That suggests either a configuration difference with some of the win 7
machines or a difference with some of the AD accounts for the machines.
On the NAS, does the "getent passwd" command display user and machine
accounts? Is it may be showing only some machine accounts and not
others? It might be possible that samba has been unable to account an
idmap entry for newer machines. All though I would think this would
affect authentication issues, not connection issues. I have found
idmapping to be one of the less reliable functions in samba.
Are all the Win 7 machines configured with identical network settings
(apart from the IP address itself of course.) this should be the case if
you use DHCP.
Are their any security settings on the problem Win 7 machines that are
different? If you use gpedit.msc -> computer -> security settings ,
you may want to review things like NTLMv2 settings. Are all the
machine accounts in the same AD container ?
If this is all AD, then you should not need to use WINS. Although it may
also help resolve confusion about which machine is the local master
browser. Which shouldn't really matter either. I use samba 3.x as a
non-AD PDC so the WINS and browser stuff is more important.
Is the Microsoft server is the AD PDC it may expect to be the local
master browser. I think there can only be one local master browser per
subnet. And if you look thru the nmbd logs (?) on the NAS as well as
the logs on the Win 2008 server . you may see results of a browser
election.
the "testparm -v" will show you all the config settings, including those
set by default even if not explicitly set in smb.conf
On 05/13/13 08:44, Ed Strong wrote:
Hi,
all XP clients work fine. As do most win 7 clients. Just a handful of
win7 clients have this issue.
We only have one Microsoft server: 2008 R2, it does not have the WINS
server feature installed.
The qnap box is called saturn and is a member of the domain
telnet saturn 139
results in blank screen, blinking cursor so port open I guess.
NAS uses our Microsoft server for it's DNS and registers itself in DNS
Also on the NAS I have:
Enable WINS server NOT checked
Local master browser checked
Allow only NTLMv2 authentication NOT checked
DNS has a reverse lookup zone with a PTR record for client
This is my foray into samba so I'm not familiar with the config file
structure but here is the global
section:
[global]
log level = 3
passdb backend = smbpasswd
workgroup = OUR_DOMAIN
security = ADS
server string =
encrypt passwords = Yes
username level = 0
map to guest = Bad User
null passwords = yes
max log size = 50
socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=262144
SO_RCVBUF=131072
os level = 20
preferred master = no
dns proxy = No
smb passwd file=/etc/config/smbpasswd
username map = /etc/config/smbusers
guest account = guest
directory mask = 0777
create mask = 0777
oplocks = yes
locking = yes
disable spoolss = yes
load printers = no
display charset = UTF8
force directory security mode = 0000
veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network
Trash Folder/Temporary
Items/TheVolumeSettingsFolder/.@__thumb/.@__desc/:2e*/
delete veto files = yes
map archive = no
map system = no
map hidden = no
map read only = no
deadtime = 10
use sendfile = yes
unix extensions = no
store dos attributes = yes
client ntlmv2 auth = yes
dos filetime resolution = no
inherit acls = yes
wide links = yes
force unknown acl user = yes
template homedir = /share/homes/DOMAIN=%D/%U
domain logons = no
min receivefile size = 4096
case sensitive = auto
domain master = auto
local master = yes
enhance acl v1 = yes
remove everyone = yes
kernel oplocks = no
mangled names = no
realm = OUR_DOMAIN.local
password server = SERVER.OUR_DOMAIN.local
pam password change = yes
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 3600
idmap uid = 400001-500000
idmap gid = 400001-500000
idmap config OUR_DOMAIN : backend = rid
idmap config OUR_DOMAIN : range = 10000001-20000000
wins support = no
name resolve order = host bcast
On 10 May 2013 16:19, Gaiseric Vandal <gaiseric.van...@gmail.com
<mailto:gaiseric.van...@gmail.com>> wrote:
Are XP clients having the same problem? Trying with an XP
client would help indicate if there was something specific to XP.
(I skipped vista.)
Can you check in smb.conf
- is the server a member server, AD member server, standalone
server, or domain controller.
- Are ports explicitly defined
- how is name resolution configured?
- is NTLMv2 required (I couldn't get NTLMv2 support working.)
Domain membership shouldn't matter at this point since you aren't
even getting to the authentication phase.
Can you telnet port 139 to make sure it is open?
Do you have a WINS server defined? If so make sure client and
NAS are using the same WINS server. Is your NAS configured to
use a DNS server? Do you have a reverse lookup zone defined in
DNS? the NAS maybe trying to do a reverse lookup on the IP of
the client. There doesn't need to be a PTR entry for the client
but you are least want the zone. If DNS tries to lookup an IP
and gets an immediate "host not found" that is OK. If it times
out because it can't even locate a DNS server then that could
cause problems for other services dependent on DNS.
On 05/10/13 10:58, Ed Strong wrote:
Hi,
Thanks for the info, I'm replying to you in gmail to
samba@lists.samba.org <mailto:samba@lists.samba.org>,
hope that is correct ?
Yes I can edit the config file on the NAS
Looking at the network packets all communication to NAS seems
to be on port
microsoft-ds (445)
I can't see any traffic on ports 137/138/139
If i use the IP I get exactly the same error :(
On 10 May 2013 15:01, Gaiseric Vandal
<gaiseric.van...@gmail.com <mailto:gaiseric.van...@gmail.com>>
wrote:
I think the "Error was Transport endpoint is not
connected" warnings are
sometimes misleading. Do you have any control over the
samba config
(smb.conf) on the NAS ? On regular samba installs,
changing the default
port settings can cause more problems.
Windows 7 will try to connect on port 445 (SMB or CIFS
over tcp/ip), and
will then reconnect to ports 137/138/139 (SMB over netbios
over tcp/ip)
since samba 3.x doesn't handle the newer SMB-over-tcp/ip.
Disabling
445 on the server seems to cause more problems than it solves.
Are you able to connect via IP ? e.g net use
\\qnap_ip\share ?
I had problems in the past when I disabled port 445 on
samba servers.
Remote users (no netbios broadcasts permitted) could
connect via IP but
not via name. For the name only connections, packet
monitoring would
show packets getting thru the the server but the exchange
between client
and server not being completed. For clients connecting
via IP, the client
would send packets to server, server respond, and then
clients responded.
On 05/07/13 03:53, Ed Strong wrote:
Hi,
I'm re-posting this (with some more info) as I don't
think the original
got
through as I wasn't
signed up to the samba list.
this is my first foray in samba (and newsgroups) so go
easy :)
I've started reading the o'reilly samba book but
finding it hard going.
Anyway I'm trying to map a network drive from a
windows 7 pro client to a
QNAP NAS with the command:
net use s: \\qnap\share
I've posted on several forums and got good advice but
the problem remains.
Rather than repost all the detail, please see my
original posts:
http://forum.qnap.com/**viewtopic.php?f=185&t=74639<http://forum.qnap.com/viewtopic.php?f=185&t=74639>
http://social.technet.**microsoft.com/Forums/en-US/**
<http://microsoft.com/Forums/en-US/**>
winservergen/thread/11d35b0c-**ac95-489f-b5d1-0486b9774603<http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/11d35b0c-ac95-489f-b5d1-0486b9774603>
http://www.edugeek.net/forums/**windows-7/112309-map-network-**
drive-nas-but-get-error-64-58-**a.html<http://www.edugeek.net/forums/windows-7/112309-map-network-drive-nas-but-get-error-64-58-a.html>
I've managed to ssh onto the QNAP via putty and found
this in the logs
(getpeername failed)
[/var/log] # pwd
/var/log
[/var/log] # tail -f log.smbd
[2013/05/01 09:36:17.135999, 0]
lib/util_sock.c:474(read_fd_
with_timeout)
[2013/05/01 09:36:17.136096, 0]
lib/util_sock.c:1440(get_peer_**addr_internal)
getpeername failed. Error was Transport endpoint
is not connected
read_fd_with_timeout: client 0.0.0.0 read error =
Connection reset by
peer.
[2013/05/01 09:36:17.137700, 1]
smbd/server.c:299(remove_**child_pid)
Scheduled cleanup of brl and lock database after
unclean shutdown
[2013/05/01 09:36:17.178522, 1]
smbd/service.c:1073(make_**
connection_snum)
172.24.120.139 (172.24.120.139) connect to service
Staff initially as
user DOMAIN+admin (uid=10001423, gid=10000514) (pid
25771)
[2013/05/01 09:36:17.179093, 0]
lib/util_sock.c:474(read_fd_**
with_timeout)
[2013/05/01 09:36:17.179173, 0]
lib/util_sock.c:1440(get_peer_**addr_internal)
getpeername failed. Error was Transport endpoint
is not connected
read_fd_with_timeout: client 0.0.0.0 read error =
Connection reset by
peer.
[2013/05/01 09:36:17.179289, 1]
smbd/service.c:1254(close_**cnum)
172.24.120.139 (172.24.120.139) closed connection
to service Staff
[2013/05/01 09:36:37.142714, 1]
smbd/server.c:272(cleanup_**timeout_fn)
Cleaning up brl and lock database after unclean
shutdown
The QNAP's samba version appears to be 3.5.2:
[/var/log] # ps -ef | grep smb
4016 admin 3104 S
/usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
4017 admin 3728 S
/usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
4366 admin 1840 S
/usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
4877 admin 3300 S
/usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
4902 admin 3952 S
/usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
4978 admin 4132 S /usr/local/samba/sbin/smbd
-l /var/log -D -s
/etc/config/smb.conf
4979 admin 3356 S
/usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
4980 admin 1224 S
/usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
4995 admin 1016 S /usr/local/samba/sbin/smbd
-l /var/log -D -s
/etc/config/smb.conf
5063 admin 2068 S
/usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
9509 admin 1664 S /usr/local/samba/sbin/nmbd
-l /var/log -D -s
/etc/config/smb.conf
25540 admin 544 S grep smb
[/var/log] # /usr/local/samba/sbin/smbd -V
Version 3.5.2
I've also installed MS network monitor on two clients
and did a capture
whilst running the command
net use s:\ \\saturn\staff
I've posted three screenshots here:
https://plus.google.com/**photos/108734482620454690509/**
albums/5875135861918839393?**authkey=CJ3lwKu2xJqMyQE<https://plus.google.com/photos/108734482620454690509/albums/5875135861918839393?authkey=CJ3lwKu2xJqMyQE>
Basically, Worked.png shows the SMB frames on a PC
where the net use
command worked
and Failed.png shows the SMB frames on a PC where the
net use command did
not work
It looks to me like the first 6 SMB frames are
identical. Then things
start
to change
On the working client we continue with frame 10113
which is a
Dfsc: Get DFS Referral Request
but the failing client continues with some TCP frames (see
tcp-frames154-157.png) 154 to 157
before it seems to start the negotiation again at
frame 158
Not sure how to troubleshoot this further so any
advice welcome.
Thanks
Ed
PS I initially tried to post this on google group
linux.samba but was
rejected by the
moderation robot which said "Please submit your
message to the mailing
list
address".
I did this with attached png's but failed due to file
size so hopefully
3rd
time lucky!
--
To unsubscribe from this list go to the following URL and
read the
instructions:
https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
