Ubuntu :: Windows Services And Security Settings For Samba?
Jan 28, 2010
I have been trying to get my Samba 3.x NAS to connect to my Windows XP laptop. I can see the server though I cannot open it and see the shares. I have run various tests on the network and Samba (ping, smbclient) though still cannot find why I can't connect.
I can access the NAS via webmin, so I am thinking I need the security or the services settings on the XP machine. Is there a list somewhere of the Windows XP services and security settings required to share files?
I've got a samba share on a linux server, connecting to it with a windows 2k3 server via tools > map network drive. The goal is to be able to use windows to change the security of the samba share. The good news is it works! The bad news is it's not QUITE perfect:
The share is called /company. I started with the following to give everyone access to everything, set the owner of the share to administrator (my domain admin on the Windows domain), and set the group owner to domain users (group that everyone on the domain is part of):
I then mapped the drive as a regular user, and of course, can access/modify/delete/rename/create anything I want. Then I picked a folder to lock down. Let's call it /company/myFolder. I did this on the Windows server by mapping the drive as administrator (the owner), right click > properties > security tab > advanced > highlight "domain users" and "everyone" and click edit > clear all (i.e. remove all access). Go back to Linux and
The only issue that remains is that I am able to rename/delete "myFolder" as a regular user. I thought this was coming from the "acl map full control = true" parameter in smb.conf, but I changed it to false and verified the change and it still happens. If I remove group and world write access to /company, I am no longer allowed to rename/delete myFolder, but then I can't create a new folder. If I add group write access back in I can create files but can also rename/delete folders within /company that have --- specified for group access. Any ideas what I need to tweak to make this right?
I have NTFS-protected directories under Windows. However under Linux, even though I'm not logged in as a Super-User, Ubuntu cheerfully mounts all NTFS partitions on this machine and EVERY computer on my home network. This gives my GUESTS complete access to all machines connected to my network: Nautilus -> Windows Network -> Workgroup -> Clicking on any computer Name gives access to windows' administrative shares C$, D$, etc. I've always known that Linux ignores Windows security, but... what is the solution?
In my server the iptables and ip6tables services are not running. But still i am getting some iptables and ip6tables related alerts on my /var/log/messages. My technical leader told me that there might be some mis-configuration in iptables configuration file. But i didnt see anything wrong.
What does it mean "Jan 25 11:01:32 beteduibsrv3 avahi-daemon: Leaving mDNS multicast group on interface eth0.IPv6 with address fe80::226:b9ff:fefc:6ec4."
I recently installed CentOS 5.3. There I select desktop package (Gnome and KDE) didn't select server in CentOS 5.3 installation gui. I want to connect to the windows active directory domain in our company. To do this I want to run the samba service. But it is not listed in the services. (#service --status-all) but I cant see the samba config file smb.conf why I cant run this other services smbd, nmbd is also not listed. But winbind is listed and I started it.
I am baffled by fedora's feeble attempts to work with Samba. I have ran various versions of Fedora for the last few years, and sporadically, the Samba gui and samba itself have had such problems. My current problem in Fedora 11 (64bit) is that samba doesn't seem to be running correctly. It is allowing the hosting of shares, but it does not show that it is running in the services gui. It shows enabled, but when I attempt to change it by starting or stopping, nothing happens. The samba gui also shows that it launches but then never actually starts. I saw very similar problems with Fedora 9.
I have a little bit of a problem, I run openSUSE as a server on a Dell PowerEdge T610. I use it for sharing files in a local network and as a web server accessible through the public IP (configured through router DMZ). Also, I use Teamviewer for remote control in order to avoid some compatibility and network problems. Generally the computer runs flawless but from time to time, as about once in two weeks, all network related services except the Apache server which runs just fine, and is still accesible, crash. The Samba share can't be accessed anymore, the Teamviewer is also dead and the only way to put everything back in order is a restart. The thing is I don't know if an error occurs since the server hasn't got a monitor installed, and more than that I do most of my work remotely (as in miles and miles away from the location) and it takes me quite some time to actually get there and see what's happening.
So, any ideas what might be happening? I belive that there might be some information in some of the logs, but as I am not an expert in Unix like operating systems I don't exactly know where to start from.
