[Samba] Samba over Ssh, prob with Windows
Hi list, this is actually an issue with Windows but maybe someone knows the answer from experience. I want to tunnel Samba via Ssh, so I have attempted to stop all conflicting services on the local Windows machine (windows vista sp2). In the end the only service I have stopped is Server but when I check netstat -a the system is still listening on port 139. Can anyone confirm that this will conflict with Samba and if so give any suggestions as how to stop the vista box listening on this port? thanks in advance, Andy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba over SSH to Windows Vista
Hi, I would check to forward port 445. XP tries this one before 139 and friends. Are you sure that your remote Samba listen on 127.0.0.1 ? Show us your smb.conf Charles On 5 mars 07, at 07:47, Richard D. Morey wrote: After having scoured the net for a way to do SMB over SSH with Windows, I've tried everything I have found and I still can't get it to work. I'm using Windows Vista as the client and FC6 with Samba 3.0.24-1 as the server. I have set up a share and can successfully connect to that share with no ssh tunnel. I would like to tunnel SMB over SSH, so here is what I have tried: 1. Disabling Windows File Sharing with net stop server. Then, using puTTY, I connect with my ports forwarded. I forward 80 and 139. http://127.0.0.1; yields my web server's start page, so I know forwarding is working. When I telnet 127.0.0.1 139 it connects to the SMB server successfully. netstat -ano reveals that 127.0.0.1:80 and 127.0.0.1:139 are listening with puTTY. However, trying to map a network drive fails. \\127.0.0.1\share yields the error The specified network name is no longer available. or Network path not found. I know the share is working because I can access it without SSH at the same time. Here are two lines from netstat when I have the telnet session open: tcp0 0 127.0.0.1:45535 127.0.0.1:139 ESTABLISHED tcp0 0 127.0.0.1:139 127.0.0.1:45535 ESTABLISHED 2. I have tried adding the loopback device as detailed all over the web (ie http://www.blisstonia.com/eolson/notes/smboverssh.php , http://www.cheswick.com/ches/cheap/tunnelprob.html) When I do this, I can access the webserver via the loopback device but telnet 10.0.0.1 139 times out. However, puTTY appears to be listening on 10.0.0.1:80 and 10.0.0.1:139. I cannot add the share either. I have done everything I can think of to get this to work. In addition, I have disabled Windows listening on port 445 (as suggested in one of the guides) I have tried giving puTTY the actually IP of the samba server as the destination, I have ensured that 127. is allowed by the smb.conf... What could be going wrong here? Any ideas? Thanks, Richard -- Richard D. Morey, M.A. Research Assistant, Perception and Cognition Lab University of Missouri-Columbia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Charles Bueche [EMAIL PROTECTED] sand, snow, wave, wind and net -surfer A-Cat SUI 192 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba over SSH to Windows Vista
Well, it looks like I needed to forward port 445. I have it working now. Thanks! Charles Bueche wrote: Hi, I would check to forward port 445. XP tries this one before 139 and friends. Are you sure that your remote Samba listen on 127.0.0.1 ? Show us your smb.conf Charles On 5 mars 07, at 07:47, Richard D. Morey wrote: After having scoured the net for a way to do SMB over SSH with Windows, I've tried everything I have found and I still can't get it to work. I'm using Windows Vista as the client and FC6 with Samba 3.0.24-1 as the server. I have set up a share and can successfully connect to that share with no ssh tunnel. I would like to tunnel SMB over SSH, so here is what I have tried: 1. Disabling Windows File Sharing with net stop server. Then, using puTTY, I connect with my ports forwarded. I forward 80 and 139. http://127.0.0.1; yields my web server's start page, so I know forwarding is working. When I telnet 127.0.0.1 139 it connects to the SMB server successfully. netstat -ano reveals that 127.0.0.1:80 and 127.0.0.1:139 are listening with puTTY. However, trying to map a network drive fails. \\127.0.0.1\share yields the error The specified network name is no longer available. or Network path not found. I know the share is working because I can access it without SSH at the same time. Here are two lines from netstat when I have the telnet session open: tcp0 0 127.0.0.1:45535 127.0.0.1:139 ESTABLISHED tcp0 0 127.0.0.1:139 127.0.0.1:45535 ESTABLISHED 2. I have tried adding the loopback device as detailed all over the web (ie http://www.blisstonia.com/eolson/notes/smboverssh.php , http://www.cheswick.com/ches/cheap/tunnelprob.html) When I do this, I can access the webserver via the loopback device but telnet 10.0.0.1 139 times out. However, puTTY appears to be listening on 10.0.0.1:80 and 10.0.0.1:139. I cannot add the share either. I have done everything I can think of to get this to work. In addition, I have disabled Windows listening on port 445 (as suggested in one of the guides) I have tried giving puTTY the actually IP of the samba server as the destination, I have ensured that 127. is allowed by the smb.conf... What could be going wrong here? Any ideas? Thanks, Richard --Richard D. Morey, M.A. Research Assistant, Perception and Cognition Lab University of Missouri-Columbia --To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba --Charles Bueche [EMAIL PROTECTED] sand, snow, wave, wind and net -surfer A-Cat SUI 192 -- Richard D. Morey, M.A. Research Assistant, Perception and Cognition Lab University of Missouri-Columbia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba over SSH to Windows Vista
After having scoured the net for a way to do SMB over SSH with Windows, I've tried everything I have found and I still can't get it to work. I'm using Windows Vista as the client and FC6 with Samba 3.0.24-1 as the server. I have set up a share and can successfully connect to that share with no ssh tunnel. I would like to tunnel SMB over SSH, so here is what I have tried: 1. Disabling Windows File Sharing with net stop server. Then, using puTTY, I connect with my ports forwarded. I forward 80 and 139. http://127.0.0.1; yields my web server's start page, so I know forwarding is working. When I telnet 127.0.0.1 139 it connects to the SMB server successfully. netstat -ano reveals that 127.0.0.1:80 and 127.0.0.1:139 are listening with puTTY. However, trying to map a network drive fails. \\127.0.0.1\share yields the error The specified network name is no longer available. or Network path not found. I know the share is working because I can access it without SSH at the same time. Here are two lines from netstat when I have the telnet session open: tcp0 0 127.0.0.1:45535 127.0.0.1:139 ESTABLISHED tcp0 0 127.0.0.1:139 127.0.0.1:45535 ESTABLISHED 2. I have tried adding the loopback device as detailed all over the web (ie http://www.blisstonia.com/eolson/notes/smboverssh.php , http://www.cheswick.com/ches/cheap/tunnelprob.html) When I do this, I can access the webserver via the loopback device but telnet 10.0.0.1 139 times out. However, puTTY appears to be listening on 10.0.0.1:80 and 10.0.0.1:139. I cannot add the share either. I have done everything I can think of to get this to work. In addition, I have disabled Windows listening on port 445 (as suggested in one of the guides) I have tried giving puTTY the actually IP of the samba server as the destination, I have ensured that 127. is allowed by the smb.conf... What could be going wrong here? Any ideas? Thanks, Richard -- Richard D. Morey, M.A. Research Assistant, Perception and Cognition Lab University of Missouri-Columbia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba over ssh ?
Hi I need to make my samba server available over the internet to a mobile user base. I was wondering if samba could be run over ssh (at both client and server ends). I am not comfortable about opening ports 139 and 445. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba over ssh ?
On Thu, 2005-03-31 at 12:37 -0500, Madhusudan Singh wrote: Hi I need to make my samba server available over the internet to a mobile user base. I was wondering if samba could be run over ssh (at both client and server ends). I am not comfortable about opening ports 139 and 445. The standard answer is to use a VPN. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba over ssh ?
On Thursday 31 March 2005 16:29, Andrew Bartlett wrote: On Thu, 2005-03-31 at 12:37 -0500, Madhusudan Singh wrote: Hi I need to make my samba server available over the internet to a mobile user base. I was wondering if samba could be run over ssh (at both client and server ends). I am not comfortable about opening ports 139 and 445. The standard answer is to use a VPN. Andrew Bartlett Thanks. Would CIPE be an appropriate solution ? I am beginning to read up on it. Does it work the following way : Linux Server : Samba (139,445) -- 22 Internet 22 -- Windows ? (numbers are port numbers) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba over ssh ?
On Thu, 2005-03-31 at 23:25 -0500, Madhusudan Singh wrote: On Thursday 31 March 2005 16:29, Andrew Bartlett wrote: On Thu, 2005-03-31 at 12:37 -0500, Madhusudan Singh wrote: Hi I need to make my samba server available over the internet to a mobile user base. I was wondering if samba could be run over ssh (at both client and server ends). I am not comfortable about opening ports 139 and 445. The standard answer is to use a VPN. Andrew Bartlett Thanks. Would CIPE be an appropriate solution ? I am beginning to read up on it. Does it work the following way : Linux Server : Samba (139,445) -- 22 Internet 22 -- Windows been a while since I used Cipe - I don't recall which ports it used but it surely wasn't the ssh port (22). would recommend against starting with it since you won't find it to be supported by many 2.6 distro's without a bunch of extra work. Suggest that you use openvpn openvpn.sourceforge.net Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba over ssh ?
On Thursday 31 March 2005 23:34, Craig White wrote: On Thu, 2005-03-31 at 23:25 -0500, Madhusudan Singh wrote: On Thursday 31 March 2005 16:29, Andrew Bartlett wrote: On Thu, 2005-03-31 at 12:37 -0500, Madhusudan Singh wrote: Hi I need to make my samba server available over the internet to a mobile user base. I was wondering if samba could be run over ssh (at both client and server ends). I am not comfortable about opening ports 139 and 445. The standard answer is to use a VPN. Andrew Bartlett Thanks. Would CIPE be an appropriate solution ? I am beginning to read up on it. Does it work the following way : Linux Server : Samba (139,445) -- 22 Internet 22 -- Windows been a while since I used Cipe - I don't recall which ports it used but it surely wasn't the ssh port (22). would recommend against starting with it since you won't find it to be supported by many 2.6 distro's without a bunch of extra work. Suggest that you use openvpn openvpn.sourceforge.net Craig Thanks for your suggestion. I have installed openvpn and the lzo library on which it depends. One nagging question that I still have is : Does using openvpn (or any VPN solution in general) obviate the need to open these vulnerable ports ? The little documentation that I have read so far talk a lot about encryption. While that is important, I also need to think about the ports (strangely, the firewall does not open any of those ports but nmap -P0 run on the machine reveals that these ports are open : 139/tcp open netbios-ssn 445/tcp open microsoft-ds ) Anyways, another concern I have is that while I have the samba server up and running and all my users are happy with it, how much disruption and user effort can I expect when I implement openvpn ? Like typical windows users, they value ease of use over security. Don't take me wrong, I will definitely implement this if it contributes towards security, but I need to know this to be able to tell my users what to expect. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba over ssh ?
[snip other stuff] Thanks for your suggestion. I have installed openvpn and the lzo library on which it depends. One nagging question that I still have is : Does using openvpn (or any VPN solution in general) obviate the need to open these vulnerable ports ? The little documentation that I have read so far talk a lot about encryption. While that is important, I also need to think about the ports (strangely, the firewall does not open any of those ports but nmap -P0 run on the machine reveals that these ports are open : 139/tcp open netbios-ssn 445/tcp open microsoft-ds ) Anyways, another concern I have is that while I have the samba server up and running and all my users are happy with it, how much disruption and user effort can I expect when I implement openvpn ? Like typical windows users, they value ease of use over security. Don't take me wrong, I will definitely implement this if it contributes towards security, but I need to know this to be able to tell my users what to expect. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Maybe I'm missing something, but wouldn't you want to place the VPN connections between your firewall and the mobile/end user, but not on the Samba server? I am assuming that you're not talking about the firewall on your server itself, but your firewall on the Internet/public connection. Those ports are particularly nasty because of the Windows operating system on which they typically run, not because of problems on linux. There's always the possibility of DOS attacks, or of some buffer overrun exploit being discovered, but I believe the chances of those happening are far less than your users being angry because you've tightened security to the point it's difficult to use the network. Jon Johnston Creative Business Solutions IBM, Microsoft, Novell/Suse, Sophos Consultants http://www.cbsol.com blog:http://bingo.cbsol.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba over ssh ?
On Fri, 2005-04-01 at 00:12 -0500, Madhusudan Singh wrote: Thanks for your suggestion. I have installed openvpn and the lzo library on which it depends. One nagging question that I still have is : Does using openvpn (or any VPN solution in general) obviate the need to open these vulnerable ports ? The little documentation that I have read so far talk a lot about encryption. While that is important, I also need to think about the ports (strangely, the firewall does not open any of those ports but nmap -P0 run on the machine reveals that these ports are open : 139/tcp open netbios-ssn 445/tcp open microsoft-ds ) Anyways, another concern I have is that while I have the samba server up and running and all my users are happy with it, how much disruption and user effort can I expect when I implement openvpn ? Like typical windows users, they value ease of use over security. Don't take me wrong, I will definitely implement this if it contributes towards security, but I need to know this to be able to tell my users what to expect. openvpn has a support list and excellent documentation NO - you don't open any ports on a firewall except what is needed for openvpn...IIRC you need port(s) starting at 5000 but you could choose any ports you want in the setup of server client - these ports would be in the 'unprivileged' range (1025+) Obviously, you have to install client software and configure tun/tap adaptors, pre-shared keys or create certificates, configure dhcp/dns/wins for clients accordingly. If you have a firewall, you would have to forward the packets through to the openvpn server As for your nmap - I haven't a clue what you are talking about, Windows client, Linux server, internal network, external network etc. Security is the point of VPN but also most Internet Service Providers would block NETBIOS packets so they don't eat up their bandwidth, at least somewhere before it gets to the Internet but it's your responsibility to stop them at your router since you can't trust your ISP to handle your security. VPN would encapsulate the NETBIOS packets in an encrypted tunnel - either between remote computer and local network or between 2 local networks or between 2 remote computers. You need to read through the documentation that openvpn provides. good luck Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba