Re: [Samba] win 7 client can't map drive: getpeername failed

[Ed Strong]

Thanks so much gaiseric for your continued help,
Your advice was spot on and I have found the issue in the windows 7
security settings. Not sure how
it happened as a bad client was imaged from a good client.

I'd already tweaked the "Network Security: LAN Manager authentication
level" to 'Send LM & NTLM - use NTLMv2 session security if negotiated' but
on closer examination I found several other differences. The 4 changes that
got me working were:

1: Microsoft network client: Digitally sign communications (always)
Disabled
2: Network access: Do not allow anonymous enumeration of SAM accounts and
sharesDisabled
3: Network security: Minimum session security for NTLM SSP based (including
secure RPC) clientsRequire 128-bit encryption
4: Network security: Minimum session security for NTLM SSP based (including
secure RPC) serversRequire 128-bit encryption

though I suspect just changes 1:  and 3: would have been enough.

Once again thanks for all your input.
Ed



On 13 May 2013 15:59, Gaiseric Vandal  wrote:

>  That suggests either a configuration difference with some of the win 7
> machines or a difference with some of the AD accounts for the machines.
>
> On the NAS, does the "getent passwd" command display user and machine
> accounts?   Is it may be showing only some machine accounts and not
> others?  It might be possible that samba has been unable to account an
> idmap entry for newer machines.   All though I  would think this would
> affect authentication issues, not connection issues.  I have found
> idmapping to be one of the less reliable functions in samba.
>
> Are all the Win 7 machines configured with identical network settings
> (apart from the IP address itself of course.) this should be the case if
> you use DHCP.
> Are their any security settings on the problem  Win 7 machines that are
> different?  If you use gpedit.msc -> computer -> security settings ,   you
> may want to review things like NTLMv2 settings.   Are all the machine
> accounts in the same AD container ?
>
> If this is all AD, then you should not need to use WINS. Although it
> may also help resolve confusion about which machine is the local master
> browser.Which shouldn't really matter either.  I use samba 3.x as a
> non-AD PDC  so the WINS and browser stuff is more important.
>
> Is the Microsoft server is the AD PDC it may expect to be the local master
> browser.   I think there can only be one local master browser per
> subnet.And if you look thru the nmbd logs (?) on the NAS as well as the
> logs on the Win 2008 server . you may see results of a browser
> election.
>
>
> the "testparm -v" will show you all the config settings, including those
> set by default even if not explicitly set in smb.conf
>
>
> On 05/13/13 08:44, Ed Strong wrote:
>
>   Hi,
>
>  all XP clients work fine. As do most win 7 clients.  Just a handful of
> win7 clients have this issue.
>
> We only have one Microsoft server: 2008 R2, it does not have the WINS
> server feature installed.
>  The qnap box is called saturn and is a member of the domain
>telnet saturn 139
>  results in blank screen, blinking cursor so port open I guess.
>  NAS uses our Microsoft server for it's DNS and registers itself in DNS
>  Also on the NAS I have:
>Enable WINS server NOT checked
> Local master browser checked
>Allow only NTLMv2 authentication NOT checked
>  DNS has a reverse lookup zone with a PTR record for client
>
>
>  This is my foray into samba so I'm not familiar with the config file
> structure but here is the global
> section:
>
> [global]
> log level = 3
> passdb backend = smbpasswd
> workgroup = OUR_DOMAIN
> security = ADS
> server string =
> encrypt passwords = Yes
> username level = 0
> map to guest = Bad User
> null passwords = yes
> max log size = 50
> socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=262144 SO_RCVBUF=131072
> os level = 20
> preferred master = no
> dns proxy = No
> smb passwd file=/etc/config/smbpasswd
> username map = /etc/config/smbusers
> guest account = guest
> directory mask = 0777
> create mask = 0777
> oplocks = yes
> locking = yes
> disable spoolss = yes
> load printers = no
> display charset = UTF8
> force directory security mode = 
> veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network
> Trash Folder/Temporary
> Items/TheVolumeSettingsFolder/.@__thumb/.@__desc/:2e*/
> delete veto files = yes
> map archive = no
> map system = no
> map hidden = no
> map read only = no
> deadtime = 10
> use sendfile = yes
> unix extensions = no
> store dos attributes = yes
> client ntlmv2 auth = yes
> dos filetime resolution = no
> inherit acls = yes
> wide links = yes
> force unknown acl user = yes
> template homedir = /share/homes/DOMAIN=%D/%U
> domain logons = no
> min receivefile size = 4096
> case sensitive = auto
> domain master = auto
> local master = yes
> enhance acl v1 = ye

