RE: FreeBSD 7.0 jail and Samba 3
What does your ifconfig line read from /etc/rc.conf (the alias line) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.0 jail and Samba 3
Hey, What does your ifconfig line read from /etc/rc.conf (the alias line) ifconfig_rl0=192.168.15.198 netmask 255.255.255.0 ifconfig_rl0_alias0=192.168.15.201 netmask 255.255.255.0 defaultrouter=192.168.15.1 jail_enable=YES jail_sysvipc_allow=YES jail_socket_unixiproute_only=NO #= Jails ---=# jail_list=samba #=--=# jail_samba_rootdir=/usr/jail/samba jail_samba_hostname=samba.infrax.local jail_samba_ip=192.168.15.201 jail_samba_devfs_enable=YES jail_samba_procfs_enable=YES jail_samba_devfs_ruleset=devfsrules_samba_jail #=--=# Thanks, Nejc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.0 jail and Samba 3
Hey, ifconfig_rl0_alias0=192.168.15.201 netmask 255.255.255.0 the mask of an alias ipadres needs to be 32 bits. I do not now if this solves your problem but it needs to be 32 bits. ifconfig_rl0_alias0=192.168.15.201 netmask 255.255.255.255 I tried with 24 bits - it doesn't work one way or the other. Thanks, Nejc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD 7.0 jail and Samba 3
Hey, ifconfig_rl0_alias0=192.168.15.201 netmask 255.255.255.0 the mask of an alias ipadres needs to be 32 bits. I do not now if this solves your problem but it needs to be 32 bits. ifconfig_rl0_alias0=192.168.15.201 netmask 255.255.255.255 Can you explain why it needs to be 32 bits? I have both setups (24 and 32) and both seems to works fine. (I am not running Samba) I tried with 24 bits - it doesn't work one way or the other. Thanks, Nejc This is from the man page of ifconfig and there it is alias Establish an additional network address for this interface. This is sometimes useful when changing network numbers, and one wishes to accept packets addressed to the old interface. If the address is on the same subnet as the first network address for this interface, a non-conflicting netmask must be given. Usually 0x is most appropriate. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.0 jail and Samba 3
Hey, OK.. if it is running inside your jail it doesnt respond to WINS broadcasts (request for NETBIOS Names.. oi, who is Machine on this subnet???), if it is not running in your jail, it is. I wouldn't say WINS broadcasts but NetBIOS broadcasts, yes. Machine is jailed Samba 3 server - I want it to be accessible from Windows machines via \\Machine. But it is not unless I put it out of jail (or turn on WINS in smb.conf and enter the WINS server IP into Windows clients). Windows machines don't have the WINS server set - I don't want to use WINS server capability of Samba (nor of any other server on the network). So, what are your settings for master (local, domain and wins)? wins support = no local master = yes domain master = yes preferred master = yes can you do a ping to machine? Can it be resolved? C:\Users\Nejko.DOMAINping freebsd Ping request could not find host freebsd. Please check the name and try again. C:\Users\Nejko.DOMAINping 192.168.15.201 Pinging 192.168.15.201 with 32 bytes of data: Reply from 192.168.15.201: bytes=32 time1ms TTL=64 Can you connect smbclient //ipadres? You mean \\192.168.15.201. Yes. Do you see the smb client listening on the machines virtual ip? You mean smb server - yes: root smbd 1436 18 tcp4 192.168.15.201:445*:* root smbd 1436 19 tcp4 192.168.15.201:139*:* root nmbd 1430 6 udp4 192.168.15.201:137*:* root nmbd 1430 7 udp4 192.168.15.201:138*:* root nmbd 1430 8 udp4 192.168.15.201:137*:* root nmbd 1430 9 udp4 192.168.15.201:138*:* in case the above work for you it is all about name resolution. # man smbclient Read the first paragraph of servicename on servername resolution. I know it is all about network resolution. But the question is how to convince a jailed Samba to reply to NetBIOS broadcasts. I can't find this in any manual. Thanks, Nejc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD 7.0 jail and Samba 3
