Samba server project on POGO-V4-A3-01 + 2017.07 U-Boot Kirkwood + kernel linux-5.9.3-kirkwood-tld-1 + Debian 5.2.9 rootfs November 11, 2020 07:15PM |
Registered: 4 years ago Posts: 17 |
root@debian:~# fw_printenv set_bootargs set_bootargs=setenv bootargs console=ttyS0,115200 root=LABEL=rootfs rootdelay=10 $mtdparts $custom_params root@debian:~# fw_printenv bootargs bootargs=console=ttyS0,115200 root=LABEL=rootfs rootdelay=10 mtdparts=orion_nand:2M(u-boot),3M(uImage),3M(uImage2),8M(failsafe),112M(root)The label of the /dev/sda1 partition has to be rootfs for this to work. If both usb-stick with label rootfs is in the top slot (under the plastic hood there is a USB-connector and a SATA connector) and a SATA harddisk with label rootfs on first partition is detected, the Pogo v4 seems to prefer the usb-stick. You will have to mount the SATA first partition manually with something like:
mkdir /media/sataHDD mount /dev/sdb1 /media/sataHDDwhen preparing your SATA rootfs directly from Pogo v4. I tried to set up rootfs both from Linux Mint 20 (extracting the Debian-5.2.9-kirkwood-tld-1-rootfs-bodhi.tar.bz2) as well as extracting a file directly on the Pogo v4 to the first partition on SATA HDD. Linux Mint 20 was way quicker... but both ways work.
rootfsMountPoint="/media/$USER/rootfs" StoreInDir="/home/$USER/" identifier="SATA-samba-server" dateOfArchiving="20201111" osRelease="Debian10" kernelVersion="5.9.3" StoreFileWithName="$osRelease-$kernelVersion-kirkwood-tld-1-$identifier-$dateOfArchiving-rootfs.tar.bz2" tar -cpjvf $StoreFileWithName -C $rootfsMountPoint .Question about if it is useful to use the tar option --sort=inode
/etc/rc.localresiding on rootfs partion Debian-5.2.9-kirkwood-tld-1-rootfs-bodhi.tar.bz2 sitting physically on
/dev/sda1which made me realize that /etc/rc.local is probably not run more than once on first boot. I got the same error on Linux Mint 20 as with Ubuntu 20.04 when it comes to the bug when openssh updates and the old keys suddenly are considered wrong. The result is that SSH port 22 never comes up after reboot, thus rendering the machine unusable if the keys cannot be re-generated. See these posts about that issue.
#!/bin/bash LOGFILE="/var/log/renewSSHkeys.log" /bin/echo $(/bin/date) "Renewing SSH keys" >> "$LOGFILE" # List the contents of the folder /bin/ls -al /etc/ssh >> "$LOGFILE" /bin/echo "$ /bin/ls -al /etc/ssh" >> "$LOGFILE" # Delete all files in pattern /etc/ssh/ssh_host_* /bin/rm /etc/ssh/ssh_host_* /bin/echo "$ rm ssh_host_*/etc/ssh" >> "$LOGFILE" # List the contents of the folder /bin/ls -al /etc/ssh >> "$LOGFILE" /bin/echo "$ /bin/ls -al /etc/ssh" >> "$LOGFILE" # Re-generate SSH-keys /usr/bin/ssh-keygen -A /bin/echo "$ /usr/bin/ssh-keygen -A" >> "$LOGFILE" /bin/echo "Tried to renew SSH keys. Check the following if new keys were created:" >> "$LOGFILE" # List the contents of the folder /bin/echo "$ /bin/ls -al /etc/ssh" >> "$LOGFILE" /bin/ls -al /etc/ssh >> "$LOGFILE" /bin/echo "Done." >> "$LOGFILE" unset LOGFILE exit 0
Megabytes (MB) Mebibytes (MiB) 1 MB 0.95367431640625 MiB 2 MB 1.9073486328125 MiB 3 MB 2.8610229492188 MiB 4 MB 3.814697265625 MiB 5 MB 4.7683715820312 MiB 6 MB 5.7220458984375 MiB 7 MB 6.6757202148438 MiB 8 MB 7.62939453125 MiB 9 MB 8.5830688476562 MiB
Gigabytes (GB) Mebibytes (MiB) 1 GB 953.67431640625 MiB 2 GB 1907.3486328125 MiB 3 GB 2861.0229492188 MiB 4 GB 3814.697265625 MiB 5 GB 4768.3715820312 MiB 6 GB 5722.0458984375 MiB 7 GB 6675.7202148438 MiB 8 GB 7629.39453125 MiB 9 GB 8583.0688476562 MiB
Gigabytes (GB) Gibibytes (GiB) 1 GB 0.93132257461548 GiB 2 GB 1.862645149231 GiB 3 GB 2.7939677238464 GiB 4 GB 3.7252902984619 GiB 5 GB 4.6566128730774 GiB 6 GB 5.5879354476929 GiB 7 GB 6.5192580223083 GiB 8 GB 7.4505805969238 GiB 9 GB 8.3819031715393 GiBIn the following example, the hard drive sits on /dev/sda. That may not be suitable in your case. On your system rootfs could sit on /dev/sdb, /dev/sdc or even /dev/sdd depending on how many things you have connected.
