Author Topic: Samba access from external  (Read 4197 times)

Darky

  • Zen Apprentice
  • *
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Samba access from external
« on: October 21, 2011, 11:25:58 am »
Hallo,

I need to allow external IPs to access our samba server on a Zentyal 2 machine. I added for testing purposes a allow everything rule to the firewall for an external IP. With this IP one can interact with the DNS and Mail server. Samba however wont work. The firewall shows no activity for Port 445. Checking with telnet the port seems to simply not answere any request.

thanks

christian

  • Guest
Re: Samba access from external
« Reply #1 on: October 21, 2011, 11:42:59 am »
Is Zentyal's external IP a public one or does it require redirect at router level?

pete83

  • Zen Apprentice
  • *
  • Posts: 31
  • Karma: +0/-0
    • View Profile
Re: Samba access from external
« Reply #2 on: October 21, 2011, 01:58:51 pm »
My clients can connect to SMB shares through VPN.
Running: Zentyal 2.0.23

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: Samba access from external
« Reply #3 on: October 21, 2011, 02:34:12 pm »
Code: [Select]
$ grep external /etc/zentyal/samba.conf
# Listen on external interfaces
listen_external = no

Darky

  • Zen Apprentice
  • *
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: Samba access from external
« Reply #4 on: October 24, 2011, 12:23:14 pm »
Thank you.
If others have the same problem: for me it was (on a Zentyal 2.0 machine) /etc/ebox/samba.conf

Will this file be overwritten at some point? For example when the module will be updatet.

christian

  • Guest
Re: Samba access from external
« Reply #5 on: October 24, 2011, 02:02:57 pm »
Will this file be overwritten at some point? For example when the module will be updatet.

You should better have a look at this:
http://trac.zentyal.org/wiki/Documentation/Community/HowTo/CustomizeConfigFiles

Darky

  • Zen Apprentice
  • *
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: Samba access from external
« Reply #6 on: October 24, 2011, 02:36:47 pm »
Thanks. Funny that no one mentioned this after I complained, that an update modified the templates. :)
Is there an example in which not a line is added, but an existing line modified? I actually could use it for
changing the postfix template to not use HELO.

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: Samba access from external
« Reply #7 on: October 24, 2011, 03:43:33 pm »
You don't need a custom stub to listen on external interfaces, we already have a configkey for that, which should be the preferred way in order not to miss any upgrade on the default stub. Configuration files are not overwritten with upgrades and are included in the configuration backup.

innocenti_jr

  • Zen Monk
  • **
  • Posts: 98
  • Karma: +9/-0
    • View Profile
Re: Samba access from external
« Reply #8 on: October 24, 2011, 04:45:18 pm »
Is there an example in which not a line is added, but an existing line modified? I actually could use it for
changing the postfix template to not use HELO.
I'd use sed:
Code: [Select]
sed 's/smtpd_helo_required = yes/smtpd_helo_required = no/g' -i /etc/postfix/main.cf
"The problem with quotes on the Internet is that it is hard to verify their authenticity." - Abraham Lincoln

christian

  • Guest
Re: Samba access from external
« Reply #9 on: October 24, 2011, 05:21:38 pm »
You don't need a custom stub to listen on external interfaces, we already have a configkey for that, which should be the preferred way in order not to miss any upgrade on the default stub. Configuration files are not overwritten with upgrades and are included in the configuration backup.

Good to know. How can we know in advance what is kept vs. what is not ??? and therefore where and when hooks have to be used. Sure one way is to apply some kind of reverse engineering  ;) but having this documented somewhere could help.

innocenti_jr

  • Zen Monk
  • **
  • Posts: 98
  • Karma: +9/-0
    • View Profile
Re: Samba access from external
« Reply #10 on: October 24, 2011, 05:38:12 pm »
For files residing in /etc, have a look at the Debian Policy Manual:
http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files
"The problem with quotes on the Internet is that it is hard to verify their authenticity." - Abraham Lincoln

robb

  • Guest
Re: Samba access from external
« Reply #11 on: October 24, 2011, 07:24:31 pm »
I'm with Pete83 in this one. HOW ON EARTH CAN YOU MAKE SAMBA SHARES AVAILABLE TO THE INTERNET???? (soz for shouting :P ) That's a BIG BIG no go!!

If you want to make Samba shares (in fact ANY internal service) available from the outside, just implement VPN.

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: Samba access from external
« Reply #12 on: October 24, 2011, 07:51:48 pm »
External network doesn't mean necessarily the Internet, can be an external LAN or something like that. Because is not a common configuration is on a confkey and not in the web interface.

Darky

  • Zen Apprentice
  • *
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: Samba access from external
« Reply #13 on: October 25, 2011, 11:06:22 am »
Quote
HOW ON EARTH CAN YOU MAKE SAMBA SHARES AVAILABLE TO THE INTERNET?

jsalamero explained it a few postings above.

Quote
I'd use sed:

Code: [Select]
sed 's/smtpd_helo_required = yes/smtpd_helo_required = no/g' -i /etc/postfix/main.cf

Thank you. I will try this