Windows network share on linux server without samba

4

1

I want to mount shared folders from my linux server on the network to appear like normal drives in Windows.

The server has a private network on one side and a public network (which happens to give me a semi-static IP on the internet) on the other side. I am using both networks and want a samba-like filesharing ability.

Why not samba:

  • it has no encryption
  • it spams the public network
  • it is said to be very unsafe

At the moment I use sftp mainly and I would love to have some shares integrated into windows, is this possible? If there is a way to secure and harden samba, especially adding encryption - transfer and login - it would be fine too though.

Edit: To make it more clear, I allready use WinSCP so I am not looking for an FTP-like client software but for an integration comparable to samba. (mount network share, assign drive letter)

Edit2: I think further Explanation is needed how my network looks like:

I live in one of the universities dorm appartements, and can access the universities network from my room. My server/router (same box) is connecteted to the network which hands out an IP via DHCP which is accessible through the internet, too. Thats why I call it semi-static, it basically does not change unless I switch my server off for more than a few days. As that box works as my router I have a private network on the other side too.

As long as I am within the reaches of the universities network (read most of the day) I want to access my servers files. Simple sollution would be to allow all internal adresses of the universities network, but I do not trust this network to be safe. I still want access to the files, not through a client bases sollution like WinSCP or FileZilla offer, but a true integration as a filesystem.

Baarn

Posted 2012-01-27T12:44:23.523

Reputation: 6 096

1Re "it spams the public network": This is not related to file sharing at all; the nmbd daemon is used for name resolution and can be simply disabled. Re "it is said to be very unsafe": In terms of what? Exploit count? All of them are specific to Windows. Lack of authentication? Authentication is supported by SMB since early 1990's. Encryption? Set up OpenVPN. – user1686 – 2012-02-01T15:01:43.153

what is a semistatic IP? That still makes it dynamic in my mind. Nobody uses Samba over internet, cause its slow, but it works well in a home/corporate LAN. If you want to mount shares over internet. Samba Over SSH Tunnel also slow.. VPN is faster.. but also slow with rubbish internet.. FTP works well wherever on the net.. hence the invention of it. – Piotr Kula – 2012-02-01T15:08:33.550

@ppumkin: I edited my question. – Baarn – 2012-02-01T16:29:48.430

@grawity: I read multiple times that it is a bad idea to have a samba server on a machine that is directly connected to the internet. – Baarn – 2012-02-01T16:35:21.130

@WalterMaier-Murdnelch Please define directly connected to the internet.. You mean a lan cable plugged into the mode/router?That poses no threat for incomming hacks. Or, explicilty setting the machine as DMZ and exposing all the ports.. but still you have to disable iptables on linux.. It is not that simple.- But if you do that its your own fault for leaving the garage door wide open with a sign saying keys are in the glove box. PS. Please do not steal. – Piotr Kula – 2012-02-02T12:49:48.670

@WalterMaier-Murdnelch Please stop using semi-static.. ahahah. You have a Dynamic (LAN) IP, you will always get a different one when you reboot. I suggest you DONT use windows, but a VirtualMachine running freenas8 nightly with SAMBA2- it works a charm. Using Samba over SSH is too much of a pain.. and well. FTP would be great but oyu don't want that. You could also install Windows Server and setup up a domain.. but the client has to log onto the domain which is ok of you have a laptop.. but you cant let the UNI comps change domains. Also you could just VPN into your machine and viola! – Piotr Kula – 2012-02-02T13:08:46.230

@ppumkim: directly connected to the Internet: server IP (eth0) is available from everywhere around the world, my server is my router (+NAT) for my own "room"-network (eth1). The IP is not leased after reboot, I recieve it from the Universities DHCP server, leasetime is >3 days. I cannot use linux on this laptop, unless you have an nvidia-optimus driver and I sure will not even consider using windows on my server. – Baarn – 2012-02-02T14:48:30.653

Answers

3

This question on StackOverflow might be of interest.

Dokan seems to be an interesting way to mount network locations more safely.

Der Hochstapler

Posted 2012-01-27T12:44:23.523

Reputation: 77 228

Link is dead. Has Dokan ceased to exist, or just moved to another site? – DarenW – 2018-02-18T18:03:36.310

@DarenW I found another link. Can't really judge the validity, as this topic is a bit old. – Der Hochstapler – 2018-02-19T12:26:16.827

1

Quick fixup would be sftp / scp / rsync or anything over SSH More permanent solution would be OpenVPN server running on dyndns address and allowing transparent but fully encrypted access.

ZaB

Posted 2012-01-27T12:44:23.523

Reputation: 2 365

0

You could also try http://code.google.com/p/win-sshfs/ sshfs for Windows based on Dokan.

user629926

Posted 2012-01-27T12:44:23.523

Reputation: 146

0

  1. Samba has no encryption because the smb protocol has no encryption, and if you want windows to read your shares that's what you're stuck with.
  2. You can configure things so samba only uses one interface
  3. Sure, if you leave it so it's available to the public network. Keep it private, and you're fine.

Joel Coehoorn

Posted 2012-01-27T12:44:23.523

Reputation: 26 787

Asked: 2012-01-27T12:44:23.523

Viewed: 9 094 times

Active: 2018-02-19T00:01:15.577