OK.. if it is running inside your jail it doesnt respond to WINS broadcasts (request for NETBIOS Names.. oi, who is Machine on this subnet???), if it is not running in your jail, it is. I wouldn't say WINS broadcasts but NetBIOS broadcasts, yes. Machine is jailed Samba 3 server - I want it to be accessible from Windows machines via \\Machine. But it is not unless I put it out of jail (or turn on WINS in smb.conf and enter the WINS server IP into Windows clients). Windows machines don't have the WINS server set - I don't want to use WINS server capability of Samba (nor of any other server on the network). So, what are your settings for master (local, domain and wins)? wins support = no local master = yes domain master = yes preferred master = yes can you do a ping to machine? Can it be resolved? C:\Users\Nejko.DOMAINping freebsd Ping request could not find host freebsd. Please check the name and try again. C:\Users\Nejko.DOMAINping 192.168.15.201 Pinging 192.168.15.201 with 32 bytes of data: Reply from 192.168.15.201: bytes=32 time1ms TTL=64 Can you connect smbclient //ipadres? You mean \\192.168.15.201. Yes. Do you see the smb client listening on the machines virtual ip? You mean smb server - yes: root smbd 1436 18 tcp4 192.168.15.201:445*:* root smbd 1436 19 tcp4 192.168.15.201:139*:* root nmbd 1430 6 udp4 192.168.15.201:137*:* root nmbd 1430 7 udp4 192.168.15.201:138*:* root nmbd 1430 8 udp4 192.168.15.201:137*:* root nmbd 1430 9 udp4 192.168.15.201:138*:* in case the above work for you it is all about name resolution. # man smbclient Read the first paragraph of servicename on servername resolution. I know it is all about network resolution. But the question is how to convince a jailed Samba to reply to NetBIOS broadcasts. I can't find this in any manual. Thanks, Nejc This is nota n issue with samba it is a name resolve issue. If you add in c:\windows\system32\drivers\etc\hosts the following does all work then ipadressMachine-name where ipadress is the ipadres of the jailed samba server and machine-name is the netbios name of the jailed server. If this works then you need to check your DNS server. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.0 jail and Samba 3
Hi, This is nota n issue with samba it is a name resolve issue. Then why is Samba replying to NetBIOS broadcasts very nicely when I put it outside jail (with the same configuration)? As far as I understand Samba also provides resolving - NetBIOS resolving via its nmbd. If you add in c:\windows\system32\drivers\etc\hosts the following does all work then ipadressMachine-name where ipadress is the ipadres of the jailed samba server and machine-name is the netbios name of the jailed server. If this works then you need to check your DNS server. Okay, let me clarify all this once again: I know that this will work for me. I also know that if I add a mapping machine - IP address into my DNS it will work for me. I also know that if I turn on WINS support in smb.conf and then set up a WINS server on the Windows machine, it will work fine. But as you probably know, there is also a third way of resolving names to IP addresses - it is called NetBIOS broadcasts - from Wikipedia: In order to connect to a computer running TCP/IP via its NetBIOS name, the name must be resolved to a network address. Today this is usually an IP address (the NetBIOS name-IP address resolution is often done by either broadcasts or a WINS Server — NetBIOS Name Server). So it says _either by broadcasts or a WINS Server_. I don't want to use WINS server (or DNS server) for this, but NetBIOS broadcasts. And these broadcasts work just fine when my Samba 3 server is not running in a FreeBSD jail. As soon as I put it into the jail, for some reason, Samba 3 stops responding to NetBIOS broadcasts. And this is what I would like to understand - why Samba 3 stops responding to these broadcasts when it is running in a jail. Thanks, Nejc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.0 jail and Samba 3
Hi, I'm not sending this message to the list as I've not been following the discussion; I just skimmed thru it. I hope you don't mind that I sent it to the list too. I would check too things, a) a firewall (sorry if this has been talked about, as I said I didn't read it all) or b) enable raw sockets in jails ( security.jail.allow_raw_sockets=1 ). Let me know if b) works, I plan to setup a samba server on ZFS inside a jail when I return home from my travels. a) I have no firewall whatsoever running. b) FreeBSDhost# sysctl -a | grep raw_sockets security.jail.allow_raw_sockets: 1 Thanks, Nejc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.0 jail and Samba 3
