Announcement

Collapse
No announcement yet.

Samba 4.11 Aims To Be Scalable To 100,000+ Users

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • modpunk
    replied
    Originally posted by muncrief View Post
    In any case it's been interesting reading through all of these comments about it. No matter what side of these issues one may be on, I think most will agree that Samba is now so difficult to configure that it's well outside the range of the average, or even above average, users capabilities.
    It is pretty straight forward and well documented in the Samba Wiki:

    https://wiki.samba.org/index.php/Set...ndalone_Server

    Leave a comment:


  • boxie
    replied
    Originally posted by schmidtbag View Post
    And is that a surprise to you, considering how little you elaborate?

    wtf? You say that as though removing a password on root doesn't sit within that threshold? Nobody uses SMB1 anymore except for a few odd cases that nobody is looking out for. It's not as critical as you're making it out to be. Meanwhile, removing a root password is far more dangerous than an outdated obscure file-sharing protocol.

    That's exactly my point. How dense are you? It's assumed that the insecurities involved are bad enough that nobody would want to enable SMB1 unless they knew what they were about to get involved in. So, your reason for not having to explain is also the same reason why your comment was useless and unnecessary.
    Ok, enough with the attacks, they are not civil - you might be frustrated, but trying to insult people does not win you an argument - even on the Internet - you are being an ass.

    SMB1 is far from something that is not looked for you may wanna check out https://en.wikipedia.org/wiki/EternalBlue

    Not having a root password is not as much of a problem (for most unix's who do the sane thing and disable root SSH access) as the only way to exploit it is to have code exec on the box. If this is on a personal box/network - You get to break it and keep all the pieces. Yes, insecure passwords are a fun thing in an exploit *chain*.

    Doing something that silly on a prod network should get you a written warning.

    SMB1 is RCE (remote code exec) on windows all by itself.

    That is why it is bad.

    And the reason why it is still active is that people still insist on using it.

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by muncrief View Post
    In any case it's been interesting reading through all of these comments about it. No matter what side of these issues one may be on, I think most will agree that Samba is now so difficult to configure that it's well outside the range of the average, or even above average, users capabilities.
    I've been using SFTP for a long while because I couldn't be fucking bothered to set up all the stuff needed to keep Windows happy (i.e. netbios/WMD/whatever plus all the nonsense in Samba config files), also because Samba would run like garbage on my embedded devices.

    Of course I needed a third party application for Windows because its native ftp client is stuck in the 80s https://www.nsoftware.com/sftp/netdrive/
    Last edited by starshipeleven; 08 July 2019, 03:21 AM.

    Leave a comment:


  • muncrief
    replied
    Over the last three years Samba has become so "secure" that it can't be used anymore.

    But heck, if you can't connect to anything I guess that is indeed the ultimate in security

    In any case it's been interesting reading through all of these comments about it. No matter what side of these issues one may be on, I think most will agree that Samba is now so difficult to configure that it's well outside the range of the average, or even above average, users capabilities.

    Heck, I'm an embedded systems designer with almost four decades of experience and I finally just gave up about eight months ago. I actually went out and bought a 2TB SSD one day to transfer data between my Linux and Windows systems, and haven't looked back since. I just couldn't afford to spend any more man months on it. Especially after finally realizing that even if I got it working one day, it was going to break again within the next few months.

    And yes, I tried almost every "solution" mentioned here.

    In any case, I can only imagine that with such a major new release coming things are going to get much, much, worse before they get better.

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by schmidtbag View Post
    Mind explaining why it's so bad when it's obviously a niche case? What's your solution to getting XP support?
    FTP shares (either read-only or encrypted) using a third party application/client. SMB1 is bad, real bad.

    Besides, a lot of workstations ship with it disabled, and/or Win10 disables it at random on PCs.

    Leave a comment:


  • schmidtbag
    replied
    Originally posted by skeevy420 View Post
    su -c ____

    Well that was simple enough to answer
    Haha I was actually referring to programs that deny root access, but yeah, I probably should've been more clear about that. Touche.

    Leave a comment:


  • skeevy420
    replied
    Originally posted by schmidtbag View Post
    "how do I run ____ as root?"
    su -c ____

    Well that was simple enough to answer

    Leave a comment:


  • schmidtbag
    replied
    Originally posted by boxie View Post
    I think the problem here is that you have a very basic misunderstanding of my motivations.
    And is that a surprise to you, considering how little you elaborate?
    SMB1 sits well within that threshold.
    wtf? You say that as though removing a password on root doesn't sit within that threshold? Nobody uses SMB1 anymore except for a few odd cases that nobody is looking out for. It's not as critical as you're making it out to be. Meanwhile, removing a root password is far more dangerous than an outdated obscure file-sharing protocol.
    I will concede that I could have provided more context around why one should not enable SMB1, I however assumed that people knew.
    That's exactly my point. How dense are you? It's assumed that the insecurities involved are bad enough that nobody would want to enable SMB1 unless they knew what they were about to get involved in. So, your reason for not having to explain is also the same reason why your comment was useless and unnecessary.

    Leave a comment:


  • boxie
    replied
    Originally posted by schmidtbag View Post
    I never said it should be encouraged, but people like you take security to a level that's really just a pain in the ass. Sometimes people just don't care, and they have a right to if its their own personal setup. All you're doing is slowing down the inevitable. If they want to do something irresponsible, so be it. You can always give them the answer, warn them not to do it, and say "I told you so" while rubbing it in their face if/when things go wrong.

    Very often, I'll see questions in forums of people asking "how do I run ____ as root?" or "how do I remove the password prompt?" or "how do I disable CPU security mitigations?" and then someone like you comes along, wasting time stating the obvious in an un-tactful way, without giving anything else useful in return. If it's a closed personal network that probably has nothing of value in it, comments like yours are utterly useless, and it just makes you look like an ass. Most people who ask such questions aren't dumb enough to put themselves at any realistic risk; most of them know what the risks are, because the fact they're asking how to override a security feature suggests they are (or should be) aware of what it is trying to protect. Sometimes, security actually doesn't matter. It isn't up to you to determine that.
    I think the problem here is that you have a very basic misunderstanding of my motivations.

    Go ahead, run things as root, get rid of the password - that stuff does not bother me.

    For future reference, my threshold is "oh shit that's not a good idea" is somewhere around "if you turn this on, then there is a good chance that someone is gonna be all up in your shit making your day bad".

    SMB1 sits well within that threshold.

    I will concede that I could have provided more context around why one should not enable SMB1, I however assumed that people knew.

    Leave a comment:


  • schmidtbag
    replied
    Originally posted by boxie View Post
    Actively introducing security vulns into your network is not something that should be encouraged. especially one that is so easily and actively exploited. The "Just get it working" mentality is somewhat dangerous.
    I never said it should be encouraged, but people like you take security to a level that's really just a pain in the ass. Sometimes people just don't care, and they have a right to if its their own personal setup. All you're doing is slowing down the inevitable. If they want to do something irresponsible, so be it. You can always give them the answer, warn them not to do it, and say "I told you so" while rubbing it in their face if/when things go wrong.

    Very often, I'll see questions in forums of people asking "how do I run ____ as root?" or "how do I remove the password prompt?" or "how do I disable CPU security mitigations?" and then someone like you comes along, wasting time stating the obvious in an un-tactful way, without giving anything else useful in return. If it's a closed personal network that probably has nothing of value in it, comments like yours are utterly useless, and it just makes you look like an ass. Most people who ask such questions aren't dumb enough to put themselves at any realistic risk; most of them know what the risks are, because the fact they're asking how to override a security feature suggests they are (or should be) aware of what it is trying to protect. Sometimes, security actually doesn't matter. It isn't up to you to determine that.
    Last edited by schmidtbag; 06 July 2019, 01:18 PM.

    Leave a comment:

Working...
X