On Tue, 2005-11-22 at 00:15 -0700, Victor Odhner wrote: > Samba is now working for me. Discussion below. > > I'm still interested in some of the alternatives that were mentioned in this > interesting thread -- especially for use at work. They were: > > pscp for Windows - Dan Lund suggested this > > NFS on the linux machine and SFU on the windows box to mount the NFS > share. > http://www.microsoft.com/windowsserversystem/sfu/default.mspx > - Austin Godber > > WebDAV over HTTPS. > Use Apache and mod_dav (and maybe mod_davfs). > - Jeremy C. Reed: > Since I am not running Apache, I'll pass on this one. > However, I might find a use for it at work. > > I have the Windows firewall turned off. But questioning that led > me to this: > > < CONCLUSION > > My problem was ZoneAlarm: I had not added the Linux box to > my trusted zone. It was quietly blocking me, I guess, although it > did show me the Linux box. > < CONCLUSION /> > > But what I don't understand is: When I fat-fingered the address, > leaving out the first digit, ZoneAlarm got all excited about my trying > to access 91.168.1.1. Why didn't it alert me when it was blocking > 192.168.1.1? Maybe because it "just knows" that is a local address; > but it would have been nice to know . . . > > Craig, this was useful: > testparm -s > /tmp/samba.conf.txt > or the verbose (all settings) > testparm -sv > /tmp/samba.conf.txt > For one thing, it stripped off all the comments that make it hard to > get an overview. Everything looked good except for the idmap > stuff which I deleted, but I doubt that had any effect: > dns proxy = No > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > ... or are the idmap entries a no-op with dns proxy turned off? > > JD Austin wrote: > Be sure the windows machine isn't blocking that stuff on its > firewall. > control panel -> network connections -> right click network interface -> > properties->advanced-> settings-> exceptions; > check file and printer sharing. > Well, as I said above I had the Windows firewall turned off. But > this led me to take one more look at ZoneAlarm, and that's what > nailed my problem. > > J.D. again: > The other thing that seems to help it to reference them by IP ie: > \\192.168.1.1\shared > Often when \\DOMAIN\share doesn't work \\ipaddress\share does. > VO: Both of these work now. Neither did before. > > Regarding iptables: yes, I had given this a heap of attention. I have > ssh enabled but not always running. For the Samba ports, I entered > the following in the "Security Level Configuration" dialog's > "Other ports" section: > 137:udp, 138:udp, 139:tcp, 445:tcp > My router connected to Cox sends these to bad IPs on the > 192.168.2.* subnet. > > Alex Dean wrote: > If you want 'easy Samba', why not try SWAT? > Since I'm not running any web server, this is not convenient. > Or does SWAT provide its own http service? > > Donn Shumway offered a checklist: > 1) What version(s) of Windows are you using? [XP Pro SP2] > 2) Are you trying to setup a Primary Domain Controller? > [Tried briefly] > 3) Or, are you using simple Workgroups? > [Yes, that's where I am now] Specifically, I don't want > to entangle the Windows box with the Linux box so > that password management is not under full local control. > 4) Do you have File and Printer sharing enabled on the > Windows PC's? [Yes] > 5) Is NetBEUI installed on the Windows PC's [Yes] > 6) Do you have a WINS server defined for you internal > network? [Yes] (I base that on this line in smb.conf: > name resolve order = wins lmhosts bcast) > 7) Are you using encrypted passwords on your Windows PC's? > (this is the default) [Yes] > 8) Have you setup smb passwords on the Samba server to > match your PC user's passwords? [Yes] > 9) lastly, how are you trying to connect to the share that > results in the 'path is not found' message? > This happened whenever I clicked on the icon for the > Linux box, or tried to get any information about that > system. > > Someone allowed as how there was no need for iptables if your > box does not face the Internet. I'm behind a router that should > block everything, but I still want iptables and ZoneAlarm in place. > The security guys always say that the secret to good security > setups is multiple lines of defense, and denying all that's not > allowed. > > Thanks again to everybody for all the support! > ----- glad you solved the issue and yeah, firewalls can be a bitch. You have listed too many issues to answer with any depth here but consider... Benefits of using 'samba domain' http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain- member.html idmap is really only a benefit to winbindd (samba member server to a different domain controller which provides user/group enumeration from that controller) With a network protected by a router, running iptables (firewall) on a Linux system that permits open access to the common services (i.e. 22, 25, 80, 137-139, 443) probably isn't much better than no firewall on that system at all. Your best efforts are probably best spent at keeping this router up-to-date with latest updates. as for the 'testparm' things I discussed for samba. It's really useful for posting configuration to lists. Some people do their editing of smb.conf in a separate file, pipe the output of testparm -sv to the actual smb.conf that samba uses. One thing is sure, with testparm -sv, ALL of the defaults are output so there is no confusion about the settings. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss