Over the past couple of months, as time permits, I�ve been looking into messages similar to:
[2004/05/11 14:00:20.129507, 0] lib/util_sock.c:get_peer_addr(952) getpeername failed. Error was Transport endpoint is not connected [2004/05/11 14:00:20.130067, 0] lib/util_sock.c:write_socket_data(388) write_socket_data: write failure. Error = Connection reset by peer [2004/05/11 14:00:20.130131, 0] lib/util_sock.c:write_socket(413) write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer [2004/05/11 14:00:20.130188, 0] lib/util_sock.c:send_smb(605) Error writing 4 bytes to client. -1. (Connection reset by peer) in /var/log/log.smbd and /var/log/samba/log.xxxxxxx for many of our PC�s. Many people have reported these errors to the list and the suggested cure has always been looking at network hardware problems. In developing an approach to circumvent these messages, I believe that I have also circumvented intermittent roaming profile failures (Microsoft Knowledge Base Article � 831651) that have also been written about in this list. Our configuration is Fedora 1 with samba3.0.2a as a PDC with WINS. We still use smbpasswd as our authentication method. We have about 60 XP Pro PC�s and about 100 W98 2nd edition PC�s in this network. We have no PC�s running W2000. There is only one server (the PDC) in this network. >From looking at /var/log/samba, I quickly determined that only XP Pro PC�s logged the above error message. After looking at some Ethernet traces, I believed that the error messages were caused by a particular sequence during the decision making between XP Pro and samba for using port 139 or port 445 for smb traffic. See https://bugzilla.samba.org/show_bug.cgi?id=1257 for more detail. As the first attempt at a circumvention, I added an iptable INPUT rule to the server to block port 445. It appeared to work, so I removed the iptable rule and added an "smb ports = 139" statement to smb.conf to block port 445 and put it into production. It worked. The getpeername messages disappeared from the log. However, for the next couple of days, I received reports of frequent, but intermittent roaming profile error messages at logon. This solution of forcing all PC�s to use Netbios over TCP greatly increased the number of complaints of roaming profile error messages. So I commented out the smb ports statement and the getpeername error messages resumed (which appear to do no harm) and the roaming profile error messages reduced to sporadic. As a second approach, I isolated all the XP Pro PC�s via DHCP to the 192.168.1.0/24 address range while the W98 PC�s remained in the 192.168.0.0/24 range. The allowed me to add the following iptables rule to the server: iptables -I INPUT 1 -p tcp -s 192.168.1.0/24 --dport 139 -j DROP With this rule, and the address separation, XP Pro PC�s use port 445 for smb traffic while W98 PC�s use port 139. The second approach has now been working for a week in production with no getpeername errors and, I believe, that there have been no roaming profile errors for the XP Pro PC�s. Again, we have a fairly simple samba configuration, so if you want to try this, test it first in your configuration. Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
