ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. samba
    Log in to post
    • All categories
    • Pete.S

      File permission and samba help needed
      IT Discussion • permissions samba smb linux • • Pete.S

      8
      0
      Votes
      8
      Posts
      205
      Views

      Pete.S

      I ran some test on a VM and created some groups and added some top-level directories for those groups.

      Changed the group on each top-level directories and files below recursively with chown -R.

      Set directories to permission 2770 and files to 0660 with chmod -R.

      Changed smb.conf and added create mask=0660 and directory mask=2770.

      Now new files and directories created on the share have the right permission and belongs to the right group automatically, simply depending on what group the top-level directory belongs to.

      If you're not a member of a group, you will not even see the directories or files that belongs to that group.

      I think this is a good interim solution without too much work. Then moving to onedrive or whatever can be done in the future on a department to department basis.

      Only admin required for adding users is to add them to linux/samba and make sure they become members of the right groups.

      It's also very simple to make a separate share out of the top-level folders if you wanted.

    • B

      SMB share from RHEL access issues ...
      IT Discussion • windows 10 samba • • BraswellJay

      6
      1
      Votes
      6
      Posts
      134
      Views

      Dashrender

      @BraswellJay said in SMB share from RHEL access issues ...:

      I did enable SMB v1 on the windows 10 clients thinking that would be necessary but that did not have any effect.

      On Windows 10, did you enable SMB v1 server or client? In this case, you would need to enable only client to make this work, assuming this is the problem.

    • JaredBusch

      How to setup Samba on Fedora 28 as a public share
      IT Discussion • how to samba smb share fedora fedora 28 • • JaredBusch

      4
      7
      Votes
      4
      Posts
      3216
      Views

      Reid Cooper

      Nice write up, thanks!

    • NashBrydges

      Linux As File Server- Break Out From Other Thread
      IT Discussion • linux smb samba file server • • NashBrydges

      44
      4
      Votes
      44
      Posts
      1573
      Views

      scottalanmiller

      @emad-r said in Linux As File Server- Break Out From Other Thread:

      @scottalanmiller said in Linux As File Server- Break Out From Other Thread:

      @emad-r said in Linux As File Server- Break Out From Other Thread:

      The only down side to it, that the files will take size on their machine as well as the NC server, thats it. If you can afford this, then this is the way to go.

      That's purely optional. Not a given. NextCloud can be used with files purely on the server just like with SMB.

      Huh, how so ? you mean only via web client. If your installing the agent at somepoint it will need to sync the files to your account synced folder.

      That's one option, but not what I mean. You can map drives to it, too.

    • Obsolesce

      Samba Issues
      IT Discussion • linux samba fedora • • Obsolesce

      16
      2
      Votes
      16
      Posts
      684
      Views

      scottalanmiller

      @momurda said in Samba Issues:

      @obsolesce Did you change your username?

      The old one was... obsolete.

    • jrc

      AD Emulation on *Nix
      IT Discussion • active directory samba samba 4 • • jrc

      32
      0
      Votes
      32
      Posts
      2039
      Views

      EddieJennings

      @scottalanmiller said in AD Emulation on *Nix:

      @jrc said in AD Emulation on *Nix:

      However the company that makes the software could care less about Windows client licensing, and as a franchisee they have zero options on using this software.

      Of course they don't care, the responsibility for that falls 100% onto the end client to ensure that they have properly licensed their environment. The vendor has zero responsibility here.

      Reminds me of a PBX appliance vendor that shipped their "server" with Windows XP Pro as the OS. 😉

    • mlnews

      OpenLDAP with Samba Issue
      IT Discussion • ldap openldap samba • • mlnews

      4
      1
      Votes
      4
      Posts
      1513
      Views

      stacksofplates

      Why samba instead of sssd?

