What to use instead of Samba?

Victor Odhner vodhner at cox.net
Tue Nov 22 00:15:05 MST 2005


Samba is now working for me.  Discussion below.

I'm still interested in some of the alternatives that were mentioned in this
interesting thread -- especially for use at work.  They were:

   pscp for Windows    - Dan Lund suggested this

   NFS on the linux machine and SFU on the windows box to mount the NFS 
share.
      http://www.microsoft.com/windowsserversystem/sfu/default.mspx
      - Austin Godber

  WebDAV over HTTPS.
  Use Apache and mod_dav (and maybe mod_davfs).
      - Jeremy C. Reed:
          Since I am not running Apache, I'll pass on this one.
          However, I might find a use for it at work.

I have the Windows firewall turned off.  But questioning that led
me to this:

< CONCLUSION >
  My problem was ZoneAlarm:  I had not added the Linux box to
  my trusted zone.  It was quietly blocking me, I guess, although it
  did show me the Linux box.
< CONCLUSION />

But what I don't understand is:  When I fat-fingered the address,
leaving out the first digit, ZoneAlarm got all excited about my trying
to access 91.168.1.1.  Why didn't it alert me when it was blocking
192.168.1.1?  Maybe because it "just knows" that is a local address;
but it would have been nice to know . . .

Craig, this was useful:
  testparm -s > /tmp/samba.conf.txt
  or the verbose (all settings)
  testparm -sv > /tmp/samba.conf.txt
For one thing, it stripped off all the comments that make it hard to
get an overview.  Everything looked good except for the idmap
stuff which I deleted, but I doubt that had any effect:
        dns proxy = No
        idmap uid = 16777216-33554431
        idmap gid = 16777216-33554431
    ... or are the idmap entries a no-op with dns proxy turned off?

JD Austin wrote:
  Be sure the windows machine isn't blocking that stuff on its
  firewall.
    control panel -> network connections -> right click network interface ->
      properties->advanced-> settings-> exceptions;
         check file and printer sharing.
  Well, as I said above I had the Windows firewall turned off.  But
  this led me to take one more look at ZoneAlarm, and that's what
  nailed my problem.

J.D. again:
  The other thing that seems to help it to reference them by IP ie:
    \\192.168.1.1\shared
  Often when \\DOMAIN\share doesn't work \\ipaddress\share does.
     VO:  Both of these work now.  Neither did before.

Regarding iptables:  yes, I had given this a heap of attention.  I have
ssh enabled but not always running.  For the Samba ports, I entered
the following in the "Security Level Configuration" dialog's
"Other ports" section:
      137:udp, 138:udp, 139:tcp, 445:tcp
My router connected to Cox sends these to bad IPs on the
192.168.2.* subnet.

Alex Dean wrote:
   If you want 'easy Samba', why not try SWAT?
      Since I'm not running any web server, this is not convenient.
      Or does SWAT provide its own http service?

Donn Shumway offered a checklist:
  1) What version(s) of Windows are you using?       [XP Pro SP2]
  2) Are you trying to setup a Primary Domain Controller?
         [Tried briefly]
  3) Or, are you using simple Workgroups?
         [Yes, that's where I am now] Specifically, I don't want
          to entangle the Windows box with the Linux box so
          that password management is not under full local control.
  4) Do you have File and Printer sharing enabled on the
          Windows PC's?  [Yes]
  5) Is NetBEUI installed on the Windows PC's     [Yes]
  6) Do you have a WINS server defined for you internal
          network?  [Yes]  (I base that on this line in smb.conf:
          name resolve order = wins lmhosts bcast)
  7) Are you using encrypted passwords on your Windows PC's?
        (this is the default)  [Yes]
  8) Have you setup smb passwords on the Samba server to
        match your PC user's passwords? [Yes]
  9) lastly, how are you trying to connect to the share that
       results in the 'path is not found' message?
          This happened whenever I clicked on the icon for the
            Linux box, or tried to get any information about that
            system.

Someone allowed as how there was no need for iptables if your
box does not face the Internet.  I'm behind a router that should
block everything, but I still want iptables and ZoneAlarm in place.
The security guys always say that the secret to good security
setups is multiple lines of defense, and denying all that's not
allowed.

Thanks again to everybody for all the support!

Vic




More information about the PLUG-discuss mailing list