Page 4 of 4 FirstFirst ... 234
Results 31 to 40 of 40

Thread: Samba on Ubuntu 13.10

  1. #31
    Join Date
    Jan 2011
    Location
    SoFla
    Beans
    44
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Samba on Ubuntu 13.10

    Thank you so much for your patience and help. You really are Super Penguin.

    I have a router enabled firewall and each Windows computer on the LAN also has it's own firewall. The firewall I disabled was the Ubuntu one. Does that have to remain off? I wanted as much security as possible on the server.

    If I understand you correctly, each existing individual Windows user account must also be created as a Ubuntu user and as a Samba user account, keeping the same Windows usernames and passwords in Ubuntu and Samba. Two of the Windows computers have the same username and password (one is a desktop and the other is a laptop) and are only distinguished on the network by their computer names. Is that going to be a problem?

  2. #32
    Join Date
    May 2008
    Location
    SoCal
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Samba on Ubuntu 13.10

    Quote Originally Posted by ray_silva View Post
    Thank you so much for your patience and help. You really are Super Penguin.

    I have a router enabled firewall and each Windows computer on the LAN also has it's own firewall. The firewall I disabled was the Ubuntu one. Does that have to remain off? I wanted as much security as possible on the server.
    No it does not have to stay off. You just need to configure it correctly.
    If I understand you correctly, each existing individual Windows user account must also be created as a Ubuntu user and as a Samba user account, keeping the same Windows usernames and passwords in Ubuntu and Samba. Two of the Windows computers have the same username and password (one is a desktop and the other is a laptop) and are only distinguished on the network by their computer names. Is that going to be a problem?
    The user names are what is unique to each machine If you have 2 windows machines and they both have an account with the same user name then you only need 1 account on the Ubuntu host with that name.
    -BAB1

  3. #33
    Join Date
    Jan 2011
    Location
    SoFla
    Beans
    44
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Samba on Ubuntu 13.10

    Can you suggest ufw configuration?

    If the network is working and I can get to all the server shared directories from any of the Windows computers on the network, what are those Ubuntu and Samba user names used for? I can also get to any of the Windows shared directories on the network computers from the Ubuntu server.

  4. #34
    Join Date
    May 2008
    Location
    SoCal
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Samba on Ubuntu 13.10

    Quote Originally Posted by ray_silva View Post
    Can you suggest ufw configuration?

    If the network is working and I can get to all the server shared directories from any of the Windows computers on the network, what are those Ubuntu and Samba user names used for? I can also get to any of the Windows shared directories on the network computers from the Ubuntu server.
    The all of this file "sharing" stuff is really just the user mounting the remotely available share to the local system. If you are logged into a Windows machine as Ray and request access to a portion of the of the remote machine's file to mount to your local machine you: A) have to be authenticated (who are you) and B) authorized (can you do that). The Samba user on Ubuntu is the part that is authenticated and the Ubuntu user is what is authorized. They are both needed. On a windows machine it is the same, but that is all done in the background using the same user. Samba is not a part of Linux. It is a project that was created using Linux as the OS, so it is not as integrated. Your configuration is the integration.

    Have you added the users? After you do add them, what do you get with these commands?
    Code:
    sudo pdbedit -L
    
    sudo getent passwd|grep 100
    Edit: I don't use UFW on my Samba servers. I don't use any host based firewalls at all. If you are authenticated to a machine in my network then you are known to me and I don't need to protect myself internally on my LAN. I'm not saying you can't or even that you should or shouldn't use UFW. I'm saying I don't so I have no experience in that area.
    Last edited by bab1; April 7th, 2014 at 10:51 PM.
    -BAB1

  5. #35
    Join Date
    Jan 2011
    Location
    SoFla
    Beans
    44
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Samba on Ubuntu 13.10

    Sorry that I haven't gotten back to you. Everything is working great thanks to your help. I am currently limiting to one user but will add as per your last message as needed and if I have any trouble with that (but I don't expect so), I'll get back to you for help. You're great and this has been an excellent learning experience for me.

