Help for a Samba newb... - SMB

This is a discussion on Help for a Samba newb... - SMB ; Hi, I've been tasked with creating a Samba file and print server and I could use some help. What I need to do is introduce this into a windows workrgoup consisting of Win98/2K/XP machines without a centralized authentication server of ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Help for a Samba newb...

  1. Help for a Samba newb...

    Hi,

    I've been tasked with creating a Samba file and print server and I
    could use some help.

    What I need to do is introduce this into a windows workrgoup consisting
    of Win98/2K/XP machines without a centralized authentication server of
    any kind.

    The Samba server needs to serve 1 directory with read write access to
    everyone. It also needs to serve 1-3 HP Laserjets (with internal
    jetdirect NIC's) to the group as well.

    Here are some of the limitations my manager has imposed on the project:

    I can't use Samba as an authentication server.
    Everyone has to have read/write access.
    Everyone needs to print.
    I have to use Suse 9.3

    The one other caveat is that the access to the server needs to work
    with users created "on the fly". In other words, I won't be able to
    create a mirrored Unix account for every windows user that's put on the
    network.

    I know this sound like it would be very insecure, but never the less
    that's what I have to come up with.

    I've seen example configurations involving "user-level" security that
    still allows anonymous access where all file activity is "owned" by a
    single pre-defined user. This would be ideal. But I don't understand
    all the steps to setting this up. My understanding of Unix permissions
    is a little shakey too.

    Any help would be appreciated.

    Thanks,

    tehnewb@shaw.ca


  2. Re: Help for a Samba newb...


    "tehnewb" wrote in message
    news:1133461036.207382.256070@z14g2000cwz.googlegr oups.com...
    > Hi,
    >
    > I've been tasked with creating a Samba file and print server and I
    > could use some help.
    >
    > What I need to do is introduce this into a windows workrgoup consisting
    > of Win98/2K/XP machines without a centralized authentication server of
    > any kind.
    >
    > The Samba server needs to serve 1 directory with read write access to
    > everyone. It also needs to serve 1-3 HP Laserjets (with internal
    > jetdirect NIC's) to the group as well.
    >
    > Here are some of the limitations my manager has imposed on the project:
    >
    > I can't use Samba as an authentication server.
    > Everyone has to have read/write access.
    > Everyone needs to print.
    > I have to use Suse 9.3
    >
    > The one other caveat is that the access to the server needs to work
    > with users created "on the fly". In other words, I won't be able to
    > create a mirrored Unix account for every windows user that's put on the
    > network.
    >
    > I know this sound like it would be very insecure, but never the less
    > that's what I have to come up with.


    No problem. Just create a shared SMB directory with anonymous read-write
    access, and tell people to put things in personal folders. They can still
    overwrite each other, but that's what you're stuck with.

    > I've seen example configurations involving "user-level" security that
    > still allows anonymous access where all file activity is "owned" by a
    > single pre-defined user. This would be ideal. But I don't understand
    > all the steps to setting this up. My understanding of Unix permissions
    > is a little shakey too.


    Do you want anonymous users to be different from logged in users? Since you
    have no way for users to log in, it makes no difference and will just make
    your life harder.



  3. Re: Help for a Samba newb...

    I use a similar setup to the one you described.

    Here is a smb.conf file:

    [global]
    workgroup = WORKGROUP
    netbios name = NAME
    security = user
    encrypt passwords = yes
    smb passwd file = /etc/samba/smbpasswd
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    dns proxy = no
    ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
    preserve case = yes
    short preserve case = yes
    case sensitive = no

    # This is the global parameter that allows
    # anonymous access in user-level security
    map to guest = Bad User

    printcap name = /etc/printcap
    load printers = yes

    [printers]
    comment = All printers
    path = /var/spool/samba
    printable = yes
    read only = yes
    guest ok = yes
    guest account = nobody

    [transfer]
    comment = /transfer
    browseable = yes
    guest ok = yes
    guest account = nobody
    read only = no
    directory = /transfer

    tehnewb wrote:
    > Hi,
    >
    > I've been tasked with creating a Samba file and print server and I
    > could use some help.
    >
    > What I need to do is introduce this into a windows workrgoup consisting
    > of Win98/2K/XP machines without a centralized authentication server of
    > any kind.
    >
    > The Samba server needs to serve 1 directory with read write access to
    > everyone. It also needs to serve 1-3 HP Laserjets (with internal
    > jetdirect NIC's) to the group as well.
    >
    > Here are some of the limitations my manager has imposed on the project:
    >
    > I can't use Samba as an authentication server.
    > Everyone has to have read/write access.
    > Everyone needs to print.
    > I have to use Suse 9.3
    >
    > The one other caveat is that the access to the server needs to work
    > with users created "on the fly". In other words, I won't be able to
    > create a mirrored Unix account for every windows user that's put on the
    > network.
    >
    > I know this sound like it would be very insecure, but never the less
    > that's what I have to come up with.
    >
    > I've seen example configurations involving "user-level" security that
    > still allows anonymous access where all file activity is "owned" by a
    > single pre-defined user. This would be ideal. But I don't understand
    > all the steps to setting this up. My understanding of Unix permissions
    > is a little shakey too.
    >
    > Any help would be appreciated.
    >
    > Thanks,
    >
    > tehnewb@shaw.ca



+ Reply to Thread