Red Hat ENTERPRISE LINUX 3 System Administration Manual page 191

Chapter 24. Samba
To specify the Windows workgroup and a brief description of the Samba server, edit the following
lines in your
smb.conf
workgroup = WORKGROUPNAME
server string = BRIEF COMMENT ABOUT SERVER
Replace WORKGROUPNAME with the name of the Windows workgroup to which this machine should
belong. The BRIEF COMMENT ABOUT SERVER is optional and is used as the Windows comment
about the Samba system.
To create a Samba share directory on your Linux system, add the following section to your
file (after modifying it to reflect your needs and your system):
[sharename]
comment = Insert a comment here
path = /home/share/
valid users = tfox carole
public = no
writable = yes
printable = no
create mask = 0765
The above example allows the users tfox and carole to read and write to the directory
on the Samba server, from a Samba client.
24.2.3. Encrypted Passwords
Encrypted passwords are enabled by default because it is more secure. If encrypted passwords are not
used, plain text passwords are used, which can be intercepted by someone using a network packet
sniffer. It is recommended that encrypted passwords be used.
The Microsoft SMB Protocol originally used plaintext passwords. However, Windows NT 4.0 with
Service Pack 3 or higher, Windows 98, Windows 2000, Windows ME, and Windows XP require
encrypted Samba passwords. To use Samba between a Linux system and a system running one of these
Windows operating systems, you can either edit your Windows registry to use plaintext passwords or
configure Samba on your Linux system to use encrypted passwords. If you choose to modify your
registry, you must do so for all your Windows machines — this is risky and may cause further conflicts.
It is recommended that you use encrypted passwords for better security.
To configure Samba to use encrypted passwords, follow these steps:
1. Create a separate password file for Samba. To create one based on your existing
file, at a shell prompt, type the following command:
cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
If the system uses NIS, type the following command:
ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
The
mksmbpasswd.sh
2. Change the permissions of the Samba password file so that only root has read and write permis-
sions:
chmod 600 /etc/samba/smbpasswd
3. The script does not copy user passwords to the new file, and a Samba user account is not active
until a password is set for it. For higher security, it is recommended that the user's Samba
password be different from the user's system password. To set each Samba user's password, use
the following command (replace username with each user's username):
smbpasswd username
file:
script is installed in your directory with the
/usr/bin
175
smb.conf
,
/home/share
/etc/passwd
package.
samba