Project

General

Profile

My file setup » History » Revision 2

Revision 1 (Gareth Eaton, 12/18/2023 01:33 AM) → Revision 2/8 (Gareth Eaton, 12/18/2023 01:33 AM)

h1. My file setup 

 <pre> 
 [global] 
    server min protocol = SMB3 
    server max protocol = SMB3 
    ntlm auth = ntlmv2-only 


    server role = standalone server 
    obey pam restrictions = yes 
    unix password sync = yes 
    passwd program = /usr/bin/passwd %u 
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . 
    pam password change = yes 
    map to guest = bad user 
    ; Consider the security implications of this setting 


 [SHARE_NAME] 
    path = /srv/data 
    browseable = yes 
    read only = no 
    smb encrypt = mandatory 
    ; Enforces encryption for the share (requires SMB3 clients) 
 </pre> 

 This is a solid for a secure and functional setup. Key points include: 

 1. **Strong Protocols and Authentication**: 
    - Enforcing SMB3 and NTLMv2-only authentication enhances security. 

 2. **Server Role and User Management**: 
    - Configured as a standalone server with PAM (Pluggable Authentication Modules) restrictions and UNIX password synchronization. 

 3. **Security Considerations**: 
    - `map to guest = bad user` is set, which maps failed user authentications to a guest account. Be aware of its security implications. 

 4. **Share Configuration**: 
    - Your `[SHARE_NAME]` `[Photos]` share is well-configured with mandatory SMB encryption, making it secure for SMB3 clients. 

 Overall, this configuration promotes strong security practices while ensuring functionality. Just ensure that your network environment and all clients are compatible with these settings.