My file setup » History » Version 7
Gareth Eaton, 12/18/2023 01:45 AM
| 1 | 1 | Gareth Eaton | h1. My file setup |
|---|---|---|---|
| 2 | |||
| 3 | <pre> |
||
| 4 | [global] |
||
| 5 | server min protocol = SMB3 |
||
| 6 | server max protocol = SMB3 |
||
| 7 | ntlm auth = ntlmv2-only |
||
| 8 | server role = standalone server |
||
| 9 | obey pam restrictions = yes |
||
| 10 | unix password sync = yes |
||
| 11 | passwd program = /usr/bin/passwd %u |
||
| 12 | passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . |
||
| 13 | pam password change = yes |
||
| 14 | map to guest = never |
||
| 15 | 7 | Gareth Eaton | encrypt passwords = yes |
| 16 | security = user |
||
| 17 | 1 | Gareth Eaton | |
| 18 | [SHARE_NAME] |
||
| 19 | path = /srv/data |
||
| 20 | browseable = yes |
||
| 21 | read only = no |
||
| 22 | smb encrypt = mandatory |
||
| 23 | ; Enforces encryption for the share (requires SMB3 clients) |
||
| 24 | 6 | Gareth Eaton | valid users = username1, username2 |
| 25 | 1 | Gareth Eaton | </pre> |
| 26 | |||
| 27 | This is a solid for a secure and functional setup. Key points include: |
||
| 28 | |||
| 29 | 1. **Strong Protocols and Authentication**: |
||
| 30 | - Enforcing SMB3 and NTLMv2-only authentication enhances security. |
||
| 31 | |||
| 32 | 2. **Server Role and User Management**: |
||
| 33 | - Configured as a standalone server with PAM (Pluggable Authentication Modules) restrictions and UNIX password synchronization. |
||
| 34 | |||
| 35 | 4 | Gareth Eaton | 3. **Share Configuration**: |
| 36 | 3 | Gareth Eaton | - The share is well-configured with mandatory SMB encryption, making it secure for SMB3 clients. |
| 37 | 1 | Gareth Eaton | |
| 38 | Overall, this configuration promotes strong security practices while ensuring functionality. Just ensure that your network environment and all clients are compatible with these settings. |