[Samba] How to add basic security to my samba share?

DavidA dandbnews2 at talktalk.net
Fri Jan 8 04:58:12 UTC 2016


As I've mentioned before, I have a simple Samba share running on a Raspberry 
Pi, accessed by a Windows workgroup. I've shown the main sections of my 
smb.conf file at the end of this email.

My share is currently open to anyone who is connected to my network, which 
is not ideal.  I would like to add some security but I don't understand how 
this should work.

Should I:

a) Create a guest Linux account on the Pi and require Windows users to enter 
the credentials of that account when accessing the Share


b) Add the credentials of the Windows users to the Samba password file ?

Please advise me how you would normally do this and what I need to add to 

Best regards


    usershare allow guests = yes
    workgroup = WORKGROUP
    wins support = true
    map to guest = bad user
    dns proxy = no
    passwd program = /usr/bin/passwd %u
    panic action = /usr/share/samba/panic-action %d
    max log size = 1000
    os level = 20
    passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    log file = /var/log/samba/log.%m
    passdb backend = tdbsam
    pam password change = yes
    server role = standalone server
    obey pam restrictions = yes
    syslog = 0
    unix password sync = yes
    netbios name = RPHS
    name resolve order = wins lmhosts hosts bcast

   comment = Home Directories
   browseable = no

   read only = yes
   create mask = 0700
   directory mask = 0700
   valid users = %S

    comment=Raspberry Pi Share
    path = /mnt/data
    writeable = yes
    only guest = no
    public = yes

More information about the samba mailing list