Securing my vortexbox on a network with authentication

[bennjude19]

Can anyone help me on how to secure my vortexbox which is connected to a network with multiple users? I had a very bad experience last night that all my flac and mkv files are totally wipe-out on my VBA with more than 500GB files .Someone deleted it by mistake or intentionally. Our IT told me that my vortexbox is viewable on other users and they can add and delete any files on my VBA , in short it is not secured. He is not on LINUX and either I am. He cant make my VBA secured having Linux as its OS unlike in Windows.Cant find same issues on the thread as well. I'm hoping that some of our Linux experts can help me to secure my VBA with authentication so I can put a password on it if its viewed on Windows by other users connected to the same network.

[Ron Olsen]

This is a Samba security issue. You will have to edit /etc/samba/smb.conf to disallow guest access and require user access with a password to see the Samba shares.

The simplest is to allow access as user root, but require the root password, since that's the only pre-defined user on VortexBox.

See http://www.faqs.org/docs/samba/ch09.html for info on Samba security.

Google "samba security" to find more info.

I'm not a Samba expert, but I think the following will work:

1. Login to your VortexBox; see http://info.vortexbox.org/tiki.....page=Login

2. Save a copy of the Samba config file:


cp /etc/samba/smb.conf /etc/samba/smb.conf.save

3. Edit the Samba config file:


nano /etc/samba/smb.conf

4. Make the changes to disallow guest access and require root access with a password:

Delete the line


guest account = root

Delete all lines that say


guest ok = yes

and replace them by


valid users = root

5. Write the file (control-o) and exit (control-x).

6. Restart Samba:


systemctl restart smb.service

7. Samba should now use the new security settings.

[bennjude19]

I followed the steps one by one using putty. VBA now is asking for password but windows is not accepting my vortexbox password? Any clue on this Ron? Also when I did a VBA reboot the smb.conf is back to its unedited state, and LMS is not detecting the flac directory even if I clear library and rescan everything. LMS is displaying as 0 albums with 0 songs by 0 artists. But I can play the tracks on my Iphone using MPod....strange

[Ron Olsen]

Sorry, I'm not a Samba expert, so I don't know why it's not working. A reboot should not change /etc/samba/smb.conf, so that's really strange.

Try editing the Samba config file again. Then enter


cat /etc/samba/smb.conf

and report the output in your next post.

Don't know why LMS isn't working either. You can reinstall LMS by entering


reinstall-logitechmediaserver

See if that fixes your LMS problem.

[bennjude19]

[vortexbox.localdomain ~]# cat /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
server string = VortexBox Media Server and SMB Master
local master = yes
domain master = yes
preferred master = yes
os level = 255
password server = None
valid users = root
security = SHARE
printcap name = /etc/printcap
netbios name = VORTEXBOX

# These improve preformance
large readwrite = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE

# Fix for OSX
unix extensions = no

[files]
path = /storage
guest ok = yes
writeable = yes
create mask = 0777

[music]
path = /storage/music
guest ok = yes
writeable = no
create mask = 0777

[pictures]
path = /storage/pictures
guest ok = yes
writeable = no
create mask = 0777

[movies]
path = /storage/movies
guest ok = yes
writeable = no
create mask = 0777

[Ron Olsen]

There are four more lines that contain

guest ok = yes

You have to change ALL of them, not just the first one.

Do that, then repost the output from the cat command in my previous post.

[bennjude19]

There are four more lines that contain

guest ok = yes

You have to change ALL of them, not just the first one.

Do that, then repost the output from the cat command in my previous post.


[vortexbox.localdomain ~]# nano /etc/samba/smb.conf
[vortexbox.localdomain ~]# systemctl restart smb.service
[vortexbox.localdomain ~]# cat /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
server string = VortexBox Media Server and SMB Master
local master = yes
domain master = yes
preferred master = yes
os level = 255
password server = None
valid users = root
security = SHARE
printcap name = /etc/printcap
netbios name = VORTEXBOX

# These improve preformance
large readwrite = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE

# Fix for OSX
unix extensions = no

[files]
path = /storage
valid users = root
writeable = yes
create mask = 0777

[music]
path = /storage/music
valid users = root
writeable = no
create mask = 0777

[pictures]
path = /storage/pictures
valid users = root
writeable = no
create mask = 0777

[movies]
path = /storage/movies
valid users = root
writeable = no
create mask = 0777

[Ron Olsen]

Looks good. If you have restarted Samba after the edit, try to access the VB Samba shares from another computer on your network.

Access as user root, with the correct root password, which should be vortexbox on a VBA.

[bennjude19]

Looks good. If you have restarted Samba after the edit, try to access the VB Samba shares from another computer on your network.

Access as user root, with the correct root password, which should be vortexbox on a VBA.


restarted samba and try to access VB Samba share from my other laptop
windows logon unsuccessful
I use different password on new iso install and not "vortexbox" as password and windows is not accepting the password I use during iso install

[Ron Olsen]

Sorry, Your original post said you were using a VBA.

I don't know how to fix your problem accessing the VB Samba shares as user root from Windows. You'll have to find a Samba expert to help, post your question on a Samba forum, or use Google to track down more info.

I suggest saving your modified Samba config file by

cp /etc/samba/smb.conf /etc/samba/smb.conf.mine

Restoring the original Samba config file by

cp /etc/samba/smb.conf.save /etc/samba/smb.conf

and restarting Samba by

systemctl restart smb.service

so you will be back to where you started.

Good luck, sorry it didn't work.

You could also try installing Webmin on your VB. I believe it has a Samba configuration module:

http://info.vortexbox.org/tiki.....tallWebmin