Альтернатива smb в windows

Доброго времени!
Есть домашняя сеть из нескольких компьютеров под Windows 10 и устройств на Android. Обмен файлами происходит по средствам SMB шар. Это очень удобно тем что отображаются превью картинок в проводнике, можно примонтировать сетевой диск, настроить разрешения и т.д.
Ввиду последних событий в мире ИБ рекомендуют отключить самбу и заблокировать порты. Возникает вопрос чем ее заменить, не потеряв в удобстве? Мне нужен удаленный доступ к файлам другого устройства. Может есть какое то P2P решение?

• 
  Вопрос задан
  
  более трёх лет назад
  

• 3480 просмотров

nasmonkey wrote:From what Ive read, SMB 1.0 is insecure, thats why its been disabled

When I’m talking about legacy systems NetBIOS name resolution is required — and unfortunately Microsoft bundled it with the SMB 1.0/CIFS services. And as you appeared to have a problem my assumption was you have a legacy system. Aside, the SMB 1.0 overflow issues were fixed a long time ago by the way, too.

nasmonkey wrote: I have a QNAP TS-251, trying to find out if it supports newer SMB standard.

Newer QTS does (for a longer time now) also enable WSD by default (for discovery/name resolution). And all these non-legacy NAS models default to SMB 2.1. Enabling the SMB 1.0/CIFS Client and SMB 1.0/CIFS Server feature for non-legacy systems is not required and Windows 10 can work with the QTS system. To check the maximum protocol setting you can use the shell command as shown before, or check the Microsoft Networking -> Advanced Settings for the current settings:

QTS 4.3.4 Microsoft Networking — Advanced.PNG

Coming-up QTS 4.4 will bring even more UI controls — now it’s possible to policy disable SMB 1.0 by setting the lowest supported protocol:

QTS 4.4 Microsoft Networking — Advanced.PNG

nasmonkey wrote: In the meantime, I created an user on my NAS that matches the user/pass in Windows 10. I can now access //MYSERVERNAME .

That’s the ideal Windows workgroup set-up. It does not change anything when it comes to the discovery/name resolution or the protocol used. Unfortunately this is no longer possible when creating new Windows 10 cloud accounts — the «reverse» mapping to the full username is not implemented (a short name is used instead) and the workgroup single-sign-on authentication is not workable.

Sorry for causing confusion before.

Some of the top features or benefits of Samba are: Cross-Platform Compatibility, Active Directory Support, Open Source, Wide Adoption, and Comprehensive Documentation.
You can visit the info page to learn more.

Наверх

Has your organisation been hit with the file sharing SMBv1 being disabled?

Can you no longer share files on our servers IFS, as Microsoft is now blocking this protocol?

Server Message Block (SMB) is the method used on the IBM i to share files and printers and commonly known on the IBM i as NetServer.

A very useful tool for transferring data between the IFS and our PCs.

SMB version 1 is the protocol that has caused us issues. SMB version 2, available on 7.3 & 7.2 does not have any complications.

Steve Bradshaw’s PowerWire article on SMB issues can be found at https://powerwire.uk/wanna-use-smb-v2

Microsoft’s Windows vulnerabilities can be found at https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010#security-update-for-microsoft-windows-smb-server-4013389

That’s enough of the technical stuff, in this article, I’ll show how we overcome the SMB issues with a solution we proved for one of our clients that hit the SMB setback.

Client Issue

One of our clients is running Version 7.1 of the OS and uses NetServer to share IFS directories of PDFs generated by their accounting package.

As NetServer SMBv2 is not available for 7.1, we had to provide a solution.  No, upgrading to 7.2 or 7.3 wasn’t an option.  We used PHP running on Zend Server for IBM i.

As a basic for this PHP application, I used Hal Gatewoods open source PHP directory listing, and to follow, my company, FormaServe, is making this application open source for all the IBM i community to use.

This solution was using PHP on the IBM i and used the following components:

• PHP
• Zend Server on IBM i
• HTML & CSS
• JQuery UI

The graphic below shows how the user see’s their PDFs.

Картинка с сайта: powerwire.uk

Clicking on a PDF icon, will open it in the browser from the IFS, allowing the user to print, email etc, in fact all the usual PDF functions.

How?

Let me explain how this is achieved.

• Get all files from an IFS directory for the tab heading
• Loop through all these entries
• Check if the file extension is on the excluded list
• Arrange into a defined sort standard
• Format the size of a file in a readable format
• Display the results
• Get the files for the next tab and go around again

Get Files From IFS

Firstly, we have an IFS directory that contains all the files that a user needs to access. There are sub-directories that hold the PDF for each of the applications, for example, invoicing, job cards etc.

Using IBMs Access for Client Solutions, we can see this structure.

Картинка с сайта: powerwire.uk

Let us tackle the directory processing within the PHP.

The PHP function SCANDIR populates an array called $ITEMS with all our IFS file names.

$file_count = 0;
$ifs_dir = ‘/PDF/Quotes/’;
$items = scandir($ifs_dir);

// Dont count sub-directories
$total = count($items) – 2;

Loop Through File Entries

Now we have all our IFS files in an array called $items, we loop through each of the files building a second array called $objects.

The PHP script below shows this.

