[Samba] Mapping CIFS/Samba problem
rruegner
robowarp at gmx.de
Sat Dec 13 14:54:37 GMT 2003
Hi,
i hope your firewall does not block the needed ports,
ping means only that a network connect is working but you need all smb cifs
ports open
this is usally a big security hole for a firewall, on the other hand you may
setup this for one single client but i wouldnt recommend this.
i would recommend you to use webdav https apache for the samba shares or a
pptd tunnel ( come with windows )
to the server to have more security, also winscp ( ssh copy ) may work for
you, cause in most case ssh is installed as server on the samba nix
machines.
using winscp is the trivial way for working with firewall and ssh port is
usally open or more easy to setup in the firewall for clients.
after all if you want to use smb mapping through the firewall make clear the
needed ports are not blocked;
setup samba to wins server, and tell your client to use the ip of samba
server as winsserver, this should work.
Regards
----- Original Message -----
From: "COUNTERMAN, DANIEL (CONTRACTOR)" <DANIEL.COUNTERMAN at DFAS.MIL>
To: <samba at lists.samba.org>
Sent: Saturday, December 13, 2003 1:28 PM
Subject: [Samba] Mapping CIFS/Samba problem
All,
The Windows 2000 client is on my side of the firewall (the error message is:
"remote computer is not available"), the Windows XP client is on the other
side of the firewall, (the error message is: "The specified network name is
no longer available"). I am able to ping both the IP address and server
name of the CIFS/Samba server. I cannot perform the mapping, via Map Drive,
then I connect as different user name and I enter a user id that I setup
with smbpasswd (testcifs). Then I receive both these messages, I have
searched message lists and the web for documentation on these errors, and I
am unable to find anything that works. I seen a document that said if you
could ping, then the next thing was to setup lmhosts on the client, which I
did, that still does not work, so there may be some configuration problem of
some sort.
I appreciate your help very much.
-Dan
-----Original Message-----
From: Tom Stoddard [mailto:tom.stoddard at l-3com.com]
Sent: Thursday, December 11, 2003 2:31 PM
To: COUNTERMAN, DANIEL (CONTRACTOR)
Subject: Re: [HPADM] Mapping Samba Share to XP
Dan,
I am unclear about the server you tried to map to: is it on your side of
the firewall or is it inside the firewall? If it is not on your side of
the firewall get something to map to (even another client with sharing
enabled). If this does not work then it's time to look for basic things
like having an IP address.
I hope you are not trying to browse for a server to connect to. Browsing
will not work over routers or firewalls. For my remote office users I
have to give them a name in DNS because browsing does not work. The
problem here is that browsing works via broadcast and routers and
firewalls do not repeat broadcasts.
COUNTERMAN, DANIEL (CONTRACTOR) wrote:
> Tom,
>
> The mapping on the firewall side did not work for Windows 2000 client, so
this still may be a server issue, not sure though. I received the following
error message:
>
> "The mapped network drive could not be created because the following error
occurred: The remote computer is not available."
>
> If you happen to know what I can do to map from the Windows 2000 or if
there is a configuration change that needs to be made, that would be
appreciated.
>
> Thanks,
>
> Dan
>
> -----Original Message-----
> From: Tom Stoddard [mailto:tom.stoddard at l-3com.com]
> Sent: Thursday, December 11, 2003 12:19 PM
> To: COUNTERMAN, DANIEL (CONTRACTOR)
> Cc: 'Hpux-Admin (E-mail); Bill Hassell; Edward
> Subject: Re: [HPADM] Mapping Samba Share to XP
>
>
> Dan,
>
> My feeling is that the firewall is your problem. You need to talk to the
> firewall admin to find out what the firewall rules are and what is
> blocking you. Keep in mind that M$ filesharing is inherently insecure
> and there may be good reasons for not letting sharing go thru the
firewall.
>
> I was going to recommend you try mapping to a windows server on the
> other side of the firewall. Good thing you already tried that. Next try
> mapping a drive to a windows server on your side of the firewall. If it
> works then no question that the firewall is the culprit.
>
> COUNTERMAN, DANIEL (CONTRACTOR) wrote:
>
>>All,
>>
>> I tried to map the CIFS drive (\\fcohpc\eas2) to Windows 2000 on the same
IP subnet as the CIFS server (207.133.248.*) and I received the following
message:
>>
>>"The mapped network drive could not be created because the following error
occurred: The remote computer is not available."
>>
>>Is there anything I need to change in the configuration on the CIFS
server? I am unable to map to the Windows XP clients on the 158 subnet
still, but this is due to the firewall, so if someone knows how I can make
that happen, please let me know?
>>
>>-Dan
>>
>>-----Original Message-----
>>From: COUNTERMAN, DANIEL (CONTRACTOR)
>>Sent: Thursday, December 11, 2003 7:16 AM
>>To: 'Edward'
>>Cc: Tom Stoddard; Bill Hassell
>>Subject: RE: [HPADM] Mapping Samba Share to XP
>>
>>
>>I do not have the command iptables I am running HP-UX 11.00, is there
another command to check this?
>>
>>
>>-----Original Message-----
>>From: Edward [mailto:ed1901 at hotmail.com]
>>Sent: Wednesday, December 10, 2003 3:08 PM
>>To: COUNTERMAN, DANIEL (CONTRACTOR)
>>Cc: Tom Stoddard; Bill Hassell
>>Subject: Re: [HPADM] Mapping Samba Share to XP
>>
>>
>>Hello Dan,
>>
>>I'm sorry, I wrote it backwards. If you get the smb :\> prompt, it means
>>you're in, but only from the localhost. You can now do dir & stuff to play
>>and exit by typing the quit command.
>>Now try this: smbclient //fcohpc/eas2 -U testcifs
>>If you still get the prompt, fine.
>>
>>Now try connecting from the XP box, but make sure you select the 'Connect
as
>>a different user' checkbox. Then fill in your testcifs userid & password.
If
>>this doesn't work, you may actually be blocked by a firewall, you can
>>probably verify this with your network administrator. It may be that your
>>own Unix box has a firewall builtin blocking the NetBIOS traffic (usually
>>port 137 - 139). You may have to check it (e.g. iptables -L, ...).
>>
>>However, my previous comments about Samba-users and domain controllers
still
>>apply.
>>
>>Regards,
>>Edward
>>
>>----- Original Message -----
>>From: "COUNTERMAN, DANIEL (CONTRACTOR)" <DANIEL.COUNTERMAN at DFAS.MIL>
>>To: "Edward" <ed1901 at hotmail.com>; "Tom Stoddard"
<tom.stoddard at l-3com.com>;
>>"Bill Hassell" <blhconsulting at mindspring.com>
>>Sent: Wednesday, December 10, 2003 6:50 PM
>>Subject: RE: [HPADM] Mapping Samba Share to XP
>>
>>
>>Here are the latest results:
>>
>><fcohpc>#./smbclient //fcohpc/eas2 -I 127.0.0.1 -U testcifs
>>added interface ip=207.133.248.67 bcast=207.133.248.127
>>nmask=255.255.255.192
>>Password:
>>Anonymous login successful
>>Domain=[FCOR] OS=[Unix] Server=[Samba 2.2.8a based HP CIFS Server A.01.10]
>>smb: \>
>>
>>So, it looks like there may be a firewall issue. What do you suggest?
>>
>>
>>-----Original Message-----
>>From: Edward [mailto:ed1901 at hotmail.com]
>>Sent: Wednesday, December 10, 2003 12:45 PM
>>To: COUNTERMAN, DANIEL (CONTRACTOR)
>>Subject: Re: [HPADM] Mapping Samba Share to XP
>>
>>
>>Hello Dan,
>>
>>OK, you do have a share called 'eas2'. The reason why you could access it
>>using NFS may be that it probably uses smbmount and/or it may have been at
a
>>time when fcohpc was not acting as a domain master.
>>
>>Anyway, what you should try is to connect to the eas2 share from your
>>server:
>> smbclient //fcohpc/eas2 -I 127.0.0.1 [-U samba-user]
>>If you get the smb: \> prompt the server is running fine and you may be
>>blocked by a firewall.
>>If you get NT_STATUS_LOGON_FAILURE, you're not using a valid Samba-userid,
>>or authentication fails.
>>
>>Take a look at your smbpasswd file (e.g. /etc/samba/smbpasswd) to see
which
>>users are valid Samba users. You can add any missing users with
smbpasswd -a
>>userid.
>>
>>However, you should remove the line 'password server = *' line and restart
>>the service.
>>Since fcohpc is acting as a domain controller, you may need to look into
the
>>authentication settings. Some time ago I had the same issue, but since
there
>>were so many things to check and configure, I don't recall what finally
did
>>it.
>>
>>Best regards,
>>Edward
>>
>>----- Original Message -----
>>From: "COUNTERMAN, DANIEL (CONTRACTOR)" <DANIEL.COUNTERMAN at DFAS.MIL>
>>To: "Edward" <ed1901 at hotmail.com>; "Tom Stoddard"
<tom.stoddard at l-3com.com>;
>>"Bill Hassell" <blhconsulting at mindspring.com>
>>Sent: Wednesday, December 10, 2003 17:54
>>Subject: RE: [HPADM] Mapping Samba Share to XP
>>
>>
>>Made the changes to the smb.conf file and started samba server. Here is
the
>>listing I received from smbclient command:
>>
>>fcohpc>#./smbclient -L //fcohpc
>>added interface ip=207.133.248.67 bcast=207.133.248.127
>>nmask=255.255.255.192
>>Password:
>>Anonymous login successful
>>Domain=[FCOR] OS=[Unix] Server=[Samba 2.2.8a based HP CIFS Server A.01.10]
>>
>> Sharename Type Comment
>> --------- ---- -------
>> tmp Disk Temporary file space
>> shared Disk shared file system
>> eas2 Disk shared file system
>> IPC$ IPC IPC Service (Samba Server)
>> ADMIN$ Disk IPC Service (Samba Server)
>>
>> Server Comment
>> --------- -------
>> FCOHPC Samba Server
>>
>> Workgroup Master
>> --------- -------
>> FCOR FCOHPC
>>
>><fcohpc>#./smbclient -I //fcohpc/eas2
>>added interface ip=207.133.248.67 bcast=207.133.248.127
>>nmask=255.255.255.192
>>
>>
>>Here are the log file messages, if this will help:
>>
>>log.nmbd
>>
>>[2003/12/10 11:44:06, 0] nmbd/nmbd_logonnames.c:(165)
>> add_domain_logon_names:
>> Attempting to become logon server for workgroup FCOR on subnet
>>207.133.248.67
>>[2003/12/10 11:44:10, 0] nmbd/nmbd_logonnames.c:(123)
>> become_logon_server_success: Samba is now a logon server for workgroup
>>FCOR on subnet 207.133.248.67
>>[2003/12/10 11:44:10, 0] nmbd/nmbd_responserecordsdb.c:(234)
>> find_response_record: response packet id 19749 received with no matching
>>record.
>>[2003/12/10 11:44:10, 0] nmbd/nmbd_responserecordsdb.c:(234)
>> find_response_record: response packet id 19750 received with no matching
>>record.
>>[2003/12/10 11:44:29, 0] nmbd/nmbd_become_lmb.c:(404)
>> *****
>>
>> Samba name server FCOHPC is now a local master browser for workgroup
FCOR
>>on subnet 207.133.248.67
>>
>> *****
>>
>>log.smbd
>>
>>[2003/12/10 11:44:06, 0] smbd/server.c:(793)
>> smbd version 2.2.8a based HP CIFS Server A.01.10 started.
>> Copyright Andrew Tridgell and the Samba Team 1992-2002
>>
>>
>>The mapping to XP still did not work, receiving the same error message :
>>"The mapped network drive could not be created because the following error
>>has occurred: The specified network name is no longer available."
>>
>>The IP address of the Windows XP is 158.8.203.58, I can ping the server
>>address, but I cannot browse to find the server from the map drive, I was
>>able to connect to the Samba share earlier when I was using the InterDrive
>>NFS product, but once I removed this I am unable to map this, so I am
>>curious why this is happening?
>>
>>Do you have any other ideas?
>>
>>Thanks,
>>
>>Dan
>>
>>-----Original Message-----
>>From: Edward [mailto:ed1901 at hotmail.com]
>>Sent: Wednesday, December 10, 2003 11:11 AM
>>To: COUNTERMAN, DANIEL (CONTRACTOR)
>>Subject: Re: [HPADM] Mapping Samba Share to XP
>>
>>
>>Hello Dan,
>>
>>I think you should start with commenting out the 'password server =' line
>>since you're using user level security.
>>
>>Furthermore, your Samba server has been setup to act as a domain
controller
>>(domain master = yes). If you are on a Windows network that already has a
>>PDC, you should not try becoming a domain controller. Try it with domain
>>master = no
>>Also, if you're using user level security I'm not sure if the [netlogon]
>>section might be a problem. Try it without just for fun.
>>
>>The password prompted for smbclient -L is irrelevant, you can just type
>>enter or the valid password of the actual current user. For the -L option
it
>>doesn't care.
>>Trying smbclient -L //fcohpc is a must, it will tell you if your Samba
>>server is accessible from the server itself. If so, you should expand by
>>trying to connect to a share, such as smbclient -I 127.0.0.1 //fcohpc/tmp
>>and if that works, step up by trying smbclient //fcohp/tmp.
>>
>>Judging from your smb.conf file, there is no share named 'eas2'. Perhaps
you
>>need to set it up (again). You do have a 'tmp' share, as well as a share
>>named 'shared'. You can try if you're able to connect to either one. You
can
>>also try to connect like \\12.345.67.89\tmp (i.e. using IP numbers instead
>>of servername) from the Windows client.
>>
>>The smb.conf manpage is highly recommended as a starting point.
>>
>>Best regards,
>>Edward
>>
>>----- Original Message -----
>>From: "COUNTERMAN, DANIEL (CONTRACTOR)" <DANIEL.COUNTERMAN at DFAS.MIL>
>>To: "Edward" <ed1901 at hotmail.com>
>>Sent: Wednesday, December 10, 2003 16:37
>>Subject: RE: [HPADM] Mapping Samba Share to XP
>>
>>
>>The command is prompting for a password:
>>
>><fcohpc>#./smbclient -L //fcohpc
>>added interface ip=207.133.248.67 bcast=207.133.248.127
>>nmask=255.255.255.192
>>Password:
>>
>>I am not sure what password it is asking for, I tried root and the
smbpasswd
>>I setup for user testcifs.
>>I am not sure if I setup the shares correctly as you indicated, do you
know
>>what I need to do to accomplish this?
>>
>>Here is my smb.conf file, anything that is not commented out is listed
>>below:
>>
>>
>>#======================= Global Settings
>>=====================================
>>[global]
>> netbios name = FCOHPC
>>
>># workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
>> workgroup = FCOR
>>
>># server string is the equivalent of the NT Description field
>> server string = Samba Server
>>
>># this tells Samba to use a separate log file for each machine
>># that connects
>> log file = /var/opt/samba/log.%m
>>
>># Put a capping on the size of the log files (in Kb).
>> max log size = 1000
>>
>># Security mode. Most people will want user level security. See
>># security_level.txt for details.
>> security = user
>># Use password server option only with security = server or domain
>> password server = *
>>
>># You may wish to use password encryption. Please read
>># ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
>># Do not enable this option unless you have read those documents
>> encrypt passwords = yes
>>
>># Most people will find that this option gives better performance.
>># See speed.txt and the manual pages for details
>> socket options = TCP_NODELAY
>> domain master = yes
>>
>># Preferred Master causes Samba to force a local browser election on
startup
>># and gives it a slightly higher chance of winning the election.
>> preferred master = yes
>>
>># Enable this if you want Samba to be a domain logon server for
>># Windows95 workstations.
>> domain logons = yes
>>
>> preserve case = yes
>> short preserve case = no
>>
>># This option is mainly used as a compatibility option for Visual C++
>># when used against Samba shares.
>> dos filetime resolution = yes
>>
>> read only = no
>> syslog = 0
>>
>>#============================ Share Definitions
>>==============================
>>[homes]
>> comment = Home Directories
>> browseable = no
>>[tmp]
>> comment = Temporary file space
>> path = /tmp
>> read only = no
>> guest account = nobody
>> guest ok = yes
>>
>># Un-comment the following and create the netlogon directory for Domain
>>Logons
>>[netlogon]
>> comment = Network Logon Service
>> path = /var/opt/samba/netlogon
>> read only = yes
>>
>>[shared]
>> comment = shared file system
>> path = /shared
>> guest account = nobody
>> guest ok = yes
>>
>>I am also not sure why nothing is listed in the log files. I looked under
>>/var/log/samba, but nothing has logged there at all.
>>
>>I appreciate all your help looking into this for me.
>>
>>-Dan
>>
>>
>>-----Original Message-----
>>From: Edward [mailto:ed1901 at hotmail.com]
>>Sent: Wednesday, December 10, 2003 10:26 AM
>>To: COUNTERMAN, DANIEL (CONTRACTOR)
>>Subject: Re: [HPADM] Mapping Samba Share to XP
>>
>>
>>Hello Dan,
>>
>>What do you see when you enter the following command from the Samba
server:
>> smbclient -L //yourserver
>>
>>You should see one or more shares, one or more servers and a workgroup,
>>something like:
>>
>>Domain=[MCCO-OFFICE] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix]
>>
>> Sharename Type Comment
>> --------- ---- -------
>> eas2 Disk
>> IPC$ IPC IPC Service (your comment here)
>> ADMIN$ Disk IPC Service (your comment here)
>>
>> Server Comment
>> --------- -------
>> THEPDC
>> FCOHPC your comment here
>>
>> Workgroup Master
>> --------- -------
>> THEWORKGROUP THEPDC
>>
>>If you don't see any shares, you haven't (properly) defined them (yet).
