Question about file sharing

firefox

Shot in the dark

Is there an option in pfsense
That allows computers on a network to register with him
Something similar to a server

I want to share files on my network
Composed of Windows and Linux
Which is a bit problematic because these morons at Microsoft

Instead of adding server
I wanted to know if there is such possibility in pfsense

Linux I can see all the computers and access the Linux computers
And some Windows PC
Windows sees only the windows computers can not access any File

Guest

Best method depending on the hardware you have available, is to install vsphere and setup the firewall as a virtual machine. Then you could just create another virtual machine as your NAS.

Here's the forum's general feelings about NAS+PFsense.
http://forum.pfsense.org/index.php/topic,10201.0.html

stan-qaz

I am not fond of putting file sharing on a firewall and there are a lot of better options.

Easy is something like a Western Digital "Live" series hard drive that plugs into your network and offers Windows file sharing in a fairly decent manner and a bit more limited NFS support for Linux and other operating systems. You can also load SAMBA on your Linux boxes and skip the NFS. A bit more flexible is something like a Raspberry Pi and a USB drive, much more flexible than the WD Live solution but a bit more work. They make dedicated storage devices (NAS) Network Attached Storage that come in at a variety of price points and capacities that are a very good deal if you want to protect your data with RAID.

WD Live http://www.newegg.com/Product/Product.aspx?Item=N82E16822136745

NAS http://www.newegg.com/Product/Product.aspx?Item=N82E16822165223&ignorebbr=1

johnpoz

"Which is a bit problematic because these morons at Microsoft"

How is that?  Because you don't understand name resolution or file sharing in MS makes them Morons? ;)  Are you using dns are these windows machine members of a Active Directory?

Do you have more than 1 network segment - how are you attempting to resolve names?

firefox

I am not fond of putting file sharing on a firewall and there are a lot of better options.

Maybe I was not clear
When I file sharing
My intention was not to put shared folders on pfsense or something similar

The intention was
The usual file sharing that built in an operating system

Right click on library and then click Sharing

@johnpoz:

"Which is a bit problematic because these morons at Microsoft"

How is that?  Because you don't understand name resolution or file sharing in MS makes them Morons? ;)  Are you using dns are these windows machine members of a Active Directory?

Do you have more than 1 network segment - how are you attempting to resolve names?

All the computers are in a workgroup called home.plex

stephenw10

@firefox:

Is there an option in pfsense
That allows computers on a network to register with him
Something similar to a server

If your pfSense box is providing DHCP then you have the option of adding DHCP leases to the DNS forwarding services such that other users can access machines by name rather than IP. However that's probably not what you're asking for. There isn't any way of having pfSense act as a WINS server. JimP did some experimenting around that a while ago but didn't get anything useful up and running as I recall. You would have to install Samba and preferably only the nmbd part because running actual file sharing on the firewall is a bad idea. There is no easy way to do this and it's not recommended in any way.

Steve

mikeisfly

Posted by: johnpoz
« on: Yesterday at 04:57:43 pm » Insert Quote
"Which is a bit problematic because these morons at Microsoft"

How is that?  Because you don't understand name resolution or file sharing in MS makes them Morons? ;)  Are you using dns are these windows machine members of a Active Directory?

Do you have more than 1 network segment - how are you attempting to resolve names?

Thanks Johnpoz, I'm getting tired of people ragging on Windows because of something that they don'[t understand.

To this posters issues you could use something like FreeNAS, it makes filesharing pretty easy for people who don't get [b](I think you called them morons) file sharing in a multi-tenant network. I know that you don't want to setup a server so here are some topics that you might want to research:

1. DNS vs Wins
2. File and Folder permissions in Windows NTFS permissions(if this is going to be your share)
3. Share permissions
4. Active Directory vs Local Computer and Users
5. Users vs Groups
6. LDAP
7. SMB on Linux and Unix machines (Like stephenw10 recommended Samba)
8. File sharing in Windows Server (For auditing purposes)
9. File and Folder permissions in Linux (if this is going to be your share)
10. Firewall settings (which ports are used for file sharing)

This is just a start, what you are trying to do is doable and not really that difficult you may just have to do a little bit of research. I'm here to help just get tired of people ragging on Microsoft.

stephenw10

@mikeisfly:

7. SMB on Linux and Unix machines (Like stephenw10 recommended Samba)

Pretty sure I didn't recommend it.  ;)
At least I didn't intend to!

