I've added a second Linux box to my little network. It was stated in a previous thread in this list that SAMBA3 is basically just as good as NFS for file and printer sharing... so, with that advice (to somebody else) I'll stick with SAMBA (that I already use for sharing with the Windows box). To share files, directories and devices (CD, DVD, etc.) on both Linux machines (i.e., in two directions), I need to run SAMBA server on both machines, and SAMBA client on both machines as well, is that right? When I configure in YaST, I need to declare the workgroup (default is "TUX-NET"). Should SAMBA server on the second machine be assigned the same workgroup? Or is that a conflict? Should one be serving to (say) TUX-NET1 and the other to TUX-NET2? I'll use an actual name of my own choosing, but should it be one workgroup name for both servers, or a different workgroup for each? Also, on a newly installed SuSE 9.2 system, is there any reason why YaST should not be completely sufficient to get SAMBA working? That is, is there any possible setup parameter for SAMBA that would need me to edit the files directly? I haven't even considered printing yet; just file/directory shares, so this config must be about as simple as it gets for SAMBA, right? Kevin PS: Referring to a recent thread with my name on it --I installed a newer hub/router, and yes the DHCP server in my old one was broken ...
On Sun January 2 2005 7:51 pm, elefino wrote:
I've added a second Linux box to my little network. It was stated in a previous thread in this list that SAMBA3 is basically just as good as NFS for file and printer sharing... so, with that advice (to somebody else) I'll stick with SAMBA (that I already use for sharing with the Windows box).
To share files, directories and devices (CD, DVD, etc.) on both Linux machines (i.e., in two directions), I need to run SAMBA server on both machines, and SAMBA client on both machines as well, is that right?
You only need one server. The samba client will work with a Windows server or a samba.server. I have set up Linux working with a Windows server, using only the client on the Linux box. It was for a friend a year ago and all I remember I is that I used Yast2 to set it up. Rich -- Rich Matson Reno, Nv. USA
On Sunday 02 January 2005 10:09 pm, C. Richard Matson wrote:
You only need one server. The samba client will work with a Windows server or a samba.server. I have set up Linux working with a Windows server, using only the client on the Linux box. It was for a friend a year ago and all I remember I is that I used Yast2 to set it up. Rich
Guess I'm wrong. Everything I read said you needed to be a server to offer up a share. At least that is the way I understood it. What function does the server perform if not offering out shares? Doug should it be one workgroup name for both
servers, or a different workgroup for each?
Same name for both. It's kind of like saying "We all belong to the same family". I put all my machines into the same workgroup, Windows, amba severs, and samba clients.
Also, on a newly installed SuSE 9.2 system, is there any reason why YaST should not be completely sufficient to get SAMBA working? That is, is there any possible setup parameter for SAMBA that would need me to edit the files directly? I haven't even considered printing yet; just file/directory shares, so this config must be about as simple as it gets for SAMBA, right?
My samba needs right now are pretty simple and yast has done the job. In the past I have used webmin and back when I used RH 6.x, I used swat. As far as printing, it's pretty easy. If you want to use a printer on a windows box, you can set it up in yast. If you want to off a printer from a linux box and you use cups, I think suse (or maybe samba in general) defaults to offering all cups printers. I am far from an expert in samba, so I can't offer a lot of help, but reading and trying can usually get you a solution. Good luck! Doug get you a solution. Good luck! Doug
On Sunday 02 January 2005 10:17 pm, Doug B wrote:
On Sunday 02 January 2005 10:09 pm, C. Richard Matson wrote:
You only need one server. The samba client will work with a Windows server or a samba.server. I have set up Linux working with a Windows server, using only the client on the Linux box. It was for a friend a year ago and all I remember I is that I used Yast2 to set it up. Rich
Guess I'm wrong. Everything I read said you needed to be a server to offer up a share. At least that is the way I understood it. What function does the server perform if not offering out shares?
Doug
should it be one workgroup name for both
Doug
Sorry about all the junk in the previous email. I don't know how I did that and didn't see it before I hit send. I just looked at the yast > network services > samba client. About all you can set here is a workgroup. In the samba server module you can offer shares among other configure options. Doug
On Sun January 2 2005 8:17 pm, Doug B wrote:
On Sunday 02 January 2005 10:09 pm, C. Richard Matson wrote:
You only need one server. The samba client will work with a Windows server or a samba.server. I have set up Linux working with a Windows server, using only the client on the Linux box. It was for a friend a year ago and all I remember I is that I used Yast2 to set it up. Rich
Guess I'm wrong. Everything I read said you needed to be a server to offer up a share. At least that is the way I understood it. What function does the server perform if not offering out shares?
My understanding is that Samba server is the equal to a windows server. And that Samba client let's a 'nix' machine work on the smb network just like a windows desktop on a Windows server network. I found the info on the net. I did a quick look but couldn't find the info. Originally it took me three or four hours to find it in a form I could understand. No geek here:-) Rich
Doug should it be one workgroup name for both
servers, or a different workgroup for each?
Same name for both. It's kind of like saying "We all belong to the same family". I put all my machines into the same workgroup, Windows, amba severs, and samba clients.
Also, on a newly installed SuSE 9.2 system, is there any reason why YaST should not be completely sufficient to get SAMBA working? That is, is there any possible setup parameter for SAMBA that would need me to edit the files directly? I haven't even considered printing yet; just file/directory shares, so this config must be about as simple as it gets for SAMBA, right?
My samba needs right now are pretty simple and yast has done the job. In the past I have used webmin and back when I used RH 6.x, I used swat.
As far as printing, it's pretty easy. If you want to use a printer on a windows box, you can set it up in yast. If you want to off a printer from a linux box and you use cups, I think suse (or maybe samba in general) defaults to offering all cups printers.
I am far from an expert in samba, so I can't offer a lot of help, but reading and trying can usually get you a solution.
Good luck!
Doug get you a solution.
Good luck!
Doug
-- Rich Matson Reno, Nv. USA
C. Richard Matson wrote:
My understanding is that Samba server is the equal to a windows server. And that Samba client let's a 'nix' machine work on the smb network just like a windows desktop on a Windows server network. I found the info on the net. I did a quick look but couldn't find the info. Originally it took me three or four hours to find it in a form I could understand. No geek here:-) Rich
Yes and No. As far as SMB file share, it is the same except that Linux is a better solution (better performance, no restiction on # of user connections). SAMBA also supports CIFS, an open standard form of SMB. CIFS currently looks like a lot safer solution for fileshares than NFS. A SAMBA server can also act as a NT primary domain controller, providing single logon to network services, much like NIS for UNIX. What a SAMBA server cannot do, is become an Active Directory domain controller. This is most unfortunate, but it this could happen, Linux could seriously become an affordable solution to current Windows network, because the Windows 2003 is so so expensive.
On 04/01/05 05:29 PM, Joaquin Menchaca
What a SAMBA server cannot do, is become an Active Directory domain controller. This is most unfortunate, but it this could happen, Linux could seriously become an affordable solution to current Windows network, because the Windows 2003 is so so expensive.
Well with a little luck that should become possible later this year as its promised in Samba4. Of course it'll probably be much later this year as I belive they only began testing a couple of months back. Regards, Ben
On Sunday 02 January 2005 09:51 pm, elefino wrote:
To share files, directories and devices (CD, DVD, etc.) on both Linux machines (i.e., in two directions), I need to run SAMBA server on both machines, and SAMBA client on both machines as well, is that right?
Yes. A servert can offer stuff for sharing. A client can get a share.
When I configure in YaST, I need to declare the workgroup (default is "TUX-NET"). Should SAMBA server on the second machine be assigned the same workgroup? Or is that a conflict? Should one be serving to (say) TUX-NET1 and the other to TUX-NET2? I'll use an actual name of my own choosing, but should it be one workgroup name for both servers, or a different workgroup for each?
Same name for both. It's kind of like saying "We all belong to the same family". I put all my machines into the same workgroup, Windows, amba severs, and samba clients.
Also, on a newly installed SuSE 9.2 system, is there any reason why YaST should not be completely sufficient to get SAMBA working? That is, is there any possible setup parameter for SAMBA that would need me to edit the files directly? I haven't even considered printing yet; just file/directory shares, so this config must be about as simple as it gets for SAMBA, right?
My samba needs right now are pretty simple and yast has done the job. In the past I have used webmin and back when I used RH 6.x, I used swat. As far as printing, it's pretty easy. If you want to use a printer on a windows box, you can set it up in yast. If you want to off a printer from a linux box and you use cups, I think suse (or maybe samba in general) defaults to offering all cups printers. I am far from an expert in samba, so I can't offer a lot of help, but reading and trying can usually get you a solution. Good luck! Doug
Þann Mánudagur 03 janúar 2005 04:51 skrifaði elefino:
I've added a second Linux box to my little network. It was stated in a previous thread in this list that SAMBA3 is basically just as good as NFS for file and printer sharing... so, with that advice (to somebody else) I'll stick with SAMBA (that I already use for sharing with the Windows box).
Whoever told you that Samba3 was as good as NFS for file and printer sharing, is about as wrong as he could ever be. There are real differences between a CIF share and a NFS share, and then you add the fact that Samba is basically an attempt to "emulate" the CIF share on Linux, and thus not as good as a true Windows box is. If you have a samba server running, that means you probably have cups running as well. You use direct connection between cups on the two linux boxes, adding samba to the issue is basically a "boo boo". However, it "might" be easier, if you are running samba and the printer on the same machine as then you don't need to "edit" the cups configuration files, but I suggest you get acquainted with those files, it's worth the 10-30 minutes it takes. Mounting a samba share, on a secondary Linux box, means you bipass all the user rights ... that's also a "boo boo". If you intend to run Linux, then get the time to get acquainted with the tools that it uses. Spend time learning how hypercomputer systems are put up, and how they work ... it's worth the effort. You might end up using Andrews File System, for performance and security sake ... but then, NFS is simpler and quicker to setup. But Windows share in a Unix environment is like shooting yourself in the foot, if you intend to use Linux/Unix as both server and workstation. Samba is a simple "bridge" environment, to enable Windows clients in a Linux environment ... and just "recently" to allow Linux servers to exist in a trusted Windows domain. It's intended to "bridge" the two worlds, it's not a "good" replacement ... that's just a no brainer. My 2¢ worth.
