[Samba] Re: samba as a replacement for ftp

Steve Williams swilliams at rinax.com
Tue Feb 25 17:22:59 GMT 2003 

Hi,

I do this from all over the country as I travel with my laptop.

PPTP into a VPN concentrator that brings my laptop onto the LAN via the VPN.

PPTP is the VPN connection that is included in almost every version of 
Windows from 98SE onwards.  It's pretty simple for even computer 
illiterate people to use.

We have a fancy CISCO VPN concentrator at work now, but I originally 
configured this using an OpenBSD box running the PopTop.  It took a 
little massaging to get it to work, but it was 100% reliable.

The technology works, but the whole infrastructure needs to be 
examined.  The Windows browsing works primarily on broadcasts, so this 
can really break if you are not careful on your subnetting.

I found the "proper" solution was to go to a WINS server, but again, 
know what you are doing!

Cheers,
Steve

mark wrote:

>On Tuesday 25 February 2003 15:50, Francis Lau wrote:
>  
>
>>As we do not have a very computer literate user base, we need to keep
>>things simple.  I've looked at coupling samba with ssl or kerberos, but
>>both techniques will require the user to install a client and/or other
>>software on their end.  We are trying to avoid this and let the users save
>>their files onto the server as though their share is on their local
>>computer.  Are there currently any other methods (samba or not) that would
>>allow us to achieve this?  (Samba's native encrypted passwords work great
>>in this sense because the users do not have to do anything at all other
>>than connecting to the server.  Of course, the encrypted passwords are not
>>very safe to begin with...)
>>
>>    
>>
>
>You are in between the proverbial rock and the proverbial hard place.  I don't 
>know enough about other systems to really do this.  My personal inclination 
>is to put security first and ease of user second.  Which probably explains 
>all the yelling at my house when I tried to get my wife to use *nix.  She now 
>uses windows and I provide the firewall on the *nix computer.  But I digress.  
>
>I thought that setting up a vpn connection with windows didn't involve users 
>adding different software.  I've never done it, though.I know it may require 
>you to educate your users, but in my opinion you're going to be better off in 
>the end.  
>
>There may be software that will allow users to access their filesystem via 
>https.  I vaguely remember something like that.  I might have been dreaming.  
>Or seen it on bugtraq with an announcement of some massive security hole.
>
>I'm hoping more technically adept people than myself chime in to give you 
>suggestions that better fit your criteria.  
>
>mark
>
>ps  Have you checked the archives?  I know I've told people in the past flat 
>out NOT to do what you are thinking of, but I can't remember the response 
>from others.  Worth a shot.
>
>mark
>
>  
>

More information about the samba mailing list