[Samba] Re: Samba/Firewall issues?

Paul Griffith paulg at cs.yorku.ca
Tue Oct 18 13:21:23 GMT 2005 

The setting are 

local master = yes
domain master = yes
perferred master = yes

One side affect I am seeing in users are getting "xxx" domain not
available error messages.

I am also going to try to pull smbd/nmbd out of xinetd and run them in
standalone mode. We are also running a very old dist. of Linux (Redhat
v7.3 with a newer kernel)

Still debugging this problem!

Thanks
Paul

On Wed, Oct 12, 2005 at 04:46:25PM +0100, Mark Waterhouse - Mailing Lists wrote:
> Paul
> 
> Can you confirm what your settings for "local master", "domain master" and 
> "preferred master" are?
> You should find these in /etc/smb.conf
> 
> Mark
> 
> ----- Original Message ----- 
> > Greetings,
> >
> > I am running into *possible* Samba/Firewall issues. Our Samba v3.0.11
> > server is also running iptables. In our log.nmbd file we have
> > noticed the following:
> >
> > [2005/09/27 15:43:41, 1] libsmb/cliconnect.c:cli_connect(1313)
> >  Error connecting to 130.xx.xx.xx (Connection refused)
> > [2005/09/27 15:50:21, 0] libsmb/nmblib.c:send_udp(790)
> >  Packet send failed to 130.xx.xx.xx(138) ERRNO=Operation not
> >  permitted
> >
> > [2005/09/27 14:07:57, 1] libsmb/cliconnect.c:cli_connect(1313)
> >  Error connecting to 130.xx.xx.xx (No route to host)
> > [2005/09/27 14:12:51, 1] libsmb/cliconnect.c:cli_connect(1313)
> >  Error connecting to 130.xx.xx.xx (Connection refused)
> > [2005/09/27 14:23:04, 1] libsmb/cliconnect.c:cli_connect(1313)
> >
> > A search turned up the following:
> > http://seclists.org/lists/bugtraq/2001/Mar/0285.html
> > ----------------
> > Obviously, the netfilter nat code breaks nmap while using the -O flag
> > or using decoy options. The (sendto in send_tcp_raw: sendto....) error is
> > a symptom of this. It also breaks other packet shaping utilities such
> > as hping, etc., so this does not appear to be an nmap problem.
> >
> >
> > I don't believe the connection tracking portion of netfilter is to
> > blame in this case. In my tests the connection tracking code, whether it 
> > was
> > loaded as a module or built statically into the kernel, didn't seem to
> > get in the way. The cause of the 'sendto..' errors seems to be caused
> > solely by the iptable_nat.o module(which is huge, of course). Once you
> > load that one, or build it into the kernel, "nmap -O" no
> > worky. Without it, nmap/hping/everything works just peachy.
> >
> >
> > Best Regards,
> > Steve
> > ---------
> >
> > Now I have removed iptable_nat with rmmod but I am still seeing
> > errors. For our end users the error shows up as XXXX Domain not found.
> >
> > Anyone see these errors before ??
> >
> > Thanks
> > Paul 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list