Announcement

Collapse
No announcement yet.

Samba 4.11 Aims To Be Scalable To 100,000+ Users

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by andy22 View Post

    Thats because of Netbios problems or not running correctly, you can try running a WSD service on the samba device, which replaces Netbios for windows 10, but Win7 should also have WSD support.
    Sorry, but I don't understand what I should do.
    In my local network I have Windows 7 computers and an Internet modem with USB flash drive plugged in and shared on the nework.
    The Windows 7 computers can access the files on the other Windows 7 computers and the Internet modem USB just fine.

    Kubuntu cannot access the files neither on any Windows 7 computer or the Internet modem USB flash drive.
    I will never downgrade any of my computers to Windows 10, I just want Kubuntu or or any other Linux distro to be able to access the files in my already working sharing setup in my local network.

    Comment


    • #32
      Originally posted by Danny3 View Post

      Sorry, but I don't understand what I should do.
      In my local network I have Windows 7 computers and an Internet modem with USB flash drive plugged in and shared on the nework.
      The Windows 7 computers can access the files on the other Windows 7 computers and the Internet modem USB just fine.

      Kubuntu cannot access the files neither on any Windows 7 computer or the Internet modem USB flash drive.
      I will never downgrade any of my computers to Windows 10, I just want Kubuntu or or any other Linux distro to be able to access the files in my already working sharing setup in my local network.
      ROFL. An up-to-date Windows 7 has the same spyware and telemetry stuff that 10 has. It's been that way for a little over two years now. Windows 7 requires the same crap to be disabled and tweaked that Windows 10 does. The only differences are you might add a Start menu replacement with 10 and might need a few custom tools to fully tweak the UI of 10. 10 LTSB, even though you'll likely have to pirate it, is the best version of Windows to run these days.

      Comment


      • #33
        Originally posted by Danny3 View Post

        Sorry, but I don't understand what I should do.
        In my local network I have Windows 7 computers and an Internet modem with USB flash drive plugged in and shared on the nework.
        The Windows 7 computers can access the files on the other Windows 7 computers and the Internet modem USB just fine.

        Kubuntu cannot access the files neither on any Windows 7 computer or the Internet modem USB flash drive.
        I will never downgrade any of my computers to Windows 10, I just want Kubuntu or or any other Linux distro to be able to access the files in my already working sharing setup in my local network.
        Ok thats even more complicated than, Windows can use either Netbios (WinXP/7) or WSD (Win7/8/10) to browse for shares in explorer, yet Win10 does not use Netbios anymore for this so WSD is used for Windows clients. Linux on the other hand does not use WSD at all and you need to use mdns. Samba 4.6+ supports AVAHI as mdns service, so you need to run samba 4.6+ and have the avahi service installed on the router/modem and depending on the linux distro also a avahi client installed on the linux system.

        You can use
        Code:
        smbd -b | grep avahi
        to check if samba was compiled with the avahi/mdns option.

        PS: Keep in mind avahi/netbios/wsd allows clients (filemanagers) to browse for the shares, manually mounting them via its ip/network + sharename name should always work on all clients, without the need of a netbios/avahi/wsd service running.
        So as example openwrt builds samba4 with avahi support and than installs the avahi service for linux/MacOS clients and WSD for windows clients, to ensure the shares are browsable out of the box.
        Last edited by andy22; 06 July 2019, 10:32 AM.

        Comment


        • #34
          Originally posted by boxie View Post
          that's the problem.

          Allowing SMB1 is a bad horrible thing to do. pls2be not kthxbai.
          Mind explaining why it's so bad when it's obviously a niche case? What's your solution to getting XP support?

          Comment


          • #35
            Originally posted by schmidtbag View Post
            Mind explaining why it's so bad when it's obviously a niche case? What's your solution to getting XP support?
            upgrading that OS to something that is supported and does not have security issues.

            if it is not at all possible to upgrade then disabling SMB and replacing it with FTP. Then if at all possible introducing an air gap. If an airgap is not for the machine or the specific network segment then more drastic meastures.

            Solving the problem by enabling SMB1 - while yes, solves the problem, is not a good solution.

            Last edited by boxie; 06 July 2019, 11:42 AM.

            Comment


            • #36
              Originally posted by boxie View Post
              upgrading that OS to something that is supported and does not have security issues.
              That's not an acceptable answer, because you don't know the context. If you spent more than 5 seconds thinking about this, you'd have realized that if such an option were so easy, it'd have been done. Not every machine can be upgraded. Not everyone cares about security in the way you do nor does everyone need to. When someone asks for something, it's fine to make a "strong recommendation" and explain why, but if you're not going to answer the question as it has been asked and you're going to be dismissive of everyone else who does actually give a direct answer (without a useful alternative), then shut up.
              if it is not at all possible to upgrade then disabling SMB and replacing it with FTP. Then if at all possible introducing an air gap. If an airgap is not for the machine or the specific network segment then more drastic meastures.
              This is a mildly better solution than just replacing the whole OS. We still don't know why SMB and XP are needed in the first place.
              Solving the problem by enabling SMB1 - while yes, solves the problem, is not a good solution.
              At least I actually answered the question.
              Last edited by schmidtbag; 06 July 2019, 12:17 PM.

              Comment


              • #37
                Originally posted by schmidtbag View Post
                That's not an acceptable answer, because you don't know the context. If you spent more than 5 seconds thinking about this, you'd have realized that if such an option were so easy, it'd have been done. Not every machine can be upgraded. Not everyone cares about security in the way you do nor does everyone need to. When someone asks for something, it's fine to make a "strong recommendation" and explain why, but if you're not going to answer the question as it has been asked and you're going to be dismissive of everyone else who does actually give a direct answer (without a useful alternative), then shut up.

                This is a mildly better solution than just replacing the whole OS. We still don't know why SMB and XP are needed in the first place.

                At least I actually answered the question.
                Oh, I spent more than 5 seconds thinking about it and no I won't shut up.

                Actively introducing security vulns into your network is not something that should be encouraged. especially one that is so easily and actively exploited. The "Just get it working" mentality is somewhat dangerous.

                Comment


                • #38
                  Originally posted by boxie View Post
                  Actively introducing security vulns into your network is not something that should be encouraged. especially one that is so easily and actively exploited. The "Just get it working" mentality is somewhat dangerous.
                  I never said it should be encouraged, but people like you take security to a level that's really just a pain in the ass. Sometimes people just don't care, and they have a right to if its their own personal setup. All you're doing is slowing down the inevitable. If they want to do something irresponsible, so be it. You can always give them the answer, warn them not to do it, and say "I told you so" while rubbing it in their face if/when things go wrong.

                  Very often, I'll see questions in forums of people asking "how do I run ____ as root?" or "how do I remove the password prompt?" or "how do I disable CPU security mitigations?" and then someone like you comes along, wasting time stating the obvious in an un-tactful way, without giving anything else useful in return. If it's a closed personal network that probably has nothing of value in it, comments like yours are utterly useless, and it just makes you look like an ass. Most people who ask such questions aren't dumb enough to put themselves at any realistic risk; most of them know what the risks are, because the fact they're asking how to override a security feature suggests they are (or should be) aware of what it is trying to protect. Sometimes, security actually doesn't matter. It isn't up to you to determine that.
                  Last edited by schmidtbag; 06 July 2019, 01:18 PM.

                  Comment


                  • #39
                    Originally posted by schmidtbag View Post
                    I never said it should be encouraged, but people like you take security to a level that's really just a pain in the ass. Sometimes people just don't care, and they have a right to if its their own personal setup. All you're doing is slowing down the inevitable. If they want to do something irresponsible, so be it. You can always give them the answer, warn them not to do it, and say "I told you so" while rubbing it in their face if/when things go wrong.

                    Very often, I'll see questions in forums of people asking "how do I run ____ as root?" or "how do I remove the password prompt?" or "how do I disable CPU security mitigations?" and then someone like you comes along, wasting time stating the obvious in an un-tactful way, without giving anything else useful in return. If it's a closed personal network that probably has nothing of value in it, comments like yours are utterly useless, and it just makes you look like an ass. Most people who ask such questions aren't dumb enough to put themselves at any realistic risk; most of them know what the risks are, because the fact they're asking how to override a security feature suggests they are (or should be) aware of what it is trying to protect. Sometimes, security actually doesn't matter. It isn't up to you to determine that.
                    I think the problem here is that you have a very basic misunderstanding of my motivations.

                    Go ahead, run things as root, get rid of the password - that stuff does not bother me.

                    For future reference, my threshold is "oh shit that's not a good idea" is somewhere around "if you turn this on, then there is a good chance that someone is gonna be all up in your shit making your day bad".

                    SMB1 sits well within that threshold.

                    I will concede that I could have provided more context around why one should not enable SMB1, I however assumed that people knew.

                    Comment


                    • #40
                      Originally posted by boxie View Post
                      I think the problem here is that you have a very basic misunderstanding of my motivations.
                      And is that a surprise to you, considering how little you elaborate?
                      SMB1 sits well within that threshold.
                      wtf? You say that as though removing a password on root doesn't sit within that threshold? Nobody uses SMB1 anymore except for a few odd cases that nobody is looking out for. It's not as critical as you're making it out to be. Meanwhile, removing a root password is far more dangerous than an outdated obscure file-sharing protocol.
                      I will concede that I could have provided more context around why one should not enable SMB1, I however assumed that people knew.
                      That's exactly my point. How dense are you? It's assumed that the insecurities involved are bad enough that nobody would want to enable SMB1 unless they knew what they were about to get involved in. So, your reason for not having to explain is also the same reason why your comment was useless and unnecessary.

                      Comment

                      Working...
                      X