Ripped out all the pkg's and sterilized the system, only cvsup-without-gui and fastest_cvsup installed via pkg_add -r. Installed the full ports collection (I had only install a few parts of it before) and built samba.
cd /usr/ports/net/samba3/
make install clean
It asks what options you want to build support for, defualt I saw no need to change but added support for syslog.
OPTIONS= LDAP "With LDAP support" on \
ADS "With Active Directory support" off \
CUPS "With CUPS printing support" on \
WINBIND "With WinBIND support" on \
ACL_SUPPORT "With ACL support" off \
AIO_SUPPORT "With experimental AIO support" off \
FAM_SUPPORT "With File Alteration Monitor" off \
SYSLOG "With Syslog support" off \
QUOTAS "With Disk quota support" off \
UTMP "With UTMP accounting support" on \
MSDFS "With MSDFS support" off \
SMBSH "With SMBSH wrapper for UNIX commands" off \
PAM_SMBPASS "With PAM authentication against passdb backend(s)" off \
EXP_MODULES "With experimental module(s)" off \
POPT "With system-wide POPT library" on
Defualt was ldap, cups, winbind, utmp, and popt.She took about a hour to an hour and a half to compile on Vectra, which is a 500Mhz P3 and 384MB Ram (-8mb for video card). I don't really mind using ports, actually I love ports it's just a bit slow on older hardware. Still even with my desktops Pentium D 930/2GB fast ram I'd not want to compile OpenOffice, Xorg or KDE/GNOME. Since it's late and I've got to be at work tomorrow (today) I did a quick google and found this link and followed it as a base of what options I'd need in my smb.conf.
Note that when building samba at the end it gave me
NOTICE: This version of port has changed location of Samba password
===> NOTICE: (smbpasswd) directory. Files in '/usr/local/private'
===> NOTICE: have moved to '/usr/local/etc/samba'.
===> Found saved configuration for samba-3.0.23c,1
Since this is BSD and not a GNU/Linux disto samba is third party software installed via ports, which basically means look under /usr/local/ for things not the root directory (/) with FreeBSD. So it'd never be in /etc/ like on some GNU/Linux systems. I created a basic smb.conf in vi, I'll use cat to show it.
rstf@Vectra-%cat /usr/local/etc/smb.conf #Samba config file for Vectra II [global] #workgroup, server name, and encrpy the passwords #================================================# workgroup = BSDNet netbios name = Vectra #encrpyt passwords = yes #===================Shares=======================# [files] path = /usr/home/samba/files read only = no browseable = yes public = yesAfter running testparm on the configuration file I found out that the encrpyted passwords thing was trainsient so I commented it out. Don't ask me why I chose BSDNet, it's my SSID for my Wireless network and, well most of my stuff is running BSD :-)
Vectra is so I know it's on my HP Vli8 500 (Vectra II). The share is named files since thats what I plan to put there, I thought /samba/files would be good but it didn't feel right with the directory structure, /usr/local/samba/files maybe but /usr/home/samba/ seemed a good enough place to put LAN wide shares. Made the directory like so
mkdir -pm 777 /usr/home/samba/files
To setup my *BSD user I ran adduser and gave myself a personal user on the box -> No need to put your self in a special group although I did consider using nobody as an option. I also always use a User ID (UID) of 1988 when possible so I know it's my account. Added the right data for samba
smdpasswd -n Terry
Note that the username and password should be the same as the box you will be accessing the shares from ! I'll worry about tighting security when I have more time to work on the box. Supprisingly a portaudit gave warnings for the samba package but none for the port.
Check if smbd is running, I used the sockstat command to check, it was running so:
/usr/local/etc/rc.d/samba
restart or stop then start isntead of restart.
On my laptop I tried to join using smbclient and was amazed, go ports !!
Terry@Dixie-%smbclient //Vectra/files
Password:
Domain=[VECTRA] OS=[Unix] Server=[Samba 3.0.23c]
smb: \>
Very much to my joy it was a home directory I could not cd out of, I'll need to toy with this later and probably I'll chgrp the files share and my user to some proper group that I can use for this.
RELATED TODOS:
Test Samba from Windows (Which is why I need samba)
Secure samba as much as possible while keeping with what I need open
Move some files over
Get ready to cups and print or kill at some point & share it.
Recompile kernel and setup pf e.t.c.
Continue with implementing what ever security proceedures I can think of
Try to gather as much information about the system from another machine and try to gain shell access to my Vectra simula-illictly, then seal any holes I might've found or can think of as part of operations "Break in" and "Onion". It's my computer so it's my right to be able to test my own security measures rather then wait, watch, and wonder for it to be compromised. Although I doubt any one would bother even if they could easily, it's good expirence to gain & fun when it works or has a logical reason for not working.
Time to sleep
No comments:
Post a Comment