Differences

This shows you the differences between the selected revision and the current version of the page.

howto:bettersamba 2009/03/21 05:01 howto:bettersamba 2017/09/06 18:38 current
Line 6: Line 6:
  * No fine-grained access control via the web interface (e.g. write-only dropboxes, etc)   * No fine-grained access control via the web interface (e.g. write-only dropboxes, etc)
-There are a few ways to get around this.  One option is to edit the firmware /etc/samba/smb.conf.  Really, you need to keep an edited copy on the hard disk, and write a fun_plug script to copy the new version to ramdisk after the machine boots, then restart the samba server (and thus re-read the config file). You may also perform small edits to the file without a fun_plug by use of export and import config. This can be used to make the bundled samba config include another config placed on the harddrive. The format of the exported configs are done several files stacked together separated by newline followed by ';'. The samba config is truncated to a fixed number of lines when reimporting, but it's possible to edit the file and possible add "include = /mnt/HD_a2/smbconfig".+There are a few ways to get around this.  One option is to edit the firmware /etc/samba/smb.conf.  Really, you need to keep an edited copy on the hard disk, and write a fun_plug script to copy the new version to ramdisk after the machine boots, then restart the samba server (and thus re-read the config file). You may also perform small edits to the file without a fun_plug by use of export and import config. This can be used to make the bundled samba config include another config placed on the harddrive. The format of the exported configs are done several files stacked together separated by newline followed by ';'. The samba config is truncated to a fixed number of lines when reimporting, but it's possible to edit the file and possible add "include = /mnt/HD_a2/smbconfig".  
 + 
 +Some side notes to the above paragraph (based on information from the Forums): The device keeps a master smb.default file in NVRAM that it copies over into the ramdisk at every boot (to etc/samba/smb.conf), so any direct changes to this file won't survive a boot (hence the need for a fun_plug scipt to copy the modified smb.conf file from the harddrive after every boot). The import/export config allows one to modify the master smb.default in NVRAM. If you go down this route and use the import/export config, be very careful as you could seriously damage your unit! Alternatively if you have a well working smb.conf you may as well copy it into NVRAM and do away with the script (you don't need to use the import/export, you can directly mount the NVRAM, see below in the How to Make the DNS Work With a Domain Part)
Another option is to install the debian bootstrap, and use that version of samba (this is probably the better option, since debian's smb server will probably be newer than the firmware version).  Again, you're going to have to have a fun_plug script that disables the embedded samba before running the debian initrc and starting debian's samba server. Another option is to install the debian bootstrap, and use that version of samba (this is probably the better option, since debian's smb server will probably be newer than the firmware version).  Again, you're going to have to have a fun_plug script that disables the embedded samba before running the debian initrc and starting debian's samba server.
Not much of a howto just yet, but as I get it set up I'll drop in step-by-step instructions for both methods, with some sample configurations for making samba work well.  Hopefully I'll demonstrate how to make samba auth against Active Directory/LDAP so that real system administrators would see how to use the DNS-323 for something useful -- like seamless home directory storage for their network! Not much of a howto just yet, but as I get it set up I'll drop in step-by-step instructions for both methods, with some sample configurations for making samba work well.  Hopefully I'll demonstrate how to make samba auth against Active Directory/LDAP so that real system administrators would see how to use the DNS-323 for something useful -- like seamless home directory storage for their network!
 +
Line 32: Line 35:
  #   #
-  - You will need a secrets.tdb file from another linux box that you have used to join the domain (on a test inux box)+  - You will need a secrets.tdb file from another linux box that you have used to join the domain (on a test Linux box)
    - shutdown samba on your test linux box.     - shutdown samba on your test linux box.
    - move all the files from /etc/samba to a safe location     - move all the files from /etc/samba to a safe location
Line 46: Line 49:
    net join     net join
-    - scp -p /etc/samba/secrets.tdb dns323:/mnt/HD_a2/fun_plug.d/etc/secretes.tdb+    - scp -p /etc/samba/secrets.tdb dns323:/mnt/HD_a2/fun_plug.d/etc/secrets.tdb
    - Move the good samba bits back in to place on your test samba box.     - Move the good samba bits back in to place on your test samba box.
-  - Setup the DNS323 to us the secrets.tdb file - create a new startup script:+  - Setup the DNS323 to use the secrets.tdb file - create a new startup script:
