Buffalo NAS-Central Forums

Welcome to the Linkstation Wiki community
It is currently Thu Nov 23, 2017 6:43 am

All times are UTC+01:00




Post new topic  Reply to topic  [ 144 posts ]  Go to page Previous 15 6 7 8 9 10 Next
Author Message
PostPosted: Fri Sep 22, 2006 8:43 am 
Quote:
Also, I have confirmed that the university has disabled mapping-network drives (via IIS and Novell I assume as that's what they use network wise)


As I said before mapping drives over cifs is probably disabled, I'd be surprised if dav was


Top
   
PostPosted: Fri Sep 22, 2006 4:17 pm 
Offline
Newbie

Joined: Thu Aug 10, 2006 4:59 pm
Posts: 21
Location: United Kingdom (Great Britain)
Hi Jon,

I'll give it a try but after I install freelink...sick of compiling! :(

Cheers,

Sweepsy


Top
   
PostPosted: Fri Sep 22, 2006 4:50 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
@dc2447

I tried to setup DAV on Apache to experiment, but I can't seem to get it to work correctly. Apache has been compiled w/ DAV and Auth_Digest support and also mod_alias, etc. When I try to open the directory that I setup for DAV in MSIE (via File-->Open-->DAV Directory URL-->Open as WebFolder). I'm not sure what's the issue.

As a side note. htdigest and htpasswd no longer prompt for passwords in the command-line when creating a password file. The workaround is to use the -b flag and use type the user-password in the command. htdigest does not have this option, only the -c flag. In order to create a digest password file, I had to use htdigest that came w/ Apache 2.2.3 compiled for Windows and create the file in Windows.

_________________
http://www.opifer.net


Top
   
PostPosted: Fri Sep 22, 2006 6:35 pm 
Here is my config on my linkstation for one of my shares

Code:
DavLockDB "/mnt/hda/share/httpd/var/DavLock"

Alias /dav "/mnt/hda/data/dav"

<Directory "/mnt/hda/data/dav">
    Dav On

    Order Allow,Deny
    Allow from all

    AuthType Digest
    AuthName DAV
    # You can use the htdigest program to create the password database:
    #   htdigest -c "/mnt/hda/share/httpd/user.passwd" DAV username
    AuthUserFile "/mnt/hda/share/httpd/user.passwd"

    # Allow universal read-access, but writes are restricted
    # to the admin user.
    <LimitExcept GET OPTIONS>
        require user username
    </LimitExcept>
</Directory>


This is apache 2.2


Top
   
PostPosted: Fri Sep 22, 2006 10:22 pm 
Offline
Regular Member

Joined: Thu Sep 15, 2005 9:57 am
Posts: 123
A very nice solution - however mine would have been to use a tunnel.

I use this every day at work, I create a secure, encrypted connection to the LS via a SSH tunnel, mapping the remote AFP port to a local unused port and then mount it as a shared network drive.

For example, if you wanted to share an AFP connection from a remote linkstation to your mac for example, use something like this to log onto the LS:

ssh userid@ipaddress -L 548:localhost:5480

once you enter your password and log onto as normal don't do anything, especially log-off as this will close the connection. Now you can go to 'Finder > Go > Connect To Server' and when promted enter afp://127.0.0.1:5480 and you should be prompted to enter your log-on and password, once verified you'll be displayed a list of available shares, just as if the LinkStation was on a local network. From here you can copy and retrieve files as normal.

The good thing is, everything in and out of the LinkStation is securely encrypted as it passes though the tunnel. :)


Top
   
PostPosted: Mon Sep 25, 2006 3:24 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
Thanks guys, I'll try this out when I get get home.

@dc2447 - Your config file looks almost like mine, I'll double-check to see if I made any dumb errors. Perhaps Auth-digest is not working correctly for me.

@Lee - Your tunnel idea is very interesting - I actually do something similar when accessing my shares, the only problem is my family is truly COMPUTER ILITERATE. I'm not sure if they'd be able to set this up correctly on their computers. I do like that everything is securely encrypted though.

_________________
http://www.opifer.net


Top
   
PostPosted: Mon Sep 25, 2006 5:14 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
I can't still can't seem to get Auth-Digest to work. Like I stated before, htdigest on linux (linkstation) does not prompt for a password when creating a password file. Neither does htpasswd, but at least there's a workaround (-b flag).

When I access the DAV enabled dir in MSIE as a webfolder, I cannot login. The specified realm "AuthName" does not even show up in the login prompt. I just continuously get a login prompt and my credentials do not work. MSIE just opens an explore page at "\\www.mydomain.tld" and I cannot view or add files (expected since I did not login). However, if I login through MSIE or Firefox via normal http, I can read the directory w/o even having to login.

So, I'm really not sure what's wrong here:
Code:
DavLockDB "/usr/local/apache2/vars/DavLock" 
 
Alias /uploads "/usr/local/apache2/htdocs/uploads"
 
<Directory "/usr/local/apache2/htdocs/uploads">
    Dav On
    Order Allow,Deny
    Allow from all
    AuthType Digest
    AuthName "Test"
    # You can use the htdigest program to create the password database:
    #   htdigest -c "/usr/local/apache2/user.passwd" DAV-upload admin
    AuthUserFile "/usr/local/apache2/user.passwd"
    # Allow universal read-access, but writes are restricted
    # to the admin user.
    # Note: I tried adding require user myusername here too, no avail
    <LimitExcept GET OPTIONS>
        require user myusername
    </LimitExcept>
</Directory>


hmmmm..... Mad

_________________
http://www.opifer.net


Top
   
PostPosted: Mon Sep 25, 2006 5:49 pm 
There must be something wrong with how you installed HTTPD

davidcam@LINKSTATION:~$ /mnt/hda/share/httpd/bin/htdigest -c dav username /tmp/.dav_digest
Adding password for /tmp/.dav_digest in realm username.


Top
   
PostPosted: Mon Sep 25, 2006 8:34 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
Perhaps, I'm not sure what I could have done wrong. I used the following to compile and install Apache:
Code:
./configure --prefix=/usr/local/apache2 --enable-so \ 
--enable-cgi --enable-usertrack --enable-deflate --enable-ssl \
--enable-mime-magic --enable-rewrite --enable-auth-digest \
--enable-dav --sysconfdir=/etc/apache --mandir=/etc/apache/man
make
make install

Everything compiled w/o errors.


When running htdigest, I get:
Code:
root@NETDRIVE:~$  /usr/local/apache2/bin/htdigest -c "/usr/local/apache2/user.passwd" "Test" myusername 
Adding password for myusername in realm Test
root@NETDRIVE:~#


Tried as other users instead of root too, still no password prompt for creating password file.


There should be a
Code:
root@NETDRIVE:~$ New password: 
root@NETDRIVE:~$ Re-type new password:


prompt after htdigest gives the "Adding password for ..." message. There's none.

dc2447 wrote:
davidcam@LINKSTATION:~$ /mnt/hda/share/httpd/bin/htdigest -c dav username /tmp/.dav_digest
Adding password for /tmp/.dav_digest in realm username.

I'm confused...why is "/tmp/.dav_digest" your example username and "username" your realm and "dav" your passwd file?

Any suggestions on what I did wrong?

Thanks dc2447 very much for your help.

@Lee - If I implement DAV, I'll provide the directory connections only through SSL so that everything in and out is AES encrypted.

_________________
http://www.opifer.net


Top
   
PostPosted: Mon Sep 25, 2006 11:31 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
I managed to get webDAV to work w/o authentication, still can't get authentication to work. I tried with Basic Authentication and it still did not work, so I'm really unsure why Authentication for DAV is broken.

I tested webDAV (w/o authentication) on MSIE and it seems to work as I want. The problem is this functionality in browsers seems quite restricted to Microsoft using "file://yourdomain.tld/dav_dir" or "\\yourdomain.tld\dav_dir" in Windows Explorer (which is the same thing anyway). I have confirmed that webDAV does not work with Firefox w/o a plugin. Also, if MSIE is not the default browser on Windows-XP, webDAV does not seem to function properly in MSIE.

I have not tested this with a Mac Browsers such as Safari, but I am beginning to think that webDAV is not supported on Macs w/o special client software.

So as a result, I'm not sure if this is a good solution for my purposes unless I can manage to make webDAV work for most modern browsers for Windows and Macs (MSIE, Firefox, and Safari). Also, webDAV would have to work w/o the client-user having to install any software or go through complicated steps (see above posts).

If anyone has any suggestions on either fixing the Authentication issue (note: both Auth Digest and Basic work for normal http) or if it is possible to implement webdav as stated above, please post. All help is appreciated.

UPDATE: I'll probably have to wait until a universal webDAV protocol is finalized and implemented into all the above browsers before I can implement a DAV solution. See www.webdav.org. Please correct me if I'm wrong.

