samba digest, Vol 1 #572 - 55 msgs

[Brendon Meyer]

> Message: 16
> From: "Hugo Levasseur" <hugo.levasseur at mcgill.ca>
> To: "Samba Mailing List" <samba at lists.samba.org>
> Subject: about mutiple security levels
> Date: Wed, 12 Sep 2001 19:52:03 -0400
> 
> in the samba docs I find
>  "It is possible to use smbd in a hybrid mode where it is offers both
> user and share level security under different
> <http://ca.samba.org/samba/docs/man/smb.conf.5.html#NETBIOSALIASES>
> NetBIOS aliases"
>  
> no clue aas to how to do this though .. anyone know?

The way that I have achieved this using FreeBSD is as follows given the
following information.

Original IP Address:  192.168.200.10
Original Hostname:    tarja

1.  Created a new IP alias for the machine
    (ifconfig <interface> alias 192.168.200.20 netmask 0xffffffff)

2.  Created a DNS entry for the new alias (which I called swserver)
    which means that the one machine now has two ip addresses
    and two separate hostnames which nicely resolve via DNS.  

3.  Made my root 'smb.conf' look a bit like this:
    [global]
	<global stuff ... snip>
	netbios aliases = tarja swserver
	include = /usr/local/etc/samba/smb.global.%L

4.  Created the two additional 'configuration' files as follows:
    smb.global.swserver:
	encrypt passwords = yes
	security = share

	[netapps]
	path = /data/netapps
	writeable = yes
	public = yes
	force user = nobody
	force group = nobody

	<additional shares ... snip>

     smb.global.tarja:
	encrypt passwords = yes
	security = user

	[data]
	path = /data
	writeable = yes
	public = no

	<additional shares ... snip>


The end result is that if I use this from the <start><run> box from a W2k
client:
	\\tarja\data

It is using user level security.  

If I call the same machine though with this 
	\\swserver\netapps

It behaves entirely differently in that it uses share level
security (and offers up different shares).