Device Start End Sectors Size Type /dev/sda1 2048 7815167 7813120 3.7G Linux filesystem /dev/sda2 7815168 468490239 460675072 219.7G Linux filesystem /dev/sda3 468490240 488022015 19531776 9.3G Linux filesystem /dev/sda4 488022016 488397133 375118 183.2M Linux swapEDIT: With 512MB swap partition it could look like this
/dev/sdd1 2048 7815167 7813120 3,7G Linux filesystem /dev/sdd2 7815168 468490239 460675072 219,7G Linux filesystem /dev/sdd3 468490240 487397375 18907136 9G Linux filesystem /dev/sdd4 487397376 488396799 999424 488M Linux swapEDIT: As indicated in a post below, we can use a swapfile instead of a swap partition.
cd /
dd if=/dev/zero of=/swapfile bs=1024 count=488
#mkswap /swapfile
#chmod 600 /swapfile
#swapon /swapfile
# Add /swapfile to /etc/fstab
#echo "/swapfile none swap sw 0 0" >> /etc/fstab
A rootfs partition on
/dev/sda1was set to 4GB = 3.7 GiB.
/dev/sda4was set 1.5 times the RAM = 192MB = 183MiB allocated at the very end of the disk.
cd /
#dd if=/dev/zero of=/swapfile bs=1024 count=488
mkswap /swapfile
chmod 600 /swapfile
swapon /swapfile
# Add /swapfile to /etc/fstab
echo "/swapfile none swap sw 0 0" >> /etc/fstab
For swap partition:
# Make linux swap partition work swapPartition='sda4' umount /dev/$swapPartition mkswap /dev/$swapPartition swapon /dev/$swapPartition swapon --show #Expected result: #mkswap: /dev/sda4: warning: wiping old swap signature. #Setting up swapspace version 1, size = 183.2 MiB (192053248 bytes) #no label, UUID=aaaaaaaa-0000-1111-abcd-123456789abc function get-UUID-of-disk () { #echo "${@:1}" for v in /dev/disk/by-uuid/* ; do echo "`readlink $v`: $v" | grep ../"${@:1}" | cut -d\: -f2 | cut -d/ -f5 ; done } echo "UUID=$(get-UUID-of-disk $swapPartition) none swap defaults 0 0" >> /etc/fstab #nano /etc/fstab cat /etc/fstabThe public share on
/dev/sda3was set to 10GB = 9.3GiB and
/dev/sda2was set to the remainder of the drive.
mkfs.ext4 /dev/sda1 mkfs.ext4 /dev/sda2 mkfs.ext4 /dev/sda3 tune2fs -L rootfs /dev/sda1 tune2fs -L secure /dev/sda2 tune2fs -L public /dev/sda3 # Swap partition cannot be labeled # tune2fs -L swap /dev/sda4 e2label /dev/sda1 rootfs e2label /dev/sda2 secure e2label /dev/sda3 public e2label /dev/sda4 swap
# Example of how to clear bash history and avoid logging commands on linux # If you add "[ \t]*" to your HISTIGNORE variable you can make any command be ignored by starting it with a space. HISTCONTROL=ignoreboth HISTIGNORE="&:ls:cp:mv:[bf]g:exit:pwd:clear:mount:umount:sshpass:ssh:rm:rmdir:[ \t]*" history -c unset HISTFILE # That disables writing the history file, while it still allows to cycle # through the last commands using up/down keys. # Disable history rm ~/.bash_history history | tail -10Login can be made with sshpass on the default port 22 or other port specified with -p #### option
ipAddress='xxx.yyy.zzz.aaa'
myPassWord='Hack-Me-Now-Please!'