On Monday 03 January 2005 09:02, Örn Einar Hansen wrote:
Þann Mánudagur 03 janúar 2005 04:51 skrifaði elefino:
I've added a second Linux box to my little network. It was stated in a previous thread in this list that SAMBA3 is basically just as good as NFS for file and printer sharing... so, with that advice (to somebody else) I'll stick with SAMBA (that I already use for sharing with the Windows box).
Whoever told you that Samba3 was as good as NFS for file and printer sharing, is about as wrong as he could ever be.
Well, they didn't tell "me" explicitly. It was in a SAMBA-related or NFS-related thread on this list several months ago. Somebody made the statement that they'd used both SAMBA and NFS and that SAMBA was at least as fast, if not faster, for file transfers, and worked as well in some aspectsthat were important to that person at the time -- so if one is going to be using SAMBA on a network, why bother also running NFS? When I saw that, I stopped worrying about setting up NFS, since I'd be using SAMBA anyway, and why add additional hassle and complication? You are probably correct that NFS is more proper to use between two Linux boxes, but if I'm already going to have SAMBA running, what do I gain by having NFS running as well? NFS is simpler and quicker to set up than "Andrews File System", which I'd never heard of before you wrote the name, but I already performed the steps that I read in NFS HowTo and failed to get it going (after failing to get it going using just YaST). I could now proceed to bang my head on SAMBA until it works again, and stop with a working network, or I could complete that and then bang my head for a further many days and maybe or maybe not figure out where I'm being stupid about NFS, but all I'd have is a sore head and more blood running into my eyes. I don't see that I'd have additional functionality. I'm also not clear on what you are implying about reduced security if I use SAMBA, or how I would gain security by adding NFS in a two-box network where I must run SAMBA anyway. Oh, I've heard all the arguments about why don't I just be a real man and switch totally to Linux. <grin> Unfortunately in that respect, what I am is a married man. Therefore, if the wife wants Windows, she gets Windows. She has an argument that trumps all "use Linux, it's better" arguments. Her argument for using Windows is: nobody writes tax software for Linux, and the tax software does not work via Wine (some validation thing). Therefore, our house will have at least one Windows box for the forseeable future, and I must accommodate it. Also, her work uses ACT! and she likes to sync at home occasionally. Furthermore, if she or I bring home a laptop from work, it's gonna be Windows. I think that it is a minor triumph that I have persuaded her to boot in Linux for everyday tasks (mail, browsing, OpenOffice stuff, etc.) and only boot Windows for three programs that are Win-only. Three years ago, she would not have considered it. Thanks for your comments, and any more detail you can add that would help me see the relative advantages of each approach (SAMBA alone, NFS with SAMBA, NFS alone). Kevin
Örn Einar Hansen wrote:
Þann Mánudagur 03 janúar 2005 04:51 skrifaði elefino:
I've added a second Linux box to my little network. It was stated in a previous thread in this list that SAMBA3 is basically just as good as NFS for file and printer sharing... so, with that advice (to somebody else) I'll stick with SAMBA (that I already use for sharing with the Windows box).
Whoever told you that Samba3 was as good as NFS for file and printer sharing, is about as wrong as he could ever be. There are real differences between a CIF share and a NFS share, and then you add the fact that Samba is basically an attempt to "emulate" the CIF share on Linux, and thus not as good as a true Windows box is.
Want to know the single best way to hang a Unix box so badly as to need a reboot? Down a box it has an NFS connection to. Simple as that. Works every time, unless you've mounted the share with lots of options that might cause data loss. And sometimes it's pretty dang inconvenient. Don't get me wrong. I understand why, and I even appreciate it. But there are different ways of doing things for different purposes, and NFS isn't and end-all-be-all file serving solution. Feel free to pick whatever works for you. (And if everything I read about AFS didn't scare me away from it, I'd probably try it.) dk
Well said - in my bad old solaris 2.6 days we used automounter maps to get round the problem of a "downed" NFS server hanging the solaris clients. There's autofs for Linux, but I'm not sure how robust it is - any feedback anyone? Of course, there is the argument that when you have all your files on a central NFS server, if it hangs you couldn't possibly do anything useful with the clients anyway, but I think that's a cop-out. You'd like the NFS server to re-establish connections to the clients once it's back up, but I guess that's in the realms of kernel software development and other scary stuff and the like ;) Just my 2p's worth. Cheers, Jon David Krider wrote:
Örn Einar Hansen wrote:
Þann Mánudagur 03 janúar 2005 04:51 skrifaði elefino:
I've added a second Linux box to my little network. It was stated in a previous thread in this list that SAMBA3 is basically just as good as NFS for file and printer sharing... so, with that advice (to somebody else) I'll stick with SAMBA (that I already use for sharing with the Windows box).
Whoever told you that Samba3 was as good as NFS for file and printer sharing, is about as wrong as he could ever be. There are real differences between a CIF share and a NFS share, and then you add the fact that Samba is basically an attempt to "emulate" the CIF share on Linux, and thus not as good as a true Windows box is.
Want to know the single best way to hang a Unix box so badly as to need a reboot? Down a box it has an NFS connection to. Simple as that. Works every time, unless you've mounted the share with lots of options that might cause data loss. And sometimes it's pretty dang inconvenient. Don't get me wrong. I understand why, and I even appreciate it. But there are different ways of doing things for different purposes, and NFS isn't and end-all-be-all file serving solution. Feel free to pick whatever works for you. (And if everything I read about AFS didn't scare me away from it, I'd probably try it.)
dk
Jonathan Brooks wrote:
Well said - in my bad old solaris 2.6 days we used automounter maps to get round the problem of a "downed" NFS server hanging the solaris clients. There's autofs for Linux, but I'm not sure how robust it is - any feedback anyone?
Of course, there is the argument that when you have all your files on a central NFS server, if it hangs you couldn't possibly do anything useful with the clients anyway, but I think that's a cop-out. You'd like the NFS server to re-establish connections to the clients once it's back up, but I guess that's in the realms of kernel software development and other scary stuff and the like ;)
As I recall, a soft mount is supposed to resolve that problem. Then again, we're not talking Windows servers here, so there'd not likely be many server failures. ;-)
On Monday 03 January 2005 17:47, James Knott wrote:
Jonathan Brooks wrote:
Well said - in my bad old solaris 2.6 days we used automounter maps to get round the problem of a "downed" NFS server hanging the solaris clients. There's autofs for Linux, but I'm not sure how robust it is - any feedback anyone?
Of course, there is the argument that when you have all your files on a central NFS server, if it hangs you couldn't possibly do anything useful with the clients anyway, but I think that's a cop-out. You'd like the NFS server to re-establish connections to the clients once it's back up, but I guess that's in the realms of kernel software development and other scary stuff and the like ;)
As I recall, a soft mount is supposed to resolve that problem. Then again, we're not talking Windows servers here, so there'd not likely be many server failures. ;-)
But, since I started all this just wanting to share directories between two Linux boxes (both SuSE 9.2 Pro), and since the directories that need sharing are on both systems (some on each), I got the idea that whatever filesystem service I used, I'd have to have a server running on each PC, in order to serve shares to the Client on the other, respectively. If I'm wrong on that, somebody oughta tell me that just one server on the network can reach out and share a directory that lives on another machine... that's not how I imagined it to work, but... Anyway, my Linux box is my only PC at home, so it's on most of the time. My wife's PC is dual boot (because I'm still waiting for that other fellow to tell me where to get tax software that runs on Linux, so she can drop Windows... :-) This means that her Linux machine absolutely *will* go down while my machine is connected (whether by NFS, SAMBA or whatever), probably several times per week. If that meant a hang of my PC every time -- and a hang of hers everytime mine was hung.... looks like an endless loop to me. That's less convenient than sneakernet or e-mail. I've only heard from half a dozen people on this thread, and among them they disagree about whether NFS takes the computer to lunch when another NFS server goes away. Surely out of the hundreds or thousands of members of this list, there must be more than a few who have two Linux boxes sharing files/directories across a simple home network. What are all the rest of you doing? Kevin (still unshared)
Þann Þriðjudagur 04 janúar 2005 03:15 skrifaði elefino:
I've only heard from half a dozen people on this thread, and among them they disagree about whether NFS takes the computer to lunch when another NFS server goes away. Surely out of the hundreds or thousands of members of this list, there must be more than a few who have two Linux boxes sharing files/directories across a simple home network. What are all the rest of you doing?
This is a bit different, than you what you stated originally, where you said the upstairs was up all the time ... if neither machine is up all the time, you're reduced to using something like samba as a server on both, where you simply browse to the shares you want to use. The "preferred" way, is to use one as a server and have the other share it's resources, thus reducing bandwidth and overhead ... using both as servers that may or may not be present at any given moment where write/read is attempted, reduces their value as desktop workstations and limits your options.
Kevin (still unshared)
On Monday 03 January 2005 23:45, Örn Einar Hansen wrote:
Þann Þriðjudagur 04 janúar 2005 03:15 skrifaði elefino:
I've only heard from half a dozen people on this thread, and among them they disagree about whether NFS takes the computer to lunch when another NFS server goes away. Surely out of the hundreds or thousands of members of this list, there must be more than a few who have two Linux boxes sharing files/directories across a simple home network. What are all the rest of you doing?
This is a bit different, than you what you stated originally, where you said the upstairs was up all the time ... if neither machine is up all the time, you're reduced to using something like samba as a server on both, where you simply browse to the shares you want to use. The "preferred" way, is to use one as a server and have the other share it's resources, thus reducing bandwidth and overhead ... using both as servers that may or may not be present at any given moment where write/read is attempted, reduces their value as desktop workstations and limits your options.