>>
>>Another thing could be that in some cases a so-called trust-relationship
has
>>to exist between the PDC and your Samba server.
>>
>>Is there anything useful in the log files, e.g. /var/log/samba/* ?
>>
>>Best regards,
>>Edward
>>
>>----- Original Message -----
>>From: "COUNTERMAN, DANIEL (CONTRACTOR)" <DANIEL.COUNTERMAN at DFAS.MIL>
>>To: "Edward" <ed1901 at hotmail.com>; "'Hpux-Admin (E-mail)"
>><hpux-admin at dutchworks.nl>; "UNIX-WIZ (E-mail)"
>><LISTSERV at LISTSERV.NODAK.EDU>
>>Sent: Wednesday, December 10, 2003 15:51
>>Subject: [HPADM] Mapping Samba Share to XP
>>
>>
>>
>>
>>>Thanks for responding. I was able to perform the nmblookup commands.
>>
>>However, I am still receiving the message:
>>
>>
>>>The mapped network drive could not be created because the following error
>>
>>has occurred:
>>
>>
>>>The specified network name is no longer available.
>>>
>>>
>>>I am not sure what to do at this point, I have looked at the samba docs
>>
>>and nothing really describes this error message, so any help would be
>>appreciated.
>>
>>
>>>Thanks,
>>>
>>>Dan
>>>-------------------------------------------------------------------------
-
>>
>>---------------------------------------
>>
>>
>>>Hello Dan,
>>>
>>>It may be that the Samba server could not announce itself to the Windows
>>>network or workgroup (Microsoft networks often use WINS or NetBIOS). By
>>
>>its
>>
>>
>>>nature, every Windows client must join the same Workgroup or Domain that
>>
>>the
>>
>>
>>>server does.
>>>I've had a similar situation where a Samba server was up and running just
>>>fine, except that Windows users could not see the server on the network.
>>
>>My
>>
>>
>>>workaround was to use a different broadcast address.
>>>
>>>First make sure your server is at least trying to announce itself
>>
>>properly:
>>
>>
>>>Check the smb.conf file for 'workgroup = <workgroup name>' , 'netbios
name
>>
>>=
>>
>>
>>><servername>' and 'remote announce = ...' and make sure they are correct.
>>
>>If
>>
>>
>>>not, corret them and restart the Samba service.
>>>
>>>Try the following statement on your Samba server:
>>> nmblookup -A 127.0.0.1
>>>
>>>Is your system listed? Good, Samba is up. Now try
>>> nmblookup `hostname`
>>>
>>>Do you get 'name_query failed to find name'? OK, then try
>>> nmblookup -B 255.255.255.255 `hostname`
>>>
>>>If your server is listed now, you have the same issue as I had.
>>>
>>>If this doesn't solve your problem, a good starting point is the Samba
>>>mailinglist archive at http://marc.theaimsgroup.com/?l=samba
>>>
>>>Best regards,
>>>Edward
>>>
>>>
>>>----- Original Message -----
>>>From: "COUNTERMAN, DANIEL (CONTRACTOR)" <DANIEL.COUNTERMAN at DFAS.MIL>
>>>To: "'Hpux-Admin (E-mail)" <hpux-admin at dutchworks.nl>
>>>Sent: Tuesday, December 09, 2003 20:12
>>>Subject: [HPADM] Mapping Samba Server to XP
>>>
>>>
>>>All,
>>>
>>>I received the following message trying to connect to a Samba share on a
>>>Windows XP client (attached in document). Is there anything I need to
>>
>>check
>>
>>
>>>as far as the Windows services or what I am doing wrong? I was able to
>>>connect to the Samba share using InterDrive NFS Client, however, the
>>
>>client
>>
>>
>>>does not want this software loaded, they want to use standard Window
>>>services, so any suggestions would be appreciated?
>>>
>>>
>>><<Doc1.zip>>
>>>
>>>Thanks,
>>>
>>>Dan
>>>-------------------------------------
>>>Daniel T. Counterman
>>>Systems Engineer (EDS)
>>>Vendor Pay EDM
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list