Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Samba on Linux - Secured Share to Win Clients? 1

Status
Not open for further replies.
thedaver

thedaver

IS-IT--Management
Jul 12, 2001
2,741
US
I'm a seasoned linux user with little prior exposure to Samba. I got it working once on a LAN and didn't need it at the time so it fell into disrepair.

Anyhow, with that background, I have a few roaming users with Win 2K/XP laptops who would like to use their Internet connections to "map a drive" back to a server I operate for them. (Assume DSL, cable, Starbuck's wifi)

In considering my options, I'm wondering if there's a "secure" mode for Samba where the share is more or less usable as another network drive map for the laptops.

I've taken a look at XDrive, I like it conceptually, but performance isn't there for us. We don't have gobs of data to deal with nor many users and performance might be a bit more important. Some bias needs to also be made around of "ease of use". The users can accept training, but the solution shouldn't require a lot of field diagnostics to troubleshoot.

And by "secure", I want to ensure that authentication traffic is probably protected on a level similar to SSL and that the data is secured in some form in transit. We don't AES level data protection, just want to protect it by degree while it traverses untrusted networks.

Thoughts or suggestions are most welcome! THANKS!
Dave.

D.E.R. Management - IT Project Management Consulting
 
Sort by date Sort by votes
Why not use a VPN. I've been using OpenVPN for almost a year and I really like it. I don't need to do any special for samba shares and it ensures that all traffic is encrypted. I have 450Mhz PII with 256MB and it's my firewall and VPN server. When connected via a T1 I can get full bandwidth (1480 kb/s) with the CPU hovering around 5% usage.

You can run openVPN on M$ or any free OS as client or server. The cryptographic modules use SSL certificates and is fairly easy to setup. On linux you can use openSSL to generate the certs and it works like a champ.

This is probably outside what you expected but it works wonders and it didn't cost anything but time. A day to scrounge for a test box. Another day to install and configure. A week or so to test internally then I was connecting from home shortly there after.

Have Fun! [pipe]
 
Upvote 0 Downvote
Another possibility is PoPToP ( which is a PPTP VPN server for Linux. I have found the performance to be excellent. Also, the client is included with all recent versions of Windows. The same client is used with Windows servers running a MS VPN.

You may be expecting a bit much, performance wise. When sharing a folder/drive over the internet, the bottleneck is generally the server side upstream bandwidth.
 
Upvote 0 Downvote
I thought I posted this yesterday but I don't see it anymore. Anyway here's goes another one.

No, I don't think I did anything special.

Code: 
port 1194
proto udp
dev tun
tun-mtu 1500
fragment 1400
mssfix
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.1.249.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.0.0.0 255.255.0.0"
push "route 10.1.0.0 255.255.255.0"
push "route 10.1.9.0 255.255.255.0"
push "route 10.2.0.0 255.255.240.0"
push "dhcp-option DNS 10.0.2.10"
push "dhcp-option WINS 10.0.2.10"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-128-CBC   # AES
comp-lzo
;comp-noadapt
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append  /var/log/openvpn.log
verb 4

AES encryption seemed faster over the others. Don't forget to push DNS and WINS servers.

mhkwood said:
You may be expecting a bit much, performance wise. When sharing a folder/drive over the internet, the bottleneck is generally the server side upstream bandwidth.
Click to expand...

I agree. Plus, M$ tends to get chatty with brodcasts and SMB is slow when comapred with FTP, HTTP, and even SCP transfers.

Have Fun! [pipe]
 
Upvote 0 Downvote
Hmmm.... I had suspected that SMB was a dog. I've used openvpn before and didn't suspect it as the culprit - sorry I didn't post that sentiment.

Since OpenVPN is running, is there a sensible alternative to offering a "folder" to the user via the other protocols listed? Can you create a drive map over FTP? Is that insane to ask?

D.E.R. Management - IT Project Management Consulting
 
Upvote 0 Downvote
Windows has that Web Folder thingy (I think it still does). That is as close as you might get.

Have Fun![pipe]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

VicM
  • Question
Win7 backup on Win11 Pro box not completing as it had in the past
Replies
2
Views
464
VicM
VicM
vgulielmus
  • Question
Windows 10 Pro - cannot use the start button
Replies
3
Views
239
vgulielmus
vgulielmus
gazonk.del
  • Locked
  • Question
How to Copy save_set from Tape to Disk -- Continuation
Replies
0
Views
140
gazonk.del
gazonk.del
wavestar69
  • Locked
  • Question
Trouble starting WinFrame 1.7 after replacing server
Replies
0
Views
134
wavestar69
wavestar69
DreemaGurl
  • Locked
  • Question
Can't log on to Citrix through emote access portal
Replies
1
Views
272
ntinlin
ntinlin

Part and Inventory Search

Sponsor

Back
Top