My file setup » History » Version 6
Gareth Eaton, 12/18/2023 01:42 AM
1 | 1 | Gareth Eaton | h1. My file setup |
---|---|---|---|
2 | |||
3 | <pre> |
||
4 | [global] |
||
5 | server min protocol = SMB3 |
||
6 | server max protocol = SMB3 |
||
7 | ntlm auth = ntlmv2-only |
||
8 | |||
9 | |||
10 | server role = standalone server |
||
11 | obey pam restrictions = yes |
||
12 | unix password sync = yes |
||
13 | passwd program = /usr/bin/passwd %u |
||
14 | passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . |
||
15 | pam password change = yes |
||
16 | 5 | Gareth Eaton | map to guest = never |
17 | 1 | Gareth Eaton | |
18 | |||
19 | [SHARE_NAME] |
||
20 | path = /srv/data |
||
21 | browseable = yes |
||
22 | read only = no |
||
23 | smb encrypt = mandatory |
||
24 | ; Enforces encryption for the share (requires SMB3 clients) |
||
25 | 6 | Gareth Eaton | valid users = username1, username2 |
26 | 1 | Gareth Eaton | </pre> |
27 | |||
28 | This is a solid for a secure and functional setup. Key points include: |
||
29 | |||
30 | 1. **Strong Protocols and Authentication**: |
||
31 | - Enforcing SMB3 and NTLMv2-only authentication enhances security. |
||
32 | |||
33 | 2. **Server Role and User Management**: |
||
34 | - Configured as a standalone server with PAM (Pluggable Authentication Modules) restrictions and UNIX password synchronization. |
||
35 | |||
36 | 4 | Gareth Eaton | 3. **Share Configuration**: |
37 | 3 | Gareth Eaton | - The share is well-configured with mandatory SMB encryption, making it secure for SMB3 clients. |
38 | 1 | Gareth Eaton | |
39 | Overall, this configuration promotes strong security practices while ensuring functionality. Just ensure that your network environment and all clients are compatible with these settings. |