Here is a list of general configuration notes and menus. Some of the configuration menus are also represented by configuration files you find via FTP in the /etc/cfg_user/ directory.
| Its strongly recommended to mindfully read and understand all of these Security Notes, First Steps and the Reference Manual before the first run |
To keep the risk of injury by fire or electric shocks at a minimum, its strongly recommended to strictly abide to all of these security notes. Don’t proceed to the next step, if anything is not understood, else please ask us by email for support.
The following steps are recommended before it is possible to use your intradisk:
| For critical processes like disk formatting and updates please use mostly tested Browsers like Mozilla, Firefox or Internet Explorer |
| On the intradisk “Sever” the firmware update is strongly recommended if you are missing some plugins. These plugins are normally lost when formatting the disk. |
All files can be edited using ether the standard HTML interface or a convenient FTP tool like TotalCommander. Attention has to be taken on the format of the individual configuration files and the UNIX style “End Of Line”-Characters. Manual edited Configuration files can always be stored with the “Make Changes Permanent”-Button on any HTTP-Page but the users configuration page.
/etc/cfg_user/... -- user configurable files /etc/cfg_dflt/... -- default configuration files
| A default configuration can be always restored by replacing one configuration file in /etc/cfg_user by its corresponding file from /etc/cfg_dflt. After overwiting the file, simply press “Make Changes Permanent” e.g. in the “network” configuration menu |
All configuration files are written to the ramdisk file system after pressing the “Commit Changes” button. Afterwards you can test the changed configuration as it will be lost after a reboot of the device. If you’re satisfied with the new configuration parameters, all configurations can be stored permanently into flash memory by pressing the “Make Changes Permanent” button
| Don’t forget to press “Make Changes Permanent” before switching off your intradisk if you want to keep the changes you made. |
This download URL can be used to download files from internet instead of running your desktop PC or your notebook. It is very useful if the required time required for the files transmission is very long. After download you will find the file in the exports share in the download directory.
network configuration of the 1st LAN interface. This interface is the only port on the server and the left port of the profi version.
This interface is the main network port. Most of the other network interfaces can be connected via a bridge device to this interface or may be configured separately via their fixed configuration. In bridged mode all bridged interfaces use the same network configuration and network packets are routed between all possible directions without being filtered.
In networks segements, where no dhcp server is running you have to manually configure your network setting. This means, that you have to know some basics about ip networking. Mostly you find such a net when e.g. you connect your digital receiver, PC or notebook directly to your intradisk. Various tools are also integrated in your standard PCs operating system mostly indepandent, whether you are using Windows, Mac, Linux or other systems. Tolls that help you for some basic diagnostics are:
| Tools | comment |
|---|---|
| arp | Changes and shows the actual translation tables for IP-Addresses/physical adressesthat are used by ARP (Address Resolution Protocol) |
| ping | ping uses the ICMP protocol’s mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway |
| ifconfig|ipconfig | Ifconfig is used to assign an address to a network interface and/or configure network interface parameters |
| hostname | show or set the system’s host name domainname |
| nslookup | nslookup is a program to query Internet domain name servers |
| nmblookup | nmblookup is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries |
Follow the Fields in the Browsers network configuration interface until everyting is completeted. The Steps are donw as follows:
| If your intradisk is configured to use automatic DHCP configuration and does not find a valid DHCP server, it uses the adresses assigned by the “fixed” parameters |
file location: /etc/cfg_user/network
hostname (occasionally also, a site name) is the unique name by which the intradisk device is known on your network. The hostname is used to identify a your intradisk nasdrive in your local network environment.
default: nasdrive
This parameter tells the boot process to ether ask your DHCP router for an automatic network configuration or use the self configured fixed configuration. If DHCP is activated, then the parameters: ip, netmask, gateway, nameserver and broadcast are ignored
default: dhcp
the ip parameter assigns the ip network address to the first network interface
default: 192.168.0.99
the netmask can be understood as a logical bitmap filter, which restricts the maximum quantity of the possible communication partners in one sub network. This parameter is also dependent on the type of network and not free of restrictions. Normally it looks somehow similar to “255.255.255.0” for example. In this case the “0” defines the available number of network partners.
default: 255.255.255.0
A gateway is a router or server which is used to separate two networks from each other. For example your Firewall router acts as a gateway between you local network and the Internet.
default: 192.168.0.99
A name server is a computer server that implements a name service protocol. It will normally map a computer-usable identifier of a host to a human-usable identifier for that host. For example, a Domain Name System (DNS) server might translate the domain name en.wikipedia.org to the Internet Protocol (IP) address 145.97.39.135.
default: 192.168.0.1
In computer networking, a broadcast address is an IP address that allows information to be sent to all machines on your local subnet rather than to a specific machine.
default: 192.168.0.255
During boot process your intradisk nasdrive searches your network environment for a valid DHCP server when configured to use DHCP. If none is found in your network, you can use this option to use your intradisk as a DHCP server. This is very useful if you are running your intradisk sometimes with your notebook and sometimes in a network with DHCP server. With this option its not necessary to do any network changes on your notebook nor on your intradisk.
default: Auto
file location: /etc/cfg_user/network
Network time server configuration is needed to get the standard network time provided by either a local NTP (NTP: network time protocol) server or an Internet NTP server, run by your local government and representing your national time. If your intradisk nasdrive does not have a correct time, the date of stored files may be incorrect and can cause e.g. your backup or database software to do misbehave. Intradisk profi devices have a battery buffered real time clock that once adjusted only drifts very slowly independent of having a network connection or not.
