The SWAT utility has a Wizard button that can be used to configure your server as a PDC quickly. However the defaults may not be to your liking, for example, the default domain is MYGROUP and some of the [global] parameters mentioned previously will be set to auto.
The [homes] Section
Part of the process of adding a user to a Samba domain requires you to create a Linux user on the Samba PDC itself. When you log into the Samba PDC, you'll see a new drive, usually named Z:, added to your PC. This is actually a virtual drive that maps to the corresponding Linux users' login directories on the Linux PDC.
Samba considers all directories to be shares that can be configured with varying degrees of security. The [homes] section governs how Samba handles default login directories.
Table 10-3 explains the minimum settings you need to create a functional [Homes] section.
Table 10-3 : smb.conf Minimum Settings, "Home" Section
| Parameter | Value | Description |
|---|---|---|
| browseable | No | Doesn't allow others to browse the contents of the directory |
| read only | No | Allows the samba user to also write to their Samba Linux directory |
| create mask | 0664 | Makes new files created by the user to have "644" permissions. You want to change this to "0600" so that only the login user has access to files. |
| directory mask | 0775 | Makes new sub-directories created by the user to have "775" permissions. You want to change this to "0700" so that only the login user has access to directories. |
Here's how to set the values using SWAT:
- Click on the SWAT shares button to proceed to where shared directories are configured.
- Click the Advanced button to see all the options.
- Choose the Homes share.
- Make your changes and click on the Commit Changes button when finished.
- Your smb.conf file should resemble this when finished. You can view the contents of the configuration file by logging in to the samba server via a command prompt and using the cat /etc/samba/smb.conf to verify your changes as you do them.
[homes] read only = No browseable = No create mask = 0644 directory mask = 0755
No comments:
Post a Comment