I'm trying to avoid having to migrate my machine to Fedora: it's either learn to clone some existing Puppet manifests from Fedora to Ubuntu, or move back to Fedora. I'm running into several problems, including parsing errors for rules that work for Fedora and fail for Ubuntu, presumably because the version of libaugeas-ruby is older for Ubuntu (0.3.0) than Fedora (0.4.0). For Ubuntu, these rules fail with "Could not evaluate: Could not retrieve information from source(s)". Another one is a failure of augeas to use the 'ins' command to insert a rule into krb5.conf. I can't think of any good reason for these other than the older versions of the libraries render Puppet unable to parse properly.
At any rate, I was wondering whether anyone has had experience and success controlling security services in Ubuntu (Natty), such as krb5, pam, screensaver locking, etc. I should be able to hack my way through these, but I keep hitting walls like the evaluation error above.
I was wondering if there is any way in Linux in general and Fedora 13 in particular to configure system so that any service that needs access to internet will have to ask for password/permission to do so. So that I can
I have a CentOS 5 server in which I use Virtual Hosting and each domain has its own user/pass for login to upload files. The path is /var/www/vhosts/domain name]/httpdocs/What im attempting is setting up the creation of the [domain name] folder from an administration backend under PHP, which I am developing. What Im worried about is if I allow PHP to run command line commands such as mkdir, then what is stopping anyone from doing the same from their php files on my server??? What is the best way to properly setup my server to allow automated creation of the domain structure within my folder system
I'd like to run a Tor relay, but am trying to understand the security implications. For some time I've run my torrent client in a VirtualBox virtual machine, which is run as a very non-prived user, bridges directly to The Internets, and writes to one directory on the host. My belief is this is about as secure as it can be, but am open to suggestion.If I run a relay in the VM it wouldn't be associated with my use of Tor as a client, which is fine since there is no technical need for them to be connected and it's desirable for security.I read that chroot jails can be broken, particularly when run as root, so I don't really trust that. Also studied a vserver, but it must share the network setup which doesn't strike me as isolated enough.
I'm having problems with hackers from across the globe trying to get into our servers. Why? i have no clue. nothing of value in my servers worth getting.
Right now my service only does business with USA. So I'm trying to find a way to block all Non USA traffic. I called my hosting provider and they are unable to help. Said it was up to me to do this.
Well I've already taken care of the TCP Wrappers. by spawning a small C program i made that uses MaxMind's GeoIP system. to automatically deny access. Now i need to do something about all the other network connections that come in to services that do not use the TCP wrappers.
So i was wondering if IPTABLES have a way to spawn a sub proccess like TCP wrappers or if there was any other firewall software out there for linux that would let me achieve my goal.
I want to simplify some of my rules, so I want to create rules for certain services like xmpp, web, etc. since some of them use multiple ports, and I toggle them on/off a lot. Can I simply put the jump to rule clauses in the Input chain, and once the sub chains run, does it return to the input chain after the jump to rule clause? I want to do this so I don't have a ton of rules in the input chain. I think that if I simply make a list of all the rules to jump to in the input chain, it will work itself through all of them until it finds a matching filter in one of them correct?
I want to use samba for file sharing like on a Windows home network. Actually they are all Linux machines but nfs is too complicated. On my host machine I installed samba and system-config-samba. I created a new share for /home, check marked writable and visible and put access to everybody. For preferences-->server settings--> security the "authentication mode" is set to user, encrypt passwords is no, and guest account is no guest account. Under preferences-->samba users I added myself as a user with the same windows user name as my Linux user name and the same password.
My client is a virtualbox fedora (used for testing purposes but actual clients will be real computers on my home network). I entered the address smb://192.168.1.184. When asked for the user name and password I put my regular user name and password since that was what I set in samba users. However, the password dialog keeps coming up and won't let met into my own computer. If I quit it says something like access is denied. How can I get my home network back? I liked this feature when my home computers ran XP but I switched them to Fedora 12.
