Adding password based authentication to windows file shares / samba sharing on linux is never as simple as I'd expect. With the spread of cryptolocker (ransomware which can encrypt your network shares!) I have been working to enhance the security and resilience of my windows samba network shares. Here are some simple pointers from my experience of setting up authentication on a Ubuntu machine running samba (tested on samba versions 3.4.7 and 3.6.3) :
1. Create user accounts on the Ubuntu machine that you want to use as your usernames with associated passwords. Create these without shell access.
useradd -s /usr/sbin/nologin ExampleUsername
2. Add to your samba config (/etc/smb/smb.conf) in the global section:
[global]
guest account = guest
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
encrypt passwords = true
# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
# password database type you are using.
passdb backend = tdbsam
obey pam restrictions = yes
# parameters must be set (thanks to Ian Kahan <
# sending the correct chat script for the passwd program in Debian Sarge).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
unix password sync = yes
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = WORKGROUP
usershare allow guests = yes
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
pam password change = yes
# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
map to guest = bad user
3. In your defined shares include:
[ExampleShareName]
valid users = ExampleUsername
write list = ExampleUsername
read only = no
guest ok = no
4. Set the samba passwords up, for simplicity I would recommend aligning these to the user password defined in step 1. when creating the user account
sudo smbpasswd -a ExampleUsername
5. Enable the user account for samba
6. Restart samba
sudo service smbd restart
Done!
Nice post.
ReplyDeleteThe easiest method to fix YouTube issues by the online customer support center. Simply visit the official website Activate YouTube and there is an expert's team always ready to fix customer glitches.
We have identified the list of available devices for Amazon Prime Video; we can also check out the step by step to activate Primevideo.com/mytv on your smart TV. We only need a prime video activation code for the activation method. You can create the activation code on your device with the occasional help of Prime Video application. With this information handy, you can get a unique code and initiate their devices in less than one minute.
ReplyDeleteRead more…
Thankyou for sharing the wonderful post and all the best for your future. I hope to see more post from you. I am satisfied with the arrangement of your
ReplyDeletepost.
aol mail login|
aol mail login|
aol mail login|
netgearrouterlogin|
facebooksignin|
gmail not working|
comcastemaillogin|
google 3351
ReplyDeletegoogle 3352
google 3353
google 3354
google 3355
Outstanding Blog! I want people to know just how good this information is in your Blog. I will visit your blog daily because I know. It may be very beneficial for me. For Instant Support related to Common Roadrunner Email Problems please contact roadrunner support team for solution.
ReplyDelete가평출장샵
ReplyDelete수원출장샵
강원도출장샵
청주출장샵
충북출장샵
김포출장샵
ReplyDelete보은출장안마
태백출장안마
태백출장안마
광양출장안마
동해출장안마
광양출장안마
옥천출장안마
동해출장안마