Re: [Samba] win 7 client can't map drive: getpeername failed

[Gaiseric Vandal]

That suggests either a configuration difference with some of the win 7 
machines or a difference with some of the AD accounts for the machines.


On the NAS, does the "getent passwd" command display user and machine 
accounts?   Is it may be showing only some machine accounts and not 
others?  It might be possible that samba has been unable to account an 
idmap entry for newer machines.   All though I  would think this would 
affect authentication issues, not connection issues.  I have found 
idmapping to be one of the less reliable functions in samba.


Are all the Win 7 machines configured with identical network settings  
(apart from the IP address itself of course.) this should be the case if 
you use DHCP.
Are their any security settings on the problem  Win 7 machines that are 
different?  If you use gpedit.msc -> computer -> security settings ,   
you may want to review things like NTLMv2 settings.   Are all the 
machine accounts in the same AD container ?


If this is all AD, then you should not need to use WINS. Although it may 
also help resolve confusion about which machine is the local master 
browser.Which shouldn't really matter either.  I use samba 3.x as a 
non-AD PDC  so the WINS and browser stuff is more important.


Is the Microsoft server is the AD PDC it may expect to be the local 
master browser.   I think there can only be one local master browser per 
subnet.And if you look thru the nmbd logs (?) on the NAS as well as 
the logs on the Win 2008 server . you may see results of a browser 
election.



the "testparm -v" will show you all the config settings, including those 
set by default even if not explicitly set in smb.conf



On 05/13/13 08:44, Ed Strong wrote:

Hi,

all XP clients work fine. As do most win 7 clients.  Just a handful of 
win7 clients have this issue.


We only have one Microsoft server: 2008 R2, it does not have the WINS 
server feature installed.

The qnap box is called saturn and is a member of the domain
  telnet saturn 139
results in blank screen, blinking cursor so port open I guess.
NAS uses our Microsoft server for it's DNS and registers itself in DNS
Also on the NAS I have:
   Enable WINS server NOT checked
   Local master browser checked
Allow only NTLMv2 authentication NOT checked
DNS has a reverse lookup zone with a PTR record for client


This is my foray into samba so I'm not familiar with the config file 
structure but here is the global

section:

[global]
log level = 3
passdb backend = smbpasswd
workgroup = OUR_DOMAIN
security = ADS
server string =
encrypt passwords = Yes
username level = 0
map to guest = Bad User
null passwords = yes
max log size = 50
socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=262144 
SO_RCVBUF=131072

os level = 20
preferred master = no
dns proxy = No
smb passwd file=/etc/config/smbpasswd
username map = /etc/config/smbusers
guest account = guest
directory mask = 0777
create mask = 0777
oplocks = yes
locking = yes
disable spoolss = yes
load printers = no
display charset = UTF8
force directory security mode = 
veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network 
Trash Folder/Temporary 
Items/TheVolumeSettingsFolder/.@__thumb/.@__desc/:2e*/

delete veto files = yes
map archive = no
map system = no
map hidden = no
map read only = no
deadtime = 10
use sendfile = yes
unix extensions = no
store dos attributes = yes
client ntlmv2 auth = yes
dos filetime resolution = no
inherit acls = yes
wide links = yes
force unknown acl user = yes
template homedir = /share/homes/DOMAIN=%D/%U
domain logons = no
min receivefile size = 4096
case sensitive = auto
domain master = auto
local master = yes
enhance acl v1 = yes
remove everyone = yes
kernel oplocks = no
mangled names = no
realm = OUR_DOMAIN.local
password server = SERVER.OUR_DOMAIN.local
pam password change = yes
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 3600
idmap uid = 41-50
idmap gid = 41-50
idmap config OUR_DOMAIN : backend = rid
idmap config OUR_DOMAIN : range = 1001-2000
wins support = no
name resolve order = host bcast



On 10 May 2013 16:19, Gaiseric Vandal > wrote:


Are XP clients having the same problem?  Trying with an XP
client would help indicate if there was something specific to XP.
   (I skipped vista.)


