You can tunnel Samba, Netatalk, NFS, etc. If security is a must, tunneling through SSH or VPN (I'm a fan of OpenVPN myself and use Tunnelbrick on my Mac you can also setup SSH tunnels with authentication or keys). Install Windows Services for UNIX to get NFS support in Windows. If NFS is the route you want to go for Linux/UNIX compatibility, don't let your Windows clients hold you back. There are a number of configurations options that can be done to allow specific hosts, and user/group permissions. Unfortunately, NFS doesn't come bundled with a wealth of security options natively. I rather like the options that Samba has for security/permissions with SMB/CIFS shares though. Samba does have the "Swat" web interface as well, but that isn't as well organized as the Webmin interface. You always have the option of Webmin, but that has been known to produce config files that may work but fails the Samba "sanity" check. That is especially so when it comes with integration with a Windows environment. I know that Samba has more options when it comes to authentication, security, permissions, and network tuning. I don't find that Samba is too difficult to setup but that's an unfair opinion considering I have considerably more experience with it. storage1/backup/jamie "Time Machine" options:tm,usedots,upriv,perm,cnidserver:localhost:4700 ea:auto allow:jamie rwlist:jamie My /usr/local/etc/fault: :DEFAULT: options:upriv,usedots My /usr/local/etc/nf: ATALK_UNIX_CHARSET='LOCALE' It was a little cumbersome to get working initially, but in time and tweaking the faults yielded a worthwhile endeavor. I currently use Netatalk for my Mac's TimeMachine backup to my server, which is rather convenient. The samba server itself is setup for share level authentication (for what its worth). The permissions are setup as the owner is me (jamie), group is samba_admin, and permissions are 755 for both files and directories. Anybody authenticated as guest (nobody) or in the "samba_readonly" group will only have read only privileges. Myself (jamie) as well as anyone in the "samba_admin" group can write to this share. The specific flaw exists within the getdirparams method. Here is an example of a share in my current smb.conf which is a per-share authentication basis: Authentication is not required to exploit this vulnerability. Have you checked your samba logs for a specific error? Be sure to have "valid users" or "valid groups" along with your read/write list of users or groups. When mounting CasperShare from my Mac using the casperadmin and attempting to copy a file to it, I first get a Mac authentication window, then the error "Items can't be copied to "CasperShare" because you don't have permission to read them." 2 casperadmin root 4096 Jun 19 08:15 CasperShareīoth casperadmin and casperinstall can mount and read from the share, but casperadmin cannot write to it. $sudo chown casperadmin /srv/samba/CasperShareĭrwxr-xr-x. $sudo useradd -d /home/casperinstall casperinstall -s /bin/false -N $sudo useradd -d /home/casperadmin casperadmin -s /bin/false -N The OS is CentOS 6.2, JSS 8.52 running fine on it.
0 Comments
Leave a Reply. |