samba - Dec 2003 - firewalling SMB (and other protocols)

I looked around and couldn't find a page on firewalling samba.
So I did the homework and wrote one:

http://travcom.tripod.com/firewalls_and_protocols.html

Please send me (directly or CC) any technical suggestions, as I will
probably not read the list for very long.



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

On Thu, 2003-12-25 at 05:15, auto92089@hushmail.com
wrote:
> I looked around and couldn't find a page on firewalling samba.
> So I did the homework and wrote one:
> 
> http://travcom.tripod.com/firewalls_and_protocols.html
> 
> Please send me (directly or CC) any technical suggestions, as I will
> probably not read the list for very long.
Most of your Statements on Samba need a lot of work


(Naturally, all these rules should also allow the replies)

You must allow access to port 137 and port 138 UDP for browsing and name
resolutions. 

You must allow outbound access to port 137 and 138 UDP on your clients. 

You must allow account to port 139 and 445 TCP for file, print and other
services.

You must allow outbound access to port 139 and 445 TCP for browsing, and
SPOOLSS (printing) callbacks.

If you are using AD, then you need to allow access outbound to the AD
server's LDAP (TCP/UDP), DNS and Kerberos (TCP/UDP) ports...


Finally, when publishing technical documents, personal insults (no
matter who they are directed at) simply remove any sense of
professionalism from the result.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20031227/2954a73a/attachment.bin

I've got a machine with WinXP Pro SP1 in a samba PDC domain with roaming
profile.
Each time I log on my profile is downloaded on my machine. The problem is
that each directory has a file called "desktop.ini". How to
"hide" it?

How do I modify ntuser.ini to customize the excluded directory ? (i.e. by
default Local Settings is excluded from saving profile on samba server)

Thanks

Fabio.