Samba

Samba

[Mike Pecen]

Does anybody know where to look or what to edit when you get this error
message
on a windows box when attempting to access a linux client under samba?

\\client is not accessable
The specified computer did not recieve your request. Try again later

I have already ping(ed) the network and data packets are being switched,
but this
message tells me that windows cannot find my linux box.  Any ideas??


** Sent via the linuxppc-dev mail list. See http://lists.linuxppc.org/

samba

[Gertjan Vinkesteijn]

Dear audience,

Last year samba was not yet possible on reiserfs, it is on xfs from sgi 
though. Does anybody know if work has been done in that area? It would 
be very handy having (parts of) my 40GByte reiserfs filesystem letting 
share on our subnet with windows computers.

Appreciate your thoughts

-- 
Gertjan Vinkesteijn
mailto:gvink@xs4all.nl
homepage: http://gershwin.xs4all.nl 

Re: samba

[Rudy Zijlstra]

Gert-Jan,

You surprise me. You are telling me i am doing something impossible?

/dev/md0 on /home type reiserfs (rw)
/dev/md1 on /export_smb type reiserfs (rw)

Both are and have been exported using samba for years, and have been 
Reiserfs since early 2000.

Cheers,

Rudy

Gertjan Vinkesteijn wrote:

> Dear audience,
>
> Last year samba was not yet possible on reiserfs, it is on xfs from 
> sgi though. Does anybody know if work has been done in that area? It 
> would be very handy having (parts of) my 40GByte reiserfs filesystem 
> letting share on our subnet with windows computers.
>
> Appreciate your thoughts
>

RE: samba

[darren]

I am running Samba on Reiserfs 20GB hdd, Kernel 2.4.19.

I noticed that the performance is quite bad when you copy large amount
of files into or out of the "shared folder".

Top shows that Samba is taking up like 80% of the CPU time during the
transfer process.

-----Original Message-----
From: system_lists@nullzone.org [mailto:system_lists@nullzone.org] 
Sent: Sunday, October 06, 2002 8:21 AM
To: Gertjan Vinkesteijn; the filesystem
Subject: Re: [reiserfs-list] samba


Samba here in a 0+1 HW Raid of 4*80 GB IDE disks

At 08:18 05/10/2002 +0200, Gertjan Vinkesteijn wrote:
>Dear audience,
>
>Last year samba was not yet possible on reiserfs, it is on xfs from sgi

>though. Does anybody know if work has been done in that area? It would
be 
>very handy having (parts of) my 40GByte reiserfs filesystem letting
share 
>on our subnet with windows computers.
>
>Appreciate your thoughts
>
>--
>Gertjan Vinkesteijn
>mailto:gvink@xs4all.nl
>homepage: http://gershwin.xs4all.nl
>

Re: samba

[Ed Tomlinson]

On October 5, 2002 02:18 am, Gertjan Vinkesteijn wrote:
> Dear audience,
>
> Last year samba was not yet possible on reiserfs, it is on xfs from sgi
> though. Does anybody know if work has been done in that area? It would
> be very handy having (parts of) my 40GByte reiserfs filesystem letting
> share on our subnet with windows computers.

Huh?  samba on reieserfs here.  Light usage, works fine.  I am now using
2.5.40 but, 2.4.17/8/9/20pre (and probably more) all work too.

Ed Tomlinson

Re: samba

[Gertjan Vinkesteijn]

Ed Tomlinson wrote:

>On October 5, 2002 02:18 am, Gertjan Vinkesteijn wrote:
>  
>
>>Dear audience,
>>
>>Last year samba was not yet possible on reiserfs, it is on xfs from sgi
>>though. Does anybody know if work has been done in that area? It would
>>be very handy having (parts of) my 40GByte reiserfs filesystem letting
>>share on our subnet with windows computers.
>>    
>>
>
>Huh?  samba on reieserfs here.  Light usage, works fine.  I am now using
>2.5.40 but, 2.4.17/8/9/20pre (and probably more) all work too.
>
>Ed Tomlinson
>
>
>  
>
thanks, it was long ago that i tried it. this is good news.

-- 
Gertjan Vinkesteijn
mailto:gvink@xs4all.nl
homepage: http://gershwin.xs4all.nl 

Re: samba

[Dieter Nützel]

Am Samstag, 5. Oktober 2002 17:51 schrieb Gertjan Vinkesteijn:
> Ed Tomlinson wrote:
> >On October 5, 2002 02:18 am, Gertjan Vinkesteijn wrote:
> >>Dear audience,
> >>
> >>Last year samba was not yet possible on reiserfs, it is on xfs from sgi
> >>though. Does anybody know if work has been done in that area? It would
> >>be very handy having (parts of) my 40GByte reiserfs filesystem letting
> >>share on our subnet with windows computers.
> >
> >Huh?  samba on reieserfs here.  Light usage, works fine.  I am now using
> >2.5.40 but, 2.4.17/8/9/20pre (and probably more) all work too.
> >
> >Ed Tomlinson
>
> thanks, it was long ago that i tried it. this is good news.

