[Samba] Samba and UFW

mmcg29440 at frontier.com mmcg29440 at frontier.com
Thu Jan 31 16:43:37 UTC 2019 

OK Guys this where we are now. The hostname on the Mint 19.1 PC was a
combination of the user name and the PC model. I changed it to "radio". That
plus the user name gives "martin at radio". That  is twelve characters long. No
change. Still not able to mount network.

Removed netbios name from smb.conf. No change.

Set Windows app to no smb/ctif sharing. Got nothing when trying to mount
network on Linux PC. When enabled can connect with firewall off.

Removed client max protocol = NT1 from smb.conf. No change.

Redid fire wall rules:
	Allow in from anywhere	
	137,138 udp
	139,445 tcp
	Allow out
	137,138 udp
	139,445 tcp

	Same for 137,138(6) etc.

No change.

The ip_modules loaded are listed below:

martin at radio:~$ lsmod | grep -E "nf_|xt_|ip"
ip6t_REJECT            16384  1
nf_reject_ipv6         16384  1 ip6t_REJECT
nf_log_ipv6            16384  10
xt_hl                  16384  22
ip6t_rt                16384  3
nf_conntrack_ipv6      20480  11
nf_defrag_ipv6         36864  1 nf_conntrack_ipv6
ipt_REJECT             16384  1
nf_reject_ipv4         16384  1 ipt_REJECT
xt_comment             16384  4
nf_log_ipv4            16384  10
nf_log_common          16384  2 nf_log_ipv4,nf_log_ipv6
xt_LOG                 16384  20
xt_multiport           16384  4
xt_limit               16384  21
xt_tcpudp              16384  18
xt_addrtype            16384  4
nf_conntrack_ipv4      16384  11
nf_defrag_ipv4         16384  1 nf_conntrack_ipv4
xt_conntrack           16384  22
ip6table_filter        16384  1
ip6_tables             28672  1 ip6table_filter
nf_conntrack_netbios_ns    16384  0
nf_conntrack_broadcast    16384  1 nf_conntrack_netbios_ns
nf_nat_irc             16384  0
nf_conntrack_irc       16384  1 nf_nat_irc
nf_nat_ftp             16384  0
nf_nat                 32768  2 nf_nat_irc,nf_nat_ftp
nf_conntrack_ftp       20480  1 nf_nat_ftp
nf_conntrack          131072  10
xt_conntrack,nf_conntrack_ipv6,nf_nat_irc,nf_conntrack_ipv4,nf_nat,nf_nat_ft
p,nf_conntrack_netbios_ns,nf_conntrack_broadcast,nf_conntrack_irc,nf_conntra
ck_ftp
libcrc32c              16384  2 nf_conntrack,nf_nat
iptable_filter         16384  1
ip_tables              28672  1 iptable_filter
x_tables               40960  15
ip6table_filter,xt_conntrack,iptable_filter,xt_LOG,xt_multiport,xt_tcpudp,xt
_addrtype,ip6t_rt,xt_comment,ip6_tables,ipt_REJECT,ip_tables,xt_limit,xt_hl,
ip6t_REJECT
martin at radio:~$

I have not added the lines iptables -t raw -A output --port 137 --JCT
--helper netbios-ns or the lines suggested be Reinld. I'll try them if you
all think
it might help.

Maybe we should go back to the original error "Cannot mount location Failed
to  retrieve share list from server  no such file or directory". The
solution may be so simple that we are overlooking it.

Thanks for your continued patience and help with this issue. 

Regards,

Marty




-----Original Message-----
From: mmcg29440 at frontier.com <mmcg29440 at frontier.com> 
Sent: Wednesday, January 30, 2019 9:17 AM
To: 'Rowland Penny' <rpenny at samba.org>; samba at lists.samba.org
Subject: Re: [Samba] Samba and UFW

Rowland,

The computer name 'martin-RB042AV-ABA-a1410y' was set by Linux Mint when it
was installed. I'm not sure I can change it. I check it on the Mint forum.
I'll turn off the smb... feature and see what happens. Yes the ports listed
below are open and set to pass through the firewall. Should I unset the
netbios name". Going to try the modification to the ufw rules file as
suggested by Reinl.

Regards,

Marty

-----Original Message-----
From: Rowland Penny <rpenny at samba.org>
Sent: Tuesday, January 29, 2019 10:49 AM
To: samba at lists.samba.org
Subject: Re: [Samba] Samba and UFW

On Tue, 29 Jan 2019 10:19:30 -0500
Marty via samba <samba at lists.samba.org> wrote:

> Rowland,
> 
>  
> 
> I found the reason for the "wrong argument" error. The windows 
> firewall was set to block remote connections. Fixed that now I'm able 
> to connect to the network. Now I'm back to the original problem. That 
> is I cannot connect to the windows network with ufw enabled. Error 
> "Cannot mount location - file or directory does not exist". If I press 
> ok the error repeats. If I disable ufw I can connect to the mount the 
> Windows network and browse it with no problem. If I enable ufw after 
> the network is mounted I still can browse it. Samba is running as a 
> stand alone server on a Linux PC. OS is Mint 19.1. I have no problem 
> accessing the Linux PC from it's console. That is the one I'm trying 
> to connect to the windows network and another PC running Mint 18.1.
> martin-RB042AV-ABA-a1410y is the Linux computer's name. I have reset 
> the netbios name to OFFICE which is the name of the Windows PC. Also 
> rest workgroup to WORKGROUP. I do not see any reference to host name 
> in smb.conf. Do I have to add it? What about sambapsswd should I add 
> Linux user there?
> 

First who set the the computers hostname to 'martin-RB042AV-ABA-a1410y' ?

There are two 'netbios' names'
The 'netbios name' which is the computers short hostname The 'netbios domain
name' which is the computers dns domain name.

You can set 'netbios name' in smb.conf, but if it isn't set, Samba will set
it for you. Well it would normally, except that it has to be 15 characters
or less and yours is 25 characters. You need to shorten the hostname.

> 
> Windows feature smb 1.0/cifs sharing is on. 

For security, you should turn it off, but then networking browsing will not
work, you will need to map drives etc.

>I'll try removing the
> entry that forces smb1 in smb.conf and let it default to smb2/3. Not  
>sure how to use SSL. I'll try the other suggestions from others.

Are these ports open on the Mint machine:

135 	tcp
137 	udp
138 	udp
139 	tcp
445 	tcp 

Rowland

More information about the samba mailing list