Can you check in smb.conf
-  is the server a member server, AD member server, standalone
server, or domain controller.
-   Are ports explicitly defined
-  how is name resolution configured?
   - is NTLMv2 required (I couldn't get NTLMv2 support working.)


Domain membership shouldn't matter at this point since you aren't
even getting to the authentication phase.

Can you  telnet port 139 to make sure it is open?


Do you have a WINS server defined?If so make s

Re: [Samba] win 7 client can't map drive: getpeername failed

[Ed Strong]

Hi,

all XP clients work fine. As do most win 7 clients.  Just a handful of win7
clients have this issue.

We only have one Microsoft server: 2008 R2, it does not have the WINS
server feature installed.
The qnap box is called saturn and is a member of the domain
  telnet saturn 139
results in blank screen, blinking cursor so port open I guess.
NAS uses our Microsoft server for it's DNS and registers itself in DNS
Also on the NAS I have:
   Enable WINS server NOT checked
   Local master browser checked
   Allow only NTLMv2 authentication NOT checked
DNS has a reverse lookup zone with a PTR record for client


This is my foray into samba so I'm not familiar with the config file
structure but here is the global
section:

[global]
log level = 3
passdb backend = smbpasswd
workgroup = OUR_DOMAIN
security = ADS
server string =
encrypt passwords = Yes
username level = 0
map to guest = Bad User
null passwords = yes
max log size = 50
socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=262144 SO_RCVBUF=131072
os level = 20
preferred master = no
dns proxy = No
smb passwd file=/etc/config/smbpasswd
username map = /etc/config/smbusers
guest account = guest
directory mask = 0777
create mask = 0777
oplocks = yes
locking = yes
disable spoolss = yes
load printers = no
display charset = UTF8
force directory security mode = 
veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash
Folder/Temporary Items/TheVolumeSettingsFolder/.@__thumb/.@__desc/:2e*/
delete veto files = yes
map archive = no
map system = no
map hidden = no
map read only = no
deadtime = 10
use sendfile = yes
unix extensions = no
store dos attributes = yes
client ntlmv2 auth = yes
dos filetime resolution = no
inherit acls = yes
wide links = yes
force unknown acl user = yes
template homedir = /share/homes/DOMAIN=%D/%U
domain logons = no
min receivefile size = 4096
case sensitive = auto
domain master = auto
local master = yes
enhance acl v1 = yes
remove everyone = yes
kernel oplocks = no
mangled names = no
realm = OUR_DOMAIN.local
password server = SERVER.OUR_DOMAIN.local
pam password change = yes
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 3600
idmap uid = 41-50
idmap gid = 41-50
idmap config OUR_DOMAIN : backend = rid
idmap config OUR_DOMAIN : range = 1001-2000
wins support = no
name resolve order = host bcast



On 10 May 2013 16:19, Gaiseric Vandal  wrote:

