[Samba] Re: samba as a replacement for ftp
Francis Lau
fkwlau at fitch.math.uwaterloo.ca
Tue Feb 25 18:49:36 GMT 2003
Thank you all for all your inputs. After evaluating our options, I think
we are going to do it the way MIT does it -- use a kerberized FTP server
and use Filezilla as the client for Windows and Fetch as the client for
Mac. Or we will use sftp. Don't know which path we are heading yet.
By using this solution, we *hope* that will solve all our problems.
Problems that we wish to address include security (kerberos is fine),
chroorting (http://chrootssh.sourceforge.net/docs/chrootedsftp.html, but
yet to have tried it), quota limitation (use native solaris quota), and
finally, ease of use to some extend (don't you just wish that all users
know how to scp and/or use UNIX?...sigh).
Last but not least, we have to serve users using win98/2k/nt/xp AND Mac OS
X. that's why vpns may not work -> mac os x doesn't use WINS! and
besides, getting the user to set their computers up to use vpns may just
flood the help desk with calls. the staff there will hate us for
this.....
in any case, thank you all, again, for all your generous comments.
Hopefully my small description to our solution will help anyone who is
also going down this path.
Francis
On Tue, 25 Feb 2003, jason wrote:
> my .02,
>
> run ssh on the server and use winscp as the client.
> http://winscp.vse.cz/eng/download.phpB
> It looks like like ftp to the windoze users.
> And there is really nothing to install.
> http://winscp.vse.cz/download2.php?file=WinSCP2.exe
>
> On Tue, 25 Feb 2003, mark wrote:
>
> > On Tuesday 25 February 2003 15:50, Francis Lau wrote:
> > > As we do not have a very computer literate user base, we need to keep
> > > things simple. I've looked at coupling samba with ssl or kerberos, but
> > > both techniques will require the user to install a client and/or other
> > > software on their end. We are trying to avoid this and let the users save
> > > their files onto the server as though their share is on their local
> > > computer. Are there currently any other methods (samba or not) that would
> > > allow us to achieve this? (Samba's native encrypted passwords work great
> > > in this sense because the users do not have to do anything at all other
> > > than connecting to the server. Of course, the encrypted passwords are not
> > > very safe to begin with...)
> > >
> >
> > You are in between the proverbial rock and the proverbial hard place. I don't
> > know enough about other systems to really do this. My personal inclination
> > is to put security first and ease of user second. Which probably explains
> > all the yelling at my house when I tried to get my wife to use *nix. She now
> > uses windows and I provide the firewall on the *nix computer. But I digress.
> >
> > I thought that setting up a vpn connection with windows didn't involve users
> > adding different software. I've never done it, though.I know it may require
> > you to educate your users, but in my opinion you're going to be better off in
> > the end.
> >
> > There may be software that will allow users to access their filesystem via
> > https. I vaguely remember something like that. I might have been dreaming.
> > Or seen it on bugtraq with an announcement of some massive security hole.
> >
> > I'm hoping more technically adept people than myself chime in to give you
> > suggestions that better fit your criteria.
> >
> > mark
> >
> > ps Have you checked the archives? I know I've told people in the past flat
> > out NOT to do what you are thinking of, but I can't remember the response
> > from others. Worth a shot.
> >
> > mark
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
>
More information about the samba
mailing list