[Samba] How to add basic security to my samba share?
DavidA
dandbnews2 at talktalk.net
Fri Jan 8 04:58:12 UTC 2016
Hi
As I've mentioned before, I have a simple Samba share running on a Raspberry
Pi, accessed by a Windows workgroup. I've shown the main sections of my
smb.conf file at the end of this email.
My share is currently open to anyone who is connected to my network, which
is not ideal. I would like to add some security but I don't understand how
this should work.
Should I:
a) Create a guest Linux account on the Pi and require Windows users to enter
the credentials of that account when accessing the Share
or
b) Add the credentials of the Windows users to the Samba password file ?
Please advise me how you would normally do this and what I need to add to
smb.conf.
Best regards
David
[global]
usershare allow guests = yes
workgroup = WORKGROUP
wins support = true
map to guest = bad user
dns proxy = no
passwd program = /usr/bin/passwd %u
panic action = /usr/share/samba/panic-action %d
max log size = 1000
os level = 20
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
log file = /var/log/samba/log.%m
passdb backend = tdbsam
pam password change = yes
server role = standalone server
obey pam restrictions = yes
syslog = 0
unix password sync = yes
netbios name = RPHS
name resolve order = wins lmhosts hosts bcast
[homes]
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S
[Data]
comment=Raspberry Pi Share
path = /mnt/data
browseable=yes
writeable = yes
only guest = no
public = yes
More information about the samba
mailing list