[Samba] Another Shot At It

[James Hubbard]

Since you've probably enabled the firewall settings when you installed 
RedHat, you're probably going to need to modify the 
/etc/sysconfig/ipchains file.

This line here is probably causing  you the most problem.
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT

In order to allow smb packets to be accepted you're going to need to 
open up the ports.  The easiest way to do this (I believe) is to insert 
these 2 lines above the line listed above.
-A input -p tcp -s 0/0 -d 0/0 137:139 -y -j ACCEPT
-A input -p udp -s 0/0 -d 0/0 137:139 -y -j ACCEPT
(Restart ipchains:  /etc/rc.d/init.d/ipchains restart)

I can't remember if you need the udp or not.

This is also opens you up to anybody.  You'll probably want to insert 
the acutal ip addresses of your two other machines in there.  This could 
be a problem though.
-A input -p tcp -s obi-wan-ip -d luke-ip 137:139 -y -j ACCEPT
-A input -p udp -s obi-wan-ip -d luke-ip 137:139 -y -j ACCEPT
...

One way to tell if you're got the smb ports locked down is to go to
http://www.grc.com from your linux machine.
Click Shields Up.  It should tell you whether or not it can see your 
windows share. After you add the lines to open up the ports, go back to 
the site and try again.  It should tell you the basic stuff like 
workgroup name.

You really should invest in some type of firewalling hardware/software, 
preferrably something that filter packets before they get to your machines.

James Hubbard



DJ Busch wrote:
> After receiving no response to yesterday's message, I tried some more web 
> scouring and more tinkering and dinking around with Samba...and I discovered 
> what may be a major key to my problem...
> 
> I have 3 PC's...2 are Windoze and 1 is Linux.  Windoze machines are likely to 
> understand how to share files across subnets using the same workgroup 
> name...but is Samba as adept?  I have a feeling that is at the heart of my 
> problem.  
> 
> I enabled wins support in my smb.conf and assigned the Samba box's IP address 
> as the primary wins server on the WFW box. I also set Samba to be the domain 
> master browser according to the instructions in BROWSING.txt.  All of this, 
> alas, was useless as I still couldn't browse the Win-duhs shares from Linux 
> or the Linux shares from Winduhs.  I feel that I'm getting much closer to my 
> goal (file sharing without using Windows) and would really appreciate any 
> help any of you can offer.
> 
> Thanks in advance for any help you can provide.
> 
> DJ Busch
> 
> Here is my latest attempt at smb.conf:
> 
> [global]
> 	workgroup = LEGEND
> 	netbios name = LUKE
> 	server string = Dave's Linux Experiment Gone Wrong
> 	interfaces = eth0
> 	bind interfaces only = Yes
> 	security = SHARE
> 	encrypt passwords = Yes
> 	null passwords = Yes
> 	log file = /var/log/samba/log.%m
> 	debug level = 5
> 	max log size = 50
> ;	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> 	os level = 2
> 	lm announce = yes
> 	preferred master = yes
> 	domain master = yes
> 	dns proxy = No
> 	wins support = yes
> 	guest account = doodles
> 	hosts allow = ALL
> 	hosts deny = 
> 
> [homes]
> 	comment = Home Directories
> 	path = /home
> 	read only = No
> 	guest ok = Yes
> 
> [printers]
> 	comment = All Printers
> 	path = /var/spool/samba
> 	printable = Yes
> 	browseable = No
> 
> [hp]
> 	path = /var/spool/samba
> 	read only = No
> 	guest ok = Yes
> 	printable = Yes
> 	printer name = hp
>