Side effect of recent change to more secure defaults like
"lanman auth = No" intentionally?
Günter Kukkukk
samba at kukkukk.com
Wed Apr 2 01:38:45 GMT 2008
Am Dienstag, 1. April 2008 schrieb Frank KInscherff:
Hi Frank,
> HI Guenter:
>
> although this little change of of "lanman auth = no" to obey to the
> security panic overall, I was spending ages to get my environment
> running after I did an upgrade test from ubuntu server 7.10 to 8.04. On
> 7.10 all my backup data and much more goes on a Network device (low
> cost) which I only can access through samba, After the upgrade this
> important drive was gone and started me to panic as one of my hard
> drives began to report errors which indicated dying of this device w/
> still same useful data on one partition.
>
You say "...goes on a Network device (low cost) which I only
can access through samba."
I guess, you mean that you access that NAS by mounting it using
the kernel modules smbfs or cifs - or you use "some samba client
(library) based program" (?)
In case you mount, are those mounts placed into /etc/fstab or do
you use other scripts to mount them?
The smbfs userland helper smbmount and other samba client tools parse
your local smb.conf.
So the entry "client lanman auth = Yes or No" can affect
the possibility to access the NAS.
But _only_ when the NAS needs the "lanman auth" processing,
which would be the case when the NAS is negociating a somewhat
anchient smb protocol dialect.
So, how do you do your backup and your other file storage onto
that NAS?
Cheers, Günter
> I am not a Linux guru like you are, and I still do not understand if I
> would overcome this "yes to no" by setting only the smbpasswd entry
> different and then use the more secure setting to be "no". May be you
> could help me out her w/ a little more step by step shell commands how
> to do it ( I moved from Windows to Linux last year in Autumn getting a
> real Linux fan, but still have some glitches I do not follow, cause I
> use my Desktop and server to run my Marketing Consulting Company -
> although they are all migrated to Linux now).
>
> Apart from that I'd like to say thank you for explaining me the default
> change. It got my Netdisk back. I was then able to do a last Backup om
> my ditchy Disk and swaped it w/ a new one.
>
> Now, in terms of security this change at that time with no clear
> announcement brought me into a very insecure situation in terms of
> loosing a lot of data.
>
> Again thanks a lot
>
> Frank
>
> P.S. If I could go to "no" and still can get to my netdisk this would be
> great!
>
>
>
>
More information about the samba-technical
mailing list