[Samba] Access to shares for authenticated domain users only
cbarry at infiniconsys.com
Fri Mar 28 22:57:57 GMT 2003
You could setup shorewall (iptables) to only allow authorized mac addresses to access the server. This would prevent a valid user from accessing the data from an unauthorized machine.
Manager of Information Systems
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Friday, March 28, 2003 2:18 AM
Cc: samba at lists.samba.org
Subject: Re: [Samba] Access to shares for authenticated domain users
On Thu, 2003-03-27 at 23:45, Kevin wrote:
> On Thu, 27 Mar 2003 07:11:55 +0000, Andrew wrote:
> >While 'hacks' might be possible, shares are authenticated seperatly to the
> >domain logon, and there is no linkage apart from the fact that the domain
> >logon sets up the default username/pw pair.
> >Fundementally, any restriction imposed by logon script/.pol files can be
> >avoided - you must never trust the client to actually follow their directions...
> Thanks Andrew. Point taken. Where would you go for more info on this sort of
> security? In particular I'm trying to avoid unauthorised notebooks etc.
> connecting to the network and then disappearing off home with sensitive data
> from the server on their drives.
Really, the best you can do is per-user passwords, strong passwords,
correctly set permissions, and policies (human policies, not computer
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba