Please enable javascript, or click here to visit my ecommerce web site powered by Shopify.

Community Forum > SMB access and workgroup

Hi

I've got a couple of questions about the SMB server in QuantaStor 4 (running the latest updates).

- Is it possible to change the workgroup the SMB server uses? It defaults to "workgroup", but presumably it's possible to change this? I don't have an AD environment.

- Is it possible to restrict SMB traffic to one interface? I imagine I'd be able to do this with iptables but would need to know which script to modify to ensure my rules persisted a reboot. I'm envisaging having segregated management and data NICs and would like to enforce what traffic is permitted on each.

Thanks for a marvellous product,

Giles

January 30, 2018 | Registered CommenterGiles Moss

Hi Giles,
I think you may be able to edit that in the /etc/samba/smb.conf file directly to change 'workgroup = ANOTHERGROUP' in the globals section then restart the services:

service samba restart
service quantastor restart

Looking at the code we unfortunately have some spots that look for "WORKGOUP" and if it is set to something else we assume we're in a domain and call into winbind to get some user info. It think that that is pretty harmless though so you might give it a go and if it doesn't work out then switch it back. We'll get a ticket opened for this and will address it in an upcoming release. Our 4.5 release due out next month is already locked down but I'll see if we can get it into 4.6.

>Thanks for a marvellous product,

Thanks!

January 30, 2018 | Registered CommenterSteve

regarding limiting SMB access to a specific interface this article has some good information here:
https://www.samba.org/samba/docs/server_security.html

In short, you can edit the [globals] section of the SMB configuration file and put in an interface list like so:


[globals]
interfaces = eth* lo
bind interfaces only = yes

And that can restrict access to specific ports. From what I can see this is a global only option so it looks like we cannot use to to restrict access to specific virtual ports on a per share/pool basis.

January 31, 2018 | Registered CommenterSteve

HI Giles,
We have addressed the WORKGROUP setting in engineering ticket QSTOR-4428 which is in for QuantaStor v4.5. It doesn't allow editing it from the WUI but it makes it so you can edit the setting in the smb.conf and it'll still see it as a workgroup and not an AD domain by mistake.
Best,
-Steve

January 31, 2018 | Registered CommenterSteve

Hi Steve

That's great, thanks for your guidance and fast turnaround on the ticket! I'll have a play with both those once v4.5 comes out.


Kind regards
Giles

February 4, 2018 | Registered CommenterGiles Moss