sshpass -p "$myPassWord" ssh -o StrictHostKeyChecking=no root@$ipAddress -p 22
unset myPassWord
# For SSD: vm.swappiness=1 # For old SATA harddisk 5 -> 35 for new cat /proc/sys/vm/swappiness # Expected result: 60 # Edit or add line vm.swappiness: # vm.swappiness=5 nano /etc/sysctl.conf # or if this line is not in /etc/sysctl.conf # add it at the bottom of the file echo "vm.swappiness=5" >> /etc/sysctl.conf
# Check what is in the file first cat /etc/default/locale # Fix echo LANG=C > /etc/default/locale echo LANGUAGE=C >> /etc/default/locale echo LC_CTYPE=C >> /etc/default/locale echo LC_NUMERIC=C >> /etc/default/locale echo LC_TIME=C >> /etc/default/locale echo LC_COLLATE=C >> /etc/default/locale echo LC_MONETARY=C >> /etc/default/locale echo LC_MESSAGES=C >> /etc/default/locale echo LC_PAPER=C >> /etc/default/locale echo LC_NAME=C >> /etc/default/locale echo LC_ADDRESS=C >> /etc/default/locale echo LC_TELEPHONE=C >> /etc/default/locale echo LC_MEASUREMENT=C >> /etc/default/locale echo LC_IDENTIFICATION=C >> /etc/default/locale echo LC_ALL=C >> /etc/default/locale
apt-get install fuse
apt-get install samba cryptsetup console-setup openssl ntfs-3gCreate some new test groups for access levels: users, sambasecurity
addgroup users addgroup sambasecurity # Show groups on system getent group | awk -F: '{ print $1}'Create some test users: writepublic writesecure writeencrypted
function randompw () { LC_ALL=C tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' </dev/urandom | head -c 32 ; echo } userName=writepublic # Add user without home directory # useradd -M -g users -d /home/$userName -s /bin/bash -p $(randompw | openssl passwd -1 -stdin) $userName # Add user with home directory useradd -m -g users -d /home/$userName -s /bin/bash -p $(randompw | openssl passwd -1 -stdin) $userName # Add samba user plus password sambaPassword='bird' (echo "$sambaPassword"; echo "$sambaPassword") | smbpasswd -s -a $userName userName=writesecure useradd -m -g users -G sambashare -d /home/$userName -s /bin/bash -p $(randompw | openssl passwd -1 -stdin) $userName sambaPassword='cat' (echo "$sambaPassword"; echo "$sambaPassword") | smbpasswd -s -a $userName userName=writeencrypted useradd -m -g users -G sambashare,sambasecurity -d /home/$userName -s /bin/bash -p $(randompw | openssl passwd -1 -stdin) $userName sambaPassword='dog' (echo "$sambaPassword"; echo "$sambaPassword") | smbpasswd -s -a $userName unset sambaPasswordYou can change the password of these users with lines like this example:
userName=writepublic passwd $userName # or password='newPassword' usermod --password $(openssl passwd -1 $password) $userName unset passwordMount the public and secure partitions:
mkdir /mnt/secure mkdir /mnt/public echo "LABEL=public /mnt/public ext4 defaults 0 0" >> /etc/fstab echo "LABEL=secure /mnt/secure ext4 defaults 0 0" >> /etc/fstab mount -a