    I'm a little paranoid about protecting data since I come from Windows environment experience. My intention was to give the server only local network access and have it not connect to the Internet. I have a firewall set on my router and also use port forwarding and specific mac address filters for the authorized network machines. Since the individual Windows machines do have Internet access, each of them have both firewalls and anti-virus software installed. I also have them using encrypted htpps, and use other security measures as well. Is Linux as "bullet proof" as I've heard? I have a couple of older notebooks that were running Windows XP and I'm thinking about installing Ubuntu on them.

    Again - thanks - you're SUPER.

  6. #36
    Join Date
    May 2008
    Location
    SoCal
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Samba on Ubuntu 13.10

    Quote Originally Posted by ray_silva View Post
    Sorry that I haven't gotten back to you. Everything is working great thanks to your help. I am currently limiting to one user but will add as per your last message as needed and if I have any trouble with that (but I don't expect so), I'll get back to you for help. You're great and this has been an excellent learning experience for me.

    I'm a little paranoid about protecting data since I come from Windows environment experience. My intention was to give the server only local network access and have it not connect to the Internet. I have a firewall set on my router and also use port forwarding and specific mac address filters for the authorized network machines. Since the individual Windows machines do have Internet access, each of them have both firewalls and anti-virus software installed. I also have them using encrypted htpps, and use other security measures as well. Is Linux as "bullet proof" as I've heard? I have a couple of older notebooks that were running Windows XP and I'm thinking about installing Ubuntu on them.

    Again - thanks - you're SUPER.
    Since we have solved the Samba issue you should mark this thread solved.

    The Samba server can be configured to only respond to your LAN requests if you want. When you use the term "authorized network machines", do you mean: Internet authorized network machines? It's helpful to understand client/server network connectivity works. If the Ubuntu OS has nothing but Samba listening for requests (the server) and you restrict it's listening to the local LAN. In addition, NETBIOS broadcasts don't pass routers. You don't need to do anything more and you will still have Internet access (WAN).

    Linux is more robust by design that Windows is. Windows viruses are irrelevant. If you are going to use the laptops as clients only then you only need to worry about Web based malware. At home I use NoScript and AdBlock on my all my machines web browsers. No AV at all. No firewall on these machines either. The one Windows host I have does have AV, but doesn't have a host based firewall. The only firewall I use is at the edge of my LAN (just after the router). On the other hand I don't have any public facing servers to worry about either.

    You should not attempt to use Samba via the Internet without using a VPN. That VPN will have to use bridging so you can have access to the NETBIOS broadcasts. Samba performs as if the Internet machine is part of the local LAN.

    But we are really OT now aren't we?
    -BAB1

  7. #37
    Join Date
    Jan 2011
    Location
    SoFla
    Beans
    44
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Samba on Ubuntu 13.10

    Thanks so much. I marked it as [SIOLVED]. The "authorized network machines" are those on the local network controlled by my router. That local network is NOT wired. It is completely WiFi. I use MAC address filtering and my router firewall is enabled. Since the network is wireless I'm assuming the communication between the networked machines is going across Internet channels (open ports?). The Ubuntu (Samba) server right now has Internet access, but my intention is that it will not (as you say) fact public. All the Windows (Samba clients) do have Internet access and will. They all have firewalls and AV. On all of them I force https unless absolutely necessary not to do so. I also use AdBlock. On Firefox I use NoScript, too. I don't know why it's not available for Chrome, but I use an alternative if using Chrome. In some cases I use Tor. I never use IE at all. Do I still need a VPN? Is Hamachi tunnel useful?

    Yes, I realize we're OT, but you are a gold-mine of information. Thanks again. Many beans and coffee cups to you...

  8. #38
    Join Date
    May 2008
    Location
    SoCal
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Samba on Ubuntu 13.10