Upstairs is up most of the time, by my choice. However, it is also the PC on which I learn about anything new (to me) like this NFS stuff and like SAMBA that no longer works for me (since 9.2 and the replacement PC downstairs). That means I may screw up my system for days at a time... look how long this simple task is taking me. Not knowing what-all services and things are really involved, whenever I change settings and try again to get NFS or SAMBA to serve... I shutdown and restart in order to be absolutely sure that services and daemons and things get restarted with new values. That's overkill, and not the Linux way, but it saves two weeks of turnaround where somebody finally points out to me that I'd been overlooking some service/daemon with a one-letter name that was absolutely crucial to what I'd been trying to do, but wasn't mentioned in the docs that I'd seen. If my wife was constrained to wait for me to get my act together each time she wanted to work on her own PC (because I held all the shared files and had screwed up my PC again), she'd be justifiably ready to kill me. What I should probably do is to set up a third PC, as server, on which I conservatively make no changes until I've learned how on my desktop PC, but that's not really an option just now. So, you seem to be saying that I should drop my recent enthusiasm for NFS and go back to sorting out SAMBA for both the Linux-to-Win98 and the Linux-to-Linux situations? If that's the recommendation, I'll be going back to your long SAMBA post of the other day, for which detail I thank you very much. Cheers, kevin (still an isolated island in a tiny pond)
Þann Þriðjudagur 04 janúar 2005 14:10 skrifaði elefino:
So, you seem to be saying that I should drop my recent enthusiasm for NFS and go back to sorting out SAMBA for both the Linux-to-Win98 and the Linux-to-Linux situations? If that's the recommendation, I'll be going back to your long SAMBA post of the other day, for which detail I thank you very much.
Now you're saying that SAMBA isn't working either? It sounds to me that there is something really wrong with your setup. In reality, NFS is much simpler to setup than samba is. I suggest you take to heart the advices put forth by Graham Smith, to install nmap and have it scan for the ports on your server from the client ... and to watch out for firewalls. I also suggest you work on getting both working, samba and nfs ... that way you always have a choice of what you find more convenient. That's what linux is all about, choice.
Cheers,
kevin (still an isolated island in a tiny pond)
My 2¢ worth, Örn
On Mon January 3 2005 6:15 pm, elefino wrote:
On Monday 03 January 2005 17:47, James Knott wrote:
But, since I started all this just wanting to share directories between two Linux boxes (both SuSE 9.2 Pro), and since the directories that need sharing are on both systems (some on each), I got the idea that whatever filesystem service I used, I'd have to have a server running on each PC, in order to serve shares to the Client on the other, respectively.
I have two computers setup on SuSE 9.2, using NFS to transfer files between them. The desktop is the NFS server and my laptop is the client. The laptop is a dual boot with XP. The laptop has a fat partition that I use to transfer files between Windows and Linux. If the desktop is running I can boot, reboot and shutdown with out problems. If I want to move files from XP to my desktop I need to use XP to move them to the fat partition and then boot into linux on the laptop and then move them to the server. Kind of a pain, but I rarely do it, so it's not a problem for me. Rich -- Rich Matson Reno, Nv. USA
C. Richard Matson wrote:
On Mon January 3 2005 6:15 pm, elefino wrote:
On Monday 03 January 2005 17:47, James Knott wrote:
But, since I started all this just wanting to share directories between two Linux boxes (both SuSE 9.2 Pro), and since the directories that need sharing are on both systems (some on each), I got the idea that whatever filesystem service I used, I'd have to have a server running on each PC, in order to serve shares to the Client on the other, respectively.
I have two computers setup on SuSE 9.2, using NFS to transfer files between them. The desktop is the NFS server and my laptop is the client. The laptop is a dual boot with XP. The laptop has a fat partition that I use to transfer files between Windows and Linux. If the desktop is running I can boot, reboot and shutdown with out problems. If I want to move files from XP to my desktop I need to use XP to move them to the fat partition and then boot into linux on the laptop and then move them to the server. Kind of a pain, but I rarely do it, so it's not a problem for me. Rich
One thing you may want to do, is move your "My Documents" folder, to that FAT partition. It'll save you a step. Also, if you're running XP Pro, you can get the Unix services package from MS, which included NFS.
On Tue January 4 2005 5:00 am, James Knott wrote:
C. Richard Matson wrote:
On Mon January 3 2005 6:15 pm, elefino wrote:
On Monday 03 January 2005 17:47, James Knott wrote:
I have two computers setup on SuSE 9.2, using NFS to transfer files between them. The desktop is the NFS server and my laptop is the client. The laptop is a dual boot with XP. The laptop has a fat partition that I use to transfer files between Windows and Linux. If the desktop is running I can boot, reboot and shutdown with out problems. If I want to move files from XP to my desktop I need to use XP to move them to the fat partition and then boot into linux on the laptop and then move them to the server. Kind of a pain, but I rarely do it, so it's not a problem for me. Rich
One thing you may want to do, is move your "My Documents" folder, to that FAT partition. It'll save you a step. Also, if you're running XP Pro, you can get the Unix services package from MS, which included NFS.
Thanks James. That sounds like an improvement for my setup. Happy New Year. Rich -- Rich Matson Reno, Nv. USA
On Tuesday 04 January 2005 04:15, elefino wrote:
On Monday 03 January 2005 17:47, James Knott wrote:
I've only heard from half a dozen people on this thread, and among them they disagree about whether NFS takes the computer to lunch when another NFS server goes away. Surely out of the hundreds or thousands of members of this list, there must be more than a few who have two Linux boxes sharing files/directories across a simple home network. What are all the rest of you doing?
Kevin (still unshared)
Hope this helps : A. NFS ''''''''''''' My internal network is 192.168.168.0/24. I don't like using 192.168.0.0/24 as I feel this is potentially ambiguous with that 'extra' zero.. I have a central linux server (SuSe9.1) that acts as a gateway to the internet and also as a local DNS/DHCP serverand as a central LTSP. It exports some directories - the /etc/exports file is : ===================================== /SuSE/ *(ro,root_squash,sync) /var/lib/YaST2/you/mnt/ *(rw,root_squash,sync) /work/pictures *(ro,root_squash,sync) /knoppix/ *(rw,root_squash,sync) /work/wanderer/ *(rw,root_squash,sync) /home/wanderer/Documents/ packard(rw,root_squash,sync) ## LTSP-begin ## # # The lines between 'LTSP-begin' and 'LTSP-end' were added # on: Thu Oct 14 14:31:55 2004, by the ltspcfg configuration tool. # For more information, visit the LTSP homepage # at http://www.LTSP.org # /opt/ltsp 192.168.168.0/255.255.255.0(ro,no_root_squash,sync) /var/opt/ltsp/swapfiles 192.168.168.0/255.255.255.0(rw,no_root_squash,async) ## LTSP-end ## I set these up using YAST->Network Services->NFS server. The firewall is setup in quick mode with the internal interface as 'trusted' i.e. open and the external ethernet interface 'untrusted' i.e closed. ====================================== /SuSE contains the installation DVD's for SuSe 9.1 and 9.2 /var/lib/YAST2/you/mnt is the SuSe patch directory The other directories are for general use. On my laptop (called wanderer when running WinXP and packard when running SuSe9.2) I have the following in /etc/fstab ========================================= linux.hewlettfamily:/home/wanderer/Documents /home/wanderer/linux nfs defaults 0 0 ========================================= I set this up using the YAST->Network Services->NFS client. Note that the 'Browse' option in the dialog did not work but if I typed in the server name 'linux.hewlettfamily' manually everything else worked. B. Samba ''''''''''''''''''' I have the following stanza in /etc/samba/smb.conf: [work area] comment = Work area for everybody path = /work read only = No create mask = 0777 (My workgroup is 'MSHOME'.) and my windows machines (WinXP for wife, Win98SE for son and Win98SE for daughter) can all see this share as well as the 2 printers connected and the home directories of each login. My laptop running SuSe9.2 sees this share as well. I set this up by using YAST->Network Services->Samba client. The browse tab in this dialog also does not work - it defaults to 'TUX-NET' and using the browse tab gives me a workgroup 'LINUX' which does not exist. Manually typing in 'MSHOME' is successful. When I click on the 'Network Browsing' desktop icon I get a konqueror window with 2 icons 'SLP services' and 'Windows Network'. Clicking the latter gives me 'Mshome' icon and clicking on that gives all machines on my network, WinXP, Win98SE and Linux. This corresponds to the URL smb://mshome/. Each of these PC's has their own login on the central linux server and logs in as such. I have created the necessary entries in Samba using 'smbpasswd'. I also had to edit a file /etc/samba/smbusers to map windows login names to unix login names. My wife's WinXP machine was originally mine and the original login on this machine is 'Dad'. I changed to my wife's name 'Wife' but internally WinXP still thinks of it as 'Dad' so I had to add a line to 'smbusers' wife = dad wife (NB these are not the actual login names. I use Dad,Wife to illustrate the point). So it *does* work. Problems ''''''''''''''''''' I tried setting the workgroup to a different name 'hewlettfamily' or 'TUXNET' or 'LINUX' but none of these worked for a reason I still haven't figured out. I am currently stuck with 'MSHOME'. I am unable to print to my HP printer that is connected to the WinXP machine. Everything is setup but if I try printing I get a permanent spool job on the WinXP machine which cannot be removed. All subsequent printing to this device is blocked by this one spool job. The only solution is to wait for the job to eventually terminate which can take 2hours or more - even rebooting the winXP machine does not help. Installing 'Printer Services for Unix' on WinXP may solve this problem. Having multiple logins , one for each family member is a headache. Regards Paul Hewlett -- Paul Hewlett (Linux #359543) Email:\`echo az.oc.evitcaten@ttelweh | rev\`" Tel: +27 21 852 8812 Cel : +27 72 719 2725 FAX: +27 866720563" --
On Tue, 4 Jan 2005 13:15, elefino wrote:
But, since I started all this just wanting to share directories between two Linux boxes (both SuSE 9.2 Pro), and since the directories that need sharing are on both systems (some on each), I got the idea that whatever filesystem service I used, I'd have to have a server running on each PC, in order to serve shares to the Client on the other, respectively.
If you just want to copy files between the two computers on an adhoc basis I suggest you use konqueror with the 'fish' protocol. Enter in konqueror the URL in the format 'fish://<username>@<ip-address> ' then you can copy and rename files between the two computers. -- Regards, Graham Smith ---------------------------------------------------------
On Tuesday 04 January 2005 06:26, Graham Smith wrote:
On Tue, 4 Jan 2005 13:15, elefino wrote:
But, since I started all this just wanting to share directories between two Linux boxes (both SuSE 9.2 Pro), and since the directories that need sharing are on both systems (some on each), I got the idea that whatever filesystem service I used, I'd have to have a server running on each PC, in order to serve shares to the Client on the other, respectively.
If you just want to copy files between the two computers on an adhoc basis I suggest you use konqueror with the 'fish' protocol.
Enter in konqueror the URL in the format 'fish://<username>@<ip-address> ' then you can copy and rename files between the two computers.