It's an intersting topic that comes up repeatedly. I think JimP was investigating whether it might be possible after a customer request. I can't find that thread now.
Many people when they ask about 'file sharing' are actually referring to the ability to browse the local network for smb shares. For that you need some central server to hold a list of said shares that machines register with when they connect. A WINS server does this. A package that did only WINS without any of the rest of smbd would get around much of the security implications of a full samba install. I think JimP linked to samba4wins as a possibility.
Whatever it doesn't currently exist.

Steve

mikeisfly

Sorry stephenw10 I didn't mean to put words in your mouth.

johnpoz

So when you say can not see, your talking about simple network browsing?

If so who is the master browser?  Again is there more than 1 network segment on your network?  network browsing does not work across segments.

So this would explain your point about seeing some, not seeing others.

As to your choice of workgroup names - using "period" in the name is not something I would suggest.  So now your linux box is master browser, running samba?  What version of samba, if not a linux box who is master browser.. Should be able to do simple

ubuntu:~$ nmblookup -M – -.
querying MSBROWSE on 192.168.1.255
192.168.1.8 MSBROWSE<01>

for example - as you can see my linux box sees my windows machine that is the master browser 192.168.1.8 is my box called storage.

You could use smbtree as another tool, example here showing my machines

smbtree -N
LOCAL
        \STORAGE
        \I5-W7

nmblookup local
querying local on 192.168.1.255
192.168.1.100 local<00>
192.168.1.8 local<00>

Understanding the tools your trying to use, the protocols in use, etc.  Normally makes working with your machines much easier vs hoping it just works via magic??

So again how are you trying to resolve these members of your workgroup?  If your trying to use a browse list - who is the master? If you trying to access shares from linux - what accounts are you using?  What permissions did you setup on the shares?

So example here is another example -- I get prompted for password when trying to access the share lists..

budman@ubuntu:~$ smbtree local
Enter budman's password:
LOCAL
        \\STORAGE
                \\STORAGE\Users
                \\STORAGE\Music
                \\STORAGE\Molly
                \\STORAGE\Media
                \\STORAGE\IPC$                  Remote IPC
                \\STORAGE\H$                    Default share
                \\STORAGE\G$                    Default share
                \\STORAGE\F$                    Default share
                \\STORAGE\F
                \\STORAGE\E$                    Default share
                \\STORAGE\C$                    Default share
                \\STORAGE\ADMIN$                Remote Admin
        \\I5-W7
                \\I5-W7\test
                \\I5-W7\IPC$            Remote IPC
                \\I5-W7\D$              Default share
                \\I5-W7\C$              Default share
                \\I5-W7\ADMIN$          Remote Admin
budman@ubuntu:~$

Depending on what account you are logged into on linux, your configuration of samba on the linux box, etc.  You might have issues with this, etc.

Guest

When trying to browse Windows > linux, are you clicking network neighborhood, or are you trying to access the share directly via start > run > \IPaddress\share?

If you know the path directly, why not create shortcuts on the desktop(s) straight to the share? Or map drives and tell Windows to remember it.

firefox

Answers

When trying to browse Windows > linux, are you clicking network neighborhood, or are you trying to access the share directly via start > run > \IPaddress\share?

When accessing another computer from Linux
I click on "Places" and then on "Network"
And there are the names of the computers

or are you trying to access the share directly via start > run > \IPaddress\share?

Maybe I can do it
But my parents or siblings are not a computer technician
They know just double-click

If you know the path directly, why not create shortcuts on the desktop(s) straight to the share? Or map drives and tell Windows to remember it.

It is a good idea
I did not think about that

So when you say can not see, your talking about simple network browsing?

yes

If so who is the master browser?

What's that?

