Interesting Samba Question...Still trying!!
Dear all,
Firstly thanks to all of those who responded. Had a lot of reading to do
after
receiving all of your e-mails. Many many thanks for your help.
I have examined stunnel and openvpn as solutions. They both seem quite
hard to bring up and parametize... (Have drunk 3 lt of coffee so far!!!, no
results).
I think that the solution I will follow is to enable ssl in Samba (SuSE
9.1 box)
and create certificates for all the sale's men that will be doing work out
of the
office. Still don't know how secure this is as some samba ports will have to
be
openned/redirected from my firewall in order for the sales men to have
access.
Is it really necessary to deploy stunnel as well? I mean can't just Samba
with SSL
do the job on its own?? Aren't the certificates that I issue enough to
validate the
correctness of the users and prohibit any other potential hackers that don't
have the correct certificate?
Second thing is how do I enable ssl on Samba when samba is in rpm
format? (I am not that advanced of a linux user but am willing to learn as
much as I can!!). Is there an option I can issue when installing Samba via
rpm -i??
Until now, all installation has been done via YAST. Perhaps there might be
a field where I can specify an option?? Have no clue...
Thank you all again!! I hope that I will be able to figure this out...
Chris
----- Original Message -----
From:
I was going to be lazy and not include any links, but here's a couple, though didn't find the best one I had the other day.....
http://www.stunnel.org/examples/smb_grant.html http://www.samba.org/samba/docs/swat_ssl.html
http://www.camden.rutgers.edu/HELP/Documentation/Unix/stunnel/S50-1331_stunn el.html
Pete.
Chris Roubekas wrote:
Dear all,
Firstly thanks to all of those who responded. Had a lot of reading to do after receiving all of your e-mails. Many many thanks for your help.
I'm not sure if this will work for you ... but here goes anyway ;-) For Linux clients, I use the following: ssh -C -c blowfish -L 2000:localhost:139 *remotehost* mount -t smbfs -o username=*remoteuser*,password=*remotepass*,uid=*localuser*,port=2000,ip=localhost //*remotename*/*share* /mnt/*wherever* (the above command is one line) For Windows clients I do basically the same thing. I use Putty as the ssh client. Unfortunately, on Windows you have to use 139:localhost:139 for the forwarding. This will only work if file/print sharing is *removed* from the client. Just disabling it won't work. This has no effect on the Windows client as far as browsing and connecting to other shares. They just cant share themselves. Putty stores its setting in the registry. I export that section. Installation consists of copying the Putty exe and double clicking the reg file. Users start Putty and can then connect to the share that appears to be on their local PC. The only port required on the firewall is for ssh. HTH Louis
participants (2)
-
Chris Roubekas
-
Louis Richards