EEK! Another protocol to learn about, when I haven't nailed down SAMBA and NFS yet. Thanks. I'll look it up. kevin
elefino wrote:
On Tuesday 04 January 2005 06:26, Graham Smith wrote:
If you just want to copy files between the two computers on an adhoc basis I suggest you use konqueror with the 'fish' protocol.
Enter in konqueror the URL in the format 'fish://<username>@<ip-address> ' then you can copy and rename files between the two computers.
EEK! Another protocol to learn about, when I haven't nailed down SAMBA and NFS yet. Thanks. I'll look it up. fish is a file sharing protocol through ssh. You only need to have your ssh daemon running (which it is by default). This works great (and is very easy AND secure as a bonus [maybe not an issue in your situation]). This will work for Linux to Linux. For Windows to Linux, get putty and winscp. Winscp is the basic equivalent to fish in Windows. For just sharing files, this would be easiest. If you needed to map directories, this wouldn't work. BTW, to print downstairs, you could just use CUPS to CUPS when she was in Linux, CUPS through Samba (it only uses samba client, no daemons) when she was in Windows. HTH -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Registered Linux user 231871
Þann Mánudagur 03 janúar 2005 22:38 skrifaði David Krider:
Want to know the single best way to hang a Unix box so badly as to need a reboot? That's an oldie, and not really valid ... but I do recall there were several buggy NFS implementation that caused the hang to remain, even after the server came up.
And sometimes it's pretty dang inconvenient. The idea *is* that the server you use to "export" the shares is the robust machine on the network. Not some lil'crapper, that nobody cares about and nobody watches after and one that sooner or later is gonna run out of diskspace, or get full with logs.
This was a problem, when the clients had even their root file system exported from the server. Or at least, most of the major system files ... where the clients were so called "terminals" ... they do freeze when the server is down but only because they're waiting for the server to reappear. I do recall, as previously stated, that some linux boxes remained frozen, even after the server came up ... don't think it does anymore, but then I haven't tested it. However, if you are trying to "imply" that CIFS are better ... than I suggest you start reading more carefully ... like "oplocks". It's not a question on "faultlessness", but rather one of "convenience". Of course you'll say hang is not "convenient" ... but it is, when you really need the file system to be there it's better to "hang around" until it is ... rather than to have the data vaporize into the ozone layer as it does in cifs. My 2¢ worth, Örn
On Monday 03 January 2005 16:38, David Krider wrote:
Örn Einar Hansen wrote:
Þann Mánudagur 03 janúar 2005 04:51 skrifaði elefino:
I've added a second Linux box to my little network. It was stated in a previous thread in this list that SAMBA3 is basically just as good as NFS for file and printer sharing... so, with that advice (to somebody else) I'll stick with SAMBA (that I already use for sharing with the Windows box).
Whoever told you that Samba3 was as good as NFS for file and printer sharing, is about as wrong as he could ever be. There are real differences between a CIF share and a NFS share, and then you add the fact that Samba is basically an attempt to "emulate" the CIF share on Linux, and thus not as good as a true Windows box is.
Want to know the single best way to hang a Unix box so badly as to need a reboot? Down a box it has an NFS connection to. Simple as that. Works every time, unless you've mounted the share with lots of options that might cause data loss. And sometimes it's pretty dang inconvenient. Don't get me wrong. I understand why, and I even appreciate it. But there are different ways of doing things for different purposes, and NFS isn't and end-all-be-all file serving solution. Feel free to pick whatever works for you. (And if everything I read about AFS didn't scare me away from it, I'd probably try it.)
Are you saying that it doesn't matter whether the connected box goes down gracefully or just dies? As long as it isn't there when NFS wants to stroke it, NFS will hang the other box? Great. My wife's machine would default to Linux, but she'd often shutdown and reboot into Win98. Also, she likes to shut off a PC when nobody is sitting in front of it. Sounds like NFS could make me unhappy about twice per day... assuming I ever get it working. . . :-) What have you heard about AFS... the scary bits, I mean? Kevin (the unsharing)
Þann Þriðjudagur 04 janúar 2005 03:00 skrifaði elefino:
Great. My wife's machine would default to Linux, but she'd often shutdown and reboot into Win98. Also, she likes to shut off a PC when nobody is sitting in front of it. Sounds like NFS could make me unhappy about twice per day... assuming I ever get it working. . . :-)
You got it the other way around ... you use the box that's up "all" the time to export. The example in which NFS hangs, is if you make it mount "hard" instead of "soft". It's an option, that does default to "hard". This is necessary, because in many cases NFS is used to export file systems, that the clients are "dependant" on. This means, that if the NFS server goes down (like your upstairs computer), then the client (your downstairs computer) will wait for it to come up again, before it can do any saves to, or reads from those exports.
What have you heard about AFS... the scary bits, I mean?
Scary bits, as far as I've heard is that it's kerberos(heimdal) based and can be a hassle to have around. It requires you to acquire a token, etc. There is a never version of that file system, called "coda" that handles encryption, and who knows what. But I've never found any need to go into AFS or coda ... but I know those who are worried about the man in the middle, or security issues prefer them for NFS.
Kevin (the unsharing)
Örn Einar Hansen wrote:
Þann Þriðjudagur 04 janúar 2005 03:00 skrifaði elefino:
Great. My wife's machine would default to Linux, but she'd often shutdown and reboot into Win98. Also, she likes to shut off a PC when nobody is sitting in front of it. Sounds like NFS could make me unhappy about twice per day... assuming I ever get it working. . . :-)
You got it the other way around ... you use the box that's up "all" the time to export.
The example in which NFS hangs, is if you make it mount "hard" instead of "soft". It's an option, that does default to "hard". This is necessary, because in many cases NFS is used to export file systems, that the clients are "dependant" on. This means, that if the NFS server goes down (like your upstairs computer), then the client (your downstairs computer) will wait for it to come up again, before it can do any saves to, or reads from those exports.
What have you heard about AFS... the scary bits, I mean?
Scary bits, as far as I've heard is that it's kerberos(heimdal) based and can be a hassle to have around. It requires you to acquire a token, etc. There is a never version of that file system, called "coda" that handles encryption, and who knows what.
But I've never found any need to go into AFS or coda ... but I know those who are worried about the man in the middle, or security issues prefer them for NFS.
Kevin (the unsharing)
Yeah, NFS is really really really easy to hack. There is NO authentication. Just send the UIDs and that's it. Voila, access granted. It's really bad. :'( Newer versions of NFS on Solaris, can use Kerberos, and open source versions are moving in that directions. It'll take a while to get there. SAMBA has limited encryption for account authentication. AFS/Coda is already Kerberorized today. In my network, I have a scrappy old Linksys, and the only way it works for the household is by having open access for Wi-Fi. This means my network is open to at least the neighbors. For this, I generally don't use NFS (except in limited experimentations), and just use SAMBA between Mac OS X - Linux - Solaris - Windows XP/2K3.
Örn Einar Hansen wrote:
Þann Mánudagur 03 janúar 2005 04:51 skrifaði elefino:
I've added a second Linux box to my little network. It was stated in a previous thread in this list that SAMBA3 is basically just as good as NFS for file and printer sharing... so, with that advice (to somebody else) I'll stick with SAMBA (that I already use for sharing with the Windows box).
Whoever told you that Samba3 was as good as NFS for file and printer sharing, is about as wrong as he could ever be. There are real differences between a CIF share and a NFS share, and then you add the fact that Samba is basically an attempt to "emulate" the CIF share on Linux, and thus not as good as a true Windows box is.
Actually, I could be wrong, but from my understanding, it is an implementation of the CIFS standard. It's not emulating anything. And in fact is outperforms Windows servers. The other things about a "true" Windows box is that there is a limitation of 5 concurrent users that can connect on a Windows XP, NT WS, and 2000 Pro boxes. For Windows NT server, Windows 2000 server, and Windows Server 2003, there's a maximum of 5 concurrent users. Purchasing more CAL licenses for Windows server will allow more concurrent users. This artificial limitation does not exist on Linux. Lastly, SAMBA requires authentication, while NFS does not. You have to map SMB-style accounts to UNIX accounts, which can be cumbersome, but does provide a level of security. However, NFS requires the UID to match, but doesn't do any sort of authentication. This can be considered rather dangerous, as a hacker can find the UIDs and get access to the files.
Þann Þriðjudagur 04 janúar 2005 18:36 skrifaði Joaquin Menchaca:
Lastly, SAMBA requires authentication, while NFS does not. You have to map SMB-style accounts to UNIX accounts, which can be cumbersome, but does provide a level of security. However, NFS requires the UID to match, but doesn't do any sort of authentication. This can be considered rather dangerous, as a hacker can find the UIDs and get access to the files.
True, for the most part ... there is something called NIS that works in coherence with NFS. Point is, if you have two, or more, Linux or Unix machines, that already handle authendication adequately. You are likely to want a "common" userbase, for ease of administration. I see no reason to add more authendication protocols to that, unless the system is volatile and the network is insecure ... but I'm not running the pentagon at home. My 2¢ worth, Örn
Örn Einar Hansen wrote:
Þann Þriðjudagur 04 janúar 2005 18:36 skrifaði Joaquin Menchaca:
Lastly, SAMBA requires authentication, while NFS does not. You have to map SMB-style accounts to UNIX accounts, which can be cumbersome, but does provide a level of security. However, NFS requires the UID to match, but doesn't do any sort of authentication. This can be considered rather dangerous, as a hacker can find the UIDs and get access to the files.
True, for the most part ... there is something called NIS that works in coherence with NFS. Point is, if you have two, or more, Linux or Unix machines, that already handle authendication adequately. You are likely to want a "common" userbase, for ease of administration. I see no reason to add more authendication protocols to that, unless the system is volatile and the network is insecure ... but I'm not running the pentagon at home.
My 2¢ worth, Örn
NIS has very weak security. For that reason, it is never used by any companies that have any slight concern over security. You'd be amazed how resource hackers can be once they find a way to worm into your network. However, it is doubtful that the general hacker would bother with household systems, rather than high profile prestige places. If one did, it'd probaly be to zombie machines for a coordinated DoS attack against something like SCO. For my network, due to my Linksys problems with Wi-Fi security, I avoid opening up any computer, as unknown neighbors can have fun. So, all of my computers (about a half-score of them) are firewalled, in addition to the main firewall. I'm now setting up a permiter network and a private network, so I won't have to worry as much. - joaquin ps - speaking of which, any good how-tos to turn Linux into a WAP? Is there support for WPA and using RADIUS authentication for WPA?
Þann Fimmtudagur 06 janúar 2005 20:11 skrifaði Joaquin Menchaca:
For my network, due to my Linksys problems with Wi-Fi security, I avoid opening up any computer, as unknown neighbors can have fun. So, all of my computers (about a half-score of them) are firewalled, in addition to the main firewall. I'm now setting up a permiter network and a private network, so I won't have to worry as much.
I've got a Linksys here at home, as well ... WRT54G, and the wireless in it is limited with a 128 bit encryption. Of course, it's not the best in the world and a good hacker would be able to get in in about an hour, but then I don't have that much "wireless" activity, that I really need to worry, even I were running the pentagon here :) Limiting access by IP ... not too secure, but if I need to secure things. I'll be focusing on AFS or coda ... currently, I see no reason to do that, unless I encounter some "malicious" mind, rather than a real hacker (which of course, is more common anyways). The way I see it, a real hacker is likely to be more tempted to break into a safe, than he is in entering the closet. So, a "safe" is only partial security as it will "draw" the attention of those interested in the breaking. Thus, the way I see it ... physical security is much more important than other types. Breaking up the network, and having proper firewalls and bridges that will limit physical access according to needed security levels.
- joaquin
ps - speaking of which, any good how-tos to turn Linux into a WAP? Is there support for WPA and using RADIUS authentication for WPA?
I've got a Linksys here at home, as well ... WRT54G, and the wireless in it is limited with a 128 bit encryption. Of course, it's not the best in the world and a good hacker would be able to get in in about an hour, but then I don't have that much "wireless" activity, that I really need to worry, even I were running the pentagon here :)
They "could" get in. In about an hour, only if you left your Linksys WRT54G wtih the factory defaults and you were running open ports on your computers. I do agree that 128 bit could be turned up a lot more; But for the most part it's not easily deciphered "just like that!". It takes work, A lot of work with a very, very fast pc and patience! ;( I too, take security measures with my Linksys WRT54G and network in general pretty seriously. A wardriver can do a lot of damage if you leave your wireless router wide open. Not only to your computer (s), but to some company and using your network for the damage.
Limiting access by IP ... not too secure
Agreed, A very bad idea!
The way I see it, a real hacker is likely to be more tempted to break into a safe, than he is in entering the closet. So, a "safe" is only partial security as it will "draw" the attention of those interested in the breaking. Thus, the way I see it ... physical security is much more important than other types. Breaking up the network, and having proper firewalls and bridges that will limit physical access according to needed security levels.
You can never have enough layers of security. Networking is like an Art and Science. Education is key here. Read,Read,Read! JD
On Thu, 6 Jan 2005 14:48:22 -0700, you wrote:
I've got a Linksys here at home, as well ... WRT54G, and the wireless in it is limited with a 128 bit encryption. Of course, it's not the best in the world and a good hacker would be able to get in in about an hour, but then I don't have that much "wireless" activity, that I really need to worry, even I were running the pentagon here :)
They "could" get in. In about an hour, only if you left your Linksys WRT54G wtih the factory defaults and you were running open ports on your computers.
I do agree that 128 bit could be turned up a lot more; But for the most part it's not easily deciphered "just like that!". It takes work, A lot of work with a very, very fast pc and patience! ;( I too, take security measures with my Linksys WRT54G and network in general pretty seriously.
You're behind the times. Try 20 minutes. Mike- -- If you can keep your head while those around you are losing theirs... You may have a great career as a network administrator ahead! -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments,
On Thursday 06 January 2005 11:25 pm, Örn Einar Hansen wrote:
Þann Föstudagur 07 janúar 2005 02:04 skrifaði Michael W Cocke:
You're behind the times. Try 20 minutes.
It requires a certain amount of "megabytes" for it to be hacked ... I stated, there's no such traffic going through my wireless. :)
Are wired routers as easily hacked as wireless ones? And how much does it help to change the router password from the default? Paul
Are wired routers as easily hacked as wireless ones? And how much does it help to change the router password from the default?
The answer is yes (unless some wardriver is outside, then the wireless would
be easier). Basically, you are talking about an attacker compromising
software protection to your router configuration from the WAN side. Once he
(or she) has control of your router, then they can open any ports they
desire and blast away at your computer trying to get it. Now I'm not an
expert on all exploits that exist, but with regard to your password
question, it goes like this:
On your typical cable/dsl router, there is usually an option for remote
administratioin. If you enable remote administration and don't change your
password, then everybody on earth with the same type of router manual has
free access to your system simply by entering the default password. So
change your password. (123456) is not a good choice.
If remote admin is not enabled, unless another exploit exists to get in from
the outside -- then it is really a who cares situation. However, if they do
get through the router and then talk to your router from the LAN side, same
result. Anybody with a router manual has the default password, so they have
control of your router again. So again -- change the password.
For the most part, the Linksys, Belkin, D-Link, etc.. boxes to a pretty good
job. They are not bulletproof, but 99.999% of the time, they are more than
sufficient. Set them up, turn the ping response off, change the password,
and forward only the ports you require to the machine that needs it and turn
off the services that are not required on the receiving machine.
--
David C. Rankin, J.D., P.E.
RANKIN LAW FIRM, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankin-bertin.com
--
----- Original Message -----
From: "Paul W. Abrahams"
On Thursday 06 January 2005 11:25 pm, Örn Einar Hansen wrote:
Þann Föstudagur 07 janúar 2005 02:04 skrifaði Michael W Cocke:
You're behind the times. Try 20 minutes.
It requires a certain amount of "megabytes" for it to be hacked ... I stated, there's no such traffic going through my wireless. :)
Are wired routers as easily hacked as wireless ones? And how much does it help to change the router password from the default?
Paul
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Are wired routers as easily hacked as wireless ones? And how much does it help to change the router password from the default?
The one thing to keep in mind is which type of router,model, whether it's commercial grade or home PC made? They can be easily hacked, If not kept up to date and you leave the default settings, passwords,etc. Now, the argument comes into play if you have a wired router, It can be hacked with another comp on the other end of that wire. Just like a comp with a wireless connectivity, that can be hacked with another wireless Comp; with the data flowing through the air with a secured 128 bit connection between the wireless router and wireless card. Though, It can be hacked with a secured wireless connection. It gets tricky and somewhat tough, sometimes impossible; If properly configured? There is a lot of angles to cover, before you run wild on the net. Just make sure you read and cover all of your hardware/software that will be used for your network. Some router manufacturers are pretty good about keeping their firmware up to date; while others, whom design and build a PC firewall are very damn good at making a extremely thick safe. JD
JD. Brown wrote:
Are wired routers as easily hacked as wireless ones? And how much does it help to change the router password from the default?
The one thing to keep in mind is which type of router,model, whether it's commercial grade or home PC made?
They can be easily hacked, If not kept up to date and you leave the default settings, passwords,etc.
Now, the argument comes into play if you have a wired router, It can be hacked with another comp on the other end of that wire.
Just like a comp with a wireless connectivity, that can be hacked with another wireless Comp; with the data flowing through the air with a secured 128 bit connection between the wireless router and wireless card. Though, It can be hacked with a secured wireless connection. It gets tricky and somewhat tough, sometimes impossible; If properly configured?
There is a lot of angles to cover, before you run wild on the net.
Just make sure you read and cover all of your hardware/software that will be used for your network.
Some router manufacturers are pretty good about keeping their firmware up to date; while others, whom design and build a PC firewall are very damn good at making a extremely thick safe.
JD
I was using BBIagent on an old Cyrix box until something must have changed on the cable modem side and it refused to answer my cable modem ever again, don't know why as another guy is using the identical setup and it works. Now I use Astaro Linux firewall where everything is chrooted and it's impossible to do anything with it other than the allowed admin actions and setups from a designated box on the internal network, it's so tight that the only way I could install another firewall to try was to delete all the partitions and reformat the HD. Other than upgrades, it's been impossible to put any files on to any partition, it won't even allow you as root to handle the floppy drive, it says it doesn't exist, neither does the hard drive. It's about as unhackable as you can get and has that reputation. Astaro are also very much on the ball with updates. The only drawback is they only support PCMCIA wireless, but perhaps a PCI adapter containing a PCMCIA wireless card would work. Regards Sid. -- Sid Boyce .... Hamradio G3VBV and Keen Flyer =====ALMOST ALL LINUX USED HERE, Solaris 10 SPARC is just for play=====
On Thu, 6 Jan 2005 23:43:42 -0500, you wrote:
On Thursday 06 January 2005 11:25 pm, Örn Einar Hansen wrote:
Þann Föstudagur 07 janúar 2005 02:04 skrifaði Michael W Cocke:
You're behind the times. Try 20 minutes.
It requires a certain amount of "megabytes" for it to be hacked ... I stated, there's no such traffic going through my wireless. :)
Are wired routers as easily hacked as wireless ones? And how much does it help to change the router password from the default?
Paul
What I was referring to was a live demo I saw a few weeks back - using a laptop, a standard wireless network card, and several freely available linux programs (freely available if you know where to look), the wireless network in an adjacent office suite was completely broken in about 20 minutes. Everything that went over the link was showing up in clear on the laptop - credit card numbers, passwords, client data... WEP 128 is about as useless as Windows. You can't do that on a wired lan, which is all that I'll be using from here on, thanks. Scared the crap out of me, to be completely honest. Mike- -- If you can keep your head while those around you are losing theirs... You may have a great career as a network administrator ahead! -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments,
On Friday 07 January 2005 13:11, Michael W Cocke wrote:
in about 20 minutes. Everything that went over the link was showing up in clear on the laptop - credit card numbers, passwords, client
Where these sent to websites using SSL? How could they decrypt those? Brana
Þann Föstudagur 07 janúar 2005 19:11 skrifaði Michael W Cocke:
WEP 128 is about as useless as Windows. You can't do that on a wired lan, which is all that I'll be using from here on, thanks. Scared the crap out of me, to be completely honest.
The case in question, was probably a WEP 64. It takes some 100 Mb of data, to break the key. Takes a lot longer, with 128 bit ... of course, the security in it sucks big time. I'd probably put up a "wireless" up in the "de-militerized-zone" ... then use Radius for authendication, and VPN for access into the network proper. That is, if I had any data I needed to protect. :) My 2¢ worth. Örn
WEP 128 is about as useless as Windows. You can't do that on a wired lan, which is all that I'll be using from here on, thanks. Scared the crap out of me, to be completely honest.
Mike-
Yes, Just using WEP alone is not good enough to lock down a wireless network. Using WPA Pre-Phared key with MAC address filtering and a firewall, It then becomes enough. It becomes 99.9% almost impossible to penetrate or hack.I have to leave that .1% for exploits and such. JD
Michael W Cocke wrote:
What I was referring to was a live demo I saw a few weeks back - using a laptop, a standard wireless network card, and several freely available linux programs (freely available if you know where to look), the wireless network in an adjacent office suite was completely broken in about 20 minutes. Everything that went over the link was showing up in clear on the laptop - credit card numbers, passwords, client data...
WEP 128 is about as useless as Windows. You can't do that on a wired lan, which is all that I'll be using from here on, thanks. Scared the crap out of me, to be completely honest.
For WiFi security, place the router or access point outside your firewall and then use a vpn, to access your local network.
James Knott wrote:
Michael W Cocke wrote:
What I was referring to was a live demo I saw a few weeks back - using a laptop, a standard wireless network card, and several freely available linux programs (freely available if you know where to look), the wireless network in an adjacent office suite was completely broken in about 20 minutes. Everything that went over the link was showing up in clear on the laptop - credit card numbers, passwords, client data...
WEP 128 is about as useless as Windows. You can't do that on a wired lan, which is all that I'll be using from here on, thanks. Scared the crap out of me, to be completely honest.
For WiFi security, place the router or access point outside your firewall and then use a vpn, to access your local network.
Yeah, but if they were passing credit card data unencrypted over any link they deserve to lose it. That's why so many places also user their VPN solutions over the wireless. - Herman
Paul W. Abrahams wrote:
On Thursday 06 January 2005 11:25 pm, Örn Einar Hansen wrote:
Þann Föstudagur 07 janúar 2005 02:04 skrifaði Michael W Cocke:
You're behind the times. Try 20 minutes.
It requires a certain amount of "megabytes" for it to be hacked ... I stated, there's no such traffic going through my wireless. :)
Are wired routers as easily hacked as wireless ones? And how much does it help to change the router password from the default?
The concern with wireless routers, is that the encryption is fairly easy to break, giving an intruder full access to the network. Many people don't even bother with encryption or other security, leaving their networks fully exposed. My wireless router, on the other hand, is outside of my firewall and requires ssh or vpn, to reach my home network, as well as breaking the wireless encryption.
Michael W Cocke wrote:
On Thu, 6 Jan 2005 14:48:22 -0700, you wrote:
I do agree that 128 bit could be turned up a lot more; But for the most part it's not easily deciphered "just like that!". It takes work, A lot of work with a very, very fast pc and patience! ;( I too, take security measures with my Linksys WRT54G and network in general pretty seriously.
You're behind the times. Try 20 minutes.
Really?!? :-) How? What sort of processor? I want to see how long it'd take with either my dual processor G5 or my AMD Athlon 64 setup or even my laptop (1.6 GHz Pentium M).
On Fri January 7 2005 11:03, Joaquin Menchaca wrote:
Michael W Cocke wrote:
On Thu, 6 Jan 2005 14:48:22 -0700, you wrote:
I do agree that 128 bit could be turned up a lot more; But for the most part it's not easily deciphered "just like that!". It takes work, A lot of work with a very, very fast pc and patience! ;( I too, take security measures with my Linksys WRT54G and network in general pretty seriously.
You're behind the times. Try 20 minutes.
Really?!? :-) How? What sort of processor? I want to see how long it'd take with either my dual processor G5 or my AMD Athlon 64 setup or even my laptop (1.6 GHz Pentium M).
That was my point!!!!!!!!!!!!!!!! Thank You!!!!! There are some reports floating around the net with some groups claiming that they can do it. But, My interprotation is that, under certain controlled enviroments, they can crack it in under 2-4 hours. With some very good PC hardware. If you ever read any one of these reports. They never mention the hardware used. One extreme report claimed 30 minutes. If I were at my other workstation; I would love to supply the links. I do feel these claims are rather extreme. I tried replicating this with my Dual AMD MP 2200+, Tyan motherboard. I let it run for a week and a half with 128 bit; Well, quite frankly. I shut it down. It never really got anywhere on the decipher. I'm no expert on deciphering my own encryption, although; I did decipher my own 40 bit key. I recall that being done in 3.5 days with my dual AMD system. It's been a little over a year since. We can all agree on one thing. Unless we are running an IBM Blue Gene server to decipher and "One-Time Pad" encryption with everything. We would be 100% safe and 110% mad as well! Security is a big pain! :( JD
JD. Brown wrote:
I've got a Linksys here at home, as well ... WRT54G, and the wireless in it is limited with a 128 bit encryption. Of course, it's not the best in the world and a good hacker would be able to get in in about an hour, but then I don't have that much "wireless" activity, that I really need to worry, even I were running the pentagon here :)
They "could" get in. In about an hour, only if you left your Linksys WRT54G wtih the factory defaults and you were running open ports on your computers.
I do agree that 128 bit could be turned up a lot more; But for the most part it's not easily deciphered "just like that!". It takes work, A lot of work with a very, very fast pc and patience! ;( I too, take security measures with my Linksys WRT54G and network in general pretty seriously.
A wardriver can do a lot of damage if you leave your wireless router wide open. Not only to your computer (s), but to some company and using your network for the damage.
Limiting access by IP ... not too secure
Agreed, A very bad idea!
The way I see it, a real hacker is likely to be more tempted to break into a safe, than he is in entering the closet. So, a "safe" is only partial security as it will "draw" the attention of those interested in the breaking. Thus, the way I see it ... physical security is much more important than other types. Breaking up the network, and having proper firewalls and bridges that will limit physical access according to needed security levels.
You can never have enough layers of security. Networking is like an Art and Science. Education is key here. Read,Read,Read!
JD
In my scenario, which is in Silicon Valley, I have 16 people at any one time using my wireless access point. There are over 5 wireless networks within my area (probaly neighbors and such). Many of them are using Linksys. The older Linksys models are reliable, but my newer VPN router has nothing but problems. If offers more security (WPA and in-filter for MAC addresses), but it is not so reliable. When I activate even WEP, 50% of the household cannot connect, and when I activate in-filter, one person cannot connect. So, it is problematic, and because of this, I have to allow the whole freakin' neighborhood to my network. :'( Fortunately, I have been getting a few of these EPIA motherboards (mini-ITX mobos) to help slice up my network, while at the same time save on the electric bill. Before, I have many machines exposed to the neighborhood, but now, I'll have only one web server exposed, while everything else will be hiding behind another firewall. I'll play around with everything, safe and unsafe, but in the long run, I'll find the best most secure solution. IMHO, one just has to be knowledgeable, and migrate to more security without too much sacrifice of convenience. Oh by the way, after looks at OpenAFS, I found that there's a Windows version. This might be pretty cool if Windows works well with AFS, as this would be the most secure, until NFS w/ Kerberos authentication works, or alternatively, use SAMBA3 with Kerberos (don't know what's involved with that route though). -- joaquin
On Thursday 06 Jan 2005 19:11, Joaquin Menchaca wrote:
ps - speaking of which, any good how-tos to turn Linux into a WAP? Is there support for WPA and using RADIUS authentication for WPA?
OpenAP - http://opensource.instant802.com/ PublicIP - http://www.publicip.net/ CQure - http://www.cqure.net/tools.jsp?id=09 MeshAP - http://locustworld.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=6 The following also sell Linux-based hardware: Sputnik - http://www.sputnik.com Linux LiveCD Router - http://www.wifi.com.ar/ LocustWorld - http://locustworld.com You can probably find lots of others if you google for them. -- Pob hwyl / Best wishes Kevin Donnelly www.kyfieithu.co.uk - Meddalwedd Rhydd yn Gymraeg www.cymrux.org.uk - Linux Cymraeg ar un CD!
On Thu, 2005-01-06 at 20:11, Joaquin Menchaca wrote:
Örn Einar Hansen wrote:
For my network, due to my Linksys problems with Wi-Fi security, I avoid opening up any computer, as unknown neighbors can have fun. So, all of my computers (about a half-score of them) are firewalled, in addition to the main firewall. I'm now setting up a permiter network and a private
Excuse me, But if you set up a general firewall between your network and the bad bad world outside (which is good common practice), why setting up a firelwall on other (local) nodes? Either you trust your main firewall, ot you should do something about it.... Behind your firewall: don't you trust the users behind it? Wifi should be MAC-selected.(configured in your wifi-modem) (or it should be outside your trusted area) What's the point in having each and individual node having its own firewall???? If you find a number of untrust-worthy ip-addresses, your local dns/ip-table should deal with it. Not?? Hans.
Excuse me,
But if you set up a general firewall between your network and the bad bad world outside (which is good common practice), why setting up a firelwall on other (local) nodes?
Either you trust your main firewall, ot you should do something about it....
Actually it's a good idea to run software firewall on each comp and than break each sector up with a hardware firewall. It can be a pain to lock down each comp in a medium to large business; but it does wonders when under attack. JD
Hans Witvliet wrote:
What's the point in having each and individual node having its own firewall????
If the main firewall is compromised, your machines won't be immediately compromised since they have their own firewalls. It's redundant but it does provide security in layers. My own computers have individual firewalls to protect them from my *roommates* who don't know squat about sercurity for their systems and frequently have troubles with spyware and viruses. Ideally, I should put my computers on a different subnet to provide more protection. Christopher Reimer
Þann Mánudagur 03 janúar 2005 04:51 skrifaði elefino:
Also, on a newly installed SuSE 9.2 system, is there any reason why YaST should not be completely sufficient to get SAMBA working? Depends on what you want samba to do, if I remember correctly then YaST doesn't have the "tools" to setup samba as a PDC, or BDC. Or to use LDAP as an auth server. For that, you need SLES or to edit the files directly.
That is, is there any possible setup parameter for SAMBA that would need me to edit the files directly? Yes.
