Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I wrote a few days ago because I couldn't get my Windows and Linux machines to see each other. Turning off the Linux firewall seemed to fix that problem. But now I've got a whole raft of new ones.
I'm running Windows XP Pro SP2 on one machine, and Suse Linux Enterprise Desktop on the other.
When I try to open a Linux folder on the Windows machine, I get asked for a password. Since I didn't set a password on the folder, I'm not sure what to do.
It's much worse on the Linux machine. When I browse the network, I get icons for the shared folders on the Windows machine, but when I click one of them, this message or something like it appears:
Cannot open smb-workgroup-My Music
The filename "smb-workgroup-My Music" indicates that this file is of type "x-directory/smb-share". The contents of the file indicate that the file is of type "desktop configuration file". If you open this file, the file might present a security risk to your system.
Do not open the file unless you created the file yourself, or received the file from a trusted source. To open the file, rename the file to the correct extension for "desktop configuration file", then open the file normally. Alternatively, use the Open With menu to choose a specific application for the file.
I have no idea what any of this means. I'm completely confused. Any of you ever seen this before? Thanks.
It sounds like you have two problems to resolve. 1) Open the correct ports 2) Configuring SHARE level security mode in smb.conf.
If you to to YaST2 -> Security and Users -> Firewall, you can set up the firewall. You didn't supply much information on your network setup. Such as where you get internet access. If one interface on the Linux Box is connected to a cable/dsl/telephone modem, then that interface should be assigned to the external zone. Select "Interfaces" -> Select your modem or modem connected interface -> Select "Change" -> Select "External" in the drop down box. On one computer, I have the Wireless interface assigned to the "External" zone, and the ethernet interface assigned to the "Internal" zone. I have a cable modem so I am not using ppoe. Therefore the two interfaces are set up on different subnets.
Once you have the interface assigned to a zone, select "Allowed Services", on the list to the left. On the right select your zone in the top drop down box, and in the second drop down box, select "Samba Server" and click add.
Please install the "samba-docs" package. This will install a lot of Samba documentation including the book "Samba 3 by Example", by John H. Terpstra. The first example in the book is for a charity office, using the "security = SHARE" mode, and sets up a share that anyone in the LAN has full access to without needing to use a password. See Section 2.2.2 for this example. This sounds like what you want.
If you have an account on the linux machine, you might want to consider using USER level security instead.
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2006-06-16
[global]
workgroup = MONITORTAN-MAIN
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare max shares = 100
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
You don't even have a "security =" line in the global section. Unless there is a fallback default, I think that you may want to add one. Since you have XP pro, you can also use "security = DOMAIN" and configure the server as a domain controller.
On other thing. You could use "swat" to configure your samba server. To do this, you will need to enable the xinetd services in YaST2. Then you need an xinet config for swat.
Code:
> cat /etc/xinetd.d/swat
# SWAT is the Samba Web Administration Tool.
service swat
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/swat
only_from = 127.0.0.1
log_on_failure += USERID
}
In Yast2 -> Network Services -> Network Services (xinetd) you can enable and start the service.
Then at the Linux server, point your web browser to "http://localhost:901".
This will give you the front page to Samba's administration tool. After you are finished, you can to into YaST2 again and stop, or disable the swat service. The xinetd config only allows access from localhost, and the firewall should prevent someone from spoofing the localhost address, but only starting the service when you need it is an extra precaution.
While you are at it, you might want to configure and secure the ssh server. If in the /etc/ssh/sshd_config file, if you have the line "AllowUsers yourusername" and change the "PermitRootLogon" entry to "no", this will do allot to securing your server from ssh attack. The "AllowUsers" takes precedent over "AllowGroups". Anyone else or any group will be denied access.
I think your last post came when I was writing mine. In your smb.conf file, I don't see a "security =" line. I also don't see a section for the share you mentioned. Do users have home directories on the server, or do you have a directory that you want to share to all users? How did you create the share? I don't really understand what you mean by "smb-workgroup-My Music". Do you mean, smb://workgroup/My\ Music or in a windows machine \\smb\WORKGROUP\My Music
By the way, life would be a lot easier if you got rid of the space in the share name. Sorry, but the "My " in front of everything is one of "My" pet peeves. If you just want to offer a share, then you might want to use "security = share". If this is to be a public share, consider creating a directory for the share outside your home directory if that is where is is. For example, /var/music/ or /home/music.
Then you could add a section like this to your smb.cnf file
Code:
[MUSIC]
comment = Where the family saves and plays music files
path = /home/music
read only = No
force user = musiclover
force group = musiclovers
guest ok = Yes
nt acl support = No
Then add the user and group and change the permissions on the folder:
root# mkdir /home/music
root# chmod 755 /home/music
root# groupadd musiclovers
root# useradd -m musiclover
New password: XXXXXXXX
Re-enter new password: XXXXXXXX
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.