1993 PC using 2023 Asustor NAS
ฝัง
- เผยแพร่เมื่อ 13 ก.ค. 2024
- In this video we're going to be hooking a 30 year old machine to a modern Asustor NAS and look at the configuration and security challenges involved with that.
We'll be exploring several aspects of the SMB protocol, including different dialects / versions / protocol negotiation, user authentication and guest access.
Many thanks to Asustor (www.asustor.com/) for providing me with the unit. I'm sure we'll be able to create lots more retro content with it.
Enjoy
Chapters
00:00:00 Introduction
00:02:38 : AsusStor device
00:04:56 : starting the NAS
00:06:00 : Logging into the web interface
00:08:18 : Security 101
00:10:04 : msdos networking setup
00:13:04 : users on the network
00:14:40 : debugging network issue using samba.log
00:16:01 : Some SMB Theory
00:20:39 : the smb.conf file
00:23:21 : authentication issues
00:28:27 : Eureka !
00:29:03 : A re-cap
00:30:24 : Using the net command
00:31:27 : map to guest - วิทยาศาสตร์และเทคโนโลยี
Awesome video! My knowledge of SMB just quadrupled because of this video. Keep up the great works and yet again it's great to have you back in the retro community.
As a tech support person, with some fairly detailed knowledge of security, I can say that the best advice for securing most devices is do a combination of things.
1) Only enable what you need. Don't enable things like web servers unless you are planning to use them. Disable/uninstall them when finished.
2) Use a strong password. Preferably randomly generated, and use a password manager to remember it, if feasible>
3) Don't expose any device to the Internet unless you need to. Use a firewall (even if it's just one built into your router). It may be nice for you to have access to your NAS from outside your network, but how much could you lose if someone else got access?
4) Do not use an account with Admin rights unless you have to.
5) Make the the software and firmware on any devices you use is up to date.. This includes any networking hardware, such as routers, modems and switches.
Excellent points. I hoped I touched all of these points in the video as well. Majority of security related issues with these NAS devices are people that for convenience start opening up all kinds of ports on their router / firewall, opening a whole range of attack vectors to these devices. There have definitely been issues with third party apps on these devices, but I do believe that locking everything down on your route / firewall level is a first good line of defense. I would be pretty difficult to perform any SMB related attacks if no access from the outside is allowed.
and don't show your password to the internet :D@@RetroSpector78
Way to reiterate everything he already said.... feel better now?
I had one of those Compaq machines and remember adding a CD drive
" 5) Make the the software and firmware on any devices you use is up to date.. 5) Make the the software and firmware on any devices you use is up to date.. "
exceptions are game consoles or devices you want to hack later.
thanks for the SMB setup. I have to put and old microscope at work on a share, and it runs DOS 5.0 (I guess). Now it will have access to the net share! :)
Hey everyone! Marco here! Thank you Retrospector78 and everyone watching! We love retro too and when we were given the opportunity for Retrospector78 to combine 30 years of technology together with our own. We love listening to the feedback we've received from the retro community and also love listening to all of your feedback including praise, comments, questions and criticism. I'm working hard to bring the feedback to the boss, even if our engineers express their bewilderment. Feel free to reply to me and I'll reply to you back!
I'm the LANMAN! ski-ba-bop-ba-dop-bop
If you love retro, how about you update the firmware to allow the config to be updated for retro from the web UI, by allowing the older protocols and password formats without dropping into SSH? You could obviously hide them by default under an "Advanced" config with appropriate warnings as to the security implications.
@@LBXComputers I think Asustor has already incorporate changes to facilitate retro usage. I've relayed my findings to them but ultimately it is up to them to decide what they do with it. Especially as some setting are security related I can understand that they might be reluctant to expose certain functionality. I also work for a company that develops products and it's not always possible to adhere to the wishes of every possible client or group. But it doesn't hurt to ask :) Hope you enjoy the video.