$objects = array();
$objects[‘directories’] = array();
$objects[‘files’] = array();

foreach ($items as $c => $item) {

if ($item == “..” OR $item == “.”)
continue;

// IGNORE FILE
if (in_array($item, $ignore_file_list)) {
continue;
}

$item = trim($ifs_dir) . $item;

if ($folder && $item) {
$item = “$folder/$item”;
}

$file_ext = getFileExt($item);

// IGNORE EXT
if (in_array($file_ext, $ignore_ext_list)) {
continue;
}

// DIRECTORIES
if (is_dir($item)) {
$objects[‘directories’][] = $item;
continue;
}

// Make date a readable format
$file_time = date(“U”, filemtime($item));

// Files
if ($item) {
$objects[‘files’][$file_time . “-” . $item] = $item;
}
}

Excluding Files

Once populated, we use a function to perform the following functionality:

Looping through the $items array, checking each one for:

• It is not on an excluded list of file extensions (so you could exclude any JPGs you don’t want the user to see!)
• Sort them into any required order
• Include or exclude any sub-folders
• Convert the file creation date and time into sometime more readable for the user

To present each file in a block, we build a string ($rtn), then use PHP to echo the details within the browser.

$rtn = “<div class=\”block\”>”;
$rtn .= “<a target =’_blank’ href=\”$file\” class=\”$file_ext\”{$download_att}>”;
$rtn .= ” <div class=\”img $file_ext\”>&nbsp;</div>”;
$rtn .= ”       <div class=\”name\”>\n”;
$rtn .= ”       <div class=\”file\”>” . basename($file) . “</div>\n”;
$rtn .= ”       <div class=\”date\”>Size: ” . format_size($file) . “<br />Last modified: ” . date(“D jS F Y – H.i”, filemtime($file)) . “</div>\n”;
$rtn .= ”       </div>\n”;
$rtn .= ”       </a>\n”;
$rtn .= “</div>”;

File Sorting

Now we have an array, called $objects, that contains all the files we want the user to access.

For sorting, there are four sorts we want to perform:

1. By Date – most recent
2. By Date – oldest
3. By Name – Ascending
4. By Name – Descending

For our application we want to use the date order, with the most recent at the top of the list.

By setting the default to date_desc , all our files will be in the same order.

// Sorting

$sort_by = “date_desc”; // options: name_asc, name_desc, date_asc, date_desc

The PHP to perform this is shown below.

// Sorting
if ($sort_by == “date_asc”) {
ksort($objects[‘files’]);
} elseif ($sort_by == “date_desc”) {
krsort($objects[‘files’]);
} elseif ($sort_by == “name_asc”) {
natsort($objects[‘files’]);
} elseif ($sort_by == “name_desc”) {
arsort($objects[‘files’]);
}

PHP is fantastic at array manipulation, if you thought RPG had enough, take a look at PHP array processing.

Formatting Size

Yes, size does matter!  To make file sizes more readable, a quick PHP function will do the formatting for us.

function format_size($file) {

$bytes = filesize($file);

if ($bytes < 1024) {
return $bytes . ‘b’;
} elseif ($bytes < 1048576) {
return round($bytes / 1024, 2) . ‘Kb’;
} elseif ($bytes < 1073741824) {
return round($bytes / 1048576, 2) . ‘Mb’;
} elseif ($bytes < 1099511627776) {
return round($bytes / 1073741824, 2) . ‘Gb’;
} else
return round($bytes / 1099511627776, 2) . ‘Tb’;
}

Date & Time

Using date and time formatting provided by PHP, we can easily produce a readable format of the file date and time by using the FILEMTIME function..

Last modified: ” . date(“D jS F Y – H.i”, filemtime($file)) . “

FILEMTIME will return the file date and time in UNIX format, so we need to use the PHP DATE function.

If FILEMTIME returns 1520970101, we can format using DATE(“D jS F Y – H.i”).

Given the FILEMTIME example above, this would format the date as Tue 13th March 2018 – 19.41

Ah, that’s a lot better!

Display Results

As we had many IFS sub-directories to show, it was decided that a tabbed approach to show the PDFs in each of the sub-directories.

Картинка с сайта: powerwire.uk

The JQueryUI library is used to present the information to the user in a tabbed format.  JQuery UI is an excellent tool for impressing your users.

More details about JQuery can be found here.

So now we have all the PDF file names in arrays we can use PHP, with a little help from HTML to list them all.

<!– Quotations–>
<div id=”tabs-9″>
<?php
$tab_no = 6;
$count = 0;
$file_count = 0;
$ifs_dir = ‘/PDF/Quotes/’;
$items = scandir($ifs_dir);

// Dont count sub-directories
$total = count($items) – 2;
?>

<div class=”row”>
<div class=”col-xs-6 text-left”>
<?php echo “<p>A Total Of $total Files</p>”; ?></p>
</div>
</div>

<!–Get files–>
<div class=”wrap”>
<?php
build_blocks($items, false);

$file_count = $file_count – 1;
?>
</div>

</div>

And now we have all the pieces and the results can be seen in the first figure of this article.

Conclusion

Hopefully, this article shows how flexible and dynamic our IBM i server is. Using this method to allow users to access their files on the IFS without any SMB intervention.

This was a first cut, which can easily be modified to only allow users certain files and applications.

The next version will allow the user to fully manipulate each PDF, obviously security permitting, delete, copy, save back to the IFS after adding comments to a PDF.

If you would like a full version of the above PHP script, send me a twitter message to @AndyYouens , or use my company’s  contact us page here and I will send it over.

If you have any questions on IBM i with PHP, let me know in the comments below.

I’m looking forward to the next round of the i-UG user group meetings this year in the UK, the International i Power conference on the 12^th & 13^th June 2018.  Hopefully we can meet up at the main event of the year at our local football stadium in Milton Keynes.  Full details can be found on the iUG site here.

Note to self – time to be getting on with your Node.js workshop!

Andy Youens is an IBM i consultant/instructor at Milton Keynes, UK-based FormaServe Systems.