On Thursday, December 15, 2005, at 11:56 AM, Philip Washington wrote:
Margaret_Doll wrote:
On Wednesday, December 14, 2005, at 04:42 PM, Philip Washington wrote:
Margaret_Doll wrote:
Begin forwarded message:
From: Margaret_Doll <[EMAIL PROTECTED]>
Date: Wed Dec 14, 2005 1:09:24 PM US/Eastern
To: samba <[email protected]>
Subject: [Samba] RHEL4 and samba
I brought over the /etc/samba directory from a RHEL3 system to a
RHEL4 system.
I disable selinux in case there was a problem with a port being
blocked
iptables has port 139 and 445 enabled.
open ports 137 and 138, I forget which one, but the
announcement is on one of these ports, you also need to check your
protocols tcp udp as far as iptables is concerned. Usually in
this cases I open up all protocols and the ports needed(check the
protocols udp and tcp on 139 445 also) and then start DROP ing or
REJECT ing ports-protocols until it breaks.
selinux should not be an issue with this.
I opened the tcp, udp ports in the iptables, restarted iptables,
restarted smb.
I still have the same problems with nmbd. People can do a search
for the server.nnn.nnn.edu and find themselves logged in, but the
server in the Network Neighborhood is "not available" The printers
from the Windows computers
have to be created using the complete path of the server, ie.
server.nnn.nnn.edu, instead of the samba name.
iptables --list
...
ACCEPT udp -- anywhere anywhere state
NEW udp dpt:netbios-ns
ACCEPT tcp -- anywhere anywhere state
NEW tcp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state
NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state
NEW tcp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state
NEW tcp dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere state
NEW udp dpt:netbios-ssn
Would it be possible to turn off iptables altogether and try.
service iptables stop
service smb restart
You may have to wait a few minutes for the master browser to pick it
up.
Here is a copy of a simple smb.conf I have running on a test machine
running RHEL4
[global]
workgroup = COMPA
server string = Samba Server
interfaces = 10.10.10.167/24
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
printer admin = @ntadmin, root
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
read only = No
guest ok = Yes
printable = Yes
default devmode = Yes
browseable = No
[print$]
comment = Printer driver Download Area
path = /etc/samba/drivers
write list = @ntadmin, root, philip
guest ok = Yes
[Shared]
path = /home/philip/SHARED
valid users = philip
read only = No
hosts allow = 10.10.10.169, 10.10.10.238
I have tried it with selinux and iptables disabled or off. No
difference.
My smb.conf with the networks "x'd" out
# Global parameters
[global]
workgroup = CHEMISTRY
netbios name = CHEMPS
server string = chemps - Chemistry Samba Server
interfaces = 128.xxx.xxx.xxx/24 127.0.0.1
smb passwd file = /etc/samba/smbpasswd
min password length = 7
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
os level = 255
preferred master = Yes
domain master = Yes
wins proxy = yes
wins support = yes
remote announce = 128.xxx.xxx.255/Chemistry
128.xxx.xxx.255/Chemistry 128.xxx.xxx.255/Chemistry
128.xxx.xxx.255/Chemistry 128.xxx.xxx.255/Chemistry
invalid users = bin daemon sys adm tty disk lp mem kmem wheel
mail news uucp man games gopher dip ftp floppy utmp xfs console
pppusers popusers slipusers slocate gdm filesystem root
valid users = @chemusers @geousers @users @stockroom @guest
username map = /etc/samba/smbusers
domain logons = yes
guest account = xxxxxxx
hosts allow = 128.148.124. 128.148.68. 128.148.116.
128.148.119. 128.148.171. 127.
dos filetimes = Yes
dos filetime resolution = Yes
load printers = yes
printing = cups
printcap name = /etc/printcap
use client driver = yes
[homes]
comment = Home Directories
writeable = yes
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
guest ok = Yes
printable = Yes
browseable = no
[1-Mac]
comment = Distributed Software for MacIntoshes
path = /chemusers/1-Mac
volume = Utilities for MacIntoshes
guest ok = yes
[1-Win]
comment = Distributed Software for Windows
path = /chemusers/1-Win
volume = Utilities for Window Computers
guest ok = yes
[Milling]
comment = Contains the drop boxes for Milling requests
path = /chemusers/milling
volume = Milling Drop Box
writeable = yes
valid users = @chemusers
force group = chemusers
[Stockroom]
comment = Database for the Stockroom Applications
path = /home/stockroom
volume = Database for the Stockroom
valid users = @stockroom
writeable = yes
create mask = 660
directory mask = 0770
[web pages]
comment = Web pages for data transfer
path = /home/httpd/html
volume = Web pages for Chemistry
guest ok = yes
writeable = yes
I can see the server in the Windows Network Neighborhood but the
user cannot connect because they are unauthorized to attach from
their computer.
Most of the test in the samba documentation work except.
smbclient -L server -N
shows no computers, but does show the shares and
SERVER COMMENTS
myserver server comments
Workgroup Master
-------------
myworkgroup
2nd workgroup master2
3rd workgroup master3
nmblookup -B myserver __SAMBA__
querying __SAMBA__ on correct ip address
name_query failed to find name __SAMBA__
nmblooup -M myworkgroup
querying myworkgroup on mysubnet
ip address of a client myworkgroup<1d>
"netstat -a" show netbios-ns
What do I have set up incorrectly?
--
I found that from the computers I cannot attach to the server
through
the network neighborhood. I can, however, log into the server
if I do a search on the computer. So the server is not "announcing"
itself.
How do I fix this problem? Is this a firewall problem?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
