Margaret_Doll wrote:
On Thursday, December 15, 2005, at 11:56 AM, Philip Washington wrote:
Margaret_Doll wrote:
On Wednesday, December 14, 2005, at 04:42 PM, Philip Washington wrote:
Margaret_Doll wrote:
Begin forwarded message:
From: Margaret_Doll <[EMAIL PROTECTED]>
Date: Wed Dec 14, 2005 1:09:24 PM US/Eastern
To: samba <[email protected]>
Subject: [Samba] RHEL4 and samba
I brought over the /etc/samba directory from a RHEL3 system to a
RHEL4 system.
I disable selinux in case there was a problem with a port being
blocked
iptables has port 139 and 445 enabled.
open ports 137 and 138, I forget which one, but the
announcement is on one of these ports, you also need to check your
protocols tcp udp as far as iptables is concerned. Usually in
this cases I open up all protocols and the ports needed(check the
protocols udp and tcp on 139 445 also) and then start DROP ing or
REJECT ing ports-protocols until it breaks.
selinux should not be an issue with this.
I opened the tcp, udp ports in the iptables, restarted iptables,
restarted smb.
I still have the same problems with nmbd. People can do a search
for the server.nnn.nnn.edu and find themselves logged in, but the
server in the Network Neighborhood is "not available" The printers
from the Windows computers
have to be created using the complete path of the server, ie.
server.nnn.nnn.edu, instead of the samba name.
iptables --list
...
ACCEPT udp -- anywhere anywhere state
NEW udp dpt:netbios-ns
ACCEPT tcp -- anywhere anywhere state
NEW tcp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state
NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state
NEW tcp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state
NEW tcp dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere state
NEW udp dpt:netbios-ssn
Would it be possible to turn off iptables altogether and try.
service iptables stop
service smb restart
You may have to wait a few minutes for the master browser to pick it up.
Here is a copy of a simple smb.conf I have running on a test machine
running RHEL4
[global]
workgroup = COMPA
server string = Samba Server
interfaces = 10.10.10.167/24
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
printer admin = @ntadmin, root
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
read only = No
guest ok = Yes
printable = Yes
default devmode = Yes
browseable = No
[print$]
comment = Printer driver Download Area
path = /etc/samba/drivers
write list = @ntadmin, root, philip
guest ok = Yes
[Shared]
path = /home/philip/SHARED
valid users = philip
read only = No
hosts allow = 10.10.10.169, 10.10.10.238
I have tried it with selinux and iptables disabled or off. No
difference.
My smb.conf with the networks "x'd" out
# Global parameters
[global]
workgroup = CHEMISTRY
netbios name = CHEMPS
server string = chemps - Chemistry Samba Server
interfaces = 128.xxx.xxx.xxx/24 127.0.0.1
smb passwd file = /etc/samba/smbpasswd
min password length = 7
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
os level = 255
This is high, I have never seen a setting above 99 but this may work,
I've just never tried it and don't know whether there is an upper limit.
preferred master = Yes
domain master = Yes
wins proxy = yes
wins support = yes
remote announce = 128.xxx.xxx.255/Chemistry
128.xxx.xxx.255/Chemistry 128.xxx.xxx.255/Chemistry
128.xxx.xxx.255/Chemistry 128.xxx.xxx.255/Chemistry
I'm assuming Chemistry is a typo.
invalid users = bin daemon sys adm tty disk lp mem kmem wheel
mail news uucp man games gopher dip ftp floppy utmp xfs console
pppusers popusers slipusers slocate gdm filesystem root
valid users = @chemusers @geousers @users @stockroom @guest
username map = /etc/samba/smbusers
domain logons = yes
guest account = xxxxxxx
hosts allow = 128.148.124. 128.148.68. 128.148.116.
128.148.119. 128.148.171. 127.
do you have routes set for all of these networks?
Do the computers/clients on all these subnets have routes and settings
for the WINS server?
Okay I reread what you posted and I think I answered 1 1/2 of my own
questions, you do have routes set. It appears that the clients are
getting information from the DNS, but are not getting WINS information?
(Were the netbios name resolutions changed in DHCP when you did the
transfer from RHEL3 to RHEL4? Is this the same computer and IP address
as what you were using before?)
The other problem I have seen from what you describe is that when
clicking on network neighborhood the client sees error no route to
host? I have found on occasions that this is caused by the Samba server
not being able to resolve back to the client. I found this out by
putting IPAddress of CLIENTNOTWORKING in the /etc/host file and then
going back to the client and trying again.
Basically are the clients using this as there WINS server? If they are,
are the clients showing up in the wins.dat file? Is your server showing
up on the wins.dat file?
Can you look and see which computer is the master browser on your
network ( I have had problems with W9x computers becoming the master
browser and messing up network browsing)?
Sorry you're having so many problems. I don't see a magic bullet to fix
your problem right now. I'll try to look into it some more when I get
time, which may be until sometime this weekend.
dos filetimes = Yes
dos filetime resolution = Yes
load printers = yes
printing = cups
printcap name = /etc/printcap
use client driver = yes
[homes]
comment = Home Directories
writeable = yes
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
guest ok = Yes
printable = Yes
browseable = no
[1-Mac]
comment = Distributed Software for MacIntoshes
path = /chemusers/1-Mac
volume = Utilities for MacIntoshes
guest ok = yes
[1-Win]
comment = Distributed Software for Windows
path = /chemusers/1-Win
volume = Utilities for Window Computers
guest ok = yes
[Milling]
comment = Contains the drop boxes for Milling requests
path = /chemusers/milling
volume = Milling Drop Box
writeable = yes
valid users = @chemusers
force group = chemusers
[Stockroom]
comment = Database for the Stockroom Applications
path = /home/stockroom
volume = Database for the Stockroom
valid users = @stockroom
writeable = yes
create mask = 660
directory mask = 0770
[web pages]
comment = Web pages for data transfer
path = /home/httpd/html
volume = Web pages for Chemistry
guest ok = yes
writeable = yes
I can see the server in the Windows Network Neighborhood but the
user cannot connect because they are unauthorized to attach from
their computer.
Most of the test in the samba documentation work except.
smbclient -L server -N
shows no computers, but does show the shares and
SERVER COMMENTS
myserver server comments
Workgroup Master
-------------
myworkgroup
2nd workgroup master2
3rd workgroup master3
nmblookup -B myserver __SAMBA__
querying __SAMBA__ on correct ip address
name_query failed to find name __SAMBA__
nmblooup -M myworkgroup
querying myworkgroup on mysubnet
ip address of a client myworkgroup<1d>
"netstat -a" show netbios-ns
What do I have set up incorrectly?
--
I found that from the computers I cannot attach to the server through
the network neighborhood. I can, however, log into the server
if I do a search on the computer. So the server is not "announcing"
itself.
How do I fix this problem? Is this a firewall problem?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
