[Samba] RHEL4 and samba

Philip Washington phwashington at comcast.net
Fri Dec 16 18:30:51 GMT 2005


Margaret_Doll wrote:

>
> On Thursday, December 15, 2005, at 11:56 AM, Philip Washington wrote:
>
>> Margaret_Doll wrote:
>>
>>>
>>> On Wednesday, December 14, 2005, at 04:42 PM, Philip Washington wrote:
>>>
>>>> Margaret_Doll wrote:
>>>>
>>>>>
>>>>>
>>>>> Begin forwarded message:
>>>>>
>>>>>> From: Margaret_Doll <Margaret_Doll at brown.edu>
>>>>>> Date: Wed Dec 14, 2005  1:09:24 PM US/Eastern
>>>>>> To: samba <samba at lists.samba.org>
>>>>>> Subject: [Samba] RHEL4 and samba
>>>>>>
>>>>>> I brought over the /etc/samba directory from a RHEL3 system to a 
>>>>>> RHEL4 system.
>>>>>>
>>>>>> I disable selinux in case there was a problem with a port being 
>>>>>> blocked
>>>>>>
>>>>>> iptables has port 139 and 445 enabled.
>>>>>>
>>>>      open ports 137 and 138, I forget which one, but the 
>>>> announcement is on one of these ports, you also need to check your 
>>>> protocols tcp udp as far as iptables is concerned.      Usually in 
>>>> this cases I open up all protocols and the ports needed(check the 
>>>> protocols udp and tcp on 139 445 also)  and then start DROP ing or 
>>>> REJECT ing  ports-protocols until it breaks.
>>>>       selinux should not be an issue with this.
>>>
>>>
>>>
>>> I opened the tcp, udp ports in the iptables, restarted iptables, 
>>> restarted smb.
>>>
>>> I still have the same problems with nmbd.   People can do a search 
>>> for the server.nnn.nnn.edu and find themselves logged in, but the 
>>> server in the Network Neighborhood is "not available"   The printers 
>>> from the Windows computers
>>> have to be created using the complete path of the server, ie. 
>>> server.nnn.nnn.edu, instead of the samba name.
>>>
>>> iptables --list
>>> ...
>>> ACCEPT     udp  --  anywhere             anywhere            state 
>>> NEW udp dpt:netbios-ns
>>> ACCEPT     tcp  --  anywhere             anywhere            state 
>>> NEW tcp dpt:netbios-ns
>>> ACCEPT     udp  --  anywhere             anywhere            state 
>>> NEW udp dpt:netbios-dgm
>>> ACCEPT     tcp  --  anywhere             anywhere            state 
>>> NEW tcp dpt:netbios-dgm
>>> ACCEPT     tcp  --  anywhere             anywhere            state 
>>> NEW tcp dpt:netbios-ssn
>>> ACCEPT     udp  --  anywhere             anywhere            state 
>>> NEW udp dpt:netbios-ssn
>>>
>>>
>> Would it be possible to turn off iptables altogether and try.
>> service iptables stop
>> service smb restart
>> You may have to wait a few minutes for the master browser to pick it up.
>>
>> Here is a copy of a simple smb.conf I have running on a test machine 
>> running RHEL4
>> [global]
>>        workgroup = COMPA
>>        server string = Samba Server
>>        interfaces = 10.10.10.167/24
>>        log file = /var/log/samba/%m.log
>>        max log size = 50
>>        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>        dns proxy = No
>>        idmap uid = 16777216-33554431
>>        idmap gid = 16777216-33554431
>>        printer admin = @ntadmin, root
>>        cups options = raw
>>
>> [homes]
>>        comment = Home Directories
>>        read only = No
>>        browseable = No
>>
>> [printers]
>>        comment = All Printers
>>        path = /var/spool/samba
>>        read only = No
>>        guest ok = Yes
>>        printable = Yes
>>        default devmode = Yes
>>        browseable = No
>>
>> [print$]
>>        comment = Printer driver Download Area
>>        path = /etc/samba/drivers
>>        write list = @ntadmin, root, philip
>>        guest ok = Yes
>>
>> [Shared]
>>        path = /home/philip/SHARED
>>        valid users = philip
>>        read only = No
>>        hosts allow = 10.10.10.169, 10.10.10.238
>
>
> I have tried it with selinux and iptables disabled or off.  No 
> difference.
> My smb.conf with the networks "x'd" out
>
>
> # Global parameters
> [global]
>         workgroup = CHEMISTRY
>         netbios name = CHEMPS
>         server string = chemps - Chemistry Samba Server
>         interfaces = 128.xxx.xxx.xxx/24 127.0.0.1
>         smb passwd file = /etc/samba/smbpasswd
>         min password length = 7
>         log file = /var/log/samba/log.%m
>         max log size = 50
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         dns proxy = No
>         os level = 255

This is high, I have never seen a setting above 99 but this may work, 
I've just never tried it and don't know whether there is an upper limit.