Here you insert either the hostname of your local NTP server (e.g. you network firewall router) by ip address or its hostname or the internet name of your national NTP server. To always guarantee a correct time its useful to insert multiple addresses as fallback servers.
default: ptbtime1.ptb.de ptbtime2.ptb.de
This parameter is used to calibrate the internal clocks drift by connecting to a network NTP server. Its very useful if your intradisk “profi”, which has an battery buffered realtime clock, is used on non network connected purposes. With this option the drift is learned by comparison between time intervals and this “learned” calibration factor is used for correction to get a drift of unbelievable 3-5 parts per million (~ 2minutes/year).
default: Lock
The NTP interval time is the time between the internal NTP client asks the NTP server for a valid time. Small values are not recommended, because the drift maybe smaller than the delay error when transferring time stamps over the network. If auto calibration is activated it always causes network traffic even establishing an Internet connection when you specified an Internet time protocol server.
default: 10min
Intradisk mini servers which are delivered with wireless lan interface are normally shipped with an internal antenna wich has a strong antenna gain in the same direction like the blue power led. The antenna is mounted directly behind the plastic front and provides enough power, to use it for video transmission at least in the same room. The wireless device can be either used in Accesspoint mode (Master) or in client mode (Managed) to attach to an existing network. For video transmission capabillity its no good idea to switch to managed mode, because of the half duplex characteristics of wireless radio transmissions on same frequencies.
| Before you are able to access your integrated WLAN device you need to activate the “startwlan” parameter in the plugins→general menu. If you can’t find this parameter in the plugins→general menu please do a firmware update in advance. |
file location: /etc/cfg_user/wireless
A bridge is a virtual network device which combines several devices into one device with one ip network address. This is very easy to configure, but its behaviour is slower than in fixed mode because all network traffic has to be processed by the CPU alone. If you have lack of network performance configure all performance critical interfaces to fixed mode and the uncritical interfaces to bridged mode.
default: Yes
In Master mode intradisk miniservers act like a mobile accesspoint that you can access with your notebook or your mobile everywhere you are e.g to look at stored videos when you are in a hotel. Switching to managed mode (BTWLAN) is very interesting, when you do not have a physical network between your internet router and your intradisk and you want to connect intradisk e.g. to listen to internet radio with your media clients. In client mode you cannot configure WLAN to work in bridged networking mode.
default: AP access point mode
This is the Master mode id which will be displayed on your WLAN client when browsing a wireless network environment.
default: IntradiskAP
This is the Managed mode id which will be displayed on your WLAN client when browsing your wireless network environment where your intradisk has to be connected to.
default: MyDslAP
The WLAN channel is a number wich represents a dedicated frequency to transfer data by radio. If you find several WLANs in your home environment, switch this channel to a number that can not be found in your environment to improve your WLAN performance.
default: 6
This value is the bit rate which is used to transfer data over radio. 54M means 54 mega bits per second. Lower rates normally mean to transfer data over higher distance in buildings because radio can better cross the walls of the building.
default: 54M
This is the IEEE standard wich means the protocoll specification 802.11a-g. “b/g” uses automatic detection to ether run in b or in g mode operation.
default: b/g
This parameter defines, whether encryption is activated or not.
default: On
Protocol to be used for WLAN partner authentication.
default: TKIP
Protocol standard to be used for WLAN encryption when sending data over radio.
default: WPA2-PSK
Password key index to be used for encryption of WLAN data.
default: 1
If you only want to permit your specified WLAN devices by their unique mac id, you can write them into a specific file which has to be placed in the /etc/cfg_user directory.
default: off
Password in hexadecimal or as string with dedicated length depending on the the key length selection. Not all key lengths have been implemented so far. Use “s:” in front of your password when you want to write it in clear letters. Take care about the exact length of the used password or hexadecimal keys.
default: s:www.intradisk
The User Management allows assigning exclusive space for users on the hard disk drive and grant access with FTP, Telnet or SSH to individual users. For all these tasks, a single password is assigned to each user. This individual disk storage is reserved in the Home Partition (see also: Home Partition in the chapter about Partitions). Whenever a User is created, a directory is created by the system in the Home Partition. This directory is password protected. User Management is not required for accessing the shared disk space in the Export Partition.
| Before finally putting the intradisk online, change the admin password! |
| - Press “Commit Changes” before selecting another User, otherwise changes are lost. - Press “Make Changes Permanent” before switching off the intradisk, otherwise changes are lost |
A user is defined by his account name, description items and his password.
The user account name is defined once upon creation of the account and cannot be modified later on. When using the intradisk with several users, a consistent account naming scheme should be applied.
This list box contains all defined Users. Click on an entry to modify the users’ attributes. The other fields are updated with the selected users values. Uncommitted changes are lost!