    Quote Originally Posted by ray_silva View Post
    Thanks so much. I marked it as [SIOLVED]... Since the network is wireless I'm assuming the communication between the networked machines is going across Internet channels (open ports?).
    Wireless is not Internet based. Wireless in this case refers to how the bitstream flows between hosts (computers) on a LAN. In a sense it is the functional equivalent of the physical wiring only. No Internet and no TCP/UDP ports.
    The Ubuntu (Samba) server right now has Internet access, but my intention is that it will not (as you say) face public. All the Windows (Samba clients) do have Internet access and will. They all have firewalls and AV. On all of them I force https unless absolutely necessary not to do so. I also use AdBlock. On Firefox I use NoScript, too. I don't know why it's not available for Chrome, but I use an alternative if using Chrome. In some cases I use Tor. I never use IE at all. Do I still need a VPN? Is Hamachi tunnel useful?
    A VPN is one method used to encrypt the data you send across the public internet. SSL is another way. If you used SSL then you accept others certificates of authority. If you use Hamachi for your VPN needs then you accept thme to be trust worthy as they maintain the VPN server in the middle of your connections. If you feel you need to control everything in the VPN then you need to implement the entire VPN (I.E OpenVPN).
    Yes, I realize we're OT, but you are a gold-mine of information. Thanks again. Many beans and coffee cups to you...
    Chek out the Stickies at the top of the Security Discussions section of the forum.
    -BAB1

  9. #39
    Join Date
    Jan 2011
    Location
    SoFla
    Beans
    44
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Samba on Ubuntu 13.10

    Hey bab1,

    I don't know if you'll get this but I have a question.

    I added users but I notice one thing that I can't explain.

    All the current users have the accesses I want right now.

    The strange thing is that from the Ubuntu machine with the samba server when I browse the network from the file manager I see all the computers (and my cellphone using the local wifi connection) EXCEPT one.

    If I click on the Windows Network icon I can see the Windows Homegroup WORKGROUP.

    Inside it, as I'd expect, I can see all the computers, including the Ubuntu samba server and the cellphone - nothing is missing.

    I can browse into all the computers as per the permissions.

    Why is one of my Windows computers missing from the Network browse but not from the WORKGROUP?

    I suspect I have done one minor mistake in the configuration but I can't figure out what it is. I've rebooted every machine and still that persists.

    Do you have any idea?

    Oh, by the way, I upgraded my installation from Ubuntu 13.10 to 14.04; but I don't think that's the reason. I made sure to keep the samba configuration that you helped me establish.

  10. #40
    Join Date
    May 2008
    Location
    SoCal
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Samba on Ubuntu 13.10

    Quote Originally Posted by ray_silva View Post
    Hey bab1,
    ... strange thing is that from the Ubuntu machine with the samba server when I browse the network from the file manager I see all the computers (and my cellphone using the local wifi connection) EXCEPT one.

    If I click on the Windows Network icon I can see the Windows Homegroup WORKGROUP. Inside it, as I'd expect, I can see all the computers, including the Ubuntu samba server and the cellphone - nothing is missing. I can browse into all the computers as per the permissions.

    Why is one of my Windows computers missing from the Network browse but not from the WORKGROUP? I suspect I have done one minor mistake in the configuration but I can't figure out what it is. I've rebooted every machine and still that persists.

    Do you have any idea?
    If I understand you correctly, you have 2 workgroups (WORKGROUP and Homegroup). Workgroups are intended as a way to visually separate servers so that users could find the group they needed (i.e. sales or engineering or accounting). There is no security difference or functional difference of one workgroup or another. Only visual grouping.

    In Samba the workgroup that is declared in the smb.conf file is listed outside of the "Windows Networks" for your convenience on that machine. If you change the Homegroup name of the one machine to WORKGROUP then it will show up with the rest of the machines. It will also still be listed inside of the "Windows Networks". In Samba the workgroup is changed by the workgroup = statement. In windows I believe it is available in the control panel. I don't have a Windows machine here at home so I can't tell you exactly.
    Oh, by the way, I upgraded my installation from Ubuntu 13.10 to 14.04; but I don't think that's the reason. I made sure to keep the samba configuration that you helped me establish.
    This is a serious upgrade. Samba goes from v3.6 to v4.1. But the file sharing is exactly the same as you can tell already. Some of the error messages may be different but so far that's all I can see. I have 14.04 but I'm going to wait awhile before I upgrade my production servers. In a sense you and others are my guinea pigs. I help you and learn the new stuff at the same time. A nice trade off.
    Last edited by bab1; May 3rd, 2014 at 06:25 PM.
    -BAB1

Page 4 of 4 FirstFirst ... 234

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •