SMB ACL Problem

Similar Messages

• OS X 10.5.8 Leopard Server & SMB authentication problems

  Hi all,
  I am in charge of a OSX Leopard server. The platform has Windows XP /Windows Vista / OSX computers and as the server has a high capacity NAS it seemed logical to share it using SMB.
  The initial set up was done having in mind just the MACs, and they have no issues connecting to the SMB shares. The problem is on Windows side.
  Windows machines are supposed to use the SMB shares with Open Directory Accounts. But whenever we create an SMB share, there is a strange behaviour: files could be uploaded to the server, but once copied, they can't be copied back to windows machines, triggering the error (more or less, as the error text is in spanish): "File operation could not be completed, source file could not be found"
  For debugging purposes, we have just created a share, step by step , identify which the problem is:
  1 - Create a user from Workgroup manager, no admin capabilities.
  2 - Create a folder under "Shared Items" Folder.
  3 - Disable "Enable Spotlight Search"
  4 - Disable AFP, FTP, NFS (leaving just SMB as sharing protocol)
  5 - SMB protocol options: Disable "Allow guest access", Asign permmissions as follows: Owner: RW, Group R, Everyone R.
  6 - We then go to permissions and choose user created at step 1, set him ACL permissions as RW.
  7 - Save changes.
  After that, we reboot our Windows test machine, flushing its dns cache previously.
  Then when trying to connect to the share,an error message on our XP box says that we have no permissions to connect to the sahre (using our test user credentials). SMB log displays the following:
  +setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.+
  +[2009/10/23 12:05:20, 2, pid=29029] /SourceCache/samba/samba-187.9/samba/source/auth/auth.c:checkntlmpassword(319)+
  +checkntlmpassword: Authentication for user [] -> [] FAILED with error NTSTATUS_NO_SUCHUSER+
  Thanks in advance and best regards.
  Message was edited by: javierspn

  Edit:
  I can now connect with the new user. Something to do with DNS cache and opened sessions on the SMB server that I manually closed.
  However, same problem: I can upload files but whenever I try to copy one from the server to any XP workstation:
  http://yfrog.com/3oerrorjkj
  Basically meaning in plain English that the source file could not be found.
  Regards.

• Leopard Server / Windows / ACL Problem

  We have this problem that came up sense we upgraded our servers to Leopard. When Windows users are accessing files (over SMB), the POSIX permissions seem to override the ACLs. This is a problem because applications like Excel will change the permissions.
  This worked perfectly in Tiger. The windows user would modify the POSIX permissions all they want, but it wouldn't matter because the ACLs were what mattered.
  Does anyone know of a solution. This is a real problem.

  Since your issue is caused by OS X Server, you may want to post your question over in the OS X Server forums:
  http://discussions.apple.com/category.jspa?categoryID=96

• SMB Permission Problems

  I have upgraded our G5 "server" to OSX Server 10.4.8 recently. For the past two years it has ran SMB on plain old OSX (Panther) flawlessly. Now that we have a true "server," we are experiencing difficulty in making it work.
  I have configured all users and assigned them to a group called "employees." I have created a share under the /users folder, granted the group "employees" with read and write access, turned off AFP, turned on SMB, and checked "inherit permissions from parent." Oplocks, strict locking, and SMB guest access are all turned off.
  When a client modifies a file, that file may or may not end up with read only access. Not good.
  By reading other posts, it appears that others have been pointed toward ACL's, but it also appears to me that they don't really apply to a Samba only environment (choices are greyed out).
  Any suggestions?
  Thanks in advance....
  Jack

  Good news! I've solved my problem. I'm going to make another post for the purpose of giving a plain answer to others that I wish I had when I encountered my issue.

• ASA ACL Problems

  I have several new ASA-5520 boxes. All are configured with version 7.06 (Cisco recomendation) and in active/standby configuration.
  The problem is that the ACLs seem to disapear. For example; I have an outside access list that have about 20 lines. Every once in a while the ACL will start blocking traffic that is permitted by the ACL. When I do a 'sh access-list outside' it says that there are only two elements. They are there when I look at the running config. If I wait a while they start to work again and show up as 'active elements' again. I can force a failover and failback to fix it or restart the firewall. I will open a TAC case on Monday. I was hoping that maybe someone has seen this and has a quick solution.
  Thanks,
  Patrick

  could you provide the show running-config?

