1,168 瀏覽數

Samba-Server Security

Step0:前言

samba 認證模式中的 security = server ,這表示本身這一台 samba server 不做身分驗證的工作而是交由其他台 Windows NT/2000/2003 或 samba server 做身份驗證,但這一個模式並不是很被 samba 的官方網站推薦來使用,因為他有以下的缺點

  1. Potential Account Lockout on MS Windows NT4/200x password servers
  2. Lack of assurance that the password server is the one specified
  3. Does not work with Winbind, particularly needed when storing profiles remotely
  4. This mode may open connections to the password server,and keep them open for extended periods.
  5. Security on the samba server breaks badly when the remote password server suddenly shuts down
  6. With this mode there is NO security account in the domain that the password server belongs to for the Samba server

Step1:samba的設定檔

[root@benjr ~]#vi /etc/samba/smb.conf 
[global]
   server string = Samba Server
   netbios name = benjr
   encrypt passwords = Yes  
   security = server
   password server = "NetBIOS_name_of_a_DC"

說明:

  • netbios name = benjr
    netbios name 也就是 windows 的電腦名稱
  • security = server
    指定 samba security 為 server ,也就是身分驗證的工作而是交由其他台 Windows NT/2000/2003 或 samba server 來做.
  • password server = "NetBIOS_name_of_a_DC"
    這裡要指定你的 windows kerberos server 是哪一台,我的則是放在同一台中.
  • encrypted password = yes
    密碼的傳送要先加密

重新啟動 samba server 就可以了.現在 samba server 的身分驗證已經交給其他台 Windows NT/2000/2003 或 samba server 來做.

[root@benjr ~]#service smb restart
Starting SMB services:                   [ OK ]
Starting NMB services:                   [ OK ]

2 個網友的想法 “Samba-Server Security

  1. 自動參照通知: RHEL5 – Samba(一) 什麼是 Samba | Benjr.tw

  2. 自動參照通知: samba | Benjr.tw

發表迴響