> Are XP clients having the same problem?  Trying with an XP client
> would help indicate if there was something specific to XP.(I skipped
> vista.)
>
>
> Can you check in smb.conf
> -  is the server a member server, AD member server, standalone server,
> or domain controller.
> -   Are ports explicitly defined
> -  how is name resolution configured?
>- is NTLMv2 required (I couldn't get NTLMv2 support working.)
>
>
> Domain membership shouldn't matter at this point since you aren't even
> getting to the authentication phase.
>
> Can you  telnet port 139 to make sure it is open?
>
>
> Do you have a WINS server defined?If so make sure client and NAS are
> using the same WINS server.Is your NAS configured to use a DNS server?
>   Do you have a reverse lookup zone defined in DNS?the NAS maybe trying
> to do a reverse lookup on the IP of the client.   There doesn't need to be
> a PTR entry for the client but you are least want the zone. If DNS
> tries to lookup an IP and gets an immediate "host not found"   that is OK.
>  If it times out because it can't even locate a DNS server then that could
> cause problems for other services dependent on DNS.
>
>
>
>
>
>
>
>
>
>
>
>
> On 05/10/13 10:58, Ed Strong wrote:
>
>> Hi,
>>
>> Thanks for the info, I'm replying to you in gmail to
>> samba@lists.samba.org,
>> hope that is correct ?
>>
>> Yes I can edit the config file on the NAS
>>
>> Looking at the network packets all communication to NAS seems to be on
>> port
>> microsoft-ds (445)
>> I can't see any traffic on ports 137/138/139
>>
>> If i use the IP I get exactly the same error :(
>>
>>
>> On 10 May 2013 15:01, Gaiseric Vandal  wrote:
>>
>>  I think the "Error was Transport endpoint is not connected" warnings are
>>> sometimes misleading. Do you have any control over the samba config
>>> (smb.conf) on the NAS ?On regular samba installs, changing the
>>> default
>>> port settings can cause more problems.
>>>
>>> Windows 7 will try to connect on port 445  (SMB or CIFS over tcp/ip), and
>>> will then reconnect to ports 137/138/139 (SMB over netbios over tcp/ip)
>>> since samba 3.x doesn't handle the newer SMB-over-tcp/ip.
>>> Disabling
>>> 445 on the server seems to cause more problems than it solves.
>>>
>>>
>>> Are you able to connect via IP ?  e.g net use \\qnap_ip\share ?
>>>
>>> I had problems in the past when I disabled port 445 on samba servers.
>>>   Remote users (no 

Re: [Samba] win 7 client can't map drive: getpeername failed

[Gaiseric Vandal]

Are XP clients having the same problem?  Trying with an XP client 
would help indicate if there was something specific to XP.(I skipped 
vista.)



Can you check in smb.conf
-  is the server a member server, AD member server, standalone 
server, or domain controller.

-   Are ports explicitly defined
-  how is name resolution configured?
   - is NTLMv2 required (I couldn't get NTLMv2 support working.)


Domain membership shouldn't matter at this point since you aren't even 
getting to the authentication phase.


Can you  telnet port 139 to make sure it is open?


Do you have a WINS server defined?If so make sure client and NAS are 
using the same WINS server.Is your NAS configured to use a DNS 
server?   Do you have a reverse lookup zone defined in DNS?the NAS 
maybe trying to do a reverse lookup on the IP of the client.   There 
doesn't need to be a PTR entry for the client but you are least want the 
zone. If DNS tries to lookup an IP and gets an immediate "host not 
found"   that is OK.  If it times out because it can't even locate a DNS 
server then that could cause problems for other services dependent on DNS.












On 05/10/13 10:58, Ed Strong wrote:

Hi,

Thanks for the info, I'm replying to you in gmail to samba@lists.samba.org,
hope that is correct ?

Yes I can edit the config file on the NAS

Looking at the network packets all communication to NAS seems to be on port
microsoft-ds (445)
I can't see any traffic on ports 137/138/139

If i use the IP I get exactly the same error :(


On 10 May 2013 15:01, Gaiseric Vandal  wrote:


I think the "Error was Transport endpoint is not connected" warnings are
sometimes misleading. Do you have any control over the samba config
(smb.conf) on the NAS ?On regular samba installs, changing the default
port settings can cause more problems.

Windows 7 will try to connect on port 445  (SMB or CIFS over tcp/ip), and
will then reconnect to ports 137/138/139 (SMB over netbios over tcp/ip)
since samba 3.x doesn't handle the newer SMB-over-tcp/ip. Disabling
445 on the server seems to cause more problems than it solves.


Are you able to connect via IP ?  e.g net use \\qnap_ip\share ?

I had problems in the past when I disabled port 445 on samba servers.
  Remote users (no netbios broadcasts permitted) could connect via IP but
not via name. For the name only connections, packet monitoring would
show packets getting thru the the server but the exchange between client
and server not being completed.  For clients connecting via IP, the client
would send packets to server, server respond, and then clients responded.











On 05/07/13 03:53, Ed Strong wrote:


Hi,

I'm re-posting this (with some more info) as I don't think the original
got
through as I wasn't
signed up to the samba list.

this is my first foray in samba (and newsgroups) so go easy :)
I've started reading the o'reilly samba book but finding it hard going.

Anyway I'm trying to map a network drive from a windows 7 pro client to a
QNAP NAS with the command:
net use s: \\qnap\share

I've posted on several forums and got good advice but the problem remains.
Rather than repost all the detail, please see my original posts:

http://forum.qnap.com/**viewtopic.php?f=185&t=74639
http://social.technet.**microsoft.com/Forums/en-US/**
winservergen/thread/11d35b0c-**ac95-489f-b5d1-0486b9774603
http://www.edugeek.net/forums/**windows-7/112309-map-network-**
drive-nas-but-get-error-64-58-**a.html

I've managed to ssh onto the QNAP via putty and found this in the logs
(getpeername failed)

[/var/log] # pwd
/var/log
[/var/log] # tail -f log.smbd
[2013/05/01 09:36:17.135999,  0] lib/util_sock.c:474(read_fd_
with_timeout)
[2013/05/01 09:36:17.136096,  0]
lib/util_sock.c:1440(get_peer_**addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
peer.
[2013/05/01 09:36:17.137700,  1] smbd/server.c:299(remove_**child_pid)
Scheduled cleanup of brl and lock database after unclean shutdown
[2013/05/01 09:36:17.178522,  1] smbd/service.c:1073(make_**
connection_snum)
172.24.120.139 (172.24.120.139) connect to service Staff initially as
user DOMAIN+admin (uid=10001423, gid=1514) (pid

25771)
[2013/05/01 09:36:17.179093,  0] lib/util_sock.c:474(read_fd_**
with_timeout)
[2013/05/01 09:36:17.179173,  0]
lib/util_sock.c:1440(get_peer_**addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
peer.
[2013/05/01 09:36:17.179289,  1] smbd/service.c:1254(close_**cnum)
172.24.120.139 (172.24.120.139) closed connection

Re: [Samba] win 7 client can't map drive: getpeername failed

[Ed Strong]

Hi,

Thanks for the info, I'm replying to you in gmail to samba@lists.samba.org,
hope that is correct ?

Yes I can edit the config file on the NAS

Looking at the network packets all communication to NAS seems to be on port
microsoft-ds (445)
I can't see any traffic on ports 137/138/139

If i use the IP I get exactly the same error :(


On 10 May 2013 15:01, Gaiseric Vandal  wrote:

> I think the "Error was Transport endpoint is not connected" warnings are
> sometimes misleading. Do you have any control over the samba config
> (smb.conf) on the NAS ?On regular samba installs, changing the default
> port settings can cause more problems.
>
> Windows 7 will try to connect on port 445  (SMB or CIFS over tcp/ip), and
> will then reconnect to ports 137/138/139 (SMB over netbios over tcp/ip)
> since samba 3.x doesn't handle the newer SMB-over-tcp/ip. Disabling
> 445 on the server seems to cause more problems than it solves.
>
>
> Are you able to connect via IP ?  e.g net use \\qnap_ip\share ?
>
> I had problems in the past when I disabled port 445 on samba servers.
>  Remote users (no netbios broadcasts permitted) could connect via IP but
> not via name. For the name only connections, packet monitoring would
> show packets getting thru the the server but the exchange between client
> and server not being completed.  For clients connecting via IP, the client
> would send packets to server, server respond, and then clients responded.
>
>
>
>
>
>
>
>
>
>
>
> On 05/07/13 03:53, Ed Strong wrote:
>
>> Hi,
>>
>> I'm re-posting this (with some more info) as I don't think the original
>> got
>> through as I wasn't
>> signed up to the samba list.
>>
>> this is my first foray in samba (and newsgroups) so go easy :)
>> I've started reading the o'reilly samba book but finding it hard going.
>>
>> Anyway I'm trying to map a network drive from a windows 7 pro client to a
>> QNAP NAS with the command:
>>net use s: \\qnap\share
>>
>> I've posted on several forums and got good advice but the problem remains.
>> Rather than repost all the detail, please see my original posts:
>>
>> http://forum.qnap.com/**viewtopic.php?f=185&t=74639
>> http://social.technet.**microsoft.com/Forums/en-US/**
>> winservergen/thread/11d35b0c-**ac95-489f-b5d1-0486b9774603
>> http://www.edugeek.net/forums/**windows-7/112309-map-network-**
>> drive-nas-but-get-error-64-58-**a.html
>>
>> I've managed to ssh onto the QNAP via putty and found this in the logs
>> (getpeername failed)
>>
>> [/var/log] # pwd
>> /var/log
>> [/var/log] # tail -f log.smbd
>> [2013/05/01 09:36:17.135999,  0] lib/util_sock.c:474(read_fd_
>> with_timeout)
>> [2013/05/01 09:36:17.136096,  0]
>> lib/util_sock.c:1440(get_peer_**addr_internal)
>>getpeername failed. Error was Transport endpoint is not connected
>>read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
>> peer.
>> [2013/05/01 09:36:17.137700,  1] smbd/server.c:299(remove_**child_pid)
>>Scheduled cleanup of brl and lock database after unclean shutdown
>> [2013/05/01 09:36:17.178522,  1] smbd/service.c:1073(make_**
>> connection_snum)
>>172.24.120.139 (172.24.120.139) connect to service Staff initially as
>> user DOMAIN+admin (uid=10001423, gid=1514) (pid
>>
>> 25771)
>> [2013/05/01 09:36:17.179093,  0] lib/util_sock.c:474(read_fd_**
>> with_timeout)
>> [2013/05/01 09:36:17.179173,  0]
>> lib/util_sock.c:1440(get_peer_**addr_internal)
>>getpeername failed. Error was Transport endpoint is not connected
>>read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
>> peer.
>> [2013/05/01 09:36:17.179289,  1] smbd/service.c:1254(close_**cnum)
>>172.24.120.139 (172.24.120.139) closed connection to service Staff
>> [2013/05/01 09:36:37.142714,  1] smbd/server.c:272(cleanup_**timeout_fn)
>>Cleaning up brl and lock database after unclean shutdown
>>
>>
>> The QNAP's samba version appears to be 3.5.2:
>>
>> [/var/log] # ps -ef | grep smb
>>   4016 admin  3104 S   /usr/local/samba/sbin/winbindd -s
>> /etc/config/smb.conf
>>   4017 admin  3728 S   /usr/local/samba/sbin/winbindd -s
>> /etc/config/smb.conf
>>   4366 admin  1840 S   /usr/local/samba/sbin/winbindd -s
>> /etc/config/smb.conf
>>   4877 admin  3300 S   /usr/local/samba/sbin/winbindd -s
>> /etc/config/smb.conf
>>   4902 admin  3952 S   /usr/local/samba/sbin/winbindd -s
>> /etc/config/smb.conf
>>   4978 admin  4132 S   /usr/local/samba/sbin/smbd -l /var/log -D -s
>> /etc/config/smb.conf
>>   4979 admin  3356 S   /usr/local/samba/sbin/winbindd -s
>> /etc/config/smb.conf
>>   4980 admin  1224 S   /usr/local/samba/sbin/winbindd -s
>> /etc/config/smb.conf
>>   4995 admin  1016 S   /usr/local/samba/sbin/smbd -l /var/l

Re: [Samba] win 7 client can't map drive: getpeername failed

[Gaiseric Vandal]

I think the "Error was Transport endpoint is not connected" warnings are 
sometimes misleading. Do you have any control over the samba config 
(smb.conf) on the NAS ?On regular samba installs, changing the 
default port settings can cause more problems.


Windows 7 will try to connect on port 445  (SMB or CIFS over tcp/ip), 
and will then reconnect to ports 137/138/139 (SMB over netbios over 
tcp/ip) since samba 3.x doesn't handle the newer 
SMB-over-tcp/ip. Disabling 445 on the server seems to cause more 
problems than it solves.



Are you able to connect via IP ?  e.g net use \\qnap_ip\share ?