This field contains the users complete name. It has only informational purpose for administrators to unambiguously identify an account.
This parameter may be either “Yes” or “No”. A Users account can be disabled without being actually deleted by setting this parameter to “No”.
default: Yes
A User must have a password assigned. The password must have at least 5 characters.
User Password Repeated This field must contain the same value as the value typed into the “User Password” field.
This field may contain any additional text associated with the User
| Changing the partitions requires that the corresponding partition is formatted afterwards, so all user data on the hard disk is lost. Make a backup before changing anything within the partition table! |
The partition table on the hard disk drive contains 4 entries. Their sizes can be adjusted individually.
Partition where the Operating System resides. Unless you are planning to extend the system with large plugins, the default size is sufficient.
default: +1024 MByte
Partition where the Operating System swaps data and code if RAM becomes scarce. Unless you are planning a server architecture with large RAM need (like LAMP), the default size is sufficient.
default: +1024 MByte
Partition where the Users have their individual Home directories. If you have a lot of users think of enlarging the home partition. On the other hand, if you are using the intradisk as media server, see the recommendation below.
default: +64 GByte
Partition where shared data resides. If you are using the intradisk as a media server and you want share media between all users, it is a good idea to make the Export Partition as large as possible, you may even want to consider making the Home Partition smaller than the default.
note: the left field is always empty after formatting export with the default size (+Rest)
default: +Rest
| On all intradisk “Server” with 4MB Flash memory, some of the addon plugins are lost after formatting the disk. These addon plugins are not required for basic functionallity and can be easily reinstalled with a new release firmware. |
Note: When formatting the integrated harddisk, the intradisk’s preinstalled Linux-System is not affected, only some of the addon plugins like mt-daapd, samba3, wlan drivers...
This means that an intradisk “Server” with integrated Wlan looses its WLAN-functionality temporarily after partitioning or formatting the disk. Reinstalling a new firmware afterwards reinstalls all of the available plugins.
Formatting of the internal disks is one of the first steps required to be done after getting first access to your intradisk device. This is strictly recommended, because some devices are shipped only with a test partition that is required for the final system tests.
Disk performance can be optimised for certain applications. Usually, the default values give a good average performance without stressing the hard disk drive.
Three parameters may be modified.
After the specified time, the disk is put into standby. The value should not be made too small, as restarting the disk takes time and lessens the life span of the hard disk drive.
default: 20 minutes \\
This parameter defines the number of bytes which are read from the hard disk to memory at once. It helps fine tuning the intradisk memory consumption and file access. See the table below for hints.
default: 4 KByte
| Parameter: blkreadahead | Value in KiloByte [KB] | Effect |
|---|---|---|
| 0 | 0 | Fastest access for small files. |
| 8 | 4 | Default Setting, usually a well balanced setting |
| 64 | 32 | Value suitable for delayed recording of video data. |
| 128 | 64 | Value suitable for delayed recording of video data with several clients. System generally gets slow when accessing average files. |
| 255 | 128 | Value suitable for replay of large video data for several clients, otherwise System gets slow when accessing files of average size |
Most modern hard disk drives have the ability to speed down the head movements to reduce their noise output. The possible values are between 0 and 254. 128 is the most quiet (and therefore slowest) setting and 254 the fastest (and loudest).
Making the value larger than the default makes the hard disk probably slightly faster but at the same time, the hard disk drive becomes louder and its life span is probably reduced.
default: fast
| Value | Effect |
|---|---|
| 0 | Turn off sound management, not supported on all hard disk drives |
| 128 | Default Setting, quiet mode |
| 129-253 | In between Quiet and Loud, not supported on all hard disk drives |
| 254 | Fastest (and loudest) |
Read out the individual statistics of your hard disk drive. Due to different register sets in different harddisks some values maybe displayed in wrong format. Don’t worry and don’t believe all the displayed values if they show e.g. very high values which can’t be true!
The listed error values are normally used to detect a failure in advance to a mechanical disk failure after very long spin time.
Disk Parameters red directly from the integrated harddisk
Last measured spin up time in milli seconds
How often the disk started from standby or power of state
Shows the spin since first power on in hours or minutes depending on the integrated disk.
How often the power of your intradisk was switched off
This value represents the exact environment temperature inside of the intradisk enclosure
Intradisk supports filesharing in standardly over four protokolls: Windows File Sharing (Samba/SMD), NFS, FTP and TFTP. All these Filesystem are running out of the box and garantee you acessibility with all existing clients e.g. Windows98, WindowNT, Windows2000, WindowsXP...., Linux, Unix, MACos and an uncountable variety of other Clients like settop boxes, mobile phones e.g. using WindowsMobile, Ce, Palmos and UPNP clients.
The configuration file for the Samba suite “smb.conf” is a configuration file for the Samba suite. smb.conf contains runtime configuration information for the Samba programs. The smb.conf file is designed to be configured and administered by the swat(8) program. The complete description of the file format and possible parameters held within are here for reference purposes. The file consists of sections and parameters. A section begins with the name of the section in square brackets and continues until the next section begins. Sections contain parameters of the form
name = value
The file is line-based - that is, each newline-terminated line represents either a comment, a section name or a parameter. Section and parameter names are not case sensitive.
Only the first equals sign in a parameter is significant. Whitespace before or after the first equals sign is discarded. Leading, trailing and internal whitespace in section and parameter names is irrelevant. Leading and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value is retained verbatim.
The values following the equals sign in parameters are all either a string (no quotes needed) or a boolean, which may be given as yes/no, 0/1 or true/false. Case is not significant in boolean values, but is preserved in string values. Some items such as create modes are numeric.
| This is an incomplete extraction from the original samba configration manual (smb.conf.5.html). For the complete manual please follow this link or refer to the official samba project |
parameters in this section apply to the server as a whole, or are defaults for sections which do not specifically define certain items. See the notes under PARAMETERS for more information.
If a section called homes is included in the configuration file, services connecting clients to their home directories can be created on the fly by the server.
When the connection request is made, the existing sections are scanned. If a match is found, it is used. If no match is found, the requested section name is treated as a user name and looked up in the local password file. If the name exists and the correct password has been given, a share is created by cloning the [homes] section.
Some modifications are then made to the newly created share:
There are a number of ways in which a user can connect to a service. The server uses the following steps in determining if it will allow a connection to a specified service. If all the steps fail, then the connection request is rejected. However, if one of the steps succeeds, then the following steps are not checked.
If the service is marked “guest only = yes” then steps 1 to 5 are skipped.
Here is a list of all global parameters. See the section of each parameter for details. Note that some are synonyms.
Here is a list of all service parameters. See the section on each parameter for details. Note that some are synonyms.
This controls what workgroup your server will appear to be in when queried by clients. Note that this parameter also controls the Domain name used with the security=domain setting.
Default: set at compile time to WORKGROUP
Example: workgroup = MYGROUP
This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should not set this to true unless you have a multi-subnetted network and you wish a particular nmbd to be your WINS server. Note that you should NEVER set this to true on more than one machine in your network.
Default: wins support = no
Tell nmbd(8) to enable WAN-wide browse list collation. Setting this option causes nmbd to claim a special domain specific NetBIOS name that identifies it as a domain master browser for its given workgroup. Local master browsers in the same workgroup on broadcast-isolated subnets will give this nmbd their local browse lists, and then ask smbd(8) for a complete copy of the browse list for the whole wide area network. Browser clients will then contact their local master browser, and will receive the domain-wide browse list, instead of just the list for their broadcast-isolated subnet.
Note that Windows NT Primary Domain Controllers expect to be able to claim this workgroup specific special NetBIOS name that identifies them as domain master browsers for that workgroup by default (i.e. there is no way to prevent a Windows NT PDC from attempting to do this). This means that if this parameter is set and nmbd claims the special name for a workgroup before a Windows NT PDC is able to do so then cross subnet browsing will behave strangely and may fail.
If domain logons = yes , then the default behavior is to enable the domain master parameter. If domain logons is not enabled (the default setting), then neither will domain master be enabled by default.
Default: domain master = auto
This option allows nmbd(8) to try and become a local master browser on a subnet. If set to false then nmbd will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By default this value is set to true. Setting this value to true doesn’t mean that Samba will become the local master browser on a subnet, just that nmbd will participate in elections for local master browser.
Setting this value to false will cause nmbd never to become a local master browser.
Default: local master = yes
This boolean parameter controls if nmbd(8) is a preferred master browser for its workgroup.
If this is set to true, on startup, nmbd will force an election, and it will have a slight advantage in winning the election. It is recommended that this parameter is used in conjunction with domain master = yes, so that nmbd can guarantee becoming a domain master.
Use this option with caution, because if there are several hosts (whether Samba servers, Windows 95 or NT) that are preferred master browsers on the same subnet, they will each periodically and continuously attempt to become the local master browser. This will result in unnecessary broadcast traffic and reduced browsing capabilities.
See also os level
Default: preferred master = auto
This option allows you to override the name of the Samba log file (also known as the debug file). This option takes the standard substitutions, allowing you to have separate log files for each user or machine.
Example: log file = /usr/local/samba/var/log.%m
This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component of the host’s DNS name. If a machine is a browse server or logon server this name (or the first component of the hosts DNS name) will be the name that these services are advertised under.
See also netbios aliases.
Default: machine DNS name
Example: netbios name = MYNAME
This controls what string will show up in the printer comment box in print manager and next to the IPC connection in net view. It can be any string that you wish to show to your users.It also sets what will appear in browse lists next to the machine name.
Default: server string = Samba %v
Example: server string = University of GNUs Samba Server
This option affects how clients respond to Samba and is one of the most important settings in the smb.conf file. The option sets the “security mode bit” in replies to protocol negotiations with smbd(8) to turn share level security on or off. Clients decide based on this bit whether (and how) to transfer user and password information to the server.
The default is security = user, as this is the most common setting needed when talking to Windows 98 and Windows NT. The alternatives are security = share, security = server or security=domain. If your PCs use usernames that are the same as their usernames on the UNIX machine then you will want to use security = user. If you mostly use usernames that don’t exist on the UNIX box then use security = share.