• Security update fixes ACL problems, almost

  So far when running disk permissions, I've had one iMac C2D have no problems reported and the other iMac C2D only have ACL issues on /Library

  Open the Terminal application and type:
  man chmod
  Look under the heading ACL MANIPULATION OPTIONS. The argument that you would use is:
  "everyone deny delete"
  If you can't understand the manual then leave your handy work alone. It's not a large security breach. chmod, chown, and chflags should only be used when you understand what you are doing.

• Windows 8.1 Pro SMB Sharing problem

  Hi,
  Would love some help.
  I have a file server that I recently upgraded from Windows 8 to Windows 8.1.  Problem is, it broke my smb share to 2 Dune Media players and another PC running XBMC on the Openelec platform.  I have spent days scouring forums for information and tried
  every reg hack and security/sharing fix I found but to no avail.  I have since refreshed windows 8.1.  I did however just have a breakthrough.    
  The problem is that the 3 devices above all worked great before the update, now I'm getting errors when ever I try to access a file on the smb share.  On my Windows 8.1 file server I have am running storage spaces with about 8 discs amounting to about
  16TB of storage, plus an SSD with the operating system. What I just discovered is that if I share a folder on the C drive, it can be scanned and accessed from any of the media players.  Therefore it's only the 'storage space' drive that won't authenticate
  an smb client.
  Thanks
  Allan Phillips

  Thanks Alex, I had tried that a few times.  Finally after 3 weeks I found the solution on the WD forum.  Solution is as below.
  Re: WD TV Live does not see shared windows USB drives that are connected via hub
  Options
  ‎01-24-2014 12:46 PM
  Well, nobody offered any opinion so far, but I was able to solve the mystery.
  It is all about the old IPRStackSize of the LanmanServer (Windows NT is greeting us again).
  I was taken off, because access seemed basically to work (at least with Windows machines).
  But the Windows 8.1 event log then told me very clearly : event 2011, irpstacksize not large enough, please increase.
  This event occurred whenever I tried to access the shared drives from my Android devices or especially from the WD TV Live. The only difference netween these 2 systems was that on the Android devices I could at
  least see the drives (but could not really open them), while the WD TV Live did not even boither to show me the drives.
  Now, I have no clue about the actual limits for the IRPStackSize in Windows 8.1 (the values changed from Windows version to Windows version). So I finally used the limit I found for older Windows systems :
  32 (x20).
  And it works now like a chram as it seems.
  By the way - I found stories about older Windows systems, where people increased the value to 20 (x14). So I tried that value first. With the result that I could not access any drive from other network units at
  all. So, the default value for this in Windows 8.1 must be even higher than that. I don;t know what it is, but 32 (x20) is obviously higher.
  Long story short : it is a Windows 8.1 (possibly already Windows 8) problem. And it can be solved by creating manually an entry in the Registry to add the IRPStackSize parameter with the higher value (as you know,
  when this parameter is missing, Windows uses a default value, which is obviously too small for drives connected to a hub and accessed by any kind of Linux systems.
  I still don't have a clue, why the access request by a Linux based system requires obviously more stack size than a request by a Windows machine. That is still something that makes me shake my head.
  Here a little procedure copied from Windows NT solutions :
  1. Run regedit.
  2. Navigate to the following key:
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
  3. In the right pane, double-click the IRPStackSize value.
  4. In the Value Data box, type a value that is larger than the value that is listed.
  If you created the IRPStackSize value using the procedure described in step 4, the default value is 15. It is recommended that you increase the value by 3. Therefore, if the previous value was 11, type 14, and
  then click OK.
  5. Close the Registry Editor and restart the computer.
  If the problem persists after you complete the preceding procedure, try to increase the value of IRPStackSize even more. The maximum value for Windows 2000 is 50 (0x32 hex).
  NOTE: If the IRPStackSize value does not already exist, use the following procedure to create it:
  a.
  In the Parameters folder of the registry, right-click the right pane.
  b.
  Point to New, and then click DWord Value.
  c.
  Type IRPStackSize.
  IMPORTANT: Type "IRPStackSize" exactly as it is displayed because the value name is case-sensitive.

• Smb protocol problem after upgrading to IOS 8

  Hi,
  I use SMB protocol to connect to Windows share folders in our company.
  Using IOS 7 on the iPad was working great until i upgrade one iPad to IOS 8.
  I can't connect using SMB protocol on the iPad with IOS 8. With an iPad with IOS 7 still works great.
  The settings are the same. I tested Goodreader v3 and v4 and FileExplorer program on the iPad with IOS 8 and on the iPad with IOS 7.
  The problem is only on the iPad with IOS 8. It does not matter which program I use. All are not working.
  On the iPad with IOS 7 all the programs works just fine.
  It seems that after upgrading to IOS 8, I have problem connecting to the share folders in Goodreader v3, v4 and in FileExplorer.
  It seems the problem is not on the settings of the server, account etc, also not program related but with the IOS 8.
  Does someone have this problem or now how to fix this?

  Hi all,
  I have run some more test and the problem is not with the SMB protocol but to connect to a DFS server.
  One share name like company.local and behind this we have some servers.
  The problem is with the DFS name (routing) When I connect directly to one server share location, it works fine.

• SMB Share Problem

  I have Windows Server 2003 with a couple SMB shares setup. My problem is that on my schools network I am able to connect no problem to the server when in my Dorm building. However when I go to a different building finder says "The server may not exist...Check the server name or ip address..." I am trying to connect using the Servers IP Address, I have also tried using DNS name and that doesnt work either. The catch is that when I am running Vista through Boot Camp I am able to connect no problem to the SMB Shares using the IP address, so Im curious as to whats different within the two OS's that one can connect and the other cannot.
  All connections are Wired, the server is not behind a router within my room.
  In finders connect to server i am enter smb://<ip address>

  Your issue may be adressed by one of these threads:
  http://www.macwindows.com/tiger.html
  Good luck!

• ACL problem in 6 and 5.1 sp9? Bug?!

  Hi all gurus:
  I got this problem for several days, and still cannot solve it. Can
  anyone help me?
  My design is to put all my beans and connection pool under one "kbf"
  acl. And "guest" servlet/jsp accesses these beans by using this "kbf"
  account. And it works in 5.1 sp8.
  Then i tried to use sp9. The very first time when jsp is compiling
  by WLS, all the jsps work correctly! After that, immediately click the
  link again, it throws jndi exception. Saying "guest" no permission to
  access "kbf" jndi. But my "guest" actually is a servlet/jsp running
  inside the server.
  So then we tried to use 6 sp2, to see whether we can solve the
  problem. And the funny things come out as follows.
  I just click my URL link in browser, first time everything is fine,
  my data is shown correctly. second time it throws ACL exception ,saying
  guest no right to look up my JDBC pool. Click again, the data comes out
  again. Clieck again throws same exception. It is a "toggle".
  And, for another jsp page/link, (it gets data from two tables),
  first time both two tables data are shown. Click some other link, then
  come back to click this link, only one table data is shown, then click
  this link again, both are shown. It is also a "toggle", slightly
  different.
  Something really funny going on for this ACL!
  Can anyone in BEA tell me more about this ACL issue? Why always
  nobody cares to answer these ACL questions? Both in ejb group and
  security group?
  Or simply nobody is using ACL in their project?
  Or i missed out something important? or i am abusing ACL?
  Or is it a bug?
  Since we are going to production very soon, i need the solution
  ASAP. Right now i only have two solutions:
  1. stick to 5.1 sp8.
  2. grant "guest" permission to all my beans, connection pool, which
  means no use for the ACL at all.
  Hope someone at least give me an hint. And sorry for the crossing
  post.
  Thanks.
  minjiang

  Thanks a lot!
  The problem is that i cached the ejb homes and connection pool. So now i use
  your first solution, create context everytime, although the performance may be
  slow down.
  But strange, it works in 5.1 sp6-8.
  Thanks again, Dimitri!
  minjiang
  Dimitri Rakitine wrote:
  The security context is associated with thread so, for example:
  in a servlet, you create InitialContext as "user" and save it.
  Next request which will be "guest" anyway.
  So, if you want authentication, you can either
  - create InitialContext everytime
  - use j2ee security so container will do this automatically:
  http://e-docs.bea.com/wls/docs61/webapp/security.html
  Dimitri
  On Fri, 13 Jul 2001, minjiang wrote:
  Hi Dimitri:
  Sorry to mail you directly.
  I have this question for quite some time. And not receive any
  response for my posting, cross posting.
  Do you have any idea why my deployment works on 5.1 sp8, but not on
  sp9 and 6 sp2?
  I noticed bea changed the weblogic.ejb.interal.StatefulEJBObejct,
  and StatefulEJBCache in sp9, and this is part of why my application
  cannot work. (for one facade session bean looking up other beans in
  another acl)
  Another part is i described in the forward posting, for my "guest"
  jsp/servelt cannot access other acl?
  For my understanding, since my facade bean and jsp/servlet only run
  inside the WLS server, so as long as the correct credential is supplied
  while constructing the jndi context, they should be allowed, right? It
  shoud not be only one credential in one thread, which seems WLS is doing
  now.
  Thanks for help, and any hint or document is appreciated.
  minjiang

• WLC ACL Problem

  Hi all,
  I'm having problems when trying to apply an ACL to my WLC dynamic interfaces. I have three WLANs that I wish to keep separated and am using ACLs that I have configured on the controller, the only problem is they don't seem to work!
  Ping test from 10.201.32.11 on WLAN1 to 10.201.27.41 on WLAN2 works and the current ACL is below:
       1 Out     10.201.32.0/255.255.252.0       10.201.24.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
       2  In     10.201.24.0/255.255.252.0       10.201.32.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
       3 Out     10.201.32.0/255.255.252.0       10.201.28.0/255.255.255.0    Any     0-65535     0-65535  Any   Deny           0
       4  In     10.201.28.0/255.255.255.0       10.201.32.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
       5 Out     10.201.32.0/255.255.252.0     192.168.200.0/255.255.255.224  Any     0-65535     0-65535  Any   Deny           0
       6  In   192.168.200.0/255.255.255.224     10.201.32.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
       7 Any         0.0.0.0/0.0.0.0                 0.0.0.0/0.0.0.0          Any     0-65535     0-65535  Any Permit          69
   DenyCounter : 0
  Each WLAN is sat on its own separate dynamic interface and own unique subnet.
  Any suggestions would be most appreciated.
  Thanks.

  Hi,
  Keep in mind the direction of the ACL.
  In means from client destined  to WLC
  Out means from WLC destined to client.
  It should look like this:
  Index  Dir       IP Address/Netmask              IP Address/Netmask        Prot    Range       Range    DSCP  Action      Counter
       1  In     10.201.32.0/255.255.252.0       10.201.24.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
       2 Out     10.201.24.0/255.255.252.0       10.201.32.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
  Don't forget to apply the ACL on interface or on WLAN.
  Regards,
  Christos.

• 4506, ACL problem

  I have 4506 that is used in a lab environment. We utilize the 192.168.X.X split up into vlans
  vlan 2 assgined ip address 192.168.0.1
  vlan 3 assigned ip address 192.168.1.1
  vlan 4 assigned ip address 192.168.2.1
  vlan 5 assinged ip address 192.168.3.1
  and so on.
  here is the problem:
  I need the people using 192.168.3.X on vlan 5 to only be able to access outside their vlan on PING (ICMP), DNS (udp 53), Proxy server on port 8080, LDAP (tcp 369), and SSL (tcp 443) this is to all vlans.
  And only host 192.168.0.180 on vlan 2
  and host 192.168.2.181 on vlan 4
  to be able to access all ip's on the vlan 5
  Every thing I have tried with extended acls has failed to allow this to happen.
  Ken Taylor

