name resolve order specifies what naming services to use to resolve host names to
IP addresses and in what order. The parameters we chose cause the local lmhosts file of
samba to be examined first, followed by the others.
bind interfaces only = True
This option bind interfaces only if set to True, allows to limit what interfaces on a machine will
serve smb requests. This is a security feature. The configuration option interfaces = eth0
192.168.1.1 bellow complete this option.
interfaces = eth0 192.168.1.1
This option interfaces allows you to override the default network interfaces list that Samba will
use for browsing, name registration and other NBT traffic. By default Samba will query the kernel
for the list of all active interfaces and use any interfaces except 127.0.0.1 that are broadcast
capable. With this option, Samba will only listen on interface eth0 on the IP address
192.168.1.1. This is a security feature and complete the above configuration option bind
interfaces only = True.
hosts deny = ALL
This option hosts deny specifies the list of hosts that are NOT permitted access to Samba
services unless the specific services have their own lists to override this one. For simplicity, we
deny access to all hosts by default and allow specific hosts in the hosts allow = option bellow.
hosts allow = 192.168.1.0/24 127.0.0.1