[Samba] Samba and ufw

L.P.H. van Belle belle at bazuin.nl
Fri Feb 8 16:24:28 UTC 2019


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Martin McGlensey via samba
> Verzonden: vrijdag 8 februari 2019 15:54
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba and ufw (mmcg29440 at frontier.com)
> Rowland,
> Thank you for all your help, I agree that this is not a Samba issue. 
> Given rhat it works without the firewall. It' either a ufw or Windows 
> 8.1 issue.
> Louis,
> Applied the rules you suggested to ufw exactly as written. No change. 
> Still cannot connect with firewall enabled. Same error mesage 
> as before 
> "Cannot mount location ...". ufw log set to medium and copied below.

Ok, win 8.1, hmm, im about 90% sure its you windows 8.1 
If your able to, try win10 install it in a vm, no key needed, you can test 2-3 days with it.

Ok, To rull out samba. 

ufw logging medium  # if not done 

# insert as first rule, this rule. 
ufw insert 1 allow in on enp2s5 from to
ufw insert 2 allow in on enp2s5 from to

This should allow the pc (  full accesss to the server
So change these ips if i guessed wrong. 

Tail the firewall logs and now connect again.

Does it work? 
No, is nmbd running, if not, start it, try again. 

Then : 
ufw delete 1
ufw delete 1
( yes 2x delete 1 , remove the 2 rules inserted above first. ) 

Now these. 
ufw insert 1 allow in on enp2s5 proto tcp from to port 139,445
ufw insert 2 allow in on enp2s5 proto udp from to port 137,138

Try again, not working, now add this line:  ( yes, keep insert 1 in these line ) 

ufw insert 1 allow in on enp2s5 proto tcp from to port 1024:1300,49152:65535
ufw insert 1 allow in on enp2s5 proto tcp from to  port 1024:1300,49152:65535

Try again. 
If not working remove the 5 lines again. 
( 5x : ufw delete 1 ) 

Still not working, read if this applies to you.

Not, check and if not enabled,.. SMB1. 

(Control Panel\All Control Panel Items\Programs and Features -> "Turn Windows features on or off" -> "SMB1.0/CIFS File Sharing Support")
for some reason not all Windows 8.1 versions have that feature enabled by default

Other option, this might really be a windows problem, i dont know win8.x that good i've skipped that one. 
But you can try this:  
Press Win+R to open the "Run" dialog. 
Either way type gpedit.msc and if it appears in the first case or you're able to run it do so.

Then navigate to Local Computer Policy -> Windows Settings -> Security Settings -> 
Local Policies -> Security Options.
There locate Network security: LAN Manager authentication level and change it 
to whatever of the 6 options works for you. 

Start with:  Send NTLMv2 response only 

Good luck. 

Ps. Reply probely on Monday. 



More information about the samba mailing list