UPDATE2: I believe that the browsers must be able to communicate with the native file manager and kernel for each operating systems in order for this to work. MSIE already does for Windows XP/2000 which is why webDAV works seemlessly (or is supposed to) in MSIE. It would not be difficult to write plugins/mods for Modzilla based browser (ie Firefox) to do the same, but then there is the issue with users having to install these plugins. For *nix users, webdav is implemented pretty well, so they'd be able to use a webDAV solution w/o much problems. Mac OS X users "should" also have little problems because of the BSD subsystem, but I'm not sure if the extensions have been utilized by the default Mac browser Safari yet (Apple will probably soon if it has not yet).

So the problem is basically lies with win32 browsers and Mozilla-based browsers.

Thanks guys.

_________________
http://www.opifer.net


Top
   
PostPosted: Wed Sep 27, 2006 2:57 am 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
Hey guys, I fixed the stupid authentication error. It was XP, not my Apache install. It's a rediculously stupid error with "Microsoft-WebDAV-MiniRedir/5.1.2600". XP sends authentication credentials in the form of "domain/username" instead of just "username". The fix seems to be to use a SSL connection to force XP to use "Microsoft Data Access Internet Publishing Provider DAV 1.1". I hope MS fixes this issue someday. Other work arounds are is to specify the port in the url or at "#" to the end of the url. Server-side fixes include using mod_encoding and mod_header. Since I don't plan to use DAV on http, but rather through https, I don't really care, but others here may be interested in testing the apache fixes for unencrypted http and DAV dirs.

I'll test DAV if accessing the dir's works the same as it would with ftp. If it does, dc2447 has convinced me to use DAV for MSIE Wink . Still would need to find a firefox, safari workaround.

Anyone else with similar experiences, please post, thanks.

Side Note: Does anyone know how to force XP not to automatically add sites to "My Network Places" under "The Internet" after accessing a site via ftp or webdav? (I'm asking how to do this server-side, not client side)

Also, I'm trying to figure out how to make a hyperlink to a webfolder. I assume that I'm going to have to resort to using Folder Behaviors. Anyone done this before?

UPDATE: Figured out how to make the special hyperlink.

Thanks

_________________
http://www.opifer.net


Top
   
PostPosted: Thu Sep 28, 2006 12:53 am 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
Hello Again,

I've been testing DAV and things are looking good. I've got one big problem though. I am trying to setup DAV so that I can access the smb shares on "/mnt/hda". I setup my secure_doc root to be /mnt/hda and made directory directives for each share in httpd.conf. All the directives have DAV on. I can open https://www.mydomain.tld as a webfolder and I can see all my shares. The problem is that I cannot access them. When I try to, I get "Documents in this folder are not available ..." . The same also hapens if I try to open https://www.mydomain.tld/smbshare as a webfolder. If I open https://www.mydomain.tld through regular http, I see only the spool share (which I did not make a directive for in httpd.conf).

If these errors are due to /mnt/hda permissions, then I can't see a way to accomplish this. Making separate DAV folders in each share seems impractical since users would have to either make sure that they copy their files to the DAV subdir if they want to use DAV. Any ideas?

@SweepsY - I'm considering closing this project as "impossible" if DAV does not work since the consensus here is that serving smb-shares through dynamic web pages is also bad. Sorry, that'll means no secure uploads (except SFTP and a SFTP client) unless I can figure something else out.

_________________
http://www.opifer.net


Top
   
PostPosted: Thu Sep 28, 2006 2:59 am 
Offline
Site Admin
User avatar

Joined: Sun Jul 17, 2005 4:34 pm
Posts: 5332
So what are the permissions on /mnt/hda?


Top
   
PostPosted: Thu Sep 28, 2006 4:30 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
The permissions on /mnt/hda is 755 with root as owner (Its the default directory mount for the samba shares on the LS2). I didn't think that it would matter much since the shares I want to have DAV access to have 777 octal permissions. I also didn't think it would be wise to chmod 777 /mnt/hda.

_________________
http://www.opifer.net


Top
   
PostPosted: Thu Sep 28, 2006 4:49 pm 
Offline
Site Admin
User avatar

Joined: Sun Jul 17, 2005 4:34 pm
Posts: 5332
I suspect your users need rwx permissions on /mnt/hda/<share>; *X permissions 'win' over others.

A clean setup, allowing the users amanda, bill, and charly to share the directory /mnt/hda/work/, while keeping everyone else out, would look like this:

addgroup work
adduser amanda work
adduser bill work
adduser charly work
mkdir /mnt/hda/work
chown -R root:work /mnt/hda/work
chmod 2770 mkdir /mnt/hda/work

If you need finer-grained permissions, you'll probably have compile a kernel 2.6.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 144 posts ]  Go to page Previous 15 6 7 8 9 10 Next

All times are UTC+01:00


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited