[Samba] RHEL4 and samba
Marcus O. White
1lnxraider at comcast.net
Thu Dec 29 10:34:22 GMT 2005
On Thu, 2005-12-15 at 12:03 -0500, Margaret_Doll wrote:
> On Thursday, December 15, 2005, at 11:56 AM, Philip Washington wrote:
>
> > Margaret_Doll wrote:
> >
> >>
> >> On Wednesday, December 14, 2005, at 04:42 PM, Philip Washington wrote:
> >>
> >>> Margaret_Doll wrote:
> >>>
> >>>>
> >>>>
> >>>> Begin forwarded message:
> >>>>
> >>>>> From: Margaret_Doll <Margaret_Doll at brown.edu>
> >>>>> Date: Wed Dec 14, 2005 1:09:24 PM US/Eastern
> >>>>> To: samba <samba at lists.samba.org>
> >>>>> Subject: [Samba] RHEL4 and samba
> >>>>>
> >>>>> I brought over the /etc/samba directory from a RHEL3 system to a
> >>>>> RHEL4 system.
> >>>>>
> >>>>> I disable selinux in case there was a problem with a port being
> >>>>> blocked
> >>>>>
> >>>>> iptables has port 139 and 445 enabled.
> >>>>>
> >>> open ports 137 and 138, I forget which one, but the
> >>> announcement is on one of these ports, you also need to check your
> >>> protocols tcp udp as far as iptables is concerned. Usually in
> >>> this cases I open up all protocols and the ports needed(check the
> >>> protocols udp and tcp on 139 445 also) and then start DROP ing or
> >>> REJECT ing ports-protocols until it breaks.
> >>> selinux should not be an issue with this.
> >>
> >>
> >> I opened the tcp, udp ports in the iptables, restarted iptables,
> >> restarted smb.
> >>
> >> I still have the same problems with nmbd. People can do a search
> >> for the server.nnn.nnn.edu and find themselves logged in, but the
> >> server in the Network Neighborhood is "not available" The printers
> >> from the Windows computers
> >> have to be created using the complete path of the server, ie.
> >> server.nnn.nnn.edu, instead of the samba name.
> >>
> >> iptables --list
> >> ...
> >> ACCEPT udp -- anywhere anywhere state
> >> NEW udp dpt:netbios-ns
> >> ACCEPT tcp -- anywhere anywhere state
> >> NEW tcp dpt:netbios-ns
> >> ACCEPT udp -- anywhere anywhere state
> >> NEW udp dpt:netbios-dgm
> >> ACCEPT tcp -- anywhere anywhere state
> >> NEW tcp dpt:netbios-dgm
> >> ACCEPT tcp -- anywhere anywhere state
> >> NEW tcp dpt:netbios-ssn
> >> ACCEPT udp -- anywhere anywhere state
> >> NEW udp dpt:netbios-ssn
> >>
> >>
> > Would it be possible to turn off iptables altogether and try.
> > service iptables stop
> > service smb restart
> > You may have to wait a few minutes for the master browser to pick it
> > up.
> >
> > Here is a copy of a simple smb.conf I have running on a test machine
> > running RHEL4
> > [global]
> > workgroup = COMPA
> > server string = Samba Server
> > interfaces = 10.10.10.167/24
> > log file = /var/log/samba/%m.log
> > max log size = 50
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > dns proxy = No
> > idmap uid = 16777216-33554431
> > idmap gid = 16777216-33554431
> > printer admin = @ntadmin, root
> > cups options = raw
> >
> > [homes]
> > comment = Home Directories
> > read only = No
> > browseable = No
> >
> > [printers]
> > comment = All Printers
> > path = /var/spool/samba
> > read only = No
> > guest ok = Yes
> > printable = Yes
> > default devmode = Yes
> > browseable = No
> >
> > [print$]
> > comment = Printer driver Download Area
> > path = /etc/samba/drivers
> > write list = @ntadmin, root, philip
> > guest ok = Yes
> >
> > [Shared]
> > path = /home/philip/SHARED
> > valid users = philip
> > read only = No
> > hosts allow = 10.10.10.169, 10.10.10.238
>
> I have tried it with selinux and iptables disabled or off. No
> difference.
> My smb.conf with the networks "x'd" out
>
>
> # Global parameters
> [global]
> workgroup = CHEMISTRY
> netbios name = CHEMPS
> server string = chemps - Chemistry Samba Server
> interfaces = 128.xxx.xxx.xxx/24 127.0.0.1
> smb passwd file = /etc/samba/smbpasswd
> min password length = 7
> log file = /var/log/samba/log.%m
> max log size = 50
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> dns proxy = No
> os level = 255
> preferred master = Yes
> domain master = Yes
> wins proxy = yes
> wins support = yes
> remote announce = 128.xxx.xxx.255/Chemistry
> 128.xxx.xxx.255/Chemistry 128.xxx.xxx.255/Chemistry
> 128.xxx.xxx.255/Chemistry 128.xxx.xxx.255/Chemistry
> invalid users = bin daemon sys adm tty disk lp mem kmem wheel
> mail news uucp man games gopher dip ftp floppy utmp xfs console
> pppusers popusers slipusers slocate gdm filesystem root
> valid users = @chemusers @geousers @users @stockroom @guest
> username map = /etc/samba/smbusers
> domain logons = yes
> guest account = xxxxxxx
> hosts allow = 128.148.124. 128.148.68. 128.148.116.
> 128.148.119. 128.148.171. 127.
> dos filetimes = Yes
> dos filetime resolution = Yes
> load printers = yes
> printing = cups
> printcap name = /etc/printcap
> use client driver = yes
>
> [homes]
> comment = Home Directories
> writeable = yes
> browseable = No
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> guest ok = Yes
> printable = Yes
> browseable = no
>
> [1-Mac]
> comment = Distributed Software for MacIntoshes
> path = /chemusers/1-Mac
> volume = Utilities for MacIntoshes
> guest ok = yes
> [1-Win]
> comment = Distributed Software for Windows
> path = /chemusers/1-Win
> volume = Utilities for Window Computers
> guest ok = yes
>
> [Milling]
> comment = Contains the drop boxes for Milling requests
> path = /chemusers/milling
> volume = Milling Drop Box
> writeable = yes
> valid users = @chemusers
> force group = chemusers
>
> [Stockroom]
> comment = Database for the Stockroom Applications
> path = /home/stockroom
> volume = Database for the Stockroom
> valid users = @stockroom
> writeable = yes
> create mask = 660
> directory mask = 0770
>
> [web pages]
> comment = Web pages for data transfer
> path = /home/httpd/html
> volume = Web pages for Chemistry
> guest ok = yes
> writeable = yes
>
>
>
> >
> >>>
> >>>>> I can see the server in the Windows Network Neighborhood but the
> >>>>> user cannot connect because they are unauthorized to attach from
> >>>>> their computer.
> >>>>>
> >>>>> Most of the test in the samba documentation work except.
> >>>>>
> >>>>> smbclient -L server -N
> >>>>>
> >>>>> shows no computers, but does show the shares and
> >>>>>
> >>>>> SERVER COMMENTS
> >>>>>
> >>>>> myserver server comments
> >>>>>
> >>>>> Workgroup Master
> >>>>> -------------
> >>>>>
> >>>>> myworkgroup
> >>>>> 2nd workgroup master2
> >>>>> 3rd workgroup master3
> >>>>>
> >>>>>
> >>>>> nmblookup -B myserver __SAMBA__
> >>>>> querying __SAMBA__ on correct ip address
> >>>>> name_query failed to find name __SAMBA__
> >>>>>
> >>>>> nmblooup -M myworkgroup
> >>>>> querying myworkgroup on mysubnet
> >>>>> ip address of a client myworkgroup<1d>
> >>>>>
> >>>>> "netstat -a" show netbios-ns
> >>>>>
> >>>>> What do I have set up incorrectly?
> >>>>>
> >>>>>
> >>>>> --
> >>>>
> >>>>
> >>>> I found that from the computers I cannot attach to the server
> >>>> through
> >>>> the network neighborhood. I can, however, log into the server
> >>>> if I do a search on the computer. So the server is not "announcing"
> >>>> itself.
> >>>>
> >>>> How do I fix this problem? Is this a firewall problem?
> >>>>
> >>>
> >>
> >
>
Please read
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2549966
It may help with your current problem...
Marcus O.
More information about the samba
mailing list