I haven't even considered printing yet; just file/directory shares, so this config must be about as simple as it gets for SAMBA, right? If you have the printer on the same machine as samba, then I don't think you need to do anything. The default samba, exports the printcap file and thus it's ready to accept printing ... unless the rights aren't correctly setup by default, then you'd need to edit the configuration. Adding file shares is simple, YaST can handle that easily.
You don't need to do anything to make samba a server, as all samba machines are servers ... only thing you need to do, is to add shares in YaST. And it's also appropriate to have the workgroup the same for both samba machines, it simplifies browsing. Just setup a different netbios name for each machine.
Kevin
PS: Referring to a recent thread with my name on it --I installed a newer hub/router, and yes the DHCP server in my old one was broken ...
Am I right in thinking that the only time you'd really want to use SAMBA is if you have to support windows boxes? Can CUPS share printers round the network without SAMBA? Say you use NFS for networking - what are the issues for security of data etc? As far as I know nothing is encrypted with NFS, so it's fairly easy to spy on these machines, also aren't there well know exploits that make use of holes in NFS? So I guess my question is: is there a relatively secure network file system for use on a small network, that doesn't require that you put all the computers behind a firewall? Cheers, Jon. Örn Einar Hansen wrote:
Þann Mánudagur 03 janúar 2005 04:51 skrifaði elefino:
Also, on a newly installed SuSE 9.2 system, is there any reason why YaST should not be completely sufficient to get SAMBA working?
Depends on what you want samba to do, if I remember correctly then YaST doesn't have the "tools" to setup samba as a PDC, or BDC. Or to use LDAP as an auth server. For that, you need SLES or to edit the files directly.
That is, is there any possible setup parameter for SAMBA that would need me to edit the files directly?
Yes.
I haven't even considered printing yet; just file/directory shares, so this config must be about as simple as it gets for SAMBA, right?
If you have the printer on the same machine as samba, then I don't think you need to do anything. The default samba, exports the printcap file and thus it's ready to accept printing ... unless the rights aren't correctly setup by default, then you'd need to edit the configuration. Adding file shares is simple, YaST can handle that easily.
You don't need to do anything to make samba a server, as all samba machines are servers ... only thing you need to do, is to add shares in YaST. And it's also appropriate to have the workgroup the same for both samba machines, it simplifies browsing. Just setup a different netbios name for each machine.
Kevin
PS: Referring to a recent thread with my name on it --I installed a newer hub/router, and yes the DHCP server in my old one was broken ...
Jonathan Brooks wrote:
Am I right in thinking that the only time you'd really want to use SAMBA is if you have to support windows boxes? Can CUPS share printers round the network without SAMBA?
Yes.
Say you use NFS for networking - what are the issues for security of data etc? As far as I know nothing is encrypted with NFS, so it's fairly easy to spy on these machines, also aren't there well know exploits that make use of holes in NFS?
The same applies to Samba. If you want encryption, use a VPN.
So I guess my question is: is there a relatively secure network file system for use on a small network, that doesn't require that you put all the computers behind a firewall?
Not that I'm aware of.
James Knott wrote:
Jonathan Brooks wrote:
Am I right in thinking that the only time you'd really want to use SAMBA is if you have to support windows boxes? Can CUPS share printers round the network without SAMBA?
Yes.
Say you use NFS for networking - what are the issues for security of data etc? As far as I know nothing is encrypted with NFS, so it's fairly easy to spy on these machines, also aren't there well know exploits that make use of holes in NFS?
The same applies to Samba. If you want encryption, use a VPN.
So I guess my question is: is there a relatively secure network file system for use on a small network, that doesn't require that you put all the computers behind a firewall?
Not that I'm aware of.
Well, and what is your problem using a firewall? As long as we have eval people on this planet (or at least on the internet) we will need firewalls, as long as we are connected to the internet, won't we? But as of my own experience this isn't a problem at all. The firewall software as well as all of Linux is getting better and better and about 90 per cent of my PC related problems have been shown up as of hardware, NOT software. I think this is rather great. Yours Martin
On Monday 03 January 2005 09:17, Örn Einar Hansen wrote:
Þann Mánudagur 03 janúar 2005 04:51 skrifaði elefino:
Also, on a newly installed SuSE 9.2 system, is there any reason why YaST should not be completely sufficient to get SAMBA working?
Depends on what you want samba to do, if I remember correctly then YaST doesn't have the "tools" to setup samba as a PDC, or BDC. Or to use LDAP as an auth server. For that, you need SLES or to edit the files directly.
That is, is there any possible setup parameter for SAMBA that would need me to edit the files directly?
Yes.
I haven't even considered printing yet; just file/directory shares, so this config must be about as simple as it gets for SAMBA, right?
If you have the printer on the same machine as samba, then I don't think you need to do anything. The default samba, exports the printcap file and thus it's ready to accept printing ... unless the rights aren't correctly setup by default, then you'd need to edit the configuration. Adding file shares is simple, YaST can handle that easily.
This is another part I don't really understand. I have my SuSE9.2-only PC running SAMBA server and Client. Downstairs, in her office, my wife has the dual-boot machine, running (eventually) SAMBA server and client (when she's booted in Linux, and running nothing much when she's booted in Win98), and also connected to the laser printer. My machine (SuSE9.2-only) is on all the time. Hers may or may not be on, and if on, it may be booted in SuSE9.2 or in Win98. The main thing that I want is for either machine to be able to read/write shared files on the other, regardless of which O/S she is running. If I can also print from my SuSE9.2-only machine through her machine (where the printer is connected to the parallel port) sometimes, then that is gravy, but is secondary to the file-sharing need.
You don't need to do anything to make samba a server, as all samba machines are servers ... only thing you need to do, is to add shares in YaST. And it's also appropriate to have the workgroup the same for both samba machines, it simplifies browsing. Just setup a different netbios name for each machine.
OK... I was looking at SAMBA as server and client separately, because that is how YaST presents it. In the Client setup, all it asks is for the workgroup in which the client will be working, and wether or not to use SMB information for Linux authentication (I left that box unchecked because I didn't understand the implications and because it was unchecked by default and my philosophy is to accept defaults unless I know a good reason to change). Are you saying that upstairs, I can use YaST to configure Server and Client, and downstairs I can just start Client and that automatically starts a server on that machine, too? In that case, SuSE should always start those modules together, or else the naive user assumes that they are separate functions and that the other does not need to be configured when the one is configured. Kevin (who will tweak some settings and try again, as soon as wifey gets off her machine)
Þann Mánudagur 03 janúar 2005 20:14 skrifaði elefino:
Are you saying that upstairs, I can use YaST to configure Server and Client, and downstairs I can just start Client and that automatically starts a server on that machine, too? In that case, SuSE should always start those modules together, or else the naive user assumes that they are separate functions and that the other does not need to be configured when the one is configured.
Well, they reside in /etc/samba/smb.conf ... which is the central samba
configuration file. But the client is a simple program, called 'smbclient'
along with libraries, while the other is a server daemon 'smbd', so in fact
they are separate. The client is also comprised of a browser deamon called
lisa. Since you are saying that you'd like to write to both machines, you'd
want to setup both as servers (and clients). With the same workgroup name,
all round the block.
One thing to note, is that you'd want your "upstairs" machine to run 'nmbd'
or the "Netbios Nameservices Daemon". And you'd want the machine downstairs
to use the upstairs machine as a "wins" server (both in linux and windows).
It will simplify browsing, between windows and linux.
In the case, when the downstairs machine is in Linux, you'd want the parts
of the machine that are supposed to be viewable both "upstairs" and
"downstairs" to actually reside on your "upstairs" machine. Let's say, in
"/usr/local/upstairs" just for an example. Than you'd do something like this
in your /etc/exports on your upstairs machine (assuming your upstairs network
IP is 192.168.x.y/24:
/usr/local/upstairs 192.168.x.0/24(rw,root_squash,sync)
Then you'd go into YaST, in System->run levels, expert mode. Find
"nfsserver", and make it run in "3 5", and then start (or restart) the
service. Then try to mount it, directly and see if all is ok.
#> mount 192.168.x.y:/usr/local/upstairs /mnt
#> umount /mnt
Now, in your upstairs /etc/samba/smb.conf file ... you'd add this for our
little example.
[upstairs]
comment = Upstairs files
path = /usr/local/upstairs
guest ok = yes
And then you do:
#> rcsmb reload
And then you'd go into YaST on both the upstairs and downstairs machines,
and make sure "lisad" was up and running in both "3 5" on both machines. As
well as ensuring that "nmbd" was running on the upstairs machine in "3 5".
Make sure that win98 on the downstairs machine, uses the upstairs machine as
it's "wins" server.
Now on your "downstairs" Linux box, you'd do something like this in
it's /etc/fstab file:
192.168.x.y:/usr/local/upstairs /usr/local/upstairs nfs
rsize=8192,wsize=8192,rw,bg,timeo=14,intr
Then, after you've edited the fstab file, you do the following ... but only
the first time around, all subsequent mounts will be automatic.
#downstairs> mount /usr/local/upstairs
So, whenever the downstairs machine is started it will automatically mount
the nfs (but not hang on it "bg" option) share from upstairs and all "data"
is automatically modifiable in both places.
Both linux boxes can now browse to "smb://
On Monday 03 January 2005 16:22, Örn Einar Hansen wrote a bunch of stuff about SAMBA that I'm going to study carefully, but then you said:
The difference here is, that whenever you browse to your samba share, you'll need to authendicate to the upstairs machine. While all you need for the NFS share, is to have your "/etc/passwd" identical on both linux boxes, the rest is automatic ... the rights give on the upstairs machine, will be inherited by the downstairs machine, of the same user (actually user id is what counts, not the name). No need to authendicate, as you're already authendicated on the local machine.
