SSH and Samba

One of my tasks was to set up a Campaign office in downtown Racine, to house our Development Office. Their primary role was to raise money for the new Racine Art Museum.

I set up SBC DSL, small office package for the connection to the web. Parked a Linux firewall/file-server/proxy server in front of the workstations to protect them from the baddies ;-). It was an old 233mhz machine I picked up for change, and worked like a champ. I bullet-proofed it with scripts and tutorials from Dranch and his work with TrinityOS. Great job David! I also use Tripwire, a great project.

I needed to provide some sort of method to provide these users access to our file server at our main office, where we were being supplied with SBS DSL, but this time the service came with a 5 port router, and all external IP's were NAT'd to internal addresses in the router.

I wanted to use FreeS/WAN, but I was having too much trouble punching a hole through the router, so I used SSH and Samba. I setup a common user on the remote and local box, and created a password-less key.

Then I used this script: 

#!/bin/sh
# Source function library.
. /etc/init.d/functions

# Get config.
. /etc/sysconfig/network

# Check that networking is up.
if [ ${NETWORKING} = "no" ]
then
        echo "Networking is not setup on this computer."
        exit 0
fi


# Check that DSL is up.
host="ameritech.net"
ping -c1 $host 2>&1 1>/dev/null

if [ $? -eq  0 ]; then
        echo "$host is up..."
        else
        echo "$host is not up, RAM is DOWN."
        echo "Call Ameritech and check our service."
        exit 0
fi


## Check that Wustum is up.
if ! wget -T 30 -O /dev/null -q http://www.wustum.org/web/Default.htm; then
        echo "Wustum is DOWN."
        echo "Call John and have him check our service."
        exit 0
else
        echo "Wustum is up..."
fi



# If smb is already started, stop it
#
[ -f "/var/lock/subsys/smb" ] || /etc/rc.d/init.d/smb stop


#
# If Netbios is listening, kill the proc
#
NETBIOS_PID=`lsof -i TCP | grep 'netbios-ssn (LISTEN)' | grep -v grep | awk '{print$2}'`

if [ "$NETBIOS_PID" -gt "0" ]
        then
         kill pid "$NETBIOS_PID"
fi

killall -9 ssh

#
# Forward these ports
#
REMOTE_SMB_HOST=192.168.10.10 # fill in IP address here
REMOTE_SSH_HOST=wustum.org # fill in IP address here

ssh -N -f -l smbuser -i /home/public/.ssh/id_dsa -g \
        -L 5137:$REMOTE_SMB_HOST:137 \
        -L 5138:$REMOTE_SMB_HOST:138 \
        -L 5139:$REMOTE_SMB_HOST:139 \
        $REMOTE_SSH_HOST

#
# Start it back up again
#
/etc/rc.d/init.d/smb start

echo
echo

#
# Find out what is mounted, we don't want to mount it twice
#
#APPS=`mount | grep '/home/apps' | grep -v grep | awk '{print $3}'`
OFSCAN=`mount | grep '/home/ofscan' | grep -v grep | awk '{print $3}'`
COMPANY=`mount | grep '/home/Company' | grep -v grep | awk '{print $3}'`
JSIMONSEN=`mount | grep '/home/jsimonsen' | grep -v grep | awk '{print $3}'`
SBUHLER=`mount | grep '/home/sbuhler-maki' | grep -v grep | awk '{print $3}'`

#count=0
#echo "Checking the apps folder..."
#count=$(ls -fa /home/apps | wc -l)

#if [ "$count" -gt "2" ]; then
#       echo "Apps is connected and contains files!"
#       echo
#       echo
#else
#
#       if [ "$APPS" != "/home/apps" ]
#               then
#               echo "Apps is connected but contains no files!"
#               echo
#               echo "Reconnecting the apps folder..."
#               echo
#               umount /home/apps
#       fi

#       mount -t smbfs -o dmask=2777,port=5139,username=myuser,password=mypassword //localhost/apps /home/apps


#       echo "The apps folder has been reconnected."
#       echo
#fi

count=0
echo "Checking the ofscan folder..."
count=$(ls -fa /home/ofscan | wc -l)

if [ "$count" -gt "2" ]; then
        echo "Ofscan is connected and contains files!"
        echo
else
        if [ "$OFSCAN" != "/home/ofscan" ]
                then
                echo "Ofscan is connected but contains no files."
                echo
                echo "Reconnecting the Ofscan folder..."
                echo
                umount /home/ofscan
        fi

        mount -t smbfs -o dmask=2777,port=5139,username=myuser,password=mypassword //localhost/ofscan /home/ofscan

        echo "The Ofscan folder has been reconnected."
        echo
fi

count=0
echo "Checking the company folder..."
count=$(ls -fa /home/Company | wc -l)

if [ "$count" -gt "2" ]; then
        echo "Company is connected and contains files!"
        echo
else
        if [ "$COMPANY" != "/home/Company" ]
                then
                echo "Company is connected but contains no files!"
                echo
                echo "Reconnecting the Company folder..."
                echo
                umount /home/Company
        fi

        mount -t smbfs -o dmask=2777,port=5139,username=myuser,password=mypassword //localhost/Company /home/Company

        echo "The Company folder has been reconnected."
        echo
fi

count=0
echo "Checking Sue's folder..."
count=$(ls -fa /home/sbuhler-maki | wc -l)

if [ "$count" -gt "2" ]; then
        echo "Sbuhler-Maki is connected and contains files!"
        echo
else
        if [ "$SBUHLER" != "/home/sbuhler-maki" ]
                then
                echo "Sbuhler-Maki is connected but contains no files!"
                echo
                echo "Reconnecting the sbuhler-maki folder..."
                echo
                umount /home/sbuhler-maki
        fi

        mount -t smbfs -o dmask=2777,port=5139,username=myuser,password=mypassword //localhost/SBuhlerMaki /home/sbuhler-maki

        echo "The sbuhler-maki folder has been reconnected."
        echo
fi


count=0
echo "Checking Joedy's folder..."
count=$(ls -fa /home/jsimonsen | wc -l)

if [ "$count" -gt "2" ]; then
        echo "JSimonsen is connected and contains files!"
        echo
else
        if [ "$JSIMONSEN" != "/home/jsimonsen" ]
                then
                echo "JSimonsen is connected but contains no files!"
                echo
                echo "Reconnecting the JSimonsen folder..."
                echo
                umount /home/jsimonsen
        fi

        mount -t smbfs -o dmask=2777,port=5139,username=myuser,password=mypass //localhost/JSimonsen /home/jsimonsen

        echo "The jsimonsen folder has been reconnected."
        echo
fi
exit 0

This script was also set up to be run by the folks in the office via a WebMin interface. Since the building they were in was so antiquated, and thus the wiring and power supply were "delicate", they experienced LOTS of phone wire noise and frequent power outages, breaking the connection.

Thank God that's all over...

Even with all the headaches, they still got Virus scan updates, and could work on files stored on the remote server. If we had a little more speed on the upstream end at the home office, things would have been a little more tolerable (it was only 128k up...)

Comments

Post a Comment

Popular posts from this blog

NPI Search Redundancy

Most healthcare professionals know at this point that all providers of health care, require NPI (National Provider Identifier) numbers. Without one, it will become increasingly difficult for claims to be paid by commercial payers, and impossible to collect medicare and medicaid payments. Since we are a coding/billing/collection/management agency, we have frequented the NPPES (National Plan & Provider Enumeration System) to lookup NPI information. Unfortunately, there have been brief periods of downtime of the site, causing us to implement our own solution: a backup of the registry. I have a daily cron job that downloads the NPI database, push it into MySQL, giving us an albeit slow, but accurate access to an off-line version of this data. The shell script below performs the retrieval: #!/bin/sh WORKDIR="/srv/htdocs/npi" LOG="$WORKDIR/npi.log" MONTH=`date +%b` LASTMONTH=`date +%b --date='1 month ago'` YEAR=`date +%Y` URL="http://nppesdata.cms.h
Read more

freeFTPD

Image
Image by Micah68 via Flickr I've been using FileZilla FTP server for some time now and have been happy for the performance. Recently, we needed the ability to expose the FTP service to another client, and the documents that we'd be receiving would be arriving in an un-encrypted form, unlike our other clients. I decided I could simply enable FTPS , the SSL enabled FTP protocol and open a port to 990 on my ASA 5525 Security Appliance and NAT traffic to our server. Unfortunately I quickly found out that a passive FTPS server behind my firewall won't work without some specific configuration changes as discussed in this article . With all that fussing around, I decided to check out freeFTPd, a single deamon that offers both FTP and SFTP, not to be confused with FTPS, but the secure file transfer protocol that is common to the SSH ( secure shell ) protocol. It's fairly straight forward, but is a bit quirky and the documentation is non-existent. Follow some of my ti
Read more

Using ImageMagick and Tesseract to sort TIFFs on Windows

Image
Recently I wrote a post about my search for a TIFF iFilter that would enable me to use VBScript to query a Windows Indexing Services server for file management. I found that since OCR is never always 100% accurate, neither were my attempts at sorting all the inbound EMR faxes we get each day. I did however, find Tesseract , a great product that was originally developed by HP and proprietary, and is now developed by Google and licensed under the Apache License v2, open source . It is one of the most accurate open source OCR engines available. It is quite basic, and in the version you obtain from the project page , it only operates from the command line, and without the libtiff library, will only do it's work on un-compressed TIFFs. More information can be found on the project pages , and Wikipedia . Doing some scouring, I aso found a front-end , and ArchivistaBox, a complete document management system . Image via Wikipedia I'm using it in Windows, so I needed to do one of
Read more