So I want to get mount/umount option under right click services menu. I went to Dolphin -> Settings -> Configure Dolphin -> Services -> Download New Services and from there I installed KDE CDEmu Emulator and MountISO. But neither of them is showing up in actual context menu. Neither in Dolphin -> Settings -> Configure Dolphin -> Services for that matter. I tried to install them as normal user and as a root. I went to have a peak in /usr/share/kde4/services/ServiceMenus/ but they aren't there as well... It's just me or lots of things seems to be not quite working in 11.3?
I have a file server that just has some samba shares. What would be some good files to back up off of their for disaster recovery purposes. I already have the smb.conf file from /etc/samba. I'm not familiar with Samba so not sure what else would be useful for if I had to get this reconfigured on another server identically, in a pinch.
I previously had a machine that dual booted Windows 7 and Ubuntu 10.10 32 bit. I recently attempted to wipe out the 32 bit Ubuntu and install 64 bit Ubuntu.
Here what I did: - I booted from the LiveCD, and had no problems - I formatted /sda3 using gparted. I checked that Ubuntu resided on /sda3 via the command "sudo fdisk -l". This worked fine. - I then clicked the "install ubuntu" option on the desktop, and chose the largest chunk of free space. - About 15% through the install, I was told the CD could not be read from due to a potential scratch or issue. I then tried to revert back to the Os running from the LiveCD, and things went crazy. I had trouble shutting down the machine and did a hard reset.
Now, whenever I boot I am greeted with the following message: Windows Deployment Services: PXE boot aborted error: no such partition grub rescue> At the grub rescue prompt when I ls, I see: (hd0) (hd0,4) (hd0,2) (hd0,1)
I can still boot the LiveCD. I tried that again and tried to again format sda3 using gparted but had no luck fixing the issue. When booting from the LiveCD I am also told by gparted that "sda1 does not coincide with a cylinder boundary" or something of that nature.
I want to Migrate Win2003 Domain Controller to Samba with All Settings Current Setup: Working Win2003 Domain Controller (DC)with home directories, group policies, shared printer, disk quotas. how to migrate all these settings to Samba Domain Controller. I have tried to search but didn't get detailed information.
I want to set samba to act as domain controller PDC.Is it possible to create user profil in samba with rights to change network settings but not install software, create users.Something like network admin that is like normal user but he is able change network settings.
I run a small (cabled) network between a desktop with XP with two printers hooked to it and a laptop with Ubuntu 10.04.1 64b. I can approach and use these printers from my laptop and filesharing works also. BUT ... this only works when my Ubuntu firewall (Gufw 10.04.5) is switched off. I am operating behind my router_modem which has a hardware type of firewall switched on at all times so I presume I'm safe. Now my questions:
1. Is this really safe enough? 2. What kind of settings would Gufw need to be able to use it AND use my mini-network for printing? I have no experience whatsoever with firewall rules and settings.
I am currently trying to best configure my Natty Narwal linux distro. At boot, the system is configured to automatically connect last Wifi network. When I connect to the WIFI however a whole bunch of instructions are loaded in the IPTABLES.
I am using openDNS on my current Linux box and I was wondering if their is a way to force the DNS settings to stay the same even if ROOT tries to change it (since my dad wants content filtering password protected and I still want my computers root access...)
I have 3 computers. One running openSuse 11.3 with SAMBA and the other 2 are Windows 7 Professional boxes. I have the same user name and passwords for all three boxes.
From the Linux box I can access one of the Windows 7 boxes but the other won't accept my user name and password. The one that won't accept has Windows LiveID Sign-In Assistant installed. Apparantly that's an automatic install now.
I've read that there is a bug with the SAMBA libsmbclient [URL].
I tried updating via YAST but still end up with version 3.5.4-5.1.2 and this doesn't work.
I installed DansGuardian. In order for it to work I set the system wide proxy. However it is really easy to get around DansGuardian by going to preference proxy setting. How do I password protect this setting so it requires a password to change proxy setting? Preferably a different password than the normal sudo password if possible. If not I at least want the sudo password protecting it! I run multiple browsers so doing it via the system rather than the browser made the most since.
I have LTS 10.04 with firefox 3.63 and the cookie settings are not there. Does anyone else have missing privacy settings. I dont like the idea of tracking cookies and want to do what I can to get rid of them.