Again is there more than 1 network segment on your network?

yes
Wired network      192.168.0.1
Wireless Network  192.168.2.1

So this would explain your point about seeing some, not seeing others

Before upgrading to 2.1
When I worked with 2.0.3

I could see them

I do not know if it's related to the topic
Maybe it connects to another problem that started when i upgraded the pfsense
http://forum.pfsense.org/index.php/topic,66756.0.html

As to your choice of workgroup names - using "period" in the name is not something I would suggest.

I just wrote down what these boxes listed
I thought it might help somehow

ubuntu:~$ nmblookup -M – -.
querying MSBROWSE on 192.168.1.255
192.168.1.8 MSBROWSE<01>

This outcome on my computer

:~$ nmblookup -M – -.
querying
__MSBROWSE__ on 192.168.0.255
192.168.0.2
__MSBROWSE__<01>

If you trying to access shares from linux - what accounts are you using?  What permissions did you setup on the shares?

In all computers
When I share a directory
Permissions are
Read & Write permissions for everyone
No password

Depending on what account you are logged into on linux, your configuration of samba on the linux box, etc.  You might have issues with this, etc.

In all computers
Only account the computer automatically enters
Is Account administrator

Currently the wired network sharing works properly
Only wireless computers
Do not appear

But one can access their shared
via start > run > \IPaddress\share

johnpoz

So you have multiple segments

yes
Wired network      192.168.0.1
Wireless Network  192.168.2.1

So there is NO way for windows or samba's network browsing to to work.. Just not possible without wins or setup of remote browse sync and remote announce in this sort of setup.  You need a browser on each segment to maintain list of names on that segment.  Then they need to be able to exchange this information.  They are not going to do that is just by default.  So when it worked before you clearly did not have multiple segments.

So from your output 192.168.0.2 is your master browser - on your wired network..  So this is the computer that maintains the listing of computers for you.  Is the box you want to be the master browser?  Is it on all the time?  Does it enter and leave the network, example a laptop is a really bad choice for a master browser ;)

So you say this works on your wired – and you can access shares on wireless via IP, this is good -- so no firewall issues on the other segment.

So if you want network browsing to work - your going to need a browser on that wireless segment and then setup remote sync and accounement or run wins and let that list your boxes for you.  Or as mentioned create the entries you want statically on your boxes like a drive map since you can clearly access them.  Setup dns correctly to resolve your names, etc..

BTW from your pfsense shot there - home.plex is NOT workgroup name.. You have pfsense host called home in a plex tld.  That is not a workgroup.

On your linux boxes what does your /etc/samba/smb.conf show for workgroup?

You will want this to match up with your windows workgroup name - you can view this computer properties or from a cmd prompt do a nbtstat and look for the 00 group name

example

C:\>nbtstat -a i5-w7

Local:
Node IpAddress: [192.168.1.100] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    I5-W7          <20>  UNIQUE      Registered
    I5-W7          <00>  UNIQUE      Registered
    LOCAL          <00>  GROUP       Registered

    MAC Address = 18-03-73-B1-0D-D3

Wireless Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []

My windows box is called i5-w7 and is in the local workgroup name, but its FQDN dns name is i5-w7.local.lan – local.lan is not the same as a workgroup.

firefox

I think this problem is connected to the same problem I had the first topic
Where I gave up

So you have multiple segments

yes
Wired network      192.168.0.1
Wireless Network  192.168.2.1

So there is NO way for windows or samba's network browsing to to work.

Before upgrading to 2.1
When I worked with 2.0.3

I could see them

I do not know if it's related to the topic
Maybe it connects to another problem that started when i upgraded the pfsense
http://forum.pfsense.org/index.php/topic,66756.0.html

On your linux boxes what does your /etc/samba/smb.conf show for workgroup?

All set to home.plex

Instead of beating my brains
I will go by your first offer
This will solve the problem

If you know the path directly, why not create shortcuts on the desktop(s) straight to the share? Or map drives and tell Windows to remember it.

Guest

That's my rule of thumb, keep-it-simple, if a shortcut works and it's a small environment - it's a winner in my book.

Also depending on your setup, if you want guest (no password) access, be sure to enable the Guest account in windows under "User Accounts"

mikeisfly

Also remember to turn off password protected sharing in Windows 7 or Vista if that is what you are using for sharing.