Dear all,
I've not a good starting point I'm afraid, but I was forced to deploy Samba under pressure of failing hardware so an urgent migration was done. We didn't get the IBM AIX 6.1 supplied one running at all, so we pulled down the samba.org version 3.4.3. We couldn't get that working as we wished, but it did at least share. It has been merrily allowing any request to mount (read-only) the shares. All was well with the function, but obviously it is not appropriate for the sensitive data was are sharing. The setting I had to put in was
security=SHARE and on each share, we have guest login allowed.
My problem is that our clients are in at least two domains and the server is standalone, i.e. no LDAP or whatever connection set up on the operating system in
/etc/netsrv.conf or anything. We are an outsourcing company so we have our servers & users and the client company users all wanting to access the data.
I've tried reading the manual pages, but I have to understand much more about security and protocols than I do to get my foot in the door, so to speak. The more I try to find out, the more confused I get.
What I have tried has always prevented any access. Great for security, but useless for actually operating the business.
It has been parked for quite a while now especially as the failing hardware also allowed guest connections so I had nothing to compare to. I've now forgotten what attempts I have made, but now Internal Audit are on my case to lock it down. Can anyone point me in the right direction? I would prefer to grant access to an Active Directory group of users if that is possible, but then it needs to validate the user on more than one domain......um?
My head hurts already.
Full config (slightly sanitised) can be posted if this is useful, but I didn't want to flood the thread first off.
Robin
Liverpool/Blackburn
UK