>         preferred master = Yes
>         domain master = Yes
>         wins proxy = yes
>         wins support = yes
>         remote announce = 128.xxx.xxx.255/Chemistry 
> 128.xxx.xxx.255/Chemistry 128.xxx.xxx.255/Chemistry 
> 128.xxx.xxx.255/Chemistry 128.xxx.xxx.255/Chemistry

I'm assuming Chemistry is a typo.

>
>         invalid users = bin daemon sys adm tty disk lp mem kmem wheel 
> mail news uucp man games gopher dip ftp floppy utmp xfs console 
> pppusers popusers slipusers slocate gdm filesystem root
>         valid users = @chemusers @geousers @users @stockroom @guest
>         username map = /etc/samba/smbusers
>         domain logons = yes
>         guest account = xxxxxxx
>         hosts allow = 128.148.124. 128.148.68. 128.148.116. 
> 128.148.119. 128.148.171. 127.  

do you have routes set for all of these networks?
Do the computers/clients on all these subnets have routes and settings 
for the  WINS server?
Okay I reread what you posted and I think I answered 1 1/2 of my own 
questions, you do have routes set.  It appears that the clients are 
getting information from the DNS, but are not getting WINS information?  
(Were the netbios name resolutions changed in DHCP when you did the 
transfer from RHEL3 to RHEL4? Is this the same computer and IP address 
as what you were using before?)

The other problem I have seen from what you describe is that when 
clicking on network neighborhood the client sees error no route to 
host?  I have found on occasions that this is caused by the Samba server 
not being able to resolve back to the client.   I found this out by 
putting IPAddress of CLIENTNOTWORKING in the /etc/host file and then 
going back to the client and trying again.
Basically are the clients using this as there WINS server?  If they are, 
are the clients showing up in the wins.dat file?  Is your server showing 
up on the wins.dat file?
Can you look and see which computer is the master browser on your 
network ( I have had problems with W9x computers becoming the master 
browser and messing up network browsing)? 

Sorry you're having so many problems. I don't see a magic bullet to fix 
your problem right now.   I'll try to look into it some more when I get 
time, which may be until sometime this weekend.

>         dos filetimes = Yes
>         dos filetime resolution = Yes
>         load printers = yes
>         printing = cups
>         printcap name = /etc/printcap
>         use client driver = yes
>
> [homes]
>         comment = Home Directories
>         writeable = yes
>         browseable = No
>
> [printers]
>         comment = All Printers
>         path = /var/spool/samba
>         guest ok = Yes
>         printable = Yes
>         browseable = no
>
> [1-Mac]
>         comment = Distributed Software for MacIntoshes
>         path = /chemusers/1-Mac
>         volume = Utilities for MacIntoshes
>         guest ok = yes
> [1-Win]
>         comment = Distributed Software for Windows
>         path = /chemusers/1-Win
>         volume = Utilities for Window Computers
>         guest ok = yes
>
> [Milling]
>         comment = Contains the drop boxes for Milling requests
>         path = /chemusers/milling
>         volume = Milling Drop Box
>         writeable = yes
>         valid users = @chemusers
>         force group = chemusers
>
> [Stockroom]
>         comment = Database for the Stockroom Applications
>         path = /home/stockroom
>         volume = Database for the Stockroom
>         valid users = @stockroom
>         writeable = yes
>         create mask = 660
>         directory mask = 0770
>
> [web pages]
>         comment = Web pages for data transfer
>         path = /home/httpd/html
>         volume = Web pages for Chemistry
>         guest ok = yes
>         writeable = yes
>
>
>
>>
>>>>
>>>>>> I can see the server in the Windows Network Neighborhood but the 
>>>>>> user cannot connect because they are unauthorized to attach from 
>>>>>> their computer.
>>>>>>
>>>>>> Most of the test in the samba documentation work except.
>>>>>>
>>>>>> smbclient -L server -N
>>>>>>
>>>>>> shows  no computers, but does show the shares and
>>>>>>
>>>>>> SERVER        COMMENTS
>>>>>>
>>>>>> myserver        server comments
>>>>>>
>>>>>> Workgroup    Master
>>>>>> -------------
>>>>>>
>>>>>> myworkgroup
>>>>>> 2nd workgroup        master2
>>>>>> 3rd workgroup        master3
>>>>>>
>>>>>>
>>>>>> nmblookup -B myserver  __SAMBA__
>>>>>> querying __SAMBA__ on correct ip address
>>>>>> name_query failed to find name __SAMBA__
>>>>>>
>>>>>> nmblooup -M myworkgroup
>>>>>> querying myworkgroup on mysubnet
>>>>>> ip address of a client myworkgroup<1d>
>>>>>>
>>>>>> "netstat -a" show netbios-ns
>>>>>>
>>>>>> What do I have set up incorrectly?
>>>>>>
>>>>>>
>>>>>> -- 
>>>>>
>>>>>
>>>>>
>>>>> I found that from the computers I cannot attach to the server through
>>>>> the network neighborhood.  I can, however,  log into the server
>>>>> if I do a search on the computer.  So the server is not "announcing"
>>>>> itself.
>>>>>
>>>>> How do I fix this problem?  Is this a firewall problem?
>>>>>
>>>>
>>>
>>
>
>



More information about the samba mailing list