[Samba] limiting authentication duration
Marian Mlcoch, Ing
mm at tsmp.sk
Wed Oct 8 12:45:39 GMT 2003
First yuo update your samba to last 2.2.8... from samba binary ftp for
Second your problem with share level security.
When your users Joe not logout when end work and user Mary then work with PC
no way to protect your system!
First yuo learn about login logout feature of Windows network an afther this
you set samba to user level security
this is best choice for all.
If you dont need domain then config user security is very simple set this on
smb.conf and restart samba
create user joe and mary on redhat
then run smbpasswd -a joe and repeat mary with set pass.
And on windows login with this settings and logout afther end work.
----- Original Message -----
From: "Doc Dawson" <doc at dawson.cc>
To: <samba at lists.samba.org>
Sent: Wednesday, October 08, 2003 5:21 AM
Subject: [Samba] limiting authentication duration
> Question 1: Is there a way to keep an authentication to a Samba share from
> lasting indefinitely?
> I am implementing a Linux file server for a network of machines all
> Windows 98 SE. (Redhat 9, Samba 2.2.7a, share-level security.) Once a
> user provides a valid password and connects to a Samba share, Samba allows
> that client machine to access that share indefinitely.
> In our office each machine may not be used by the same user every day. If
> Joe connects to a Samba share on Monday by providing the proper password,
> then Mary uses that client machine on Tuesday, she will have access to the
> share without needing the password. Is there a way to make Samba ask for
> the password again?
> Initially I thought I could just set the deadtime and keepalive options so
> the connection would be terminated if it is not used for a while. But
> apparently Windows just autoreconnects.
> I tried restarting the Samba service but that doesn't work either.
> Even "smbcontrol smbd close-share * " doesn't prevent autoreconnection.
> In the O'Reilly book "Using Samba" (second edition) the section on
> Share-Level Security mentions a REVALIDATE=YES option which I thought
> be relevant. However testparm identifies this as an "unknown
> parameter". (BTW, revalidate does not appear in the index nor in the
> Configuration Option appendix of the second edition, so I suspect this is
> deprecated option, although it was not removed from the text.)
> Related, but slightly different
> Question 2: Is there a way for a user on a Windows client to get Samba to
> ask for a new password?
> Suppose I have a share such as:
> path = /var/project1/data
> username = mary, admin
> read only = yes
> write list = admin
> If mary connects to the share, then asks me to come assist her and I need
> to write to the share from the Windows machine she is using, how can I
> terminate her authentication so I can connect with my password and get
> write privileges?
> I'm new at this, so if any of my terminology is not right please let me
> know so I can get it right next time.
> Doc Dawson
> Longwood Family Medicine
> Longwood, Florida
> doc at dawson.cc
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba