[SLUG] Safe samba configuration

2008-07-24 Thread Robert Barnett 
I use samba on a mixed OS network. We have several NAS devices and two
Fedora workstations which share drives using NAS.

I have configured the Fedora workstations to only announce on the local
subnet (/24) to prevent inadvertent connections from the wider organization.

I implement this by putting the following in smb.conf
remote announce = 10.9.136.0/24

I also set
local master = no
Because I figured that there were other computers more suited to being the
master browser (whatever that means)

Unfortunately I've been faced with some windows boxes spontaneously not able
to browse or connect to the network. It is occasional, but seemed to
decrease in occurance when I reduced the use of SMB shares.

I'm really keen to find a safe configuration for my SMB shares, but I'm
not sure where I would find how to do this. It's very difficult to diagnose
which configuration works better without months of investigation.

Any help would be greatly appreciated.

-- 
Robbie Barnett

[EMAIL PROTECTED]
0431864709
Skype Name: retsil42
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Safe samba configuration

2008-07-24 Thread Dean Hamstead 
prevent samba from getting involved with browsing at all by adding this 
to your smb.conf


[global]
domain master = no
local master = no
preferred master = no
os level = 0

its also a good idea to set up a wins server, and send its details out 
using dhcp and set the client mode to wins only.


from man dhcp-options...

quote

   option netbios-name-servers ip-address [, ip-address...];

  The NetBIOS name server  (NBNS)  option  specifies  a  list 
of  RFC
  1001/1002 NBNS name servers listed in order of preference. 
NetBIOS
  Name Service is currently more commonly referred to as WINS. 
   WINS

  servers can be specified using the netbios-name-servers option.


   option netbios-node-type uint8;

  The  NetBIOS  node  type  option  allows NetBIOS over TCP/IP 
clients
  which  are  configurable  to  be  configured  as  described 
in  RFC
  1001/1002.   The  value is specified as a single octet which 
identiā€

  fies the client type.

  Possible node types are:

  1B-node: Broadcast - no WINS

  2P-node: Peer - WINS only

  4M-node: Mixed - broadcast, then WINS

  8H-node: Hybrid - WINS, then broadcast

/quote

Dean

Robert Barnett wrote:

I use samba on a mixed OS network. We have several NAS devices and two
Fedora workstations which share drives using NAS.

I have configured the Fedora workstations to only announce on the local
subnet (/24) to prevent inadvertent connections from the wider organization.

I implement this by putting the following in smb.conf
remote announce = 10.9.136.0/24

I also set
local master = no
Because I figured that there were other computers more suited to being the
master browser (whatever that means)

Unfortunately I've been faced with some windows boxes spontaneously not able
to browse or connect to the network. It is occasional, but seemed to
decrease in occurance when I reduced the use of SMB shares.

I'm really keen to find a safe configuration for my SMB shares, but I'm
not sure where I would find how to do this. It's very difficult to diagnose
which configuration works better without months of investigation.

Any help would be greatly appreciated.



--
http://fragfest.com.au
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html