Configure SMB

From Organic Design wiki
Revision as of 01:52, 30 June 2008 by Nad (talk | contribs) (Setting up access for Windows workstations: so "no" to upgrades)
Procedure.svg Configure SMB
Organic Design procedure

SFTP

The first method is SFTP which uses existing SSH protocol to transfer files, and the workstations can map this connectivity in to the file system like a normal file share.

  • Don't forget that additional users created with adduser' also need to be added to AllowedUsers in /etc/ssh/sshd_config

Setting up access for Ubuntu workstations

On Ubuntu, SFTP integration with the file system is a standard feature, simply go in to Places/Connect to server, select SSH, fill in the authentication details and the resource will be mounted as usual.

Setting up access for Windows workstations

Unfortunately, the Windows client setup isn't quite as simple as the Ubuntu case, but there is a good application for integrating SFTP in to the FS called Dokan. There are a few other components to install onto the Windows machine before it's ready to map SSH drives as follows:

  • Install the Microsoft .Net framework starting here (63MB)
Note, say "no" to the strongly recommended upgrades, as they're nothing to do with this procedure
Note, if this one fails, try skipping this one it may already be installed

Samba over VPN

This is basically just a normal Samba installation which is included in the install a new server procedure, but Samba is not a very secure protocol, and so if used to share resources to Internet clients, it must be protected with a VPN and so is probably only the best solution for file sharing if your organisation is already using a VPN to connect remote users into your LAN.

Once a VPN has been set up with the install a new VPN procedure, all the workstations which are connected to the same VPN connection form part of a "virtual LAN" and they can all publish and use resources shared in that LAN such as shared directories, printers and services. They all show up in the normal "network places" or equivalent even though the hosts can be located in diverse locations around the internet, and all these connections are encrypted and secure.

  • To ensure that Samba ports are only exposed to the private VPN side, set the interfaces directive in /etc/samba/smbd.conf to tun0.