[Samba] Bare Minimum configuration needed for a single-user read-only share?
Hello, I currently have an interesting task to accomplish: An IT environment with about 90 % Windows and 10 % Linux machines would like to unify backup. Currently, the Windows world backs itself up to tape using Backup Exec; the Linux world has Amanda backing up to a big disk RAID. This RAID is acting up and is scheduled to disappear. The current plan is to back up the Linux world with Amanda to a Samba share which is then backed up to tape by the Backup Exec installation running in the Windows world. The Linux systems are in a diffent network, and the firewall people would like to keep the ports being open between the two networks to the bare minimum. I don't want to see NETBIOS Broadcasts inside the Linux world, I don't want to see this server in any network neighborhood, and the system acting as the Samba server for the backup should have as few open ports as possible. Of course, the share should be read only and to be as secure as possible. The following configuration for Samba 3.4.0 from Debian unstable seems to do what is intended (and only needs port tcp/445): [global] workgroup = linuxworld server string = %h server dns proxy = no name resolve order = lmhosts host wins bcast interfaces = 192.168.8.26 bind interfaces only = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = no pam password change = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 access based share enum = yes allow trusted domains = no disable netbios = yes load printers = no local master = no lock directory = /var/run/samba/locks pid directory = /var/run/samba max smbd processes = 10 min protocol = NT1 name resolve order = host preferred master = no server schannel = yes smb ports = 445 #=== Share Definitions === [amanda] comment = amanda backup writeable = no read only = yes locking = no path = /mnt/backup/srv/amanda public = no guest ok = no browseable = no hosts allow = 192.168.8.23 max connections = 5 valid users = amanda Is this secure enough or is there potential for improvement? Which files do I need to copy to /mnt/backup/srv/amanda to run the smbd chrooted? Does it make sense to chroot the smbd in this environment? Is this configuration going to work with Samba 3.0 (Debian etch) and/or Samba 3.2 (Debian lenny) as well? Any hints will be appreciated. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] disappointed with complete lack of help.
On Fri, Jan 28, 2005 at 09:27:38AM -0600, Paul Gienger wrote: Looking back on your questions, it seems like the cause is most likely phrasing of your issue. It has been stated often that a well crafted question with all pertinent info will get better response than a hard to understand issue. I believe yours is the latter. Granted that I didn't read all your messages, but the first two were definately the latter. Even well-phrased questions with debugging output and dumps frequently stay unanswered. I still cannot print with smbprint to our Domain Server, and no help here. The bugzilla entry (1481) has gone unanswered since June 2004 (that's seven months). Samba has gone the way of many successful projects: The principal developers are busy with writing books and talking at conferences while the mailing lists get flooded with clueless newbie requests. Nobody knowledgeable finds the time to answer requests at all. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] What happened to this list?
On Mon, Jul 19, 2004 at 08:34:57AM -0400, L. Mark Stone wrote: My experience with this list is that, the more general a question I asked, the less likely I was to get a response. I get the best responses when I am very specific about the problem, and include data points like Linux/Samba versions, smb.conf file entries, log file snippets, the steps I have taken to try to eradicate the problem, and exactly how to reproduce the problem. I cannot confirm this. A few weeks ago, I asked a very specific question about being unable to print to a Windows box using smbclient, going down to a network trace of the SMB exchange, and got absolutely no response. I think that question was _too_ detailed :-( The bug report I opened in bugzilla is also still unanswered. Samba seems to have become too popular to be able to maintain a high support and discussion level in the mailing lists. I notice the same with other open source projects gone mainstream such as netfilter and quagga/zebra (which unmasks me as a network, not a system guy *g*). Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things.Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbspool to Windows 2000 Server: ERRgeneral opening remotefile
On Wed, Jun 16, 2004 at 05:59:41PM +0100, Ricardo Nuno wrote: I had that problem a few days ago, I solved by on the win2k machine in the Printer properties, go to the Advance Tab check if you dont have selected Print directly to the printer and select Spool print... and it should work, at least for me it worked :-) The printer settings dialog says the following: (*) Always available Priority: 1 Driver: HP LaserJet 4050 Series PCL 6 (*) Spool print documents so program finishes printing faster ( ) Start printing after last page is spooled (*) Start printing immediately ( ) Print directly to printer [ ] Hold mismatched documents [X] Print spooled documents first [ ] Keep printed documents [X] Enable advanced printing features Is everything ok with that? Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things.Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbspool to Windows 2000 Server: ERRgeneral opening remote file
On Wed, Jun 16, 2004 at 06:52:14PM +0200, Marc Haber wrote: | export DEVICE_URI=smb://account:[EMAIL PROTECTED]/server/printer | smbspool foo bar Title 1 ignore Makefile gives the error message | ERROR: ERRHRD - ERRgeneral (General failure.) opening remote file Title Same thing happens with | export DEVICE_URI=smb://domain\account:[EMAIL PROTECTED]/printer When I use a different (wrong) password, the error message changes to access denied, so I believe the account is OK. When I boot my notebook with windows, I can print to that printer with the account in question. So the Windows people say that the server is fine. Trying to print with smbclient gives the same error message, and smbclient's queue command gives no output while there are jobs in the queue that should be displayed. An strace of smbclient suggests that the error message is indeed generated from and error code returned by the server (but the error message is not in the server's answer in clear text, so I suspect some error number that is translated to the clear text on the client). The system log on the Windows box doesn't attract any special attention. Any more hints what to try? Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things.Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbspool to Windows 2000 Server: ERRgeneral opening remote file
Hi, I am trying to print from my Debian unstable Notebook to a printer that is connected to a Windows 2000 Server. Target environment is CUPS which uses smbspool as a front-end, and smbspool gives a strange error message. | export DEVICE_URI=smb://account:[EMAIL PROTECTED]/server/printer | smbspool foo bar Title 1 ignore Makefile gives the error message | ERROR: ERRHRD - ERRgeneral (General failure.) opening remote file Title Same thing happens with | export DEVICE_URI=smb://domain\account:[EMAIL PROTECTED]/printer When I use a different (wrong) password, the error message changes to access denied, so I believe the account is OK. When I boot my notebook with windows, I can print to that printer with the account in question. So the Windows people say that the server is fine. Am I doing something wrong with smbspool? Any hints will be appreciated. I will be on site again on Friday, so I won't reply to answers until I have tried what you suggested. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fax: *49 721 966 31 29 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