@@RetroSpector78 I did though I’m more looking forward to the next part when you’ll be moving from working in a VM to real hardware :)
@@LBXComputers We absolutely have. We have maintained support for lower versions of SMB. We added many similar workarounds to our FTP implementation at the advice of Phil's Computer Lab. I am one person and not a software developer so it absolutely is me performing the advocacy as well as guiding our software team to implement them and also add it to their busy schedules. I can't promise overnight service as I only received the findings from Retrospector78 and need time to parse the info, digest it, and spit it back out in a way that is palatable to management and how to implement it in a way that helps assuage any concerns management might have.
But, we do actually have FTP working in MS DOS right now. I fought hard for that.
Thank you for running through this! I completely forgot about adding "lanman auth" to my smb config years ago when I built my NAS for my retro computers and instead added a FTP server that lists the NAS' contents for my Win3.11 system.
I made that 1 line change to my smb config file and now I can enjoy mapped drives on my win3.11 PC :) So much better. THANK YOU.
Gotta love the forgotten networking knowledge of yesteryear
Great video. I’ve done this myself but using the RetroNas project docker container, is awesome
I knew bits and pieces of this but your video did a great job putting it together in a coherent step by step format. Nice work! Glad to have you back posting videos.
Great video :) It was very clear and easy to follow along. I learned a lot. Looking forward to the next video :)
Hey, I am so glad seeing that you are back on your channel 🙂In this video i learned a lot and i understand why i am having so many problems with retro networking on my modern hardware. Top!
Great video...well done. Good research & well explained..this will help people in the near future setting up similar config...I loved it..waiting for more... 🙂
I have a Western Digital My Cloud as my NAS which I upgraded to a 4TB SSD. I can access it from all of my vintage computers using Windows 3.11 onwards. I keep drivers for video cards, network adapters, sound cards etc and I even have setup files for each version of Windows from WFW all the way up to Windows 11.
Thank you for the explanation of the SMB protocol.
far out you just took me back 30 years ago when i used to work in IT in my first job!
Everything you ever needed to know to Get PS2 OPL network boot, I wish I had this 5 years ago when I was hunting for a bridge between SMBv1/CIFS documentation and Samba configuration and how it works with the GUI of modern consumer NAS devices. GREAT video good sir
Very cool! Looking forward to the next video installation.
This is fantastic! Thank you. I worked so hard to get my XP machine to work with a NAS, then my 98 machine, but never could figure out why my Win 3.11 or DOS machines just did not want to know.
This makes it so much clearer.
Nicely explained
Thank you for a great video. As an IT admin since the early days of SMB1, I have encountered all this, but bringing it all together in one place is really cool!
Very interesting video, I love this kind of stuff. Glad you're back and making content; it's different to other retro channels and is relaxing and informative. By the way there is an error on the slide in step 3. "The user can cannot" should be "The user can connect",
Woah, bringing out the Powerpoint! Hehehe...I setup quite a few small MS-based networks back in the days. It's so funny looking back how insecure those networks actually were (well, you did have to actually be where the network was located due to no Internet yet (or only a slow dialup connection).
Excellent level of detail on old SMB! I opted to use FTP in my retro setup to access my modern storage. Granted it can't map to a drive letter, but it's simpler to configure and use.
Great work! :)
Finally, I can get rid of my old Unsecured WD-MyCloud NAS and upgrade to the Asustor. Thanks.
Thank you for your support! Feel free to let us know if you have questions.
Excellent tutorial. I enjoyed it. Remember to isolate your retro networks as they are inherently insecure.
Fantastic! I love the level of detail, this video will be an evergreen video for explaining all of the SMB concepts and a great resource! One "fun" note, Samba 4.15.13 was the last version before SMB1 began to be deprecated. I host my SMB1 server on a Raspberry Pi, and as of Bookworm, the "shipped" Samba version is 4.17.x. As such, I've started to build Samba from source! I have a procedure for it if helpful.
