Solution-Two options: How can I make NAS device stay Online?

[pigdog]

Hi,

I did find this site http://wiki.dns323.info/howto:bettersamba but I'm a little too intimidated to try it.

[nite_man]

Hi,

I did find this site http://wiki.dns323.info/howto:bettersamba but I'm a little too intimidated to try it.

I used that site when tuned my DNS-321. I setup SSH and transmission via fun_plug. The advantage of this approach is that the firmware of the NAS is not modified. To restore everything in the factory setting the fun_plug directory should be just removed.

I also faced with problem when NAS disappears time to time. So, I disabled its detection, added it to the fstab and made symlink in the videos, audio and pictures manually. I know this is dirty solution. But at least the media content from the NAS is available all time.

[colinjones]

I don't think it would be wise to sacrifice security merely because some NAS vendor refuses to enter the 21th century.

As I say, Zaerc, I don't see how this is sacrificing any security for LMCE. Its simply allowing LMCE to use a NAS that is already insecure. LMCE itself is no less secure, the only real exploit is for a man-in-the-middle attack, which would be exceedingly difficult to achieve on the "internal" network, particularly because you can't get "in the middle" on a switched, single segment LAN, effectively. Either way, it only appears to be this NAS so far, so I'm not really bothered, a wiki article would be just as good. Not sure how a new template, pnp'ing on the MAC address would work because the config change required seems to be global rather than share specific....

[ccoudsi]

Here’s my situation, I have 810 latest release, and DNS-323 with 1.05 FW, with password,  I was able to view & play all my media from the core orbitor and MDs without any problem, but I was not able to see any media from the webadmin, so reading this thread I upgraded my NAS to 1.07, and added this workaround.

As a workaround, users who need to access security=share servers can add 'client lanman auth = yes' to the [global] section of /etc/samba/smb.conf on their hardy client systems, to enable negotiation of this weak authentication protocol.

Now I don’t see anything any more not from orbitor nor from the webadmin here’s my log output

Code:

dcerouter_1000407:/usr/pluto/bin# sudo smbclient -U admin%linuxmce --list=//192.168.80.139
Domain=[MSHOME] OS=[Unix] Server=[Samba 3.0.24]

        Sharename       Type      Comment
        ---------       ----      -------
        BT              Disk
        web_page        Disk      Enter Our Web Page Setting
        lp              Printer   USB Printer
        Volume_1        Disk
        Multimedia      Disk
        IPC$            IPC       IPC Service (Dlink-DNS323)
Domain=[MSHOME] OS=[Unix] Server=[Samba 3.0.24]

        Server               Comment
        ---------            -------
        CC-SERVER            Charlie's server
        DNS-323              Dlink-DNS323

        Workgroup            Master
        ---------            -------
        LINUXMCE             DCEROUTER
        MSHOME               DNS-323
dcerouter_1000407:/usr/pluto/bin#

Code:

dcerouter_1000407:/usr/pluto/bin# sudo ping -qnc 1 -W 1 192.168.80.139 &>/dev/null
dcerouter_1000407:/usr/pluto/bin# echo "$?"
0
dcerouter_1000407:/usr/pluto/bin#

Code:

linuxmce@dcerouter:~$ smbclient //localhost/pub
Enter linuxmce's password:
session setup failed: NT_STATUS_LOGON_FAILURE
linuxmce@dcerouter:~$

Any Ideas???

[pigdog]

Hi Charlie,

I'm curious as to why the Server is CC-SERVER Comment Charlie's server and not Server DCEROUTER comment DCERouter.?

Did you change the server string/netbios name in /etc/samba/smb.conf?

[ccoudsi]

I have another PC server "CC-server" on the internal network, but it is not used by LinuxMCE
No I did not change

Did you change the server string/netbios name in /etc/samba/smb.conf?

What do I need to do??

[pigdog]

Hi Charlie,

So then ...

The DNS-323 has username/password and linuxmce as workgroup, plus volume_1 is read/write and assigned to user=username.  The dlink in the webadmin device tree has username/password that matches DNS-323 and password required checked.  On the Core/hybrid running 810, /etc/samba/smb.conf has client lanman auth = yes programmed in the global section (without quotes) and you restarted the samba service on the core/hybrid after making the changes?

After all that was done is online checked against the Dlink in the device tree view for the share volume?

P.S.  Are you using Linuxmce directory structure?

[ccoudsi]

Yes, correct I attached my screenshot, FYI.
Yes, I'm using LMCE directory structure

Here's the smb.conf changes

Code:

[global]
## BEGIN : Domain and Hostname

        workgroup = LinuxMCE
        server string = DCERouter
        netbios name = DCERouter

## END : Domain and Hostname
        smb ports = 139
        log level = 2
        invalid users = root
        log file = /var/log/samba/log.%m
        max log size = 1000
        syslog = 0
        encrypt passwords = true
        socket options = TCP_NODELAY
        dns proxy = no
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
        username map = /etc/samba/usermap.txt
        unix extensions = yes
        security = user
        client lanman auth = yes

[public]

[ccoudsi]

Here's  my other 2 screen shots.
BTW, I'm using a shared folder called Multimedia under Volume1, as read only !!

[pigdog]

Hi,

Prior to having a user defined on the DNS-323 shares Volume_1 and Volume_2 are marked using account "ALL" access.  

You delete the "ALL" volumes and re-add the volume(s) against the user account.

Your Share Name by default on the DNS-323 should be Volume_1.  

The only way I know that the Volume_1 or Volume_2 name can be changed from default on the DNS-323 is by installing fun_plug scripts and other hacks. on the DNS

Are you running a hacked DNS-323?

[ccoudsi]

No, I'm not running anything special, I was using this setup with 710, and 810 without a problem until I upgraded the firmware to 1.07 !!
The installation of the NAS was PnP.
The reason I upgraded to 1.07 so I can update my media images & tags from the web admin

[ccoudsi]

I didn't change any names I attached my NAS folder setup

[pigdog]

O.K

With the ALL in the DMS-323 settings you don't need passwords.

When you create a username/password you delete the ALL entries and re-add them using against the user account.

So in your instance you do not need changes to /etc/samba/smb.conf, or a username/password or password required checked in webadmin device tree.

You are using linuxmce directory structure so your media should be in that tree, not in a separate multimedia directory which would be more like a public directory.

[ccoudsi]

Thanks Pigdog, I will remove the password and smb.conf modification & I will let you know the results

[pigdog]

Hi Charlie,

LinuxMCE directory tree on the DNS is as follows...

public
  - data
      - pictures
      - audio
      - documents
      - videos
      - games
      - pvr

Your multimedia stuff can be plugged into these folders and when you go through the main directory Media> Videos, for example, that's where your movies are.

Instead off deleting everything in samba, webadmin.  just deleted you ALL shares on the DNS and re-add them with the user account.