That's a good incentive to get NFS going. I could reserve SAMBA for just the Windoze shares, when needed/applicable, and share upstairs/downstairs via NFS most of the time. If only it would work . . . Right now, it does not work, but I don't know what is the point of failure. Upstairs (the Linux-only box) my /etc/exports file looks like this: /home/kevin/k-shared/ *(rw,root_squash,sync) /home/kevin/Documents/ *(rw,root_squash,sync) /home/kevin/downloads/ *(rw,root_squash,sync) /windows/ *(rw,root_squash,sync) /home/mywife/ *(rw,root_squash,sync) /media/ *(rw,root_squash,sync) The output of rpcinfo looks like this: upstairs:/etc # rpcinfo -p upstairs program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100227 3 udp 2049 nfs_acl 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100227 3 tcp 2049 nfs_acl 100021 1 udp 1085 nlockmgr 100021 3 udp 1085 nlockmgr 100021 4 udp 1085 nlockmgr 100024 1 udp 1085 status 100021 1 tcp 2560 nlockmgr 100021 3 tcp 2560 nlockmgr 100021 4 tcp 2560 nlockmgr 100024 1 tcp 2560 status 100005 1 udp 689 mountd 100005 1 tcp 692 mountd 100005 2 udp 689 mountd 100005 2 tcp 692 mountd 100005 3 udp 689 mountd 100005 3 tcp 692 mountd upstairs:/etc # Meanwhile, downstairs, on the NetVista, in Linux, I try to configure/start the NFS Client service using YaST. I am unable to browse to the upstairs machine, to fill in the fields, and if I type the values in by hand, I still get this error when NFS Client module tries to save-and-exit: NFS Client Writing NFS Configuration... ERROR Unable to mount NFS entries from /etc/fstab Downstairs, I'm logged in as my wife (it's her machine) using the same userid and password as on the upstairs machine. But even that should make no difference, because YaST is working as root and is unable to see the upstairs server. Now, granted it is very possible that I input the values incorrectly when trying to tell the Client what to do. But that should not affect the ability of the downstairs Client to browse the network and find the upstairs NFS Server. As usual, I don't know enough about this... only enough to be dangerous... :-) It appears that, upstairs, the nfs service is running, as are the portmapper, the lockmanager and mountd. What else needs to be going, upstairs, so that the YaST NFS Client downstairs should be able to see the upstairs server and browse its exported shares? Also, for bonus points, since this is approximately the simplest possible network configuration (two PCs on a single LAN subnet, joined by a simple hub/router), why is YaST not getting it right, automatically? There should be basically no options or non-default settings, so what's to screw up? POSSIBLY unrelated point. YaST seems to insert a tab character into the exports file (just before the "*" wildcards), but I read in a HowTo or a man page that the only separator should be a space. So, I edited the exports file to replace the tab characters with single spaces in those locations, but have noticed no difference after saving and restarting. Where do I go, next with NFS setup? I just want to see it working, at first. I'll worry about options and getting fancy at a later date. Now to re-re-re-read your post about how SAMBA works. Regards, Kevin (unshared at the moment)
On Tue, 4 Jan 2005 12:54, elefino wrote:
Right now, it does not work, but I don't know what is the point of failure. Upstairs (the Linux-only box) my /etc/exports file looks like this: /home/kevin/k-shared/ *(rw,root_squash,sync) /home/kevin/Documents/ *(rw,root_squash,sync) /home/kevin/downloads/ *(rw,root_squash,sync) /windows/ *(rw,root_squash,sync) /home/mywife/ *(rw,root_squash,sync) /media/ *(rw,root_squash,sync)
Try replacing the '*' with your ip_range/netmask and I think you will find it will work. i.e. /home/kevin/k-shared/ 192.168.1.0/24(rw,root_squash,sync) -- Regards, Graham Smith ---------------------------------------------------------
On Monday 03 January 2005 21:08, Graham Smith wrote:
On Tue, 4 Jan 2005 12:54, elefino wrote:
Right now, it does not work, but I don't know what is the point of failure. Upstairs (the Linux-only box) my /etc/exports file looks like this: /home/kevin/k-shared/ *(rw,root_squash,sync) /home/kevin/Documents/ *(rw,root_squash,sync) /home/kevin/downloads/ *(rw,root_squash,sync) /windows/ *(rw,root_squash,sync) /home/mywife/ *(rw,root_squash,sync) /media/ *(rw,root_squash,sync)
Try replacing the '*' with your ip_range/netmask and I think you will find it will work. i.e. /home/kevin/k-shared/ 192.168.1.0/24(rw,root_squash,sync)
Alrighty, I tried that... and 192.168.0.0/24, with no joy. So I widened the scope to 192.168.0.0/16, which still didn't work. (Restarting each time, then running to the other machine and attempting to setup the Client and have it scan for NFS servers on the little net........ nothing. So, it's not a matter of any of the particular shares being bad, or badly defined. The client is not finding *anything*. What's the next step? By the way, why did you suggest the IP? Isn't that the point of the "*" wildcard, to cover all bases and not restrict where not necessary? Or have I got that wrong? kevin (lonely and unshared :-)
Þann Þriðjudagur 04 janúar 2005 05:05 skrifaði elefino:
Alrighty, I tried that... and 192.168.0.0/24, with no joy. So I widened the scope to 192.168.0.0/16, which still didn't work. (Restarting each time, then running to the other machine and attempting to setup the Client and have it scan for NFS servers on the little net........ nothing.
First of all, there's no need to run upstairs and downstairs ... turn SSH on, and SSH between them. Secondly, you don't need to do it on the second machine, if you can do it on your local machine, with your "remote ip" then you can also do it on a remote machine for that ip. Assuming your export machine ip is 192.168.0.1, then (as root on 192.168.0.1): #> mount 192.168.0.1:/home/kevin/Documents /mnt #> vdir /mnt ... #> umount /mnt If it doesn't work, then either the nfs server isn't running, or there's a firewall blocking the tcp port. Now you can go downstairs and do the same on that computer.
So, it's not a matter of any of the particular shares being bad, or badly defined. The client is not finding *anything*.
If you are trying to "browse" for an NFS share ... then your hard out of luck. I know lisa is "supposed" to do it, but it hasn't worked for me yet. Except for samba, that does appear to work properly. My 2¢ worth, Örn
On Tue, 4 Jan 2005 15:05, elefino wrote:
Try replacing the '*' with your ip_range/netmask and I think you will find it will work. i.e. /home/kevin/k-shared/ 192.168.1.0/24(rw,root_squash,sync)
Alrighty, I tried that... and 192.168.0.0/24, with no joy. So I widened the scope to 192.168.0.0/16, which still didn't work. (Restarting each time, then running to the other machine and attempting to setup the Client and have it scan for NFS servers on the little net........ nothing.
So, it's not a matter of any of the particular shares being bad, or badly defined. The client is not finding *anything*.
What's the next step?
By the way, why did you suggest the IP? Isn't that the point of the "*" wildcard, to cover all bases and not restrict where not necessary? Or have I got that wrong? It is far easier to debug and there can be problems using wildcards with NFS which I have encountered in the past.
kevin (lonely and unshared :-)
OK, to start with what is the IP address of your server and client. You can determine them by /sbin/ifconfig We will for this exercise call the Server 'A' and the client 'B' Can you ping from 'A' to 'B' and 'B' to 'A'? ----------------------- Server -------------------- On the Server 'A' run the following command ps -ef | grep nfs You should get something like the following # ps -ef | grep nfs root 4220 1 0 2004 ? 00:00:00 [nfsd] root 4221 1 0 2004 ? 00:00:00 [nfsd] root 4222 1 0 2004 ? 00:00:00 [nfsd] root 4223 1 0 2004 ? 00:00:00 [nfsd] root 26902 26882 0 21:31 pts/1 00:00:00 grep nfs then try # ps -ef | grep portmap nobody 4138 1 0 2004 ? 00:00:00 /sbin/portmap root 26904 26882 0 21:32 pts/1 00:00:00 grep port If you do not have either a nfsd or portmap process running, start them (as root) by the following commands rcportmap start rcnfsserver start This is an entry from my /etc/exports file on my server. /home 10.21.132.0/24(rw,sync) ------------------------ CLIENT ----------------------- Do you have a mount point for where you are going to mount the NFS share? To test the NFS connection create a mount point /mnt/tmp by command mkdir /mnt/tmp Now try to mount the NFS directory by mount -t nfs <server-IP>:/home/kevin/k-shared /mnt/tmp replacing <server-IP> with the IP address of the server Does this work? If it does then umount the NFS share and look for any mistakes you may have made in /etc/fstab ---------------------- DEBUGGING -------------------- Install the rpm 'nmap' if it is not already installed. From the client 'B' run the command nmap <server-IP> you should see an entry for NFS in the output like so: 2049/tcp open nfs If you don't then have you got firewalls running? You must have the nfs port open on the server. That will do for now. Please report back and we will go on from here. -- Regards, Graham Smith ---------------------------------------------------------
On Tuesday 04 Jan 2005 01:54 am, elefino wrote: <SNIP>
Right now, it does not work, but I don't know what is the point of failure. Upstairs (the Linux-only box) my /etc/exports file looks like this: /home/kevin/k-shared/ *(rw,root_squash,sync) /home/kevin/Documents/ *(rw,root_squash,sync) /home/kevin/downloads/ *(rw,root_squash,sync) /windows/ *(rw,root_squash,sync) /home/mywife/ *(rw,root_squash,sync) /media/ *(rw,root_squash,sync)
Get rid of the final '/' on the export pathname, make sure there is a blank line at the end of the file, and no extra spaces at the start or end of each line. IME NFS is very picky about whitespace. Then issue 'rcnfsserver restart' on a console as root. There will be more informative messages than you get from YaST. <SNIP>
POSSIBLY unrelated point. YaST seems to insert a tab character into the exports file (just before the "*" wildcards), but I read in a HowTo or a man page that the only separator should be a space. So, I edited the exports file to replace the tab characters with single spaces in those locations, but have noticed no difference after saving and restarting.
The tab is OK, so long as there is no extraneous whitespace.
Where do I go, next with NFS setup? I just want to see it working, at first. I'll worry about options and getting fancy at a later date.
Up to, and including, 9.1 I've found that NFS and Reiserfs are not friends (YMMV) Dylan -- "I see your Schwartz is as big as mine" -Dark Helmet
participants (24)
-
Ben Higginbottom -
Branimir Vasilic -
C. Richard Matson -
Christopher Reimer -
David Krider -
david rankin -
Doug B -
Dylan -
elefino -
Graham Smith -
Hans Witvliet -
Herman Knief -
James Knott -
JD. Brown -
Joaquin Menchaca -
Joe Morris (NTM) -
Jonathan Brooks -
Kevin Donnelly -
Martin Deppe -
Michael W Cocke -
Paul Hewlett -
Paul W. Abrahams -
Sid Boyce -
Örn Einar Hansen