I have about 120 users who have need to have access to these shares. Only about 30-40 of them will be accessing them at any one time. It's not a matter of unauthorized access. It seems like when I get too many (valid) requests for the shares, Samba won't let any more valid requests in.
Thanks. -----Original Message----- From: Barry, Christopher [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2003 4:58 PM To: Andrew Bartlett; Kevin Cc: [EMAIL PROTECTED] Subject: RE: [Samba] Access to shares for authenticated domain users only You could setup shorewall (iptables) to only allow authorized mac addresses to access the server. This would prevent a valid user from accessing the data from an unauthorized machine. Regards, -- Christopher Barry Manager of Information Systems InfiniCon Systems http://www.infiniconsys.com -----Original Message----- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2003 2:18 AM To: Kevin Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Access to shares for authenticated domain users only On Thu, 2003-03-27 at 23:45, Kevin wrote: > On Thu, 27 Mar 2003 07:11:55 +0000, Andrew wrote: > > >While 'hacks' might be possible, shares are authenticated seperatly to the > >domain logon, and there is no linkage apart from the fact that the domain > >logon sets up the default username/pw pair. > > > >Fundementally, any restriction imposed by logon script/.pol files can be > >avoided - you must never trust the client to actually follow their directions... > > > > Thanks Andrew. Point taken. Where would you go for more info on this sort of > security? In particular I'm trying to avoid unauthorised notebooks etc. > connecting to the network and then disappearing off home with sensitive data > from the server on their drives. Really, the best you can do is per-user passwords, strong passwords, correctly set permissions, and policies (human policies, not computer ones :-). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
