HDsamba2 v3.0 and samba3 with some security easy way...

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
Pandora-Box
DD-WRT User


Joined: 09 Mar 2008
Posts: 218
Location: USA

PostPosted: Wed Aug 12, 2009 22:01    Post subject: HDsamba2 v3.0 and samba3 with some security easy way... Reply with quote
HDsamba2 v3.0 and upgrade to Samba 3 (working on wrt610n, 12606 Eko Mega build, 4-port USB hub, USB printer, multiple USB HDDs, Samba 3)

Note: According to samba.org developers samba2 might be a bit faster than samba3, but samba3 is more reliable writing files (and in may case it did not show slower at all, in contrary a bit faster)

This compilation is based on information included but not exclusive to threads and url listed below.
All Credits for samba installations belong to all contributors to threads and urls below.

Samba 2 Section:

1. Install HDsamba2 v3.0 following steps in here:
1st page of this thread http://www.dd-wrt.com/phpBB2/viewtopic.php?t=46602&postdays=0&postorder=asc&start=0
and
http://www.dd-wrt.com/wiki/index.php/HDsamba2
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=46602&postdays=0&postorder=asc&start=450


Once these steps are completed, there are few adjustments to be made:

2. Modify entries in /opt/etc/init.d/S80samba

change

echo "nobody:*:65000:65000:nobody:/mnt:/bin/false" >> /etc/passwd

to

grep -q nobody /etc/passwd || echo "nobody:*:65000:65000:nobody:/mnt:/bin/false" >> /etc/passwd

also add

grep -q customuser /etc/passwd || echo "customuser::500:500::/tmp:/dev/null" >> /etc/passwd
grep -q customuser1 /etc/passwd || echo "customuser1::501:501::/tmp:/dev/null" >> /etc/passwd
.
.
.

And so on. Where customuserX are arbitrary names, I entered my Windows login user name

(these entries add users to dd-wrt but not to Samba)

3. you need to add users to samba by running command smbpasswd -a (to add an activate new users and set passwords)

This file is in /opt/etc/samba
smbpasswd in /opt/bin does this for you, and saves it permanently.
smbpasswd -a username (when asked for password I assigned the same as Windows login password)

4. Now access SWAT at http://{your-router-IP}:901 (assuming your router is 192.168.1.1 http://192.168.1.1:901) and to log in use root userid (not other) and password you assigned during dd-wrt installation

under Globals tab Advanced View find section Security Options and part pertaining to users

username
valid users
admin users
write list

and enter valid appropriate user names (I used my Windows userid). Make sure you enter users under write list, otherwise you will be able to read but not write to the share.

Note at this time for Samba2, leave it as SHARE under Security options (later under Samba 3 you will have to change it to USER option, but not yet)

Once this is done Commit Changes

5. Go to Shares tab under SWAT and Choose share and from drop down choose data (since this is default installed by HDsamba2 v3.0)

there in fields

username
valid users
admin users
write list

enter valid appropriate user names (I used my Windows userid). Make sure you enter users under write list, otherwise you will be able to read but not write to the share.
Once this is done Commit Changes
Exit SWAT

6. reboot router, remember use telnet/ssh reboot and not GUI reboot!!!
Once back up and running, you should be able to access NAS data share and be able to write to it.

-----------------------------This is the END of section pertaining HDsamba2 v3.0, shares, and users setup-------------------------------------------

--------------------------------------Section below applies to process of samba upgrade samba3-----------------------------------------------------
Samba 3 section:

7. Now important make a copy of your smb.conf file (it will be needed later)

cp /mnt/opt/etc/samba/smb.conf /opt/etc/samba/smb.last and remember file name and location


8. Now remove samba 2.2.12 and install samba 3.2.13 run these:

ipkg-opt remove samba2 (removes samba2 incompatible with samba3, but leaves necessary scripts and ipkg-opt installations)

ipkg-opt install samba (during this installation you will see an error about smb.conf; see below for remedy)

ipkg-opt install samba3-swat

ipkg-opt install cups (optional for samba printing support)

9. Next:
cp /mnt/opt/etc/samba/smb.last /opt/etc/samba/smb.conf
edit smb.conf ( for Windows users, the easiest way is to WinSCP to router (ftp or ssh), find the file and double-click, it should get opened and you should be able to edit it.

Add following 2 entries to [global] section:

interfaces = 192.168.1.1/24 (IP entered should correspond to your router IP; you don’t need to specify IP, you can specify interfaces names, you can read it once SWAT is available)
bind interfaces only = No

10. Run command:
testparm /mnt/opt/etc/samba/smb.conf and press ENTER to see results and errors

IMPORTANT NOTE: after samba 3 install rename /opt/etc/init.d/S08samba to /opt/etc/init.d/S80samba; otherwise Samba will not start after router reboot
original HDsamba2 script in mount.usb is calling for /opt/etc/init.d/S80samba (80 and not 08 )

11. EDIT S08samba or S80samba if you renamed it:

grep -q nobody /etc/passwd || echo "nobody:*:65000:65000:nobody:/mnt:/bin/false" >> /etc/passwd

grep -q customuser /etc/passwd || echo "customuser::500:500::/tmp:/dev/null" >> /etc/passwd
grep -q customuser1 /etc/passwd || echo "customuser1::501:501::/tmp:/dev/null" >> /etc/passwd
.
.
.

And so on. Where customuserX are arbitrary names, I entered my Windows login user name

12. Also in S08samba or S80samba if you renamed it

# set samba_active=1 to activate samba
samba_active=0 (change it to 1 to activate samba)

13. You might re-run command smbpasswd -a to add valid users and passwords

14. To access SWAT you might need to run /opt/etc/init.d/S10xinetd

15. To start samba at this point, run /opt/etc/init.d/S08samba or /opt/etc/init.d/S80samba if you renamed it before, and if you want samba to start at system startup

16.. Now access SWAT at http://{your-router-IP}:901 (assuming your router is 192.168.1.1 http://192.168.1.1:901) and to log in use root userid (not other) and password you assigned during dd-wrt installation

under Globals tab Advanced View find section Security Options security from SHARE to USER for user authentications being effective
also
there in fields

username
valid users
admin users
write list

enter valid appropriate user names (I used my Windows userid). Make sure you enter users under write list, otherwise you will be able to read but not write to the share.
Once this is done Commit Changes
Under SWAT Shares tab edit users for data share and commit changes

15. Reboot router from telnet/ssh not from GUI
and after reboot ps to list processes to see nmbd and smbd running
Try to connect to your \\NAS\data share to see if you can write to it.
Note: for some users NTLM v2 might need to be enabled to login (Vista and higher), but XP and lower should be OK with NTLMv2 disabled

Note: current 12606 build supports LFS (large file system), I was able to write 20 Gb files without any issues, but current proFTP reports wrong file sizes, so you might update to ipkg-opt proftp which supports LFS or wait until dd-wrt dev team update it
I found that FTP transfers are faster than using Windows share file copy.

Note: if you enabled NAS and proFTP, you should be able to access samba share using FTP or SFTP as well

Happy file sharing

_________________
Netgear R7000
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum