Samba uses the “Primary Interface” for sending data by default.\u00a0Therefore, with multiple NICs, Samba must be configured so that the server listens to the correct interface and sends data:<\/p>\n
\n
interfaces <\/span> =<\/span> 127.0.0.1, 192.168.0.252\/24\r\n bind<\/span> interfaces only <\/span> =<\/span> yes\r\n<\/pre>\n<\/div>\nThe first line specifies the address range in which the server should listen (a loopback interface and the address “192.168.0.252”, as well as the specification that it is a Class C network).\u00a0The second line binds the server to the previously specified interfaces.Additionally, hosts can be explicitly allowed and blocked:<\/p>\n
\n
hosts allow <\/span> =<\/span> localhost 192.168.0.\r\nhosts deny <\/span> =<\/span> 192.168.0.2\r\n<\/pre>\n<\/div>\nFurther settings and detailed examples can also be found in the\u00a0Samba openbook, Sect. 4.6\u00a0(oreilly.com).<\/p>\n
<\/span>user access<\/span><\/span><\/h2>\n\n- Add an smb user<\/li>\n<\/ul>\n
An smb user must always be a valid user on the server system.\u00a0In other words, in order to be able to create an smb user, a normal user must first be created.\u00a0If the user does not have access to the system, but can only use Samba, a user can be created without a password and login shell:<\/p>\n
\n
sudo useradd -s \/ bin \/ false smbaccess\r\n<\/pre>\n<\/div>\nHere no password is assigned (the user can not log in) and the login shell is “\/ bin \/ false”.\u00a0The user does not have a home directory.\u00a0Despite everything, an smb password can be assigned:<\/p>\n
\n
sudo smbpasswd -a smbaccess\r\n<\/pre>\n<\/div>\nThen the user can use “smbaccess” shares shared with him.\u00a0To delete the user can<\/p>\n
\n
smbpasswd -x smbaccess\r\n<\/pre>\n<\/div>\nbe used.<\/p>\n
\n- Deactivation of guest user accounts<\/li>\n<\/ul>\n
By using the guest account, those users who have not authenticated can access the server.\u00a0Normally, Samba will go back to the user “nobody” without setting and offers several settings that can be made.\u00a0If the guest account is to be deactivated completely, the following must be set (smb.conf, section [global]):<\/p>\n
\n
map to guest <\/span> =<\/span> never\r\n<\/pre>\n<\/div>\nA failed login attempt with a nonexistent Samba user can also be “mapped” to a guest account.\u00a0The following lines are used:<\/p>\n
\n
map to guest <\/span> =<\/span> Bad User\r\nguest account <\/span> =<\/span> nobody\r\n<\/pre>\n<\/div>\nBy means of “Bad User”, login attempts without a valid Samba user are automatically assigned to the Guest account.\u00a0The parameter “guest account” indicates the account that is used for it.\u00a0In the sections that are to be accessible to the guests, then the parameter for the guest account access is inserted:<\/p>\n
\n
guest ok <\/span> =<\/span> yes\r\n<\/pre>\n<\/div>\nLikewise, of course, ”\u00a0guest ok = no<\/b>\u00a0” can be used.\u00a0The settings defined in the [global] section then apply to this section.<\/p>\n