On Fri, 20 Mar 2009, A. Yahya wrote:
> 2009/3/17 Pujo <[email protected]>:
> > Dengan hormat,
> >
> > Bagaimana membatasi akses ke samba share hanya dari workstation yang
> > sudah terdaftar sebagai anggota domain? Dengan kata lain jika user
> > mengakses samba share dari workstation yang belum di-jointkan ke
> > domain akan ditolak.
> >
> Setahu saya, tidak ada, karena defaultnya, user akan bisa akses samba
> share dari client mana saja dengan mengisikan username dan password ybs.
>
> User bisa dibatasi aksesnya dari client/ws tertentu, baik ws tsb sudah
> di-join atau belum.
barangkali perlu mencermati lagi petunjuk smb.conf(5) terutama pada
(berikut ini kutipan man 5 smb.conf):
allow trusted domains (G)
This option only takes effect when the security option is set to server,
domain or ads. If it is set to no, then attempts to connect to a
resource from a domain or workgroup other than the one which smbd is
running in will fail, even if that domain is trusted by the remote
server doing the authentication.
This is useful if you only want your Samba server to serve resources to
users in the domain it is a member of. As an example, suppose that there
are two domains DOMA and DOMB. DOMB is trusted by DOMA, which contains
the Samba server. Under normal circumstances, a user with an account in
DOMB can then access the resources of a UNIX account with the same
account name on the Samba server even if they do not have an account in
DOMA. This can make implementing a security boundary difficult.
Default: allow trusted domains = yes
apakah setting ini dapat membantu anda?
salam
--
|===[ Yudhi Kusnanto ]=============|
|===[ STMIK Akakom ]===============|
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke [email protected]
Arsip dan info milis selengkapnya di http://linux.or.id/milis
