A few points :-Greetz all.
I've installed mdk10 with only a console and networking utils, selected samba as addon.
Security mode is set to Highest.
I want to use this server to store some documents from different usr's on our domain. Like their cv's, monthly claims etc...
I installed webmin afterwards, to enable me to administer the box remotely and only opened ports 138 (smb) and 10000 (webmin).
I want out domain user's to be able to access \share\'usernamehere' with their windows domain account. I don't want to setup a 1000 unix users with 1000 different passwords, that's not going be easy to administer.
I don't want the box to be on the domain, but I want to be able to administer the shares with my normal windows usr account. Well, this is easy by creating a unix usr account for myself only and giving me full access to be \share and its contents, so that I can see it through my windowsbox and backup the data to a cdrw.
I want the permissions on the 'usernamehere' to only allow the user's domain account name.
I'm confused as to how webmin works and if this will solve the problem
Any ideas?
Thanx,
Jargon
With security level set to highest (paranoid), you are going to be quite restricted. If you are just getting to know Linux then you might find it easier to work with 'High' or 'Higher' Otherwise you will may get quite frustrated at how much the security system interferes with you.
One way the security system will interfere is on the ownership and permissions on your shared folders. The msec security script will check on which user/group owns folders and the read/write/execute permissions on them. If the permissions do not conform to the levels appropriate for your security level msec will **change the permissions** without consulting you. This confuses the socks off a lot of people. To define the permissions you want to use on your shared folders use drakperm in the security section of Mandrake Control Centre.
Samba cannot override the permissions on the linux folder, so any Samba user can only have the permissions appropriate for the user thay are logged in as.
It is not necessary to have a 1:1 mapping between Samba users and Linux users, but if the Samba access is not to be anonymous, then the Samba users must be mapped to a Linux Group or User.
In your case I suspect anonymous access would be all you need unless you want to either set up 1000 Samba users, or else implement an LDAP authentication server. If you are using anonymous access then you must map your users to the guest user 'nobody' and the shared folders must allow access to 'nobody'.
You will find an example configuration for an anonymous share in the default /etc/samba/smb.conf file.
It is not clear if you have webmin working or not.
After installing the webmin package run
chkconfig webmin on
service webmin start
That will make the webmin server run automatically when you boot the server. Then
https://server_ip_addy:10000
from any browser on the local network will access webmin (Note https not http)
The Samba module in webmin is simply a graphical way of editing the /etc/samba/smb.conf file
HTH derek -- www.jennings.homelinux.net
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