# Create Samba directories for testing mkdir -p /media/diskNTFS mkdir /media/diskNTFS-2 mkdir /media/diskNTFS-3 mkdir /media/diskEXT4 mkdir /media/diskEXT4-2 mkdir /media/diskEXT4-3 mkdir /media/sdcard mkdir /media/usbstick mkdir /media/usbstick-2 mkdir /media/usbstick-3 mkdir -p /mnt/luks-media-crypt/luksEXT4 mkdir /mnt/luks-media-crypt/luksEXT4-2 mkdir /mnt/luks-media-crypt/luksEXT4-3 mkdir /mnt/luks-container-crypt
# Change the permissions of the folders with the commands: chmod -R 0770 /mnt/secure chmod -R 0770 /mnt/luks-container-crypt chmod -R 0770 /mnt/luks-media-crypt chmod -R 0777 /mnt/public chown -R root:root /mnt/public chown -R root:sambashare /mnt/secure chown -R root:sambasecurity /mnt/luks-container-crypt chown -R root:sambasecurity /mnt/luks-media-crypt
# Update /etc/fstab with your external disk labels mounting preferences. # This is an example of how to do it. echo "#LABEL=sdcard /media/sdcard ext4 ro,relatime 0 2" >> /etc/fstab echo "LABEL=sdcard /media/sdcard ext4 rw,relatime 0 2" >> /etc/fstab echo "#LABEL=NTFSdisk1 /media/diskNTFS ntfs-3g ro,relatime 0 0" >> /etc/fstab echo "LABEL=NTFSdisk1 /media/diskNTFS ntfs-3g rw,relatime 0 0" >> /etc/fstab echo "#LABEL=NTFSdisk2 /media/diskNTFS-2 ntfs-3g rw,relatime 0 0" >> /etc/fstab echo "LABEL=NTFSdisk2 /media/diskNTFS-2 ntfs-3g rw,relatime 0 0" >> /etc/fstab echo "#LABEL=EXTdisk1 /media/diskEXT4 ext4 ro,relatime 0 0" >> /etc/fstab echo "LABEL=EXTdisk1 /media/diskEXT4 ext4 rw,relatime 0 0" >> /etc/fstab echo "#LABEL=EXTdisk2 /media/diskEXT4 ext4 ro,relatime 0 0" >> /etc/fstab echo "LABEL=EXTdisk2 /media/diskEXT4-2 ext4 rw,relatime 0 0" >> /etc/fstab echo "# You can use the escape sequence \040 to escape spaces:" >> /etc/fstab echo "LABEL=USB\040STICK /media/usbstick vfat ro,umask=0000 0 0" >> /etc/fstab echo "LABEL=USB\040STICK /media/usbstick vfat rw,umask=0000 0 0" >> /etc/fstab echo "#UUID=AAAA-1234 /media/usbstick vfat rw,umask=0000 0 0" >> /etc/fstab
cd / # Create a small container. dd if=/dev/urandom of=luks-container.img bs=1M count=4 cryptsetup luksFormat --type=luks1 --hash=sha512 --key-size=512 --cipher=aes-xts-plain64 luks-container.img chmod 0600 luks-container.img chown root:root luks-container.img cryptsetup luksDump luks-container.img # Make a key this way dd if=/dev/urandom of=container-key bs=512 count=8 chmod 0600 luks-container.img chown root:root container-key cryptsetup luksAddKey luks-container.img container-key cryptsetup luksDump luks-container.img cryptsetup luksOpen luks-container.img luks-container-crypt --key-file=/container-key # Format the drive as EXT4 mkfs.ext4 /dev/mapper/luks-container-crypt mount /dev/mapper/luks-container-crypt /mnt/luks-container-cryptFor testing purpose, add the same key to an external LUKS-encrypted harddrive.
cryptsetup luksAddKey /dev/sdb1 container-key cryptsetup luksOpen /dev/sdb1 external-luks-drive --key-file=/container-key ls /dev/mapperYou should see external-luks-drive there.
# Add the luks encrypted drives to /etc/crypttab echo "luks-container-crypt /luks-container.img /container-key luks" >> /etc/crypttab # We can reuse the function we defined earlier function get-UUID-of-disk () { #echo "${@:1}" for v in /dev/disk/by-uuid/* ; do echo "`readlink $v`: $v" | grep ../"${@:1}" | cut -d\: -f2 | cut -d/ -f5 ; done } luksPartition=sdb1 echo "external-luks-drive UUID=$(get-UUID-of-disk $luksPartition) /container-key luks" >> /etc/crypttabNow we need to add information to /etc/fstab to allow automounting of LUKS-ecrypted drives.