But if you ask about SAMBA/ACLs/ReiserFS (3.5/3.6) then there are some little 
questions.

Two options:

* Get the (generic) ACL kernel (VFS) patch.
* Or get latest SuSE 8.1 which comes with ACLs for all four journaling FSs.

Regards,
	Dieter
-- 
Dieter Nützel
Graduate Student, Computer Science

University of Hamburg
Department of Computer Science
@home: Dieter.Nuetzel at hamburg.de (replace at with @)

Re: samba

[system_lists]

Samba here in a 0+1 HW Raid of 4*80 GB IDE disks

At 08:18 05/10/2002 +0200, Gertjan Vinkesteijn wrote:
>Dear audience,
>
>Last year samba was not yet possible on reiserfs, it is on xfs from sgi 
>though. Does anybody know if work has been done in that area? It would be 
>very handy having (parts of) my 40GByte reiserfs filesystem letting share 
>on our subnet with windows computers.
>
>Appreciate your thoughts
>
>--
>Gertjan Vinkesteijn
>mailto:gvink@xs4all.nl
>homepage: http://gershwin.xs4all.nl
>

samba

[Daniel Provin]

Hi there

I think I did this befre, but it isn't working
is there any tag to the smb.conf file to authenticate users using the unix
users, but without kerberos or ldap

thanks
Daniel Provin
Lixux User #191271
EEL LABMETRO UFSC

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

samba

[Fritz Mesedilla]

Hello folks!

I can't seem to make samba and iptables work properly...

$IPT = /usr/sbin/iptables

# port fritz/samba
1) $IPT -A INPUT -i eth0 -p tcp -s 190.200.2.111 --dport 137:139 -j LOG --log-level DEBUG --log-prefix "SAMBA: "
2) $IPT -A INPUT -i eth0 -p udp -s 190.200.2.111 --dport 137:138 -j LOG --log-level DEBUG --log-prefix "SAMBA: "

3) $IPT -A INPUT -i eth0 -p tcp -s 190.200.2.111 --dport 137 -j ACCEPT
4) $IPT -A INPUT -i eth0 -p tcp -s 190.200.2.111 --dport 138 -j ACCEPT
5) $IPT -A INPUT -i eth0 -p tcp -s 190.200.2.111 --dport 139 -j ACCEPT

6) $IPT -A INPUT -i eth0 -p udp -s 190.200.2.111 --dport 137 -j ACCEPT
7) $IPT -A INPUT -i eth0 -p udp -s 190.200.2.111 --dport 138 -j ACCEPT
8) $IPT -A INPUT -i eth0 -p udp -s 190.200.2.111 --dport 139 -j ACCEPT


Line numbers 5, 6 and 7 seem to be logging some packets.
But when I turn the firewall off and contact samba it works even if I turn the firewall back on.
If I access Samba again after rebooting my computer it says... "Microsoft Windows Network: The local device name is already in use."

Hope you can help me. Thanks.



fritz <www.mesedilla.com>
---
+ Basta Ikaw Lord 

----------------------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender immediately by e-mail and delete this e-mail from your
system. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent
those of the company. Finally, the recipient should check this email
and any attachments for the presence of viruses. The company accepts
no liability for any damage caused by any virus transmitted by this
email. 

Overture Media, Inc.
Direct Line: (632) 635-4785
Trunkline:   (632) 631-8971 Local 146
Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave., Quezon City 1100

Samba

[Josh Lamb]

Hello,

I recently switched to linux because I was curious what else was out there
and was very annoyed with windows's mismanaged multitasking.  So I went and
bought Slackware after trying knoppix for a short while. I know Slack is
sometimes not recommended for newbies, but I think it is the best way to
learn linux because it really forced me to learn new things.

