General discussion

Locked

How to secure Samba for an NT network

By Roger ·
I have an NT network using Domain logons to control access. I would like to configure a Linux pc to provide directories for users and map the drives on the workstations as users log in. I want to be able to control access to the linux directories based on the NT domain login account, preventing users from accessing any directories other than their own. Also, I want to be able to assign a group directory and control which users can access the group directory for shared projects or all membersof a department. Anyone have any experience with this or any ideas of how it can be accomplished?

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

How to secure Samba for an NT network

by randyarnold In reply to How to secure Samba for a ...

You can do this. It will take some reading on your part. Look at the Samba documentation at http://us1.samba.org/samba/docs/

There is to much to enter here, but it is not that difficult in practice.

Randy

Collapse -

How to secure Samba for an NT network

by Roger In reply to How to secure Samba for a ...

Poster rated this answer

Collapse -

How to secure Samba for an NT network

by rommel_abaya In reply to How to secure Samba for a ...

create each one a username in your Samba server. use the same login name they use for NT. Also, you can use the hosts.allow directive

Collapse -

How to secure Samba for an NT network

by Roger In reply to How to secure Samba for a ...

Poster rated this answer

Collapse -

How to secure Samba for an NT network

by dwdino In reply to How to secure Samba for a ...

WINBIND

Winbind is the answer, it is an integral part of the Samba package. I currently have the exact setup you have asked about. The only account on my Linux boxes are root and a few others for necessary local utilities.

When configuring samba make sure that the security is set to domain. The proper documentation, which you have already been pointed to, shows the proper steps to take. You will manual have to winbind authentication to your security configuration (simple 2-3 line mod).For demonstration: create a directory called winshare on you linux server. Inside of this directory place a folder for each user that matches their login name.

/winshare/joe.bloe

In smb.conf add something similiar to the following:

[joe.bloe]
comment = Joe Bloe's Share
valid users = domain\joe.bloe @domain\administrators
path = /winshare/joe.bloe
public = no
browseable = no
writable = yes

[isshare]
comment = I.S. Share
valid users = @domain\is
path = /winshare/is
public = no
browseable = no
writable = yes

Then for your login script you can use something like the following:

net use H: \\linuxserver\%username%

net user /domain %username% | search "is" > nul
if error level 1 goto next
net use S: \\linuxserver\isshare
next:

The first simply matches the username to the appropriate directory, the second checks for the users memborship in the "is" group and then maps the isshare if positive. I am not certain on the second part, have to get back to you with the full construct.

Good luck

Collapse -

How to secure Samba for an NT network

by dwdino In reply to How to secure Samba for a ...

Proper syntax is as follows:

net user %username% /domain | find /i "IS" >nul
if errorlevel 1 goto next
net use s: \\linuxserver\isshare

Collapse -

How to secure Samba for an NT network

by Roger In reply to How to secure Samba for a ...

Poster rated this answer

Collapse -

How to secure Samba for an NT network

by Roger In reply to How to secure Samba for a ...

This question was closed by the author

Back to Linux Forum
8 total posts (Page 1 of 1)  

Related Discussions

Operating Systems Forums