echo "/dev/mapper/luks-container-crypt /mnt/luks-container-crypt ext4 defaults 0 0" >> /etc/fstab echo "/dev/mapper/external-luks-drive /mnt/luks-media-crypt/luksEXT4 ext4 rw,relatime 0 0" >> /etc/fstab # Try to mount all connected drives with the information in /etc/fstab. # LUKS-encrypted drives are already manually decrepted, so re-reading /etc/fstab should mount them. mount -aThat should automount the encrypted drives at boot. The only way to be sure is to test it after reboot.
cat <<EOT >> /etc/samba/smb.conf [media] comment = Attached USB drives path = /media guest ok = yes browsable = yes read only = no read list = guest nobody write write list = @sambashare force user = nobody force group = nogroup create mask = 0660 directory mask = 0771 [secure] comment = Access controlled share path = /mnt/secure smb encrypt = required valid users = @sambashare guest ok = no browsable = yes writable = yes read only = no force user = nobody force group = sambashare create mask = 0660 directory mask = 0770 [luks-container-crypt] comment = Luks decrypted share path = /mnt/luks-container-crypt smb encrypt = required valid users = @sambasecurity guest ok = no browsable = yes writable = yes read only = no force user = nobody force group = sambasecurity create mask = 0660 directory mask = 0770 [luks-media-crypt] comment = Luks decrypted share path = /mnt/luks-media-crypt smb encrypt = required valid users = @sambasecurity guest ok = no browsable = yes writable = yes read only = no force user = nobody force group = sambasecurity create mask = 0660 directory mask = 0770 [public] comment = Public share path = /mnt/public guest ok = yes browsable = yes read list = guest nobody write list = @users read only = no force user = nobody force group = nogroup create mask = 0660 directory mask = 0771 EOT service smbd restart
# Add or modify the [global] section in /etc/samba/smb.conf # Look for the [global] section and add the lines indicated below. # Open the file on line 22 nano +22 /etc/samba/smb.conf [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = WORKGROUP #### Samba protocol #### # default: min protocol = NT1 # that is protocol SMB1 vith security vulnerabil$ # default: server min protocol = NT1 # default: client min protocol = NT1 server min protocol = SMB2 client min protocol = SMB2 # It can be good to also set the server max protocol accorting to this article. # max protocol This parameter is a synonym for server max protocol. server max protocol = SMB3 client max protocol = SMB3 #### Encryption #### # Offer samba encryption but don't enforce it smb encrypt = auto # Require samba encryption # smb encrypt = requiredSave /etc/samba/smb.conf and restart smbd.
service smbd restart
update-initramfs -u
apt-get update && apt-get upgradeRe-generate the uInitrd (the kernel files vmlinuz-5.2.9-kirkwood-tld-1 and initramfs-5.2.9-kirkwood-tld-1 are already generated by dpkg before). uImage does not have to be re-generated, but it doesn't hurt to re-generate it either if you by accident copied the whole three lines in one go.
cd /boot # mkimage -A arm -O linux -T kernel -C none -a 0x00008000 -e 0x00008000 -n Linux-5.2.9-kirkwood-tld-1 -d vmlinuz-5.2.9-kirkwood-tld-1 uImage mkimage -A arm -O linux -T ramdisk -C gzip -a 0x00000000 -e 0x00000000 -n initramfs-5.2.9-kirkwood-tld-1 -d initrd.img-5.2.9-kirkwood-tld-1 uInitrdTransfer the new 5.9.3 kernel file (*.tar.bz2) extract the contents to /boot and install it according to the instructions that follow with the upgrade.
