Buffalo NAS-Central Forums

Welcome to the Linkstation Wiki community
It is currently Sun May 27, 2018 12:39 pm

All times are UTC+01:00




Post new topic  Reply to topic  [ 11 posts ] 
Author Message
PostPosted: Thu Aug 30, 2007 3:59 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
Hello All,

I'm sure some remember a long discussion I had last year about creating a simple, user-friendly, method of accessing shares on the data partitions in a secure fashion (i.e. of SSL) without the necessity of the end-user to install any software on their pc.

Well, I'm still after the same thing (I'm sure Andre recalls that I haven't quite finished the project, though it was acceptable on the LS2 :-P ). However, this time I am trying to accomplish the same thing under different, and better circumstances, and would appreciate some ideas.

The NAS box this time is the LS-HG. I debootstrapped Ubuntu and have installed both u-boot 1.2 and the latest vanilla kernel. All works well with the OS. I also have mysql, apache2, samba3, xfs w/ ACLs (working), and drupal (I use it as a CMS for the NAS's website) installed. I have three partitions: sda1 (ext3) for u-boot. sda2 (xfs) for Ubuntu, and sda3 (xfs) for data.

So, I am wondering if I can get some ideas, on perhaps a good web application, that can allow me secure access to the shares using NFS or Samba. Unlike on the LS2, I can use ACLs to solve most of the permission problems. Also, unfortunately, I need both Linux and MS (Vista included) PC's to be able to access the shares remotely. As I mentioned before, I know there are better ways to do this, i.e. mounting nfs shares, or sshfs (which works), which is fine for me, but I have both family members, and colleagues, that must access the shares from their pc's, often do not have Administrative rights to install software, and many of them are not IT proficient. Also note, webdav doesn't work in a reliable fashion in Vista, so that option is out.

So, what I'm looking for is a webapp that can:
1) Access data partition shares either using NFS or Samba.
2) Make use of SSL.
3) Drag-n-Drop functionality (similar to a Windows Explorer look and feel.
4) Is OpenSource, and thus skinnable, so I can possibly migrate it into drupal at a later date.
5) Does not require any software to be installed on the end-user pc.
6) Ideally is in php, ajax code.

Also note, smbclient.php has growth outdated, doesn't provide decent functionality, and requires hacks to work well w/ Samba3 and SSL, both which I'd rather avoid.

I know my options are rather limited, as google shows little applications capable of this. I've tried SSLBridge, but it also doesn't work well w/ Samba3 when ACL's are enabled (ACL's must be used as it's how I preserve certain permissions). Relay is not a samba or nfs client, but it takes WAY too long to cache the directory and file list, and is very unreliable.

Thanks guys.

jonli447

_________________
http://www.opifer.net


Top
   
PostPosted: Thu Aug 30, 2007 5:16 pm 
Offline
Site Admin
User avatar

Joined: Mon Jul 11, 2005 7:19 am
Posts: 7703
Location: Austria, Vienna
damn...the SSLBridge demo looked very promising.

_________________
LS1 (2.6 kernel, foonas svn1062, 750 GB, UBoot 1.2) & LS Pro (FreeLink/jtymod/GenLink, changes all the time)
Thx to all donators!


Top
   
PostPosted: Thu Aug 30, 2007 7:47 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
Yeah, it's too bad. I could not seem to find a way to get SSLBridge to work. Ramuk also suggested perhaps SSLExplorer in IRC, but I'm not sure if that would work well on the HG, and it might be too beefy.

All suggestions appreciated. Thanks.

_________________
http://www.opifer.net


Top
   
PostPosted: Fri Aug 31, 2007 8:03 pm 
Offline
Newbie

Joined: Sat Feb 03, 2007 3:14 pm
Posts: 19
I don´t know the initial discussion about remote file access last year. But i recommend WebDAV because
- WebDAV is a well known application/protocol for via access via HTTP(s)
- NFS itself does not support encryption (at least without any additional components)
- SSLexplorer is really a good thing (I´m using it since December, in the first time on Linkstation HG, but today on a windows machine, because its *very* performance consuming on my linkstation. Nevertheless it works very good (maybe this is worth a thread: how to get it working on a Linkstation ...)

A second approach might be scp (winscp on Windows) of course useful only for simple filetransfer, but, supposed you are using certificate based authentication, it is secure, common and slow (throughtput on my HG: 2-3 Megabyte)


Top
   
PostPosted: Wed Sep 05, 2007 2:12 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
On my current setup, I'm using WebDAV, but it's "broken" in later OS's like Vista (well, the client is). I also use ssh for myself, but for some of my users, they need it to be simple, and not have to run any 3rd-party client software outside the OS (both because of a strict firewall/net policies and because some users just need simplicity. :) ) I did try SSLexplorer, but I found it to be to resource intensive. Java was maxing the poor HG's memory that it could not really do anything else. I do use certificate encryption, but am open to ideas.

Thanks.

_________________
http://www.opifer.net


Top
   
PostPosted: Wed Sep 05, 2007 3:05 pm 
Offline
Site Admin
User avatar

Joined: Sun Jul 17, 2005 4:34 pm
Posts: 5332
Came across this the other day, but don't have any experience with it. If you tunnel it?


Top
   
PostPosted: Wed Sep 05, 2007 4:54 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
Thanks Andre, I'll give that a shot too. It might work if I tunnel it as you suggested. :)

_________________
http://www.opifer.net


Top
   
PostPosted: Wed Sep 05, 2007 5:04 pm 
Offline
Site Admin
User avatar

Joined: Sun Jul 17, 2005 4:34 pm
Posts: 5332
It's Alpha software, the online demo didn't work for me, so don't expect too much.


Top
   
PostPosted: Thu Sep 06, 2007 11:21 pm 
Offline
Developer

Joined: Sat Aug 19, 2006 4:53 pm
Posts: 187
Location: United Kingdom (Great Britain)
You could try using IPSec. Windows IPSec works a treat with both OpenSwan and StrongSwan. The setup is not for everybody but, once set up, it keeps going.The lack of hardware floating point will eat up some of the processing cycles for those processors without a floating point unit but, overall, it should still work quite well. If you want something stable, secure and reliable, this is the way to go.


Top
   
PostPosted: Thu Sep 06, 2007 11:42 pm 
Offline
Site Admin
User avatar

Joined: Mon Jul 11, 2005 7:19 am
Posts: 7703
Location: Austria, Vienna
the problem is that jonli447 needs something that needs absolutely no installation and configuration.....it needs to work on a public terminal.

_________________
LS1 (2.6 kernel, foonas svn1062, 750 GB, UBoot 1.2) & LS Pro (FreeLink/jtymod/GenLink, changes all the time)
Thx to all donators!


Top
   
PostPosted: Fri Sep 07, 2007 12:23 am 
Offline
Developer

Joined: Sat Aug 19, 2006 4:53 pm
Posts: 187
Location: United Kingdom (Great Britain)
Public terminals or office computers are never secure. Key loggers can run on them. For your safety and security, of course.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 11 posts ] 

All times are UTC+01:00


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited