|
Post by lewinb on Jan 4, 2007 16:19:27 GMT 7
OK. Please someone tell me this is just my problem:
I have smb/cifs turned off, and apple file sharing turned on. I have specific user-level permissions set for folders. On my macbook (OS 10.4.8) , I am able to connect to any volume with full read-write access, without even entering a password, using smb.
I am also able to connect using smb using an older 10.2.8 Sawtooth tower mac, but on that one, I do have to at least enter a password.
So, it looks like there are two problems: 1) smb doesn't really turn off when you tell it to turn off. This is evidenced by my continued ability to login via smb on both Macs, like so: smb://xxx.xxx.xxx.xxx
I should point out that, at least as far as I can tell, access control works properly on Windows, although I only have a crippled Windows ME machine to go by. 2) under at least some circumstances, the read-write and access permissions are ignored.
|
|
|
Post by dbridges on Jan 5, 2007 4:26:05 GMT 7
Turn both apple file sharing and smb off to ensure that it's not using AFP as a fallback automatically.
Remember Mac's are supposed to be easy to use and it's users generally know nothing about SMB and AFP. There's every chance that it's OSX.
Also log in and do the following to confirm that samba is or isn't running.
N2100:~# ps -ef |grep samba 5510 root 2416 S /opt/samba/sbin/smbd 5514 root 2408 S /opt/samba/sbin/smbd 5515 root 1736 S /opt/samba/sbin/nmbd 15553 root 464 S grep samba N2100:~#
And also be aware that AFP on the N2100 is a legacy version of AFP suitable for people running OS8 or OS9 so it may not perform to your full expectations. Best to call Steve Jobs on that one and convince him to get involved in netatalk development.
Stick to smb for your macs. I do, much more stable.
|
|
|
Post by lewinb on Jan 5, 2007 7:04:44 GMT 7
Agreed, I'm hoping that this is just my OS. Although I have installed the ssh module, I can't ssh or telnet into the n2100... I get the following: bruce-lewins-computer:~ lewinb$ telnet 192.168.1.9 Trying 192.168.1.9... telnet: connect to address 192.168.1.9: Connection refused telnet: Unable to connect to remote host bruce-lewins-computer:~ lewinb$ ssh 192.168.1.9 ssh: connect to host 192.168.1.9 port 22: Connection refused However, Check out these two screen captures. This is the info box for a folder... Showing clearly how it's connected. Here, it's connected via afp: becky.mine.nu/~becky/Picture1.pngand here it's connected via smb: becky.mine.nu/~becky/Picture2.pngI guess my point is, mac os x does differentiate between the two. And when both are turned off, there is indeed no access. but even after rebooting the n2100 with afp off, I'm still able to get full access via smb without even authenticating.
|
|
|
Post by dbridges on Jan 5, 2007 8:52:15 GMT 7
With SSH i'm assuming that you Enabled the module??? I guess my point is, mac os x does differentiate between the two. And when both are turned off, there is indeed no access. but even after rebooting the n2100 with afp off, I'm still able to get full access via smb without even authenticating. As for the lack of security in SMB that you're experiencing, i'm quite surprised. My OSX 10.3 machine must authenticate to establish a connection because i turned off public accessibility and set up the ACL on the shares. When i set them up i fully tested the capabilities of the ACL read/write setup and file locking while setting up private user folders and common shared folders and could not fault it. There were some veto files issues in a previous firmware which caused mac issues but they've been resolved. Some screen shots of your n2100 config screens showing your ACL setup might be more helpful.
|
|
|
Post by lewinb on Jan 5, 2007 11:21:16 GMT 7
here you go: becky.mine.nu/~becky/Picture3.pngI checked on a couple other computers (os 10.2.8 and 10.4.7), and it seems my macbook is the only one that will connect with full rights without authenticating. So it could be that this is just my computer , or something particular to intel mac (however unlikely)? Nonetheless it shouldn't even be happening on my computer. I wish these things kept a log of smb access, so I could see what is going on in this exchange. Also, I think they really need to put a proviso or something in the smb admin screen that explains the (apparent?) need to restart after turning service off or on. I think the first few times I did it, I just used the back button, and never saw the reboot screen come up until I clicked on ok today. So that also could have been affecting it, and could be causing this effect: OH, and yeah, I have ssh enabled. Do I have to do something after installing it to get it to work? I tried initializing the root password, and it didn't have any effect.
|
|
|
Post by dbridges on Jan 5, 2007 12:20:49 GMT 7
What firmware are you running? 2.1.01 still has ssh built in so it should just be a matter of holding the reset button on the back for 13(i think) seconds until you hear a beep. 2.1.03 needs the latest ssh module to be installed and then enabled. BOTH will require the password module (at least initially). Your acl looks ok. Check that you dont have public access set on your shares. Have you tried clearing your keychain??? Also 2.1.01 is not so good for mac users.
|
|
|
Post by lewinb on Jan 6, 2007 10:28:55 GMT 7
I have firmware 2.1.03 installed. I found that I had to install it in order to get ANY afp functionality.