cat <<EOF > /usr/local/bin/clean-memory #!/bin/bash echo "before cleaning" free -m sync # su echo 3 > /proc/sys/vm/drop_caches echo "after cleaning" free -m EOF chmod +x /usr/local/bin/clean-memory cat <<EOF > /usr/local/bin/justcleanmemory #!/bin/bash echo 3 > /proc/sys/vm/drop_caches EOF chmod +x /usr/local/bin/justcleanmemory cat <<EOF > /usr/local/bin/upgrade-system-5_9_3 #!/bin/bash echo "Curent kernel version" uname -r kernelVersion="5.9.3" echo Using: echo Linux-${kernelVersion}-kirkwood-tld-1 echo vmlinuz-${kernelVersion}-kirkwood-tld-1 echo initramfs-${kernelVersion}-kirkwood-tld-1 echo initrd.img-${kernelVersion}-kirkwood-tld-1 apt-get update && apt-get -y upgrade cd /boot mkimage -A arm -O linux -T kernel -C none -a 0x00008000 -e 0x00008000 -n Linux-${kernelVersion}-kirkwood-tld-1 -d vmlinuz-${kernelVersion}-kirkwood-tld-1 uImage mkimage -A arm -O linux -T ramdisk -C gzip -a 0x00000000 -e 0x00000000 -n initramfs-${kernelVersion}-kirkwood-tld-1 -d initrd.img-${kernelVersion}-kirkwood-tld-1 uInitrd EOF chmod +x /usr/local/bin/upgrade-system-5_9_3
# This must be set when you are root apt-get install cron su - crontab -e # Add these lines: # Try a value between 80-93. This means the memory is 80-93% full. Free space is 7-20%. * * * * * /usr/bin/test 90 -le $(/usr/bin/awk '$1=="MemTotal:"{t=$2} $1=="MemFree:"{f=$2} END{printf "%d", (t-f)/(t/100)}' /proc/meminfo) && justcleanmemory * * * * * /bin/mount -aSave.
service cron restartAdjusting the usage of ssh is encouraged by some. Here is what to change:
nano /etc/ssh/sshd_configModify these lines:
# Port 22: It's good to change this port, since a lot of brute force attacks target this port. # Port 3311: Any available port could do, it does not have to end in **22. # For this exampe, we will use Port 2222. Port 2222 # Disabling Root login is as well a safer meassure. # Use another user on the system, and then go to root with: # su - PermitRootLogin no # Turn this option to 'no' to deny password based login for public PasswordAuthentication no # Add below content to password based login for all users part of group 'sambasecurity' Match Group sambasecurity PasswordAuthentication yesRestart ssh
service ssh restartBefore you restart your server, make sure one of your users can use ssh!!!
#!/bin/bash # -*- coding: utf-8 -*- # Clear history # If you add "[ \t]*" to your HISTIGNORE variable you can make any command be ignored by starting it with a space. HISTCONTROL=ignoreboth HISTIGNORE="&:ls:cp:mv:[bf]g:exit:pwd:clear:mount:umount:sshpass:ssh:rm:rmdir:[ \t]*" history -c unset HISTFILE # That disables writing the history file, while it still allows to cycle # through the last commands using up/down keys. # Disable history rm ~/.bash_history history | tail -10 # Dowload test pictures wget -c https://www.vets4pets.com/siteassets/species/cat/close-up-of-cat-looking-up.jpg -O $(xdg-user-dir PICTURES)/cat.jpg wget -c https://blog.healthypawspetinsurance.com/wp-content/uploads/2019/05/dog-zoomies.jpg -O $(xdg-user-dir PICTURES)/dog.jpg wget -c https://www.flyer.co.uk/wp-content/uploads/2019/08/human-power-flight-1-1000x657.jpg -O $(xdg-user-dir PICTURES)/airplane.jpg wget -c https://www.lolwot.com/wp-content/uploads/2015/06/20-amazing-adventure-toursim-destinations-you-should-consider-visiting-2.jpg -O $(xdg-user-dir PICTURES)/hangglider.jpg # Set the IP address of the samba server ipAddress='192.168.xxx.yyy' # Show server shares smbclient -L //$ipAddress -U 'guest%anonymous' # Test login userName=writesecure password='cat' share=secure smbclient //$ipAddress/$share -U "$userName%$password" userName=writesecure password='cat' share=secure domain='WORKGROUP' sendFile='cat.jpg' storeInDir="$userName" command="prompt OFF; recurse ON; mkdir $storeInDir; cd $storeInDir; lcd $(xdg-user-dir PICTURES); put $sendFile; ls; cd /; ls" echo "Command to run:" $command smbclient //$ipAddress/$share -W $domain -U "$userName%$password" \ -c "$command" share=public smbclient //$ipAddress/$share -W $domain -U "$userName%$password" \ -c "$command" userName=writeencrypted password='dog' share=secure domain='WORKGROUP' sendFile='dog.jpg' storeInDir="$userName" command="prompt OFF; recurse ON; mkdir $storeInDir; cd $storeInDir; lcd $(xdg-user-dir PICTURES); put $sendFile; ls; cd /; ls" echo "Command to run:" $command smbclient //$ipAddress/$share -W $domain -U "$userName%$password" \ -c "$command" share=public smbclient //$ipAddress/$share -W $domain -U "$userName%$password" \ -c "$command" userName=writeencrypted password='dog' share='luks-media-crypt' domain='WORKGROUP' sendFile='dog.jpg' storeInDir="$userName" command="prompt OFF; recurse ON; ls" echo "Command to run:" $command smbclient //$ipAddress/$share -W $domain -U "$userName%$password" \ -c "$command" share=public smbclient //$ipAddress/$share -W $domain -U "$userName%$password" \ -c "$command" userName=writepublic password='bird' share=public domain='WORKGROUP' sendFile='hangglider.jpg hangglider.jpg' storeInDir="$userName" command="prompt OFF; recurse ON; mkdir $storeInDir; cd $storeInDir; lcd $(xdg-user-dir PICTURES); put $sendFile; ls; cd /; ls" echo "Command to run:" $command smbclient //$ipAddress/$share -W $domain -U "$userName%$password" \ -c "$command" # Test no access userName=writepublic password='bird' share=secure domain='WORKGROUP' storeInDir="$userName" command="prompt OFF; recurse ON; ls" echo "Command to run:" $command smbclient //$ipAddress/$share -W $domain -U "$userName%$password" \ -c "$command" # Test no access userName=guest password='anonymous' share=public domain='WORKGROUP' sendFile='hangglider.jpg' storeInDir="$userName" command="prompt OFF; recurse ON; mkdir $storeInDir; cd $storeInDir; lcd $(xdg-user-dir PICTURES); put $sendFile; ls; cd /; ls" echo "Command to run:" $command smbclient //$ipAddress/$share -W $domain -U "$userName%$password" \ -c "$command" # Delete test files rm -r /mnt/secure/writesecure rm -r /mnt/secure/writeencrypted rm -r /mnt/public/writepublic rm -r /mnt/public/writesecure rm -r /mnt/public/writeencrypted rm $(xdg-user-dir PICTURES)/cat.jpg rm $(xdg-user-dir PICTURES)/dog.jpg rm $(xdg-user-dir PICTURES)/airplane.jpg rm $(xdg-user-dir PICTURES)/hangglider.jpg history -c
Re: Samba server project on POGO-V4-A3-01 + 2017.07 U-Boot Kirkwood + kernel linux-5.9.3-kirkwood-tld-1 + Debian 5.2.9 rootfs November 11, 2020 10:14PM |
Admin Registered: 13 years ago Posts: 18,554 |
Quote
I haven't figured out how to back up a running rootfs directly from Pogo v4. Sometimes I ended up with disk read errors, so I assume that the rootfs must be backed up when it is not running the linux system. I am sure there are ways to backup a running rootfs, but I don't know how to do this.
Quote
What seemed for me to be an issue 3 times out of 5 was that if /etc/fstab says the rootfs is ext3 but in fact it is EXT4 formatted, the kernel will not always figure it out by itself and switch to EXT4 automatically.
Quote
Does the order of the files in a linux system impact the perfomance when reading data from the disk? If files are close to each other it is said it optimizes reading speed.
Does the linux system shuffle files in an EXT4 to optimize reading speed?
Quote
Another issue was that I used fdisk to partition the drive. Apparently, one should use gdisk instead for this. Two times the GPT got corrupt for some reason and I had to start all over. Maybe that was the reason why it would not boot an EXT4 with a setting ext3 in /etc/fstab.
Quote
How can you force this Debian system on Pogo v4 to run a script on every boot, so that you can fix the issue with the SSH keys if you forget to fix the issue before you boot the first time?
Quote
/etc/rc.local run a script at every boot? Or
# move frequently updated log files to /tmp /root/movelog.sh
Re: Samba server project on POGO-V4-A3-01 + 2017.07 U-Boot Kirkwood + kernel linux-5.9.3-kirkwood-tld-1 + Debian 5.2.9 rootfs November 11, 2020 10:37PM |
Admin Registered: 13 years ago Posts: 18,554 |
Quote
A swap partition on
/dev/sda4
was set 1.5 times the RAM = 192MB = 183MiB allocated at the very end of the disk.
