My file setup » History » Revision 7
Revision 6 (Gareth Eaton, 12/18/2023 01:42 AM) → Revision 7/8 (Gareth Eaton, 12/18/2023 01:45 AM)
h1. My file setup
<pre>
[global]
server min protocol = SMB3
server max protocol = SMB3
ntlm auth = ntlmv2-only
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = never
encrypt passwords = yes
security = user
[SHARE_NAME]
path = /srv/data
browseable = yes
read only = no
smb encrypt = mandatory
; Enforces encryption for the share (requires SMB3 clients)
valid users = username1, username2
</pre>
This is a solid for a secure and functional setup. Key points include:
1. **Strong Protocols and Authentication**:
- Enforcing SMB3 and NTLMv2-only authentication enhances security.
2. **Server Role and User Management**:
- Configured as a standalone server with PAM (Pluggable Authentication Modules) restrictions and UNIX password synchronization.
3. **Share Configuration**:
- The share is well-configured with mandatory SMB encryption, making it secure for SMB3 clients.
Overall, this configuration promotes strong security practices while ensuring functionality. Just ensure that your network environment and all clients are compatible with these settings.