Step0:前言
samba 認證模式中的 security = server ,這表示本身這一台 samba server 不做身分驗證的工作而是交由其他台 Windows NT/2000/2003 或 samba server 做身份驗證,但這一個模式並不是很被 samba 的官方網站推薦來使用,因為他有以下的缺點
- Potential Account Lockout on MS Windows NT4/200x password servers
- Lack of assurance that the password server is the one specified
- Does not work with Winbind, particularly needed when storing profiles remotely
- This mode may open connections to the password server,and keep them open for extended periods.
- Security on the samba server breaks badly when the remote password server suddenly shuts down
- With this mode there is NO security account in the domain that the password server belongs to for the Samba server
Step1:samba的設定檔
[root@benjr ~]#vi /etc/samba/smb.conf [global] server string = Samba Server netbios name = benjr encrypt passwords = Yes security = server password server = "NetBIOS_name_of_a_DC"
說明:
- netbios name = benjr
netbios name 也就是 windows 的電腦名稱. - security = server
指定 samba security 為 server ,也就是身分驗證的工作而是交由其他台 Windows NT/2000/2003 或 samba server 來做. - password server = "NetBIOS_name_of_a_DC"
這裡要指定你的 windows kerberos server 是哪一台,我的則是放在同一台中. - encrypted password = yes
密碼的傳送要先加密.
重新啟動 samba server 就可以了.現在 samba server 的身分驗證已經交給其他台 Windows NT/2000/2003 或 samba server 來做.
[root@benjr ~]#service smb restart Starting SMB services: [ OK ] Starting NMB services: [ OK ]
沒有解決問題,試試搜尋本站其他內容
2 thoughts on “Linux – Samba Server Security”