My question: Can you recommend any books that deal more with networking, I
am having troubles trying to set up a Samba server? I also want to be able
to set up Apache and BIND? OH, and one more, does anyone have a good text on
using a good linux server to serve a lot of thin clients?

thanks for your time


end

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Samba

[caszonyi]

On Sun, 25 Jan 2004, Josh Lamb wrote:

> Hello,
>
> I recently switched to linux because I was curious what else was out there
> and was very annoyed with windows's mismanaged multitasking.  So I went and
> bought Slackware after trying knoppix for a short while. I know Slack is
> sometimes not recommended for newbies, but I think it is the best way to
> learn linux because it really forced me to learn new things.
>
> My question: Can you recommend any books that deal more with networking, I


see on this page
http://www.tldp.org/guides.html
Network administrator guide and
System administrator guide


> am having troubles trying to set up a Samba server? I also want to be able
> to set up Apache and BIND? OH, and one more, does anyone have a good text on
> using a good linux server to serve a lot of thin clients?
>
> thanks for your time
>

on
http://www.tldp.org
you will find a lot of usefull documentation about linux

>
> end
>

--
"A mouse is a device used to point at
the xterm you want to type in".
Kim Alm on a.s.r.
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Samba

[Theo. Sean Schulze]

While you are visiting www.tldp.org, you might also want to check out the mock mini-mainframe howto.  I think it will have some good info in it for you in reference to running the thin clients.

On Sun, Jan 25, 2004 at 09:35:06AM -0700, Josh Lamb hunted and pecked out:
> Hello,
> 
> I recently switched to linux because I was curious what else was out there
> and was very annoyed with windows's mismanaged multitasking.  So I went and
> bought Slackware after trying knoppix for a short while. I know Slack is
> sometimes not recommended for newbies, but I think it is the best way to
> learn linux because it really forced me to learn new things.
> 
> My question: Can you recommend any books that deal more with networking, I
> am having troubles trying to set up a Samba server? I also want to be able
> to set up Apache and BIND? OH, and one more, does anyone have a good text on
> using a good linux server to serve a lot of thin clients?
> 
> thanks for your time
> 
> 
> end
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs

-- 
Theo. Sean Schulze
tschulze@teamfinders.org
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Samba

[beolach]

> Hello,
> 
> I recently switched to linux because I was curious what else was out there
> and was very annoyed with windows's mismanaged multitasking.  So I went and
> bought Slackware after trying knoppix for a short while. I know Slack is
> sometimes not recommended for newbies, but I think it is the best way to
> learn linux because it really forced me to learn new things.
> 

My opinion exactly.  I started the same way back Slackware 7.1.

> My question: Can you recommend any books that deal more with networking, I
> am having troubles trying to set up a Samba server? I also want to be able
> to set up Apache and BIND? OH, and one more, does anyone have a good text on
> using a good linux server to serve a lot of thin clients?

As has been pointed out, a lot of great info on just about every subject
is available in The Linux Documentation Project <http://tldp.org>.  I also
want to point out that all of the HOWTOs & FAQs from TLDP are included in Slackware in /usr/doc/Linux-HOWTOs & /usr/doc/Linux-FAQs.

Also, the SAMBA package for Slackware includes a ton of documentation on
setup SAMBA, including the book "Using Samba, 2nd Edition".  The easiest way
to get to this using SWAT (Samba Web Administration Tool), which is also the
best way to administer SAMBA.  To enable SWAT, edit /etc/inetd.conf &
uncomment the line for swat.  Then find inetd's PID with 'ps -A' & send it
SIGHUP with `kill -HUP <pid>`.  Then open your preferred webbrowser & go to
<http://localhost:901>.

> 
> thanks for your time
> 

My pleasure, hope it helps.
Conway S. Smith

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

samba

[Russell Coker]

When discussing SE Linux and Samba with Andrew Tridgell last night we came up 
with an idea that should work reasonably well without hurting performance 
much.

Firstly we consider Samba to be a trusted object manager, so there is no plan 
to prevent any Samba process from exceeding it's access (IE we are not 
protecting against a buffer overflow or other attack to make the Samba daemon 
perform inappropriate actions).

For operations which require access to a directory tree (IE every operation 
that does not involve an open file handle - open, creat, unlink, rename, 
stat, chmod, chown, truncate, etc) we can have a separate samba process 
that's run in a different context (eg smbd_user_t, smbd_staff_t, etc).  The 
operations that result in an open file handle (open() and creat()) can then 
pass back a file handle to the parent process over a Unix domain socket.  For 
read/write/ioctl/fstat/ftruncate operations the main Samba process can query 
the SE Linux kernel (or maybe use user space AVC code) as to whether the 
operations are permitted.

This was one of many possible ways of doing this that we discussed.  I don't 
think it was Andrew's favourite, but I think it works best with what we are 
trying to do.


Another possibility is to just not permit multiple SMB identities over the 
same TCP socket, there's apparently a registry setting that can be used on 
each SMB client machine to make it use a separate TCP socket per connection.  
In which case we just need to change the Samba code from fork/setuid to 
fork/setuid/exec (which will not be fun).