  here's a small excerpt of something similar i set up on a 6509 using reflexive acl's. (adjust ip's and ports to your liking)...
  ip access-list extended vlan232_acl_inbound
  evaluate intraffic232
  permit tcp any host 192.168.232.20 eq www reflect outtraffic232
  permit tcp any host 192.168.232.20 eq 443 reflect outtraffic232
  permit tcp any host 192.168.232.20 eq ftp reflect outtraffic232
  permit tcp any host 192.168.232.20 range 1024 5000 reflect outtraffic232
  permit tcp any host 192.168.232.42 eq ftp reflect outtraffic232
  permit tcp any host 192.168.232.42 range 1024 5000 reflect outtraffic232
  permit ip host 192.168.51.5 192.168.232.0 0.0.0.255
  permit ip 192.168.231.0 0.0.0.255 192.168.232.0 0.0.0.255
  permit ip host 206.195.31.0 192.168.232.0 0.0.0.255
  deny ip 192.168.0.0 0.0.255.255 192.168.232.0 0.0.0.255
  ip access-list extended vlan232_acl_outbound
  evaluate outtraffic232
  permit ip 192.168.232.0 0.0.0.255 host 192.168.151.33 reflect intraffic232
  permit ip 192.168.232.0 0.0.0.255 192.168.2.0 0.0.0.255 reflect intraffic232
  permit ip 192.168.232.0 0.0.0.255 192.168.3.0 0.0.0.255 reflect intraffic232
  permit ip 192.168.232.0 0.0.0.255 host 192.168.51.5
  permit ip 192.168.232.0 0.0.0.255 192.168.231.0 0.0.0.255
  deny ip 192.168.232.0 0.0.0.255 192.168.0.0 0.0.255.255
  permit ip 192.168.232.0 0.0.0.255 any reflect intraffic232
  interface Vlan232
  ip access-group vlan232_acl_outbound in
  ip access-group vlan232_acl_inbound out

• Strange ACL problem...

  Using Server 10.5.2
  Trying to create a custom ACL for a sharepoint where two different groups are allowed permissions for everything except for deleting files and folders. I have set these using File Sharing in Server Admin and ticking the boxes in custom ACL.
  I have propagated the permissions through the files and folders in the sharepoint and checked in terminal that they have taken using ls -le.
  However, when logging in, the user is able to create a new folder within the sharepoint but not able to change its name (permission denied). They can't delete also (so at least that works!).
  If I give the user (group) full access or read and write access, everything is fine but obviously they can delete files...not so good.
  The same problem occurs on another sharepoint and also using other users....
  Any ideas??
  Thanks,
  Joel.

  i don't know if this still applies, but it should.
  check this archived thread:
  http://discussions.apple.com/thread.jspa?messageID=1535247

• 300-28 Switches ACL Problem (Lack of Hardware Error)

  Hi!
  I am using SG300-28 switches in Layer 3 mode. I have 15 Vlans created and routing. I have 3 ACLS applied on the 5 VLANs.
  I am facing problem while adding another ACL in the VLAN interface error is (Lack of Hardware resources).
  I don't know what is the problem, I am worried about it. Please help in this.
  I have also updated my switch to latest firmware e.g.1.4.0.88

  hi
  seems you've reached maximum number of ACL entries for switch (512). Please:
  how many ACLs you have configured in total?
  how many entries have each applied access list on your switch?
  you can also check available resources with command "show system resources tcam"

