SamBa

back to http://scratchpad.wikia.com/wiki/Sasecurity

Connecting over Samba, NAT and SSH
Hmm, well I guess I should be able to ping between the two machines   BR first ;-)   BR

They're on the same node, so I guess I need a tunnel or something? BR Ah, I thought you were setting up on the node. Samba implies bad   BR security issues since you're serving up your root directory to the world, so    BR never use it direct. Use an SSH tunnel, but I haven't used that yet   BR since no need you present outside my LAN. (not meshing yet... hope you   BR guys help me with this)  SSH shouldn't be too hard. BR

Without SSH, you'll have a problem connecting to a mesh-client through   BR a node because of NAT. (god is trying to tell you something here)    BR You'd need to port-forward connect ports through the node to the    BR mesh-client. And you'd need to make sure the datagram ports can transmit out   BR through the node. But don't do this. BR

So to clarify: the node *client* is the Samba server. It listens on   BR microsoft-ds (445/tcp) and netbios-ssn (139/tcp) for connections from the    BR outside. And it must be able to respond on netbios-dgm (138/udp) &   BR netbios-ns (137/udp) to the outside. Remember, you're presenting your   BR root directory to the world, unless you use SSH. BR

The big picture is that Samba should be set to serve to SSH on the   BR mesh-client, which passes traffic through the tunnel to lo on your machine. BR Then you reach in your own bellybutton and pull out the Samba   BR connection. Don't even consider running Samba unthrough SSH. Double-plus   BR ungood. But this is beyond the scope; use a HowTo. As incentive, Samba is   BR great, once it's running. BR

QUES:   BR

I tried the smbpasswd ...   BR > New SMB password:   BR > Retype new SMB password:   BR > TDBSAM version too old (0), trying to convert it. BR > TDBSAM converted successfully. BR > Failed to initialise SAM_ACCOUNT for user nick. BR > Failed to modify password entry for user nick  BR Cool, you're running a newer version than I thought. Tdbsam replaces   BR Smbpasswd for authentication. (I hate this because much harder to   BR remember)   BR

It doesn't look like you'll be using an old smbpasswd database, but if   BR you have one:   BR # pdbedit --force-initialized-passwords   BR First, list any existing accounts in Samba on the mesh-client:   BR # pdbedit -L   BR

Then:  BR # pdbedit -au {username}    BR Restart the service:   BR # /etc/init.d/samba restart  or  /etc/rc.d/samba restart  depending on    BR your distro. BR Make sure the daemon is leesteneeng on SMB ports:  BR # lsof -i -n -P |more   (this command is so handy that I have in my    BR /etc/profie: alias listen='lsof -i -n -P |more')   BR See, now, isn't that intuitive? :j Hope this helps. BR