[Samba] Samba and ufw
L.P.H. van Belle
belle at bazuin.nl
Fri Feb 8 16:24:28 UTC 2019
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Martin McGlensey via samba
> Verzonden: vrijdag 8 februari 2019 15:54
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba and ufw (mmcg29440 at frontier.com)
> Thank you for all your help, I agree that this is not a Samba issue.
> Given rhat it works without the firewall. It' either a ufw or Windows
> 8.1 issue.
> Applied the rules you suggested to ufw exactly as written. No change.
> Still cannot connect with firewall enabled. Same error mesage
> as before
> "Cannot mount location ...". ufw log set to medium and copied below.
Ok, win 8.1, hmm, im about 90% sure its you windows 8.1
If your able to, try win10 install it in a vm, no key needed, you can test 2-3 days with it.
Ok, To rull out samba.
ufw logging medium # if not done
# insert as first rule, this rule.
ufw insert 1 allow in on enp2s5 from 192.168.254.15 to 192.168.254.39
ufw insert 2 allow in on enp2s5 from 192.168.254.39 to 192.168.254.15
This should allow the pc (192.168.254.15) full accesss to the server 192.168.254.39
So change these ips if i guessed wrong.
Tail the firewall logs and now connect again.
Does it work?
No, is nmbd running, if not, start it, try again.
ufw delete 1
ufw delete 1
( yes 2x delete 1 , remove the 2 rules inserted above first. )
ufw insert 1 allow in on enp2s5 proto tcp from 192.168.254.0/24 to 192.168.254.39 port 139,445
ufw insert 2 allow in on enp2s5 proto udp from 192.168.254.0/24 to 192.168.254.39 port 137,138
Try again, not working, now add this line: ( yes, keep insert 1 in these line )
ufw insert 1 allow in on enp2s5 proto tcp from 192.168.254.0/24 to 192.168.254.39 port 1024:1300,49152:65535
ufw insert 1 allow in on enp2s5 proto tcp from 192.168.254.39 to 192.168.254.0/24 port 1024:1300,49152:65535
If not working remove the 5 lines again.
( 5x : ufw delete 1 )
Still not working, read if this applies to you.
Not, check and if not enabled,.. SMB1.
(Control Panel\All Control Panel Items\Programs and Features -> "Turn Windows features on or off" -> "SMB1.0/CIFS File Sharing Support")
for some reason not all Windows 8.1 versions have that feature enabled by default
Other option, this might really be a windows problem, i dont know win8.x that good i've skipped that one.
But you can try this:
Press Win+R to open the "Run" dialog.
Either way type gpedit.msc and if it appears in the first case or you're able to run it do so.
Then navigate to Local Computer Policy -> Windows Settings -> Security Settings ->
Local Policies -> Security Options.
There locate Network security: LAN Manager authentication level and change it
to whatever of the 6 options works for you.
Start with: Send NTLMv2 response only
Ps. Reply probely on Monday.
More information about the samba