Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: ssssay sssamba
Special Forums IP Networking ssssay sssamba Post 6509 by torbaker on Thursday 6th of September 2001 12:38:04 AM
Old 09-06-2001
Samba authentication
The problem is that you have configured your system for USER or DOMAIn security rather than SHARE security.

This is a good idea, especially if you have Windows NT machines to contend with.

If security is not an issue, you may use SHARE level security and simply make certain that the user specified in you config file has permission to access the shared files.

For DOMAIN security, you need to send a user and password with every request. By default, Windows will try to connect by sending the username and password that were used to log in to the network. If this user does not exist on the UNIX machine, access will be denied. You can optionally use the Windows NT account database and or user mapping (via smbusers) to manage the security.

This also means that the username and password need to be specified on the command line for the smbclient and smbmount commands.
 

LEARN ABOUT OSF1

secconfig

secconfig(8)						      System Manager's Manual						      secconfig(8)

NAME

       secconfig, secsetup - Security features setup graphical interface (Enhanced Security)

SYNOPSIS

       /usr/sbin/sysman secconfig

       NOTE:  The secsetup utility has been replaced by the secconfig graphical interface.

DESCRIPTION

       The  utility  is  a  graphical interface used to select the level of system security needed.  It can convert from Base to enhanced security
       mode, and configure base and enhanced security features.  If you are using secconfig to enable  Enhanced  security,  you  must  first  have
       loaded the enhanced security subsets.

       You can run while the system is in multiuser mode.  However, if you change the security level, the change is not completed until you reboot
       the system.

       For both base and enhanced security, the secconfig utility allows you to enable segment sharing, to enable access control lists (ACLs), and
       to restrict the setting of the execute bit to root only.

       For enhanced security, the secconfig utility additionally allows you to configure security support from simple shadow passwords all the way
       to a strict C2 level of security.  Shadow password support is an easy method for system administrators, who do not wish to use all  of  the
       extended  security features, to move each user's password out of /etc/passwd and into the extended user profile database (auth.db.  You can
       use the Custom mode if you wish to select additional security features, such as breakin detection and evasion, automatic database trimming,
       and password controls.

       When  converting from base to enhanced security, secconfig updates the system default database (/etc/auth/system/default) and uses the con-
       vuser utility to migrate user accounts.

       While it is possible to convert user accounts from enhanced back to base, the default encryption algorithms and supported password  lengths
       differ between base and enhanced security, and thus user account conversions do not succeed without a password change.

       NOTE: Because of the page table sharing mechanism used for shared libraries, the normal file system permissions are not adequate to protect
       against unauthorized reading.  The secconfig interface allows you to disable segment sharing.  The change in segment sharing  takes  effect
       at the next reboot.

FILES

RELATED INFORMATION

       acl(4), authcap(4), default(4), convuser(8),
       Security delim off

																      secconfig(8)
All times are GMT -4. The time now is 07:20 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy