samba digest, Vol 1 #572 - 55 msgs
Brendon Meyer
Brendon_Meyer at fmi.com
Thu Sep 13 16:39:02 GMT 2001
> Message: 16
> From: "Hugo Levasseur" <hugo.levasseur at mcgill.ca>
> To: "Samba Mailing List" <samba at lists.samba.org>
> Subject: about mutiple security levels
> Date: Wed, 12 Sep 2001 19:52:03 -0400
>
> in the samba docs I find
> "It is possible to use smbd in a hybrid mode where it is offers both
> user and share level security under different
> <http://ca.samba.org/samba/docs/man/smb.conf.5.html#NETBIOSALIASES>
> NetBIOS aliases"
>
> no clue aas to how to do this though .. anyone know?
The way that I have achieved this using FreeBSD is as follows given the
following information.
Original IP Address: 192.168.200.10
Original Hostname: tarja
1. Created a new IP alias for the machine
(ifconfig <interface> alias 192.168.200.20 netmask 0xffffffff)
2. Created a DNS entry for the new alias (which I called swserver)
which means that the one machine now has two ip addresses
and two separate hostnames which nicely resolve via DNS.
3. Made my root 'smb.conf' look a bit like this:
[global]
<global stuff ... snip>
netbios aliases = tarja swserver
include = /usr/local/etc/samba/smb.global.%L
4. Created the two additional 'configuration' files as follows:
smb.global.swserver:
encrypt passwords = yes
security = share
[netapps]
path = /data/netapps
writeable = yes
public = yes
force user = nobody
force group = nobody
<additional shares ... snip>
smb.global.tarja:
encrypt passwords = yes
security = user
[data]
path = /data
writeable = yes
public = no
<additional shares ... snip>
The end result is that if I use this from the <start><run> box from a W2k
client:
\\tarja\data
It is using user level security.
If I call the same machine though with this
\\swserver\netapps
It behaves entirely differently in that it uses share level
security (and offers up different shares).
More information about the samba
mailing list