You should also use security = share if you want to mainly setup shares without a password (guest shares). This is commonly used for a shared printer server. It is more difficult to setup guest shares with security = user, see the map to guest parameter for details. It is possible to use smbd in a hybrid mode where it is offers both user and share level security under different NetBIOS aliases.
When clients connect to a share level security server they need not log onto the server with a valid username and password before attempting to connect to a shared resource (although modern clients such as Windows 95/98 and Windows NT will send a logon request with a username but no password when talking to a security = share server). Instead, the clients send authentication information (passwords) on a per-share basis, at the time they attempt to connect to that share.
Note that smbd ALWAYS uses a valid UNIX user to act on behalf of the client, even in security = share level security. As clients are not required to send a username to the server in share level security, smbd uses several techniques to determine the correct UNIX user to use on behalf of the client.
A list of possible UNIX usernames to match with the given client password is constructed using the following methods :
iportant
This is the default security setting in Samba 2.2. With user-level security a client must first “log=on” with a valid username and password (which can be mapped using the username map parameter). Encrypted passwords (see the encrypted passwords parameter) can also be used in this security mode. Parameters such as user and guest only if set are then applied and may change the UNIX user to use on this connection, but only after the user has been successfully authenticated.
Note that the name of the resource being requested is not sent to the server until after the server has successfully authenticated the client. This is why guest shares don’t work in user level security without allowing the server to automatically map unknown users into the guest account. See the map to guest parameter for details on doing this.
In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an NT box. If this fails it will revert to security = user, but note that if encrypted passwords have been negotiated then Samba cannot revert back to checking the UNIX password file, it must have a valid smbpasswd file to check users against. See the documentation file in the docs/ directory ENCRYPTION.txt for details on how to set this up.
Note that from the client’s point of view security = server is the same as security = user. It only affects how the server deals with the authentication, it does not in any way affect what the client sees.
Note that the name of the resource being requested is not sent to the server until after the server has successfully authenticated the client. This is why guest shares don’t work in user level security without allowing the server to automatically map unknown users into the guest account. See the map to guest parameter for details on doing this.
Not implemented into standard firmware. Ask us for active directory supported intradisk...
See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.
See also the password server parameter and the encrypted passwords parameter.
In this mode, Samba will act as a domain member in an ADS realm. To operate in this mode, the machine running Samba will need to have Kerberos installed and configured and Samba will need to be joined to the ADS realm using the net utility. Read the chapter about Domain Membership in the HOWTO for details.Note that this mode does NOT make Samba operate as a Active Directory Domain Controller.
| This option is only available with intradisk nasdrives having the adsamba plugin installed |
This option allows you to override the default network interfaces list that Samba will use for browsing, name registration and other NBT traffic. By default Samba will query the kernel for the list of all active interfaces and use any interfaces except 127.0.0.1 that are broadcast capable. The option takes a list of interface strings. Each string can be in any of the following forms:
The “mask” parameters can either be a bit length (such as 24 for a C class network) or a full netmask in dotted decimal form. The “IP” parameters above can either be a full dotted decimal IP address or a hostname which will be looked up via the OS‘s normal hostname resolution mechanisms.
The following line would configure three network interfaces corresponding to the ixp0 device and IP addresses 192.168.2.10 and 192.168.3.10. The netmasks of the latter two interfaces would be set to 255.255.255.0.
Example: interfaces = ixp0 192.168.2.10/24 192.168.3.10/255.255.255.0
See also bind interfaces only.
Default: all active interfaces except 127.0.0.1 that are broadcast capable
This boolean controls whether encrypted passwords will be negotiated with the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords unless a registry entry is changed. To use encrypted passwords in Samba see the file ENCRYPTION.txt in the Samba documentation directory docs/ shipped with the source code.
In order for encrypted passwords to work correctly smbd(8) must either have access to a local smbpasswd(5) file (see the smbpasswd(8) program for information on how to set up and maintain this file), or set the security=[server|domain] parameter which causes smbd to authenticate against another server.
Default: encrypt passwords = no
This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed) password in the smbpasswd file to be updated automatically as they log on. This option allows a site to migrate from plaintext password authentication (users authenticate with plaintext password over the wire, and are checked against a UNIX account database) to encrypted password authentication (the SMB challenge/response authentication mechanism) without forcing all users to re-enter their passwords via smbpasswd at the time the change is made. This is a convenience option to allow the change over to encrypted passwords to be made over a longer period. Once all users have encrypted representations of their passwords in the smbpasswd file this parameter should be set to no.
In order for this parameter to work correctly the encrypt passwords parameter must be set to no when this parameter is set to yes.
Note that if this parameter is set a user authenticating to smbd must still enter a valid password in order to connect correctly, and to update their hashed (smbpasswd) passwords.
Default: update encrypted = no
This integer value controls what level Samba advertises itself as for browse elections. The value of this parameter determines whether nmbd(8) has a chance of becoming a local master browser for the WORKGROUP in the local broadcast area.
| By default, Samba will win a local master browsing election over all Microsoft operating systems except a Windows NT 4.0/2000 Domain Controller. This means that a misconfigured Samba host can effectively isolate a subnet for browsing purposes. See BROWSING.txt in the Samba docs/ directory for details. |
Default: os level = 20
Example: os level = 65
This is a text field that is seen next to a share when a client does a queries the server, either via the network neighborhood or via net view to list what shares are available. If you want to set the string that is displayed next to the machine name then see the server string parameter.
Default: No comment string
Example: comment = Fred's Files
This parameter specifies a directory to which the user of the service is to be given access. In the case of printable services, this is where print data will spool prior to being submitted to the host for printing. For a printable service offering guest access, the service should be readonly and the path should be world-writeable and have the sticky bit set. This is not mandatory of course, but you probably won’t get the results you expect if you do otherwise.
Any occurrences of %u in the path will be replaced with the UNIX username that the client is using on this connection. Any occurrences of %m will be replaced by the NetBIOS name of the machine they are connecting from. These replacements are very useful for setting up pseudo home directories for users.
| that this path will be based on root dir if one was specified. |
Default: none
Example: path = /home/fred
This is a username which will be used for access to services which are specified as guest ok (see below). Whatever privileges this user has will be available to any client connecting to the guest service. Typically this user will exist in the password file, but will not have a valid login. The user account “ftp” is often a good choice for this parameter. If a username is specified in a given service, the specified username overrides this one.
One some systems the default guest account “nobody” may not be able to print. Use another account in this case. You should test this by trying to log in as your guest user (perhaps by using the su - command) and trying to print using the system print command such as lpr(1) or lp(1).
Default: specified at compile time, usually "nobody"
Example: guest account = ftp
If this parameter is yes for a service, then no password is required to connect to the service. Privileges will be those of the guest account.
See also section "only guest" for more information about this option.
Default: guest ok = no
A synonym for this parameter is create mode.
When a file is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX mode is then bit-wise ‘AND’ed with this parameter. This parameter may be thought of as a bit-wise MASK for the UNIX modes of a file. Any bit not set here will be removed from the modes set on a file when it is created.
The default value of this parameter removes the ‘group’ and ‘other’ write and execute bits from the UNIX modes.
Following this Samba will bit-wise ‘OR’ the UNIX mode created from this parameter with the value of the force create mode parameter which is set to 000 by default. This parameter does not affect directory modes. See the parameter directory mode for details.
| This parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the administrator wishes to enforce a mask on access control lists also, they need to set the security mask. |
See also the "force create mode parameter" for forcing particular mode bits to be set on created files. See also the "directory mode" parameter for masking mode bits on created directories. See also the inherit permissions parameter.
Default: create mask = 0744
Example: create mask = 0775
This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories.
When a directory is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX mode is then bit-wise ‘AND’ed with this parameter. This parameter may be thought of as a bit-wise MASK for the UNIX modes of a directory. Any bit not set here will be removed from the modes set on a directory when it is created.
The default value of this parameter removes the ‘group’ and ‘other’ write bits from the UNIX mode, allowing only the user who owns the directory to modify it.
Following this Samba will bit-wise ‘OR’ the UNIX mode created from this parameter with the value of the force directory mode parameter. This parameter is set to 000 by default (i.e. no extra mode bits are added).
| This parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the administrator wishes to enforce a mask on access control lists also, they need to set the directory security mask. |
See also the "force directory mode", "create mode parameter", "inherit permissions" parameter.
Default: directory mask = 0755
Example: directory mask = 0775
A synonym for this parameter is allow hosts. This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service. If specified in the [global] section then it will apply to all services, regardless of whether the individual service has a different setting. You can specify the hosts by name or IP number. For example, you could restrict access to only the hosts on a Class C subnet with something like allow hosts = 150.203.5. . The full syntax of the list is described in the man page hosts_access(5). Note that this man page may not be present on your system, so a brief description will be given here also.
Note that the localhost address 127.0.0.1 will always be allowed access unless specifically denied by a hosts deny option.
You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The EXCEPT keyword can also be used to limit a wildcard list. The following examples may provide some help:
| Note that access still requires suitable user-level passwords. |
See also testparm(1) for a way of testing your host access to see if it does what you expect.
Default: none (i.e., all hosts permitted access)
Example: allow hosts = 150.203.5. myhost.mynet.edu.au
The opposite of hosts allow - hosts listed here are NOT permitted access to services unless the specific services have their own lists to override this one. Where the lists conflict, the allow list takes precedence.
Default: none (i.e., no hosts specifically excluded)
Example: hosts deny = 150.203.4. badhost.mynet.edu.au
This controls whether this share is seen in the list of available shares in a net view and in the browse list.
Default: browseable = yes
This parameter lets you “turn off” a service. If available = no, then ALL attempts to connect to the service will fail. Such failures are logged.
Default: available = yes
Note that this is an inverted synonym for writeable.
This is a list of users that should be allowed to login to this service. Names starting with ‘@’, ‘+’ and ‘&’ are interpreted using the same rules as described in the invalid users parameter. If this is empty (the default) then any user can login. If a username is in both this list and the invalid users list then access is denied for that user. The current servicename is substituted for %S . This is useful in the [homes] section.
see also: invalid users
Default: empty - no restrictions
Example 1: Restricting a share to only two specific domain users:
valid users=DOMAIN\dagobert, DOMAIN\Administrator
Example 2: Restricting a share to a special domain group:
valid users=@DOMAIN\NasdriveUser
Hints on domain groups:
This is a list of users that should not be allowed to login to this service. This is really a paranoid check to absolutely ensure an improper setting does not breach your security.
The characters ‘+’ and ‘&’ may be used at the start of the name in either order so the value +&group means check the UNIX group database, followed by the NIS netgroup database, and the value &+group” means check the NIS netgroup database, followed by the UNIX group database (the same as the ‘@’ prefix).
see also: valid users
Default: empty - no invalid users
Example: invalid users = root fred admin @wheel
An inverted synonym is read only. If this parameter is no, then users of a service may not create or modify files in the service’s directory. Note that a printable service (printable = yes) will ALWAYS allow writing to the directory (user privileges permitting), but only via spooling operations.
Default: writeable = no
For many OSes other than Windows Network filesharing can still be done using the widespread NFS Network File. Network File System (NFS) is a protocol originally developed by Sun Microsystems in 1984 and defined in RFCs 1094, 1813, and 3530 (obsoletes 3010), as a distributed file system which allows a computer to access files over a network as easily as if they were on its local disks. Intradisk is using NFS version V3 which adds support for the following features:
NFS on Intradisk is running standardly out of the box and can be easily setup and fit to your needs, using your favorite FTP browser. Just take into accounts, that only lines are allowed in the “/etc/cfg_user/exports” file starting with “/boot/” “/export/” or “/home/”
example: /export/ 192.168.0.0/24(async,rw)
| in earlier versions the default configuration was set to “async,rw,no_root_squash”. Using this setting causes a big security hole as anyone in your network can gain root access on the data on your disk |
Accessing your files over the standard File Transfer Protocoll FTP is very simple. Either you can use your webbrowser with the following url of your intradisk e.g. ftp://admin:password@nasdrive to browse your local “nasdrive” directories. Or use a much more comfortable filebrowser integrating FTP capabilities like e.g. the TotalCommander. The last but less comfortable solution is the command line based tool ftp which also can be accessed from your simple command line window just using your keyboard.
| if you are manually going to edit files via FTP, be aware using an editor other than Windows-Notepad which is not modifying the end of line characters. E.g. “Texpad”, “Ultraedit” or “Med” are editors of your choice for this purpose. |
The Trivial File Transfer Protocol (TFTP) is a very simple file transfer protocol, with the functionality of a very basic form of FTP; it was first defined in 1980. Since it is so simple, it is easy to implement in a very small amount of memory, an important consideration at that time. TFTP was therefore useful for booting computers such as routers which did not have any mass storage devices. It is still used to transfer small files between hosts on a network, such as when a remote X Window System terminal or any other thin client boots from a network host or server.
Intradisk supports TFTP as a server simply creating a directory called “/boot/tftpboot” which is normally only accessable by the admin user. After reboot of the device the tftp boot server will be automatically able to support other devices with files beeing placed in this directory. Simply take care about using your clients program which have to be told the download files. These filenames have to be either with or without the absolute leading path “[/tftpboot/]<filename>” depending on the implementation of your clients tftp boot software.
For many kinds of communication from the outside internet the most convenient way is to use different tools based on the very famous SSH protocol like e.g.
| For all network trafic SSH is using the network port 22 which has to be opened on your firewall if access from the outside should be gained |
After the SSH plugin is once activated on the intradisk it automatically generates the host keys for your intradisk nasdrive and stores them in the user configuration directory. After pressing the “Make Changes Permanent” button later, all identification key files are permanently stored and not lost on reboot. If you intend to regenerate the keys again, simply remove the host_* files from the /etc/cfg_user/ directory and “Restart Network” in the network configurations interface.
The Plugins Interface hosts those plugins which have a configuration of their own unless the plugins are configured somewhere else. See the General section on activating a specific plugin and where the plugin is configured after activation.
| These configuration pages magically appear once a plugin is installed or activated |
Plugins are activated using the entries in the General Section. Here you find activation buttons for all available plugins.
Start the WLAN adapter. The WLAN configuration page appears in the Network configuration section.
see also: wireless network configuration
default: false
Start IRDA. IRDA is not implemented at the moment.
default: false
Start PPP (Point to Point Protocol) for Bluetooth or serial communication.
default: false
Start Bluetooth. Bluetooth is configured in the Network settings.
default: false
Start the Twonky Vision Multimedia Streaming Server. Twonky is configured on its own configuration page within the Plugin Menu.
see also: Twonky Mediaserver plugin documentation
default: false
Mount the hard disk at boot time. Should be “true” except in cases where write-access is required to the complete hard disk, e.g. at complete (manual) reformatting of the hard disk drive.
default: true
Install extended logging on serial and HTTP.
default: false
Start the cron daemon (wakes up at recurring intervals and executes batch jobs). Required for CIBS extension. Useful for owners of an administration password.
default: false
Not available on “server” devices after formatting the disk, if missing simply reinstall the firmware. Start a network driver on the USB-Port. Requires an RNDIS-driver installed on the client OS and a suitable OS e.g. Windows XP.
default: false
Start Samba 3 instead of built in Samba 2. Required for storing of files larger than 4GB. Not available on “server” devices after formatting the disk, if missing simply reinstall the firmware.