Nejc Škoberne wrote: Hi, I'm not sending this message to the list as I've not been following the discussion; I just skimmed thru it. I hope you don't mind that I sent it to the list too. I would check too things, a) a firewall (sorry if this has been talked about, as I said I didn't read it all) or b) enable raw sockets in jails ( security.jail.allow_raw_sockets=1 ). Let me know if b) works, I plan to setup a samba server on ZFS inside a jail when I return home from my travels. a) I have no firewall whatsoever running. b) FreeBSDhost# sysctl -a | grep raw_sockets security.jail.allow_raw_sockets: 1 Thanks, Nejc I have a samba3 jail serving files, and my sysctl security.jail.allow_raw_sockets=0 Raw sockets allow direct access to the network subsystem.From a security standpoint there's very little reason to allow this and many reasons not to. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.0 jail and Samba 3
On Wed, April 23, 2008 18:16, Nejc Å koberne wrote: Hi, This is nota n issue with samba it is a name resolve issue. Then why is Samba replying to NetBIOS broadcasts very nicely when I put it outside jail (with the same configuration)? As far as I understand Samba also provides resolving - NetBIOS resolving via its nmbd. If you add in c:\windows\system32\drivers\etc\hosts the following does all work then ipadress Machine-name where ipadress is the ipadres of the jailed samba server and machine-name is the netbios name of the jailed server. If this works then you need to check your DNS server. Okay, let me clarify all this once again: I know that this will work for me. I also know that if I add a mapping machine - IP address into my DNS it will work for me. I also know that if I turn on WINS support in smb.conf and then set up a WINS server on the Windows machine, it will work fine. But as you probably know, there is also a third way of resolving names to IP addresses - it is called NetBIOS broadcasts - from Wikipedia: In order to connect to a computer running TCP/IP via its NetBIOS name, the name must be resolved to a network address. Today this is usually an IP address (the NetBIOS name-IP address resolution is often done by either broadcasts or a WINS Server â NetBIOS Name Server). So it says _either by broadcasts or a WINS Server_. I don't want to use WINS server (or DNS server) for this, but NetBIOS broadcasts. And these broadcasts work just fine when my Samba 3 server is not running in a FreeBSD jail. As soon as I put it into the jail, for some reason, Samba 3 stops responding to NetBIOS broadcasts. And this is what I would like to understand - why Samba 3 stops responding to these broadcasts when it is running in a jail. If Samba is running in a jail it is linked to a Alias IP. AFAIK broadcasts are only processed and responded to by the primary IP address. This might be why. Ask on -net if they would know about how to get the alias ip responding to netbios broadcasts. Why it works for me: simple, all my servers are using DNS. All my DHCP clients get automatically added to DNS. Also, if I am not mistaken, Windows Vista wants to move away from Netbios. In WIndows XP there is even a setting to disable Netbios on TCP. I believe Samba is catered for that. Ports are 445 on windows if I am not mistaken. Cheers Patrick Thanks, Nejc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.0 jail and Samba 3
Hey Johan, I think you will need to remove 127.0.0.1 Just use 192.168.1.2/24 There is no 127.0.0.1 on a jailed system I have done so - I still can't do smbclient //machine from another box to the jailed Samba. If I put the Samba out of the jail (same version, same config) it works as it should. I have this in my rc.conf: jail_enable=YES jail_sysvipc_allow=YES jail_socket_unixiproute_only=NO #= Jails ---=# jail_list=samba #=--=# jail_samba_rootdir=/usr/jail/samba jail_samba_hostname=samba.domain.local jail_samba_ip=192.168.15.201 jail_samba_interface=rl0 jail_samba_devfs_enable=YES jail_samba_procfs_enable=YES jail_samba_devfs_ruleset=devfsrules_jail #=--=# and this in my sysctl.conf: security.jail.allow_raw_sockets=1 security.jail.sysvipc_allowed=1 Thanks, Nejc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.0 jail and Samba 3
