Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 795
  • Last Modified:

Enable Gentoo/Samba Authentication

Dear Experts,

I have a fairly standard install of Samba on a fairly simple Gentoo system. (when I say simple, I mean it's "out the box" as it installed - very few modifications by me)

I have one share /data which points to /dev/sdb1, and this is nicely served to a windows network.

The question is, how do I make this share more secure by adding authentication?
Reason: Anyone who gained access to network (wireless etc.) could get uncontolled access to the contents of /data.

I can see that there is quite a bit on the web about this, but don't understand how to get it working on my setup. I see many references to mksmbpasswd.sh but this does not seem to be available on Gentoo.

Surely there's people out there who have done this... Any help (or even better a solution) much appreciated.


1 Solution
Maciej SsysadminCommented:
Put "security = user" line in your [global] section in smb.conf (you may have now "security = share", if so - change this).
Then, you need to create users which samba will accept:
smbpasswd -a username
By default samba is looking for password file in ${prefix}/private/smbpasswd. You may change this, specifying "smb passwd file = /path/to/your/passwd/file"
Then, you should modify your share to allow logged in users only: "guest ok = no", or you may allow only specific users by adding: "guest ok = no" and "valid users = username1 username2"
You may also specify list of users who are not allowed to access this share, by adding: "invalid users = username3 username4"
phil8258Author Commented:
Great, Cheers.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now