A few questions regarding samba from a samba and windows rookie

Hi

I am trying to implement a simple Samba server on a Slackware 10.1 machine running for a bunch of Windows users that also have unix accounts on the machine. Using webmin, I did convert the unix users to samba users (smbpbuttwd is located inetc-samba-private). A possible problem is that I have very little experience using windows (haven't used any windows version regularly since windows 95, or at all since windows 2000), so please be patient with me.

The client machines all run Windows XP Professional. I do not have a machine running any version of windows but can request any one of my users to test out the setup.

I want the users to have read and write permissions only back and forth, but having the same appear as a network mounted drive would make things a little easier for them. How does one accomplish this ?

The o-p of smbclient -L localhost -U% :

Domain=OMEGA OS=Unix Server=Samba 3.0.10

Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server on Molectron) ADMIN$ IPC IPC Service (Samba Server on Molectron) Domain=OMEGA OS=Unix Server=Samba 3.0.10

Server Comment --------- ------- MOLECTRON Samba Server on Molectron

Workgroup Master --------- ------- OMEGA

Myetc-samba-smb.conf read as :

global dns proxy = no log file =var-log-samba.%m load printers = no server string = Samba Server on Molectron socket options = TCPNODELAY SORCVBUF=8192 SOSNDBUF=8192 local master = no workgroup = OMEGA encrypt pbuttwords = yes smb pbuttwd file =etc-samba-private-smbpbuttwd unix pbuttword sync = Yes pbuttwd program =usr-bin-pbuttwd %u os level = 255 domain master = no security = user preferred master = yes max log size = 50 pbuttword server = None winbind use default domain = no bind interfaces only = yes template shell =bin-false

homes comment = Home Directories browseable = no writable = yes

Is the above configuration suitable for the setup I have described earlier ? (The part about home directories is still not done as I indicated above).

There are no printers, so I did not define a printers section. In general, do any of samba controlled printers have to be physically connected to the machine ? In our setup, the server and the printers I might want to add are located quite a distance apart from each other (a few hundred feet). The printers are setup on the web using a gotdns.com type of scheme (I did not set them up). Can I add those somehow as windows printers through samba ? (Just makes things a little tighter than having to set things up over the Internet through http).

In my firewall, I have opened the following ports :

SAMBAPORT1=137 SAMBAPORT2=138 SAMBAPORT3=139 $IPTABLES -A tcppackets -p TCP -s 0-0 --dport $SAMBAPORTx -j allowed

I am not comfortable with opening any more ports than are strictly necessary. Ease of use is nice, but not at the cost of security. Can't I just tunnel samba over the ssh port (22) ?

Another security concern is that users may install some windows software that helps them emulate rsync with the mapped network drive as the target. I could care less about what they store in their own areas, but if they store pbuttwords (plain text or otherwise) on their windows client machines so that the backups may run unattended, and given the "legendary security" of windows *.*, the contents of their windows machines can be considered to be compromised from day one. In that case, how do I restrict the amount of damage that compromised users can cause to the server (put them into a low privilege group that does not permit logins directly to the server via ssh, etc. ) ? In the past, I have not had to deal with clients running windows, so I felt a little more comfortable than I am right now.

Thanks.