On Tue, April 22, 2008 17:33, Nejc ©koberne wrote: Hey Johan, I think you will need to remove 127.0.0.1 Just use 192.168.1.2/24 There is no 127.0.0.1 on a jailed system I have done so - I still can't do smbclient //machine from another box to the jailed Samba. If I put the Samba out of the jail (same version, same config) it works as it should. I have this in my rc.conf: OK.. if it is running inside your jail it doesnt respond to WINS broadcasts (request for NETBIOS Names.. oi, who is Machine on this subnet???), if it is not running in your jail, it is. So, what are your settings for master (local, domain and wins)? can you do a ping to machine? Can it be resolved? Can you connect smbclient //ipadres? Do you see the smb client listening on the machines virtual ip? in case the above work for you it is all about name resolution. # man smbclient Read the first paragraph of servicename on servername resolution. Patrick jail_enable=YES jail_sysvipc_allow=YES jail_socket_unixiproute_only=NO #= Jails ---=# jail_list=samba #=--=# jail_samba_rootdir=/usr/jail/samba jail_samba_hostname=samba.domain.local jail_samba_ip=192.168.15.201 jail_samba_interface=rl0 jail_samba_devfs_enable=YES jail_samba_procfs_enable=YES jail_samba_devfs_ruleset=devfsrules_jail #=--=# and this in my sysctl.conf: security.jail.allow_raw_sockets=1 security.jail.sysvipc_allowed=1 Thanks, Nejc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.0 jail and Samba 3
Hey Johan, Well i use ezjail for my jails, i leave everything else standard, but have the same sysctl value's This is my smb.conf (it is a fileserver as member of a domain for my domain). [global] ... wins server = hz2-serv.mydomain.local This is why it works for you. You use external WINS server - and for the Windows client to be able to go to \\fileserv-hz2 there must be WINS server set up on it. Which is not really what I want - I want to be able to use NetBIOS to resolve NetBIOS name of the server, not WINS. I also tried with the external WINS server and it works for me too. Thanks, Nejc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.0 jail and Samba 3
Hey again, I am trying to get latest Samba running under FreeBSD 7.0 jail environment. I happen to have problems with visibility of the Samba server on the network - I cannot connect to it using its NetBIOS name. To be able to run nmbd, I have to use the interfaces parameter in smb.conf like this: interfaces = 192.168.1.2/24 127.0.0.1 If I don't set this, nmbd fails to run (it says it cannot find interfaces). However, if I try the identical configuration on a non-jailed Samba (on a FreeBSD 6.2 though) it runs seamlessly - I can connect to it from another box by running smbclient //server/share. Is there any way to make NetBIOS work for jailed Samba server on FreeBSD 7.0? Is there really nobody who could help me out here? Thanks, Nejc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: FreeBSD 7.0 jail and Samba 3
I am trying to get latest Samba running under FreeBSD 7.0 jail environment. I happen to have problems with visibility of the Samba server on the network - I cannot connect to it using its NetBIOS name. To be able to run nmbd, I have to use the interfaces parameter in smb.conf like this: interfaces = 192.168.1.2/24 127.0.0.1 If I don't set this, nmbd fails to run (it says it cannot find interfaces). However, if I try the identical configuration on a non-jailed Samba (on a FreeBSD 6.2 though) it runs seamlessly - I can connect to it from another box by running smbclient //server/share. Is there any way to make NetBIOS work for jailed Samba server on FreeBSD 7.0? Is there really nobody who could help me out here? Thanks, Nejc I think you will need to remove 127.0.0.1 Just use 192.168.1.2/24 There is no 127.0.0.1 on a jailed system This is the output of ifconfig on my jail server bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=9bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM ether 00:19:bb:d1:66:06 inet 192.168.100.200 netmask 0xff00 broadcast 192.168.100.255 inet 192.168.100.201 netmask 0x broadcast 192.168.100.201 inet 192.168.100.202 netmask 0x broadcast 192.168.100.202 inet 192.168.100.203 netmask 0x broadcast 192.168.100.203 inet 192.168.100.204 netmask 0x broadcast 192.168.100.204 media: Ethernet autoselect (100baseTX full-duplex) status: active pflog0: flags=0 metric 0 mtu 33204 pfsync0: flags=0 metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 and here it is from my jailed server bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=9bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM ether 00:19:bb:d1:66:06 inet 192.168.100.202 netmask 0x broadcast 192.168.100.202 media: Ethernet autoselect (100baseTX full-duplex) status: active pflog0: flags=0 metric 0 mtu 33204 pfsync0: flags=0 metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 as you can see the interface lo0 is there but no ip 127.0.0.1 regards, Johan Hendriks Double L Automatisering ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]