    • mlnews

      Storage Updates Dominate Latest Tumbleweed Update
      News • linux samba ceph suse opensuse opensuse tumbleweed btrfs • • mlnews

      1
      4
      Votes
      1
      Posts
      586
      Views

      No one has replied

    • G

      Freenas 9.2.18 server , CIFS services unable to start
      IT Discussion • freenas file server freebsd unix samba • • Ghani

      23
      0
      Votes
      23
      Posts
      2724
      Views

      DustinB3403

      @scottalanmiller said in Freenas 9.2.18 server , CIFS services unable to start:

      @Ghani said in Freenas 9.2.18 server , CIFS services unable to start:

      Yes i agree your sounds

      If the only goal is an open source file server (we call this a SAM-SD, there is a section of the forum just for that) then the most likely recommendations for an OS will be openSuse Tumbleweed or Fedora. CentOS and Ubuntu are fine choices too. FreeBSD is excellent, but less well known.

      You make it sound as though the wise choice here would be to install OpenSuse etc direct to the hardware.

    • mlnews

      Samba 4.6 Released
      News • samba samba 4 samba 4.6 zdnet • • mlnews

      1
      2
      Votes
      1
      Posts
      539
      Views

      No one has replied

    • scottalanmiller

      Synology DSM 6.1 Released with Active Directory Server
      News • synology synology dsm synology dsm 6.1 samba 4 samba active directory nas • • scottalanmiller

      20
      1
      Votes
      20
      Posts
      7014
      Views

      scottalanmiller

      @JaredBusch said in Synology DSM 6.1 Released with Active Directory Server:

      @scottalanmiller said in Synology DSM 6.1 Released with Active Directory Server:

      @JaredBusch said in Synology DSM 6.1 Released with Active Directory Server:

      @travisdh1 said in Synology DSM 6.1 Released with Active Directory Server:

      @scottalanmiller said in Synology DSM 6.1 Released with Active Directory Server:

      @travisdh1 said in Synology DSM 6.1 Released with Active Directory Server:

      @scottalanmiller said in Synology DSM 6.1 Released with Active Directory Server:

      @travisdh1 said in Synology DSM 6.1 Released with Active Directory Server:

      Hrm, fast-clone. Probably time to try out a Btrfs based file server at home.

      It's good stuff.

      Yeah, I know brtfs is the way to go, I just haven't tried it out yet myself. Starting out on IRIX with XFS back in the day makes me a too nostalgic.

      I still use XFS for everything.

      When will be the right time to switch to btrfs then? We know it's been stable for long enough that it's becoming the default in a number of distributions now, but has it really been battle tested well enough yet?

      Also, should we maybe make another thread for the btrfs discussion?

      The answer here is you do not switch. You install a distro letting it do its native thing by default and less you have an over arcing huge reason to override defaults. So you will get this when you install a new system that now has it as a default.

      openSuse, for example, has had it as default for two years.

      Really though, I prefer XFS for anything that isn't a storage machine. VMs need something mature, stable and light. XFS does that well.

      But does your preference mean that you will override a default installs choice just because that is your preference?

      Using anything but default should have very clear reasons because the first time somebody besides you have to troubleshoot it there will be big problems.

      I would often, yes actually. XFS is not like an odd, unsupported option. It's just not the default. It's still completely core to openSuse's design. They simply had to pick which one they were going to use when someone did not choose one or the other and they opted for extra features over lean design for those that don't know which they want, which I think makes sense. Just like CentOS opts for the simplicity of using root for administration instead of sudo, but makes it super easy to enable sudo. It's not default, but it's fully supported. They just had to choose something as default.

    • scottalanmiller

      FreeNAS Domain Failure on AD
      IT Discussion • freenas freebsd 10.3 freebsd bsd winbind kinit kerberos samba samba 4 • • scottalanmiller

      43
      0
      Votes
      43
      Posts
      6927
      Views

      scottalanmiller

      @DustinB3403 said in FreeNAS Domain Failure on AD:

      @scottalanmiller any news yet?

      Nope

    • mlnews

      How to configure Ubuntu Linux server as a Domain Controller
      News • samba samba 4 samba-tool ubuntu linux techrepublic active directory ad ad dc domain controller • • mlnews

      2
      2
      Votes
      2
      Posts
      919
      Views

      travisdh1

      @mlnews said in How to configure Ubuntu Linux server as a Domain Controller:

      http://www.techrepublic.com/article/how-to-configure-ubuntu-linux-server-as-a-domain-controller-with-samba-tool/

      Samba 4 and samba-tool make getting up and running with AD on Linux pretty quick and easy.

      Sounds nice, I'll need to make time to look at this.

    • wirestyle22

      Setting Up Samba for Use with Plex (CentOS 7.2 Minimal)
      IT Discussion • plex centos 7.2 how to samba • • wirestyle22

      37
      7
      Votes
      37
      Posts
      7620
      Views

      NashBrydges

      So...any thoughts on best practice for Plex setup but with >30TB of content?

    • mlnews

      Badluck SMB Security Vulnerability Disclosed
      News • security smb samba windows badlock • • mlnews

      2
      2
      Votes
      2
      Posts
      762
      Views

      mlnews

      From the Badlock page:

      What can attackers gain?

      The security vulnerabilities can be mostly categorised as man-in-the-middle or denial of service attacks.

      Man-in-the-middle (MITM) attacks:
      There are several MITM attacks that can be performed against a variety of protocols used by Samba. These would permit execution of arbitrary Samba network calls using the context of the intercepted user.

      Impact examples of intercepting administrator network traffic:
      Samba AD server - view or modify secrets within an AD database, including user password hashes, or shutdown critical services.
      standard Samba server - modify user permissions on files or directories.

      Denial-of-Service (DoS) attacks:
      Samba services are vulnerable to a denial of service from an attacker with remote network connectivity to the Samba service.
      Who is affected?

      Affected versions of Samba are:

      3.6.x,
      4.0.x,
      4.1.x,
      4.2.0-4.2.9,
      4.3.0-4.3.6,
      4.4.0
      Earlier versions have not been assessed.

      How can I fix my systems?

      Please apply the patches provided by the Samba Team and SerNet for EnterpriseSAMBA / SAMBA+ immediately.

      Patched versions are (both the interim and final security release have the patches):

      4.2.10 / 4.2.11,
      4.3.7 / 4.3.8,
      4.4.1 / 4.4.2.
      With the release of Samba 4.4.0 on March 22nd the 4.1 release branch has been marked DISCONTINUED (see Samba Release Planning). Please be aware that Samba 4.1 and below are therefore out of support, even for security fixes. There will be no official security releases for Samba 4.1 and below published by the Samba Team or SerNet (for EnterpriseSAMBA). We strongly advise users to upgrade to a supported release.

      Some vendors may choose to ship 4.4.1, 4.3.7, and 4.2.10 versions and add regression patches on top of them, due to wide scale and complexity of this release. Some may also just backport the patches to older releases. Please contact your Samba supplier for details.

      What further improvements after patching are suggested?

      Mitigations for man-in-the-middle (MITM) attacks:
      Network protections that could be used MITM attacks include DHCP snooping, ARP Inspection and 802.1x.

      It is recommended that administrators set these additional options, if compatible with their network environment:

      server signing = mandatory
      ntlm auth = no

      Without server signing = mandatory, Man in the Middle attacks are still possible against our file server and classic/NT4-like/Samba3 Domain controller. (It is now enforced on Samba's AD DC.) Note that this has heavy impact on the file server performance, so you need to decide between performance and security. These man in the Middle attacks for smb file servers are well known for decades.

      Without 'ntlm auth = no', there may still be clients not using NTLMv2, and these observed passwords may be brute-forced easily using cloud-computing resources or rainbow tables.