Quote
Change swapiness to somewhere between 5-35. This number may prove to be wrong, but it saves the disk a bit so it lasts longer than with default setting 60.
Re: Samba server project on POGO-V4-A3-01 + 2017.07 U-Boot Kirkwood + kernel linux-5.9.3-kirkwood-tld-1 + Debian 5.2.9 rootfs November 11, 2020 10:48PM |
Admin Registered: 13 years ago Posts: 18,554 |
Quote
Is it advisable to set min protocol to SMB v2 on a samba server on Pogo v4?
Re: Samba server project on POGO-V4-A3-01 + 2017.07 U-Boot Kirkwood + kernel linux-5.9.3-kirkwood-tld-1 + Debian 5.2.9 rootfs November 12, 2020 06:42AM |
Registered: 3 years ago Posts: 28 |
>Quote
Is it advisable to set min protocol to SMB
> v2 on a samba server on Pogo v4?
Re: Samba server project on POGO-V4-A3-01 + 2017.07 U-Boot Kirkwood + kernel linux-5.9.3-kirkwood-tld-1 + Debian 5.2.9 rootfs November 12, 2020 10:07AM |
Registered: 4 years ago Posts: 17 |
min server protocol = SMB2I discovered in other post about older versions of Kodi (prior to v.18) which cannot connect to a server using SMB v2/v3. So if you happen to have an old box running Kodi v1-17 that you cannot upgrade to v18 for some technical reason (hardware limitation), you are most probably stuck and have to use SMB v1 if you think the box still does its job well enough.
[global] ... server max protocol = SMB3 client max protocol = SMB3 ...in /etc/samba/smb.conf
Re: Samba server project on POGO-V4-A3-01 + 2017.07 U-Boot Kirkwood + kernel linux-5.9.3-kirkwood-tld-1 + Debian 5.2.9 rootfs November 12, 2020 10:17AM |
Registered: 4 years ago Posts: 17 |
Quote
bodhi
I could create a tutorial post for this rsync backup job if requested. There are many tutorials on the Web about this subject so I did not tthink it is needed here.
Re: Samba server project on POGO-V4-A3-01 + 2017.07 U-Boot Kirkwood + kernel linux-5.9.3-kirkwood-tld-1 + Debian 5.2.9 rootfs November 12, 2020 04:59PM |
Admin Registered: 13 years ago Posts: 18,554 |
Quote
[global]
...
server max protocol = SMB3
client max protocol = SMB3
...
in /etc/samba/smb.conf
Re: Samba server project on POGO-V4-A3-01 + 2017.07 U-Boot Kirkwood + kernel linux-5.9.3-kirkwood-tld-1 + Debian 5.2.9 rootfs November 18, 2020 09:17AM |
Registered: 9 years ago Posts: 1,037 |
Re: Samba server project on POGO-V4-A3-01 + 2017.07 U-Boot Kirkwood + kernel linux-5.9.3-kirkwood-tld-1 + Debian 5.2.9 rootfs November 18, 2020 04:21PM |
Admin Registered: 13 years ago Posts: 18,554 |
Re: Samba server project on POGO-V4-A3-01 + 2017.07 U-Boot Kirkwood + kernel linux-5.9.3-kirkwood-tld-1 + Debian 5.2.9 rootfs November 18, 2020 04:29PM |
Admin Registered: 13 years ago Posts: 18,554 |
Quote
https://forum.doozan.com/read.php?2,23630,23630#msg-23630
Samba
Samba smb.conf for a simple set up
HowTo setup Samba/CIFS shares
Samba server project on POGO-V4
Re: Samba server project on POGO-V4-A3-01 + 2017.07 U-Boot Kirkwood + kernel linux-5.9.3-kirkwood-tld-1 + Debian 5.2.9 rootfs November 19, 2020 03:44AM |
Registered: 9 years ago Posts: 1,037 |
> min server protocol = SMB2 >> I discovered in other
> [global] > ... > server max protocol = > SMB3 > client max protocol = > SMB3 > ... >> in /etc/samba/smb.conf