[Samba] smbclient sending ICMP unreachable destination host(administratively prohibited)

Scott Lovenberg scott.lovenberg at gmail.com
Wed Jul 2 18:38:41 GMT 2008

Mohammed El-Afifi wrote:
> I'm using fedora 9, 64-bit edition, on a machine acting as a client. I've installed samba-client 3.2.0 from a binary package. I amn't running the server portion of samba(smbd, nmbd, or even winbindd).
> I'm trying to access shares on another windows machine, on the same network Both machines, the client and the server, are using DHCP to acquire IP addresses.
> When I type the command
> smbclient -L <windows host name>
> I get an error about bad network name. I traced my smbclient session with tcpdump and wireshark, jut to find out some strange behaviour. 
> 	1. smbclient tries DNS requests and receives unresolved host replies. This's totally sane since my DNS works for resolving external names only, not those inside my network.
> 	2. smbclient then tries to resolve the netbios name. It broadcasts a message and it really receives response from the windows machine resolving the name successfully. However after smbclient receives the successful netbios response, it sends and ICMP message to the windows machine indicating "unreachable destination host(administratively prohibited)".
> 	3. Steps 1 and 2 repeat for a few times(about 3 times), each time ending with the strange ICMP message.
> I can't see what's wrong with my network configuration. I can access the other windows machine by IP address pretty well. I can access all internet sites successfully. I've disabled the kernal firewall and selinux, but with no progress.
> I've redhat 9(installed on the same machine having fedora 9) with samba-client installed(a very old version of course, 2.2 maybe), and it can access the windows machine seamlessly. So I wonder if it's something related to my samba version, my fedora 9 OS, or may I be missing something critical in my smb.conf, taking into consideration that I haven't changed smb.conf from the stock one shipping with the samba-client binary package?
> Appreciating your help for any suggestions!
Perhaps a routing problem?  Does either machine have multiple network 
cards?  If you're not using wireless, make sure that the NetworkManager 
service is disabled; I've had nothing but problems with it in F9. 

Also, is the ICMP response in regards to Windows trying to make a 
connection on ports 139 and 445 at the same time?  For some silly reason 
Windows will open two connections at the same time.  I believe that the 
default samba (server) setting is to drop the port 445 requests and use 
the port 139 connections.

More information about the samba mailing list