see also: Windows network file sharing
default: false
Start SSH-Daemon and generate security key pair. The keys are generated only once upon activation and stored away once “Make Changes Permanent” is called. Not available on “server” devices after formatting the disk, if missing simply reinstall the firmware.
see also: SSH securing network communications
default: true
Start Itunes connection daemon. Activates configuration section under Plugins. Not available on “server” devices after formatting the disk, if missing simply reinstall the firmware.
see also: Mt-Daapd Mediaserver plugin documentation
default: false
Start the Rsync backup server daemon. Simply activates the server after restarting your network to listen on the network. This server can be accessed by any client authenticating over the network via ssh protokoll. This standard plugin is available on all instradisks and can be activated over the general plugins interface.
see also: Rsync/CIBS Backup Server
default: false
Start Samba 3 with Active Directory Support. Do not activate the samba3 plugin at the same time! This option is only available with the AD-Version of the intradisk.
| This option is only available with intradisk nasdrives having the adsamba plugin installed |
see also: active directory plugin documentation, Windows network file sharing
default: false
The TwonkyVision MediaServer enables you to share all your music, pictures and videos throughout your home. It is available for many different platforms and interworks with a large variety of client devices including XBox 360™ and Sony PSP™. TwonkyMedia needs fewer resources and is faster than other UPnP Media Servers, but still provides more features which help the user to enjoy large media collections. If you care about usability, TwonkyMedia is the right choice. It even enables you to define your own personal navigation structure, no matter whether you are an end user or a device.
Configuration of the preinstalled Twonky Mediaserver on your intradisk is done simply over the configuration interface apearing in the “Plugins” menu if activated. More information about usage and support can be obtained directly from http://www.twonkyvision.com
default: true
MT-DAAPD is a program which acts as an iTunes (DAAP) server for Linux and other POSIX unixes. It may eventually support Win32 as well.
Some random features that it supports:
Intradisks mt-daapd’s webserver configuration interface is accessable after activation in the plugins menu. Using your standard default “admin” password it can be easily configured with your browser and is accessed using the in right plugins→mtdaapd menu link.
The standardly included Rsync Backup Server is running automatically after activating this plugin. It is part of the upgradable CIBS package and can be used by external servers to synchronize the intradisk content of all partitions with itself. This is a highly effective method other than in standard backup systems, because only changed data has to be transferred over the network and only changes in big files are transfered, not the whole file.
Setting up two intradisk to run in CIBS mode please follow the following steps for quick and easy setting the System up to run as a highly secured backup or internet beackup system.
When running CIBS as an inhouse backup system ther is no need to do some chnages to the network setting for your intradisk devices. They just have to be both in the same network. Just when running Backups all day long during people working on the network its better to change the network setting, either:
When running CIBS-Backups over the internet you have to do some more configurations to your network environment:
| It’s recommended not to open any other insecure port for accessing e.g. the intradisk webinterface unless you know what you are doing. This is because passwords are transported unencrypted over HTTP, telnet or FTP protocols |
All that needs to be done on the server side is to set the plugins value “startrsync=server”. After clicking “Commit Changes” and “Make Changes Permanent” the integrated rsync server can be started by simply clicking on the “Restart Network” on the network folder. If it’s required to use this rsync server as the enhanced CIBS Backup server, you need to get the Root/Admin-Package (also available as an upgrade), to setup it up properly as CIBS-”Server” and CIBS-Master.
to properly setup the CIBS-Master and the CIBS-Slave it is once required running a setupscript called rc_rsyncd by the following steps:
| for logging in to the linux command shell, you can simply use the telnet programm on the Windows command shell start→cmd.exe and type in: “telnet [cibsmaster|cibsserver]” |
| Finally to make absolutely shure that no settings are lost, click “Make Changes Permanent” on both of the CIBSmaster and CIBSserver web configuration interface |
In this menu you find a way to program a new software update into the intradisk nasdrives flash memory. These updates normally contain bug fixes or additional enhancements compared to your actual installed firmware version. Before you use this feature its strongly recommended to carefully read all instructions on our update section of the intradisk support site.
| Always, and in advance of updating the integrated firmware it is strongly recommended to carefully read and stick to the update notes that is linked from the top of the firmware update support |
The firmware update is done in a minimum of four steps, ending with a reboot of the device!
| if anything is behaving different from these steps, check again your plugins→general settings as described above! If even this doesn’t help, please give us some detailed notes by email to info [at] intradisk [dot] com |
This page needs some time to evaluate all device informations from your intradisk nasdrive. It displays useful information about CPU, memory and disk usage, network configuration and temperature.
Intradisk still integrates a lot of features that are not implemented into the webinterface to keep the standard web configuration as simple as possible. This means that most of these features can be configured using the FTP file access or a simple telnet console.
These features are normally maintained by low priority, and not supported with the standard support package. If you are intrerested in more support or the integration of additional features, please order an admin/root-Package with more included support.
Version 1.6.384 of Intradisk Nasdrive (R) firmware.
shares configuration file: smb.conf
Parts of this firmware is licenced under GPL, please look at: GPL-Licences