Results 1 to 4 of 4
Thread: understanding samba
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Dec 2010
I am not an expert on SAMBA , but i have played with it some times. Remember SAMBA is basically about shared folders and their access permissions. Authentication can be setup in many different ways with different behaviors each one of them. You can set it to depend on a DOMAIN, in this case, you need a Wndows domain controller (which also can be a samba server). In this case you create an user in linux the same as in windows and the password is matched against the data in the windows domain controller.
If you set it up as SERVER or USER, you set up the shared folders access permissions over the linux usernames, each one of them it their own password, if a Windows user need to access those shared folder , it will need to supply a valid username and password , and to make the things easier is best to use the same user names and passwords for linux and windows or the user will have to type the linux username and password each time he access the shared folders.
About what you say about the linux servers and the millions of users, well, yes, but I doubt most of them use SAMBA, and if they do, there are tools to replicate the data from the windows active directory users to the linux servers.
Also you can have shared folders open for all, not very secure at all , but useful for the kind of devices you mention. About the linux user names rules I think they can be customized , look for PAM rules.
what I just posted may be somewhat outdated and I hope not too inaccurate.
- Join Date
- Aug 2007
- Fairfax, VA
This is a very loaded question, because they're many ways to skin a cat.
So Samba has five major authentication methods;
user = local database, using smbpasswd
ads = windows domain
domain = legacy windows domain
kerberos = windows or ldap or kerberos (windows active directory uses kerberos by default)
ldap = ldap directory
So first thing, all of these methods is a user repository, you can create users in it and have samba 'authenticate' and use these databases to validate users. User is by far the easiest method if you are new, I can certainly write a book but many people before me have written howtos and docs so I will stop here. I hope this will give you a better understanding on what needs to be done.
So in short.
1. Match workgroup to windows domain or workgroup
2. Based upon which user directory you use, match windows to users in samba (security = users is the easiest)
I hope this helps.
If you have the statement security = share in your configuration,
anonymous Windows clients can access the shares. This is what I do,
but would not be secure in a business environment.