  cd /mnt/HD_a2/fun_plug.d/start   cd /mnt/HD_a2/fun_plug.d/start
Line 110: Line 113:
  * Save the file and load it back up onto the DNS-323 (Using 'Load Configuration Settings')   * Save the file and load it back up onto the DNS-323 (Using 'Load Configuration Settings')
  * You're done!   * You're done!
 +
==== Some Side Notes: ==== ==== Some Side Notes: ====
Line 120: Line 124:
# fun_plug part # fun_plug part
if [ -r "${FUNPLUGDIR}/etc/smb.conf" ]; then if [ -r "${FUNPLUGDIR}/etc/smb.conf" ]; then
- mv ${FUNPLUGDIR}/etc/smb.conf /etc/samba >>${LOGFILE}+ cp ${FUNPLUGDIR}/etc/smb.conf /etc/samba >>${LOGFILE}
exec smb restart >>${LOGFILE} exec smb restart >>${LOGFILE}
else else
Line 153: Line 157:
  * The web admin seems to crash when modifying users after you've done this hack. I'm not sure if this is due to the hack.   * The web admin seems to crash when modifying users after you've done this hack. I'm not sure if this is due to the hack.
 +
Line 163: Line 168:
<code>force create mode = 0777</code> <code>force create mode = 0777</code>
-Solution is to delete the line. But after the next reboot it is gone again :-(+Solution is to delete the line. But after the next reboot it is there again :-(
This is why you need funplug and a ''sambafix.sh'' file in the ''funplug.d/start''  directory. It gets executed at each boot and it contains the following: This is why you need funplug and a ''sambafix.sh'' file in the ''funplug.d/start''  directory. It gets executed at each boot and it contains the following:
Line 179: Line 184:
  - Reboot   - Reboot
 +=== For Fonz funplug Version 0.5 ===
 +
 +Place the ''sambafix.sh'' script in ''ffp/start''.
 +
 +For D-Link firmware 1.05 and RAID 1 (mirrored) drives, the line in ''sambafix.sh'' needs to be ''cp /mnt/HD_a2/etc/samba/smb.conf /etc/samba/smb.conf''.
 +=== To Make the Windows Read Only Bit Work ===
 +Add ''map readonly = yes'' to your custom ''smb.conf''.
===== How To Create A Recycle Bin ===== ===== How To Create A Recycle Bin =====
-In a message posted in the [[http://forum.dsmg600.info/p19826-2008-08-28-16%3A38%3A32.html#p19826|DNS323 forum]], jrbilodeau wrote; ....here is what i did to get it working perfectly.+In a message posted in the [[http://dns323.kood.org/forum/p19826-2008-08-28-16%3A38%3A32.html#p19826|DNS323 forum]], jrbilodeau wrote; ....here is what i did to get it working perfectly.
  * Open a telnet session (I use putty) and type;   * Open a telnet session (I use putty) and type;
Line 192: Line 204:
In Windows Explorer navigate to the ffp folder on Volume_1 and open up the smb.conf file with a linux friendly text editor (I use notepad++). In Windows Explorer navigate to the ffp folder on Volume_1 and open up the smb.conf file with a linux friendly text editor (I use notepad++).
-Under the [ global ] setion I added the following lines+Under the [ global ] section I added the following lines
  vfs object = recycle   vfs object = recycle
Line 205: Line 217:
  recycle:exclude = *.tmp,*.temp, ~$*, *.~??   recycle:exclude = *.tmp,*.temp, ~$*, *.~??
  recycle:exclude_dir = /.recycle   recycle:exclude_dir = /.recycle
 +  msdfs root = no
Save it then add the following lines to fun_plug Save it then add the following lines to fun_plug
Line 214: Line 227:
Restart you dns323 Restart you dns323
-**Note:** I tested this before applying it to the funplug incase something didn`t go right I could simply reboot and go back to the original smb.conf file I suggest you do the same.+**Note 1:** I tested this before applying it to the funplug in case something didn`t go right I could simply reboot and go back to the original smb.conf file I suggest you do the same.
 +**Note 2:** The 'recycle:keeptree = Yes' tells samba to maintain the same directory tree structure where the files were from. For example, if you deleted/overwrite a file /dir_a/subdir_b/file_overwritten, your .recycle directory will look like : /mnt/HD-a2/.recycle/dir_a/subdir_b/file_overwritten. If you change 'recycle:keeptree = No, every directory will have a .recycle, that will be ugly.  Depending on how secure you want the recycle files be, change directory mode as needed.
Additional information regarding Samba's recycle bin can be found at [[http://www.linuxtopia.org/online_books/network_administration_guides/samba_reference_guide/30_VFS_10.html|Linuxtopia]] Additional information regarding Samba's recycle bin can be found at [[http://www.linuxtopia.org/online_books/network_administration_guides/samba_reference_guide/30_VFS_10.html|Linuxtopia]]
Line 221: Line 235:
===== What's Next? ===== ===== What's Next? =====
-I hope this way of hacking (using the configuration file) allows for some other nice hacks that don't involve using mod_plug hacks. I think it's a cleaner way to do things. If someone knows a way to secure the root path of the DNS-323 that would be nice since it would prevent Windows from logging in anonymously!+I hope this way of hacking (using the configuration file) allows for some other nice hacks that don't involve using mod_plug hacks. I think it's a cleaner way to do things. If someone knows a way to secure the root path of the DNS-323 that would be nice since it would prevent Windows from logging in anonymously! (See above the Preventing Anonymous Access part)

Navigation

Personal Tools