[Samba] Access to shares for authenticated domain users only

Zinthefer Mark-G18622 zinthefe at motorola.com
Fri Mar 28 23:03:05 GMT 2003 

I have about 120 users who have need to have access to these shares.  Only
about 30-40 of them will be accessing them at any one time.  It's not a
matter of unauthorized access.  It seems like when I get too many (valid)
requests for the shares, Samba won't let any more valid requests in.

Thanks.

-----Original Message-----
From: Barry, Christopher [mailto:cbarry at infiniconsys.com]
Sent: Friday, March 28, 2003 4:58 PM
To: Andrew Bartlett; Kevin
Cc: samba at lists.samba.org
Subject: RE: [Samba] Access to shares for authenticated domain users
only


You could setup shorewall (iptables) to only allow authorized mac addresses
to access the server. This would prevent a valid user from accessing the
data from an unauthorized machine.

Regards,

--
Christopher Barry
Manager of Information Systems
InfiniCon Systems
http://www.infiniconsys.com



-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Friday, March 28, 2003 2:18 AM
To: Kevin
Cc: samba at lists.samba.org
Subject: Re: [Samba] Access to shares for authenticated domain users
only


On Thu, 2003-03-27 at 23:45, Kevin wrote:
> On Thu, 27 Mar 2003 07:11:55 +0000, Andrew wrote:
> 
> >While 'hacks' might be possible, shares are authenticated seperatly to
the 
> >domain logon, and there is no linkage apart from the fact that the domain
> >logon sets up the default username/pw pair.
> >
> >Fundementally, any restriction imposed by logon script/.pol files can be
> >avoided - you must never trust the client to actually follow their
directions...
> >
> 
> Thanks Andrew. Point taken. Where would you go for more info on this sort
of
> security? In particular I'm trying to avoid unauthorised notebooks etc.
> connecting to the network and then disappearing off home with sensitive
data
> from the server on their drives.

Really, the best you can do is per-user passwords, strong passwords,
correctly set permissions, and policies (human policies, not computer
ones :-).

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list