Great video
this brings back some memories of my first network admin job
I'm happy to see you're using "vi" text editor :D
I remember adding the PPP, Netware, TCP/IP and IPX to Windows when I networked the PCs back in 95
Heads up: SAMBA has already stated that all support for SMB1 will be dropped in the next version, so alternate methods will be needed in the future. (Likely a docker container running older versions of SAMBA.)
Neat to show how to do the native file sharing with old sw + new nas. So many just enable FTP on their NAS and use that instead to transfer files with old PCs ... easier sure but not nearly as "fun"
You could make this a lot more secure by running a separate instance of smbd with SMBv1 and lanman enabled from inside a docker container, then restricting access to this only from specific IP addresses, and making sure you configure a static IP address on those machines or reserve them on your router's DHCP server or whatever. I don't know about this NAS specifically, but most I've seen either have docker built-in or allow you to install it.
true, but you will have to use different ports for the smb services and all, so they won't conflict. not sure if smb port definitions can be changed in old dos/win31 or they are hardcoded.
@@giornikitop5373 I believe you can use the ipvlan driver to assign a separate IP address to the container, otherwise I think it's also possible to bind docker to a different interface/sub-interface on the host with a different IP address.
In a home network is too overkill. I have a VM runing that mounts a network share and re-share as a smbv1 with no password and full write permissions inside my home lan. No problems here, its my lan.
Very interesting video. I have already seen enough to know you can network with DOS and call BS on Vo-Tech teacher for saying you couldn't.
😊😊😊interesting
Systemd allows for a file system change monitoring. You could set up a script that triggers whenever smb.conf is changed to add your amendments. You might also be able to hook into the web update scripting. However, while cleaner, may be more involved.
I built myself a dedicated retro lan, and my central datastore is an old iomega ix2-200 cloud edition. Of course the files are backed up again on a truenas, but it works like a charm. My NAS can speak SMB1, but I usually only use FTP, because this is supported by a much wider range of computers (of that time).
Missed your videos, I like the calm way you explain things. Did you finally managed a way to get smb.conf settings persistent? like with a startup script updating the file and restarting the service. Another approach might be a docker container with a custom samba server on a different IP.
I can promise one thing, that I will ask for this to be implemented so that it is persistent. I might need time though to convince them.
A mini PC with a USB hub and drives in SATA-to-USB cases seems to be a more manageable and flexible solution :) Or just wipe the OS on that unit so the config file will never get overwritten.
What is the memory usage of this on DOS? I do remember the ODI? stack eating up some base and lots of high memory.
🤘
NIce
Lets goooo
Nice NAS. jelly
I want to do this. Or try to make a old nas set up with modern parts.
Could you edit the code for the web interface and add a drop down entry for LANMAN and a check box for lanman auth?
That's the idea! I just need to convince the management to put it on the schedule.
Been doing this for over 2y now win 3.11 and a zyxel nas
Should have gone straight to NFS, with Sun's PC-NFS software that runs on the MS-DOS TCP-IP stack. PC-NFS must be archived somewhere.
I forgot about Windows for Workgroups
heh, interesting, but because of safety, isn't it better to just make temporary ftp server to copy files from newer pc to dos one? leaving old smb is quite a risk
Can someone send the amd pcnet driver for virtualblox please? I cand find it
why did you go with LANMAN1? Both the commonly used versions of the MS DOS client should support LANMAN2 just fine
YAY now u need to do a video on setup up TrueNAS to work with DOS :D
New prespective of MS-DOS networking, most of us know the Linux Networking stuff.
Hopefully with Retrospector's help and incredible information, I hope I can convince the staff to implement it in a way without knowing Linux networking.
I think ill stick with floppies LOL
Asutor and old QNAP's look the same. I wonder who really builds them. Also the OS looks the same.
The net command stil exist in Windows 11, and I use regulary becouse is much faster then insert the server address in an Explorer Window and wait for the login prompt 😂
All the security settings in the world won't save you when the device is designed with a back door.