I set the folders up as Browsable - Yes, Public - No
|
|
|
Post by dbridges on Jan 6, 2007 19:03:19 GMT 7
I have firmware 2.1.03 installed. I found that I had to install it in order to get ANY afp functionality. I set the folders up as Browsable - Yes, Public - No You must have managed to pick up some old stock. The thecus n2100 has had functional afp since 2.1.00 and the n2100 has been shipping with that firmware or higher for quite some time. My advice from here is to not use afp. It's for OS8 and OS9 anyway and it greatly underperforms SMB. Even apple have switched over to it with OSX and it's darwin core. Install ssh and set the samba up yourself. If you want to you could look at the samba config used under OSX and mimic that.
|
|
|
Post by lewinb on Jan 7, 2007 12:32:04 GMT 7
it greatly underperforms SMB. Even apple have switched over to it with OSX and it's darwin core. I'm not sure about that... I timed the transfer of two files totalling 954 mb to my n2100 using both smb and afp. using afp, it took 1:56. Using smb, it took 2:15 (clearly, I haven't sprung for a gigabit router yet). Also, Every single one of my mac os X computers still uses afp as mac "native" file sharing. Yes, they do have built-in smb sharing, but for regular file sharing, they still default to afp. In any case, I still am unable to get ssh access. And, even after rebuilding the raid (had become "degraded" somehow) and resetting my permissions as before, I was still able to get full access to the volume without authenticating. Additionally, I specifically have it set to not save anything in my keychain. Here is my modules setup showing ssh enabled: becky.mine.nu/~becky/Picture4.png
|
|
|
Post by dbridges on Jan 7, 2007 13:41:59 GMT 7
it greatly underperforms SMB. Even apple have switched over to it with OSX and it's darwin core. I'm not sure about that... I timed the transfer of two files totalling 954 mb to my n2100 using both smb and afp. using afp, it took 1:56. Using smb, it took 2:15 (clearly, I haven't sprung for a gigabit router yet). Also, Every single one of my mac os X computers still uses afp as mac "native" file sharing. Yes, they do have built-in smb sharing, but for regular file sharing, they still default to afp. In any case, I still am unable to get ssh access. And, even after rebuilding the raid (had become "degraded" somehow) and resetting my permissions as before, I was still able to get full access to the volume without authenticating. Additionally, I specifically have it set to not save anything in my keychain. Here is my modules setup showing ssh enabled: becky.mine.nu/~lewinb/Picture4.pngThe screen shot isn't accessable. Try a different SSH client. Like putty. It works. Use AFP if you want but if you dont like the way it works then you need to call Apple and get them to get involved in the netatalk development which is the only AFP client readily available for linux.
|
|
|
Post by lewinb on Jan 7, 2007 14:52:00 GMT 7
oops. Sorry.. I fixed it. You can try it again if you like...
I have never had any trouble with the ssh client built in to mac os X (openssh)... I would imagine that since openssh is a widely distributed and used program, others would have already reported any issues between the n2100 and openssh.
I did, though, download the unix source for putty. I wasn't able to get it to compile. Without an autoconf file, I'm pretty much sunk.
What I meant was that it appeared afp was faster than smb (at least in my short little test)... So I'm not sure what you mean. I don't have any complaints about how afp works... It works great for me. My concern is that I am able to log in via smb without any authentication. The fact that I can only do this on my newest computer makes me somewhat less concerned, but suggests the slight possibility that maybe (again, however unlikely) that this is just something specific to intel macs.
I'm guessing that there's some way to check logs to find out what's going on, once I am able to ssh into the n2100?
|
|
|
Post by dbridges on Jan 7, 2007 17:11:24 GMT 7
There is very little logging on the n2100 because it only has a 32MB flash memory to hold everything.
It doesn't leave much room for detailed logs.
|
|
|
Post by getmythe on Jan 7, 2007 17:46:47 GMT 7
Mac OS X has a built in network diagnostics tool! Launch 'Network Utility' found in directory /Applications/Utilities. Change to tab 'port scan' and enter the IP of your N2100.
If port 22 is listed as open, sshd is running. If port 139 is listed, smbd is running.
As for afp: It offers be far the fastest transfers of any protocol available on the N2100! Be careful though to only access afp enabled shares with afp itself. Never ever have smb or any other protocol access afp shares. As dbridges mentioned afp was designed for OS 8/9 only. With OS X Apple changed the way data is stored on non Apple native (e.g. non NFS) drives.
getmythe
PS: In your latest screenshot I noticed that you have the sftp module installed. As of firmware revision 2.1.03 the ssh daemon has been removed by Thecus. The ssh module will therefore enable sshd and sftp itself for revision 2.1.03. There's no need for the sftp module anymore.
|
|
|
Post by lewinb on Jan 7, 2007 18:09:15 GMT 7
OK, I stopped the sftp module, and then restarted the sshd module. NOW port 22 shows up. So it was either the sftp module causing problems, or an inexplicable need to restart the module. I rebooted the n2100, and the port was still open, so apparently it seems a safe bet that: In firmware 2.1.03, the running the sftp module will render the sshd module inoperable.(I hope this is right, since I went so far as making it bold)
|
|