      Mitigations for denial-of-service (DoS) attack:
      Apply firewall rules on the server to permit connectivity only from trusted addresses.

      Will encryption protect against these attacks?

      The SMB protocol, by default, only encrypts credentials and commands while files are transferred in plaintext. It is recommended that in security / privacy sensitive scenarios encryption is used to protect all communications.

      Samba added encryption in version 3.2 in 2008, but only for Samba clients. Microsoft added SMB encryption support to SMB 3.0 in Windows 8 and Windows Server 2012. However, both of these types of encryption only protect communications, such a file transfers, after SMB negotiation and commands have been completed. It is this phase that contains the fixed vulnerabilities.

      Samba/SMB encryption is good practice but is not sufficient for protection against these vulnerabilities. Network-level encryption, such as IPSec, is required for full protection as a workaround.

      How bad is Badlock?

      The severity of Badlock according to the Common Vulnerability Scoring System (CVSS):

      CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
      Base: 7.1 (High); Temporal: 6.4 (Medium)

      Is this vulnerability exploited currently?

      It may be possible since we already have several PoC (none of them will be released in the near future).

      What does "Badlock" stand for?

      "Badlock" was meant to be a rather generic name and does not point to any specifics.

      Yet Another Bug With A Logo?

      What branded bugs are able to achieve is best said with one word: Awareness. Furthermore names for bugs can serve as unique identifiers, other than different CVE/MS bug IDs.

      It is a thin line between drawing attention to a severe vulnerability that should be taken seriously and overhyping it. This process didn't start with the branding - it started a while ago with everyone working on fixes. The main goal of this announcement was to give a heads up. Vendors and distributors of Samba are being informed before a security fix is released in any case. This is part of any Samba security release process.

      Who found the Badlock Bug?

      Badlock was discovered by Stefan Metzmacher. He's a member of the international Samba Core Team and works at SerNet on Samba. He reported the bug to Microsoft and has been working closely with them to fix the problem.

    • mlnews

      Samba 4.4 Has Released
      News • samba samba 4 samba 4.4 open source • • mlnews

      2
      3
      Votes
      2
      Posts
      1044
      Views

      scottalanmiller

      That is a lot of updates!

    • drewlander

      Zentyal Community Server and Samba 4 as complete AD replacement
      IT Discussion • zentyal zentyal cs samba samba 4 linux linux server active directory • • drewlander

      4
      3
      Votes
      4
      Posts
      1700
      Views

      drewlander

      Thanks, Ill have a look. I wonder if they are features I would be concerned over.

    • Rob Dunn

      Active Directory on a Linux box with Samba - - group policy central store?
      IT Discussion • active directory group policy linux samba • • Rob Dunn

      9
      4
      Votes
      9
      Posts
      4248
      Views

      scottalanmiller

      Yes, I think that RSAT might actually care as if it does the wrong thing it won't see the files.

    • stacksofplates

      Samba problem
      SAM-SD • samba linux network storage • • stacksofplates

      7
      2
      Votes
      7
      Posts
      1892
      Views

      DustinB3403

      @johnhooks said:

      So I figured it out. Just like most every other problem I've had, it was something stupid I did. I initially started with a user "john" and set up permissions but decided later to use "jhooks". I had accessed the shares with the "john" username first and that's why some worked. I never added the jhooks username to samba (must have forgot since some shares were working) and that's why I couldn't log into the other shares with that username.

      That will teach me to try to do this stuff on Friday night when I'm tired.

      Well worse things have happened, it could've been a client outage 🙂

    • stacksofplates

      Network backup
      IT Discussion • ssh nfs samba backup • • stacksofplates

      29
      1
      Votes
      29
      Posts
      4877
      Views

      scottalanmiller

      @Dashrender said:

      On the Windows side we have the free version of Unitrends and Veeam for VMs, but I'm not sure of one for bare metal.

      Those can become coupled if you share accounts. So it is not a panacea.