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: samba

[Luke Kenneth Casson Leighton]

uhm.

my apologies for being sufficiently rusty on samba stuff for it to take
several days to remember things.

it occurred to me that there are other locations where seteuid() calls
will be used: in the emulation of NT's DCE/RPC services.

under certain circumstances, for example in an NT printer client,
an NT program will cause an NT system to make an authenticated
DCE/RPC connection over an already authenticated SMB connection.

there are two circumstances in which i definitely know that this
occurs: as mentioned already the first is when viewing a print job:
one thread does the printing and another thread deals with print
monitoring (like famd only in a polling fashion).

the two threads use DIFFERENT security contexts.

the other circumstance that i am aware of is when a user presses
ctrl-alt-delete and then changes their password: _any_ user may
use that dialog to change their password, and so you get an
authenticated DCE/RPC connection made over someone else's
authenticated SMB session.

_there may be other circumstances where this is done_.

now, why am i mentioning this?

the reason is because not only is there a seteuid done in the
SMB connection, but also due to the authenticated DCE/RPC connection
which is piggy-backed over the SMB authenticated transport, there
is also ANOTHER seteuid in the DCE/RPC layer.


therefore, it is necessary to consider context separation at the
DCE/RPC level as well.

and funnily enough, the Samba TNG design has already split out
all of its DCE/RPC services into separate daemons.

therefore, the way to guarantee a working secure se-samba system
with an absolute minimum of coding is:

- to use samba(4) as the front-end

- to use samba-tng as the back-end

- to use samba-tng's NT domain DCE/RPC services.


samba(3) is a monolithic design which runs all DCE/RPC services in a
single process.

therefore, as it stands, it cannot be used for se-samba without
also taking care of the seteuid calls in the DCE/RPC layer as well.


On Thu, Jun 03, 2004 at 03:43:15PM +1000, Russell Coker wrote:
> When discussing SE Linux and Samba with Andrew Tridgell last night we came up 
> with an idea that should work reasonably well without hurting performance 
> much.
> 
> Firstly we consider Samba to be a trusted object manager, so there is no plan 
> to prevent any Samba process from exceeding it's access (IE we are not 
> protecting against a buffer overflow or other attack to make the Samba daemon 
> perform inappropriate actions).
> 
> For operations which require access to a directory tree (IE every operation 
> that does not involve an open file handle - open, creat, unlink, rename, 
> stat, chmod, chown, truncate, etc) we can have a separate samba process 
> that's run in a different context (eg smbd_user_t, smbd_staff_t, etc).  The 
> operations that result in an open file handle (open() and creat()) can then 
> pass back a file handle to the parent process over a Unix domain socket.  For 
> read/write/ioctl/fstat/ftruncate operations the main Samba process can query 
> the SE Linux kernel (or maybe use user space AVC code) as to whether the 
> operations are permitted.
> 
> This was one of many possible ways of doing this that we discussed.  I don't 
> think it was Andrew's favourite, but I think it works best with what we are 
> trying to do.

 as i have mentioned before, andrew's knowledge of unix system
 programming is extremely comprehensive, and if anyone can implement
 it in a secure manner, it's going to be andrew.


 it's not the simplest "get-it-working" approach.  using samba(4)
 as the front-end and samba-tng as the back-end is definitely the
 simplest.


> Another possibility is to just not permit multiple SMB identities over the 
> same TCP socket, there's apparently a registry setting that can be used on 
> each SMB client machine to make it use a separate TCP socket per connection.  

 that does not take care of DCE/RPC services which cannot be stopped
 from using the SMB layer to seteuid or provide threaded  support.


> In which case we just need to change the Samba code from fork/setuid to 
> fork/setuid/exec (which will not be fun).
> 
> -- 
> http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/  My home page
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.

-- 
-- 
expecting email to be received and understood is a bit like
picking up the telephone and immediately dialing without
checking for a dial-tone; speaking immediately without listening
for either an answer or ring-tone; hanging up immediately and
believing that you have actually started a conversation.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: samba

[Luke Kenneth Casson Leighton]

just to _really_ put the cat among the pigeons: remember that
there is also "svcctl" - a DCE/RPC service that allows the
creation (including under which user context), management,
starting and stopping of services.

in other words, if this service was implemented under samba(3),
(i am not privy to the designs of samba(4)) then the SE/Linux
policy required would have to pretty much allow everything.

whereas, with the samba tng approach, you only need give the
svcctld - the service control daemon - sufficient privileges
to be able to exec "run_init /etc/init.d/startstopscript"
without requiring a password.

l.

-- 
-- 
expecting email to be received and understood is a bit like
picking up the telephone and immediately dialing without
checking for a dial-tone; speaking immediately without listening
for either an answer or ring-tone; hanging up immediately and
believing that you have actually started a conversation.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.