I guess you meant to name this "VirtualBox using 2023 Asustor NAS".
Fair point. I have it up and running on the Compaq but video got too long and encountered your typical retro issues with the actual computer (bad sectors, bad floppies, network card timing issues, bad keyboard ….). Video would have been an additional 30minutes :)
Why not use NFS, or even FTP, if security is a concern? The performance would be better too. Nothing about SMB on Windows 3.11 or MS-DOS 6.22 is secure, as SMBv1 was deprecated like 10 years ago. It’s off by default now everywhere, and shouldn’t be enabled on the NAS.
There’s no real reason to enable TCP in DOS mode, it uses far too much memory and has minimal software support. Stick to using IPX for DOS if you want networking there, it’s lightweight and everything supports it. Keep TCP in the windows layer, it’s easier to manage files from File Manager anyway.
It is so much better to not mess around with your NAS, but instead to create a simple and small Debian Netinstall VM and configure it to consume your NAS shares over SMB3 and then *re-share* them over SMB1. You have your standard linux and you don't have to keep that VM running all the time, as it is unsecure to use anything under SMB3.
I considered doing something like this, but ultimately, if you have a closed network where only trusted clients have access; you have good security hygiene; and you actually keep separate, offline backups (or you only store data you can afford to lose), then... meh.
For Bookworm, I've been building Samba 4.15.13 from source since I believe SMB1 started to be deprecated in 4.16.x
FTP is also a decent option. Much lighter protocol, downside is you can't directly run stuff.
you will have to separate the dos machines net traffic, to only be able to talk to that vm. seems like a bigger hassle.
@@valkaielodIt is. But even for that, I use VM that consumes SMB3 shares and then re-shares it over SMB1 and FTP. (My VM also share additional virtual optical drive and over serial port a hayes modem + dial-up service... so full bang)
I thought this was an archive, are people still using this? Hopefully not for anything important, and not connected to the internet, for a hobby is cool, for real life it is not, yes I did work on all this systems back in the day.
Where's the Paid Promoting disclaimer at the beginning of the video? You are violating the TH-cam Terms hiding this information.
The disclaimer is enabled and present.
@@RetroSpector78I see it now. Please maintain your integrity in the future as well. Thank you.
Another TH-camr that doesn't know how or when to turn on the sponsored content checkmark.
The Nas you got for free has real market value, it's "payment in kind" and TH-cam is very clear this constitutes sponsoring. Also income from a video you otherwise wouldn't have made gives the Nas extra monetary value.
You might find it nitpicking, but it's a personal gripe of me.
I was not aware of this checkbox. My apologies. Checked now.
He was pretty clear where it came from. Maybe some formalities are missed here, but in terms of "spirit of the law," nobody tried to sell you something as a personal endorsement when it was actually a paid ad.
Personally, I like when content creators I enjoy are also successful. If you prefer all artists to be starving and miserable, maybe stick to open mic night.
@@nickwallette6201 technically it is a paid ad. He saved whatever the cost of the Nas was, that is real monetary value.
It's payment in kind. And Asus gets promotion of their product. The only way to somewhat avoid it is to send it back after you're done and even then there is still an incentive to be nice in his hopes to gain more hardware to show in videos.
I know he didn't mean to sell us something, but that is not the point.
There are a lot of sneaky sales pitches out there and ads hidden as advice and tech demos. The channels i like and watch have to be beyond reproach. It's a simple checkmark and then you cannot be accused of selling out or anything like it. You can even keep the stuff you get sent. I hope he gets more. Good for him, good for us. I don't mind him getting "rich". Just mark it as such.
Get over yourself pal, he was very clear about it being a gift, and the video was hardly a review. It was about the networking of older machines.
@@BenState Get over me, pal. You don't have to like it. I get it, you're a good little fanboy, you have defended him valiantly.