• Smb sharing problem, smbd crash when connecting

  hi
  i installed leopard now 2 months ago and since then i try to connect to my mac from my linux vdr and from my windows xp laptop. when i try to connect, i get the following errors on the mac:
  in system log:
  +May 3 22:59:33 bkmac com.apple.launchd[1] (org.samba.smbd[189]): Stray process with PGID equal to this dead job: PID 262 PPID 1 smbd+
  +May 3 22:59:33 bkmac com.apple.launchd[1] (org.samba.smbd[189]): Stray process with PGID equal to this dead job: PID 191 PPID 1 smbd+
  +May 3 23:00:11 bkmac com.apple.launchd[1] (org.samba.smbd[297]): Stray process with PGID equal to this dead job: PID 300 PPID 1 smbd+
  +May 3 23:00:11 bkmac DirectoryService[11]: Failed Authentication return is being delayed due to over five recent auth failures for username: bk.+
  +May 3 23:00:55 bkmac ReportCrash[324]: Formulating crash report for process smbd[318]+
  +May 3 23:00:55 bkmac ReportCrash[324]: Saved crashreport to /Library/Logs/CrashReporter/smbd2009-05-03-230054bkmac.crash using uid: 0 gid: 0, euid: 0 egid: 0+
  in the log.smbd it says
  +2009/05/03 23:00:54, 0, pid=318] /SourceCache/samba/samba-187.8/samba/source/lib/fault.c:fault_report(41)+
  ===============================================================
  +2009/05/03 23:00:54, 0, pid=318] /SourceCache/samba/samba-187.8/samba/source/lib/fault.c:fault_report(42)+
  +INTERNAL ERROR: Signal 10 in pid 318 (3.0.25b-apple)+
  +Please read the Trouble-Shooting section of the Samba3-HOWTO+
  +2009/05/03 23:00:54, 0, pid=318] /SourceCache/samba/samba-187.8/samba/source/lib/fault.c:fault_report(44)+
  +From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf+
  +2009/05/03 23:00:54, 0, pid=318] /SourceCache/samba/samba-187.8/samba/source/lib/fault.c:fault_report(45)+
  ===============================================================
  +2009/05/03 23:00:54, 0, pid=318] /SourceCache/samba/samba-187.8/samba/source/lib/util.c:smb_panic(1650)+
  +PANIC (pid 318): internal error+
  and in the .crash file:
  +Process: smbd [318]+
  +Path: /usr/sbin/smbd+
  +Identifier: smbd+
  +Version: ??? (???)+
  +Code Type: X86 (Native)+
  +Parent Process: smbd [316]+
  +Date/Time: 2009-05-03 23:00:54.791 0200
  +OS Version: Mac OS X 10.5.6 (9G66)+
  +Report Version: 6+
  +Exception Type: EXCBADACCESS (SIGABRT)+
  +Exception Codes: KERNPROTECTIONFAILURE at 0x0000000000000014+
  +Crashed Thread: 0+
  +Application Specific Information:+
  +internal error+
  +* single-threaded process forked *+
  +Thread 0 Crashed:+
  + 0 libSystem.B.dylib 0x95d20e42 __kill 10+
  + 1 libSystem.B.dylib 0x95d9323a raise 26+
  + 2 libSystem.B.dylib 0x95d9f679 abort 73+
  + 3 smbd 0x001af62a dump_core 380+
  + 4 smbd 0x001bff90 readdirname 0+
  + 5 smbd 0x001af222 fault_setup 0+
  + 6 libSystem.B.dylib 0x95d1f2bb _sigtramp 43+
  + 7 ??? 0xffffffff 0 4294967295+
  + 8 smbd 0x0007f643 find_service 3897+
  + 9 smbd 0x0008149d make_connection 1682+
  + 10 smbd 0x0003a0e0 replytcon_andX 1160+
  + 11 smbd 0x0007d233 get_OutBuffer 1433+
  + 12 smbd 0x0007d506 chain_reply 577+
  + 13 smbd 0x00051e17 replysesssetup_andX 4836+
  + 14 smbd 0x0007d233 get_OutBuffer 1433+
  + 15 smbd 0x0007e017 smbd_process 2652+
  + 16 smbd 0x0027015f main 5076+
  + 17 smbd 0x000020ea start 54+
  +Thread 0 crashed with X86 Thread State (32-bit):+
  +eax: 0x00000000 ebx: 0x95d9f639 ecx: 0xbfffc3cc edx: 0x95d20e42+
  +edi: 0x002ca485 esi: 0x003176c0 ebp: 0xbfffc3e8 esp: 0xbfffc3cc+
  +ss: 0x0000001f efl: 0x00000282 eip: 0x95d20e42 cs: 0x00000007+
  +ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037+
  +cr2: 0x0034be4d+
  is there a known solution for this problem? any way to fix that?
  thanks
  bk

  You're sharing an SMB volume over the internet?
  I don't mean to sound rude, but are you nuts?
  I can't think of anyone, anywhere who would advocate this setup, especially since you're enabling guest access, too.
  If you really, really, really, really, really need to do it, have you checked your port forwarding on your router? and have you checked with your ISP to see if they have a clue, and if they're actively blocking port 139. Hopefully they are, since that will force you to use a different protocol.
  If you need to provide file access to remote users, consider enabling the VPN server built into Mac OS X Server and having the users connect over VPN. That way they appear as a local user, the data transfer is encrypted over the internet and you can control access to the resources.