HPE Community
Operating System - HP-UX
1836104 Members
3504 Online
110089 Solutions
New Discussion

CIFS / Samba

 
Darrell Allen
Honored Contributor

‎10-17-2002 01:11 PM

‎10-17-2002 01:11 PM

CIFS / Samba

Hi all,

From what I've been reading, Samba seems to be the way to go for sharing files between HPUX and Windows. More and more I'm seeing where it can make my life easier.

Are there any glaring security issues with using Samba?

My initial thoughts are to run the client on HPUX and attach Windows shares. It that more or less of a security concern than running the server on HPUX?

Thanks for whatever thoughts, experiences, or opinions you have on this.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
11 REPLIES 11
John Dvorchak
Honored Contributor

‎10-17-2002 01:42 PM

‎10-17-2002 01:42 PM

Re: CIFS / Samba

I am not aware of any security issues beyond what has already been uncovered with Micro$oft networking in general. In other words it is no less secure than NT or Win2000. I have been using Samba in various production evironments for more than 5 years now, and have been very pleased with the results.

I am not sure of the scenario that you are looking for, but the CIFS client (Samba Client) may not do what you think it will. I would suggest that you down load the CIFS manual and read about the limitations and capabilities of file sharing. I have always used it where I have an HPUX box that I want to share files with to MS Windows clients. The Windows clients "Map" drives to the HPUX box just as if it were another Window NT server on the LAN.

The samba client is really more like ftp than a nfs share. I have yet to find a widespread use for it.
If it has wheels or a skirt, you can't afford it.
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎10-17-2002 02:40 PM

‎10-17-2002 02:40 PM

Re: CIFS / Samba

Darrell,

Depending on what features you want to use of samba, will determine your potential security holes.

The most secure mode you can use is "DOMAIN". This authenticates the PC against the domain server (PDC or ADS) and also matches up the NT username with the unix username.

You should also specify "encrypted passwords".

The latest version of samba has "winbind", which allows for dynamic unix username mapping. In a sense it will maintains a seperate "passwd" file for the connected PC users. If the PC users start a telnet session, they can use the same login and password as their PC network.

Some cool stuff

HTH

-- Rod Hills
There be dragons...
0 Kudos
Reply
Rainer von Bongartz
Honored Contributor

‎10-17-2002 10:28 PM

‎10-17-2002 10:28 PM

Re: CIFS / Samba


As far as I know HP does NOT support winbind in the latest release of CIFS A.01.08 which is based on SAMBA 2.2.3a (which itself has winbind)

Please correct me if I'm wrong here


Regards
Rainer

He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Reply
H.Merijn Brand (procura
Honored Contributor

‎10-18-2002 12:22 AM

‎10-18-2002 12:22 AM

Re: CIFS / Samba

I'm using CiFS-client to mount windows shares on HP-UX. This used to be rumba (*very* unreliable and prone to lockup's), later replaced with (commercial) sharity (good). CiFS client however is shipped for free with HP-UX 11.00 and works OK. Unmount when you're done with the share to prevent problems.

For the connection the other way round' I'm using Samba, not CiFS server. For several reasons.
1. I was using Samba *long* before CiFS was available
2. I'm also using it on HP-UX 10.20, AIX 4.3, and AIX 4.2 (and more OS's in the past, but they have gone). AIX also offers a Samba port, but not for free!
3. I can build it to my own likings. And having to build it on all the other systems make 11.00 just one more make.
Enjoy, Have FUN! H.Merijn
0 Kudos
Reply
Balaji N
Honored Contributor

‎10-18-2002 12:33 AM

‎10-18-2002 12:33 AM

Re: CIFS / Samba

Hi Darrell,

We have been using CIFS client for the past six months for mounting NT shares to Unix machines for taking backup.

We havent placed any problems until now and works pretty good.

Hope this helps.
Regards
Balaji
Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎10-18-2002 04:57 AM

‎10-18-2002 04:57 AM

Re: CIFS / Samba

I tried to reply last night but couldn't get the reply page.

Thanks for your replies. My primary goal is to be able to create reports from Mfg/Pro batches and write them to a Windows share. Secondly, to allow Mfg/Pro users to write to a Windows share.

Currently I (and my users) ftp the reports to Windows. There isn't a need to present Windows files to HPUX although that could obviously be helpful.

I'm okay with Windows users mapping HPUX shares but I do not want HPUX users mapping / mounting Windows shares. My first thought was that I'd use CIFS client to do that when the system boots. If, however, the HPUX client is more like ftp or if using it I should unmount the Windows share each time, then it sounds like I need to use CIFS server on HPUX.

More comments are appreciated.

Thanks,
Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎10-18-2002 05:50 AM

‎10-18-2002 05:50 AM

Re: CIFS / Samba

Darrell,

TO give windoze users access to HPux filesystems, you run the cifs-server on the HP machine.

To give HPux users/processes access to windozing fileshares, you would run the client on the HPux box.

I like samba and hp's twisted cifs version. And I have used both with cleint and server model.

As far as security goes, any process that "listens" to ports is a potential entry point. cifs and samba are decent. I would never put either on an unsecured/untrusted network.



live free or die
harry
Live Free or Die
0 Kudos
Reply
Darren Prior
Honored Contributor

‎10-18-2002 06:56 AM

‎10-18-2002 06:56 AM

Re: CIFS / Samba

Hi Darrell,

From my experience more people use CIFS server than the client, though the client usage is increasing. If you're using CIFS/9000 then you have 2 possible clients: smbclient and CIFS client. The smbclient is more like an ftp client (I use it for testing CIFS shares), but the CIFS client is as transparent as NFS (IMHO.)

If you want to keep your data on the Windows box then CIFS client is best, but you can run both client and server on a box if you choose.

I think you can pretty much control what your HP-UX users can access and non-root users won't have much choice anyway - check out the Administering CIFS Client manual which is installed with CIFS/9000 or available on http://docs.hp.com.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
John Poff
Honored Contributor

‎10-18-2002 07:58 AM

‎10-18-2002 07:58 AM

Re: CIFS / Samba

Hi Darrell,

We've been using Samba here for about three years now and we're pretty happy with it. You can configure Samba to be pretty secure, but as others have mentioned there are always vulnerabilities with any software, especially one using network protocols listening on ports. For in-house use on your network, to provide HP-UX directories as shares to Windows users, it works great.

JP
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎10-18-2002 12:56 PM

‎10-18-2002 12:56 PM

Re: CIFS / Samba

Thanks all,

I like the idea of CIFS/9000 Client but wonder how to automate the user authenication. So maybe Server will be more appropriate for me.

Anyway, it's obvious I have much more studying to do on the subject before I can decide.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Darren Prior
Honored Contributor

‎10-21-2002 02:04 AM

‎10-21-2002 02:04 AM

Re: CIFS / Samba

Hi Darrell,

Check out the -s option for cifslogin which allows you to save the password. There are some notes on the security implications of this. You may also be interested in the guestUser option in the config file.

The above info can be found in the "Installing and Administering the CIFS/9000 Client" manual installed with CIFS/9000 or on http://docs.hp.com

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.