I had problems in the past when I disabled port 445 on samba servers.  
Remote users (no netbios broadcasts permitted) could connect via IP but 
not via name. For the name only connections, packet monitoring would 
show packets getting thru the the server but the exchange between client 
and server not being completed.  For clients connecting via IP, the 
client would send packets to server, server respond, and then clients 
responded.











On 05/07/13 03:53, Ed Strong wrote:

Hi,

I'm re-posting this (with some more info) as I don't think the original got
through as I wasn't
signed up to the samba list.

this is my first foray in samba (and newsgroups) so go easy :)
I've started reading the o'reilly samba book but finding it hard going.

Anyway I'm trying to map a network drive from a windows 7 pro client to a
QNAP NAS with the command:
   net use s: \\qnap\share

I've posted on several forums and got good advice but the problem remains.
Rather than repost all the detail, please see my original posts:

http://forum.qnap.com/viewtopic.php?f=185&t=74639
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/11d35b0c-ac95-489f-b5d1-0486b9774603
http://www.edugeek.net/forums/windows-7/112309-map-network-drive-nas-but-get-error-64-58-a.html

I've managed to ssh onto the QNAP via putty and found this in the logs
(getpeername failed)

[/var/log] # pwd
/var/log
[/var/log] # tail -f log.smbd
[2013/05/01 09:36:17.135999,  0] lib/util_sock.c:474(read_fd_
with_timeout)
[2013/05/01 09:36:17.136096,  0]
lib/util_sock.c:1440(get_peer_addr_internal)
   getpeername failed. Error was Transport endpoint is not connected
   read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
peer.
[2013/05/01 09:36:17.137700,  1] smbd/server.c:299(remove_child_pid)
   Scheduled cleanup of brl and lock database after unclean shutdown
[2013/05/01 09:36:17.178522,  1] smbd/service.c:1073(make_connection_snum)
   172.24.120.139 (172.24.120.139) connect to service Staff initially as
user DOMAIN+admin (uid=10001423, gid=1514) (pid

25771)
[2013/05/01 09:36:17.179093,  0] lib/util_sock.c:474(read_fd_with_timeout)
[2013/05/01 09:36:17.179173,  0]
lib/util_sock.c:1440(get_peer_addr_internal)
   getpeername failed. Error was Transport endpoint is not connected
   read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
peer.
[2013/05/01 09:36:17.179289,  1] smbd/service.c:1254(close_cnum)
   172.24.120.139 (172.24.120.139) closed connection to service Staff
[2013/05/01 09:36:37.142714,  1] smbd/server.c:272(cleanup_timeout_fn)
   Cleaning up brl and lock database after unclean shutdown


The QNAP's samba version appears to be 3.5.2:

[/var/log] # ps -ef | grep smb
  4016 admin  3104 S   /usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
  4017 admin  3728 S   /usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
  4366 admin  1840 S   /usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
  4877 admin  3300 S   /usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
  4902 admin  3952 S   /usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
  4978 admin  4132 S   /usr/local/samba/sbin/smbd -l /var/log -D -s
/etc/config/smb.conf
  4979 admin  3356 S   /usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
  4980 admin  1224 S   /usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
  4995 admin  1016 S   /usr/local/samba/sbin/smbd -l /var/log -D -s
/etc/config/smb.conf
  5063 admin  2068 S   /usr/local/samba/sbin/winbindd -s
/etc/config/smb.conf
  9509 admin  1664 S   /usr/local/samba/sbin/nmbd -l /var/log -D -s
/etc/config/smb.conf
25540 admin   544 S   grep smb
[/var/log] # /usr/local/samba/sbin/smbd -V
Version 3.5.2


I've also installed MS network monitor on two clients and did a capture
whilst running the command
net use s:\ \\saturn\staff

I've posted three screenshots here:

https://plus.google.com/photos/108734482620454690509/albums/5875135861918839393?authkey=CJ3lwKu2xJqMyQE

Basically, Worked.png shows the SMB frames on a PC where the net use
command worked
and Failed.png shows the SMB frames on a PC where the net use command did
not work

It looks to me like the first 6 SMB frames are identical. Then things start
to change

On the working client we continue with frame 10113 which is a
   Dfsc: Get DFS Referral Request

bu