Various Samba 2.2.7a problems

Printable View

10-02-2007, 04:14 PM
unix

Various Samba 2.2.7a problems

I'm using redhat 9 and I have their most recently updated Samba RPMs.
I'm testing a very simple smb.conf with a win98 machine. The win98 box
shows the linux box in network neighborhood, but won't connect to
it--it's "not accessable". I'm using the troubleshooting chapter in
the O'Reilly book as a guide.

This is what I've found out:

First, bcast doesn't work:

[chaos ~]$ smbclient //chaos/test -U% -R wins
added interface ip=172.16.96.3 bcast=172.16.96.255 nmask=255.255.255.0
Got a positive name query response from 172.0.0.1 ( 17.16.96.3 )
Domain=[HELL] OS=[Unix] Server=[Samba]
smb: \> quit
[chaos ~]$
[chaos ~]$ smbclient //chaos/test -U% -R bcast
added interface ip=172.16.96.3 bcast=172.16.96.255 nmask=255.255.255.0
Connection to chaos failed

Second, bad things happen when samba becomes browse master. This is
from my log.nmbd:
[2003/06/25 01:51:16, 0]
nmbd/nmbd_become_lmb.c:become_local_master_stage2(404)
*****

Samba name server CHAOS is now a local master browser for
workgroup HELL on subnet 172.16.96.3

*****
[2003/06/25 01:51:27, 0]
nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(358)
find_domain_master_name_query_fail:
Unable to find the Domain Master Browser name HELL<1b> for the
workgroup HELL.
Unable to sync browse lists in this workgroup.

And of course, then network neighborhood goes empty on the win98 box.
Is it supposed to have the server's IP in that message? Naturally,
setting local master = no keeps this from happening, but I don't like
that solution.

Any thoughts are appreciated :)
10-02-2007, 04:14 PM
unix

Re: Various Samba 2.2.7a problems

Mark wrote:
[color=blue]
> In article <ccf86e08.0306251519.4d6e3383@posting.google.com>,
> [email]dianapyro@yahoo.com[/email] says...[color=green]
>> Mark <mw@nospam.me> wrote in message
>> news:<MPG.19635f433993c3759896af@192.168.0.203>...[color=darkred]
>> > In article <ccf86e08.0306250256.42e51a70@posting.google.com>,
>> > [email]dianapyro@yahoo.com[/email] says...
>> > > I'm using redhat 9 and I have their most recently updated Samba RPMs.
>> > > I'm testing a very simple smb.conf with a win98 machine. The win98
>> > > box shows the linux box in network neighborhood, but won't connect to
>> > > it--it's "not accessable". I'm using the troubleshooting chapter in
>> > > the O'Reilly book as a guide.
>> > >
>> > > This is what I've found out:
>> > >
>> > > First, bcast doesn't work:
>> > >
>> > > [chaos ~]$ smbclient //chaos/test -U% -R wins
>> > > added interface ip=172.16.96.3 bcast=172.16.96.255
>> > > nmask=255.255.255.0 Got a positive name query response from 172.0.0.1
>> > > ( 17.16.96.3 ) Domain=[HELL] OS=[Unix] Server=[Samba]
>> > > smb: \> quit
>> > > [chaos ~]$
>> > > [chaos ~]$ smbclient //chaos/test -U% -R bcast
>> > > added interface ip=172.16.96.3 bcast=172.16.96.255
>> > > nmask=255.255.255.0 Connection to chaos failed
>> > >
>> > >
>> > > Second, bad things happen when samba becomes browse master. This is
>> > > from my log.nmbd:
>> > > [2003/06/25 01:51:16, 0]
>> > > nmbd/nmbd_become_lmb.c:become_local_master_stage2(404)
>> > > *****
>> > >
>> > > Samba name server CHAOS is now a local master browser for
>> > > workgroup HELL on subnet 172.16.96.3
>> > >
>> > > *****
>> > > [2003/06/25 01:51:27, 0]
>> > > nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(358)
>> > > find_domain_master_name_query_fail:
>> > > Unable to find the Domain Master Browser name HELL<1b> for the
>> > > workgroup HELL.
>> > > Unable to sync browse lists in this workgroup.
>> > >
>> > > And of course, then network neighborhood goes empty on the win98 box.
>> > > Is it supposed to have the server's IP in that message? Naturally,
>> > > setting local master = no keeps this from happening, but I don't like
>> > > that solution.
>> > >
>> > >
>> > > Any thoughts are appreciated :)
>> > >
>> > Post your smb.conf and also take a look at my web page for help.[/color]
>>
>> Here it is...like I said, pretty basic.
>>
>> # My testing smb.conf
>>
>> [global]
>> workgroup=HELL
>> interfaces=172.16.96.3/255.255.255.0
>> wins support=yes
>> encrypt passwords=yes
>> log level=1
>> browseable=yes
>>
>> # workaround for bizarre browse master issue
>> local master=no
>>
>> [test]
>> path=/raid/ur
>> public=yes
>>
>> In the redhat install, I chose "high" security; I'm wondering if
>> that's part of the problem. I'm weaning myself from the GUI tools, and
>> I don't know what actual files this affects.
>>[/color]
>
> Your smb.conf works fine on my pc ( with a couple of light mods to match
> my enviroment . I would suggest that if you installed Redhat with high
> security that this may be part of the issue...hard to say as I am not a
> Redhat fan.
>
> Try this simple smb.conf.
>
> [global]
> workgroup = HELL
> encrypt passwords = yes
> netbios name = (enter the name of your linx pc here)
> os level = 65
> preferred master = yes
> local master = yes
>
> [homes]
> read only = no
> browseable = yes
>
> Save it and restart samba. Open Network Neighborhood and see if the
> linux pc is now showing and accessable.
>
> Post your results.
>[/color]
When I tried that smb.conf, no computers appear in network neighborhood.
Oddly enough, the "Unable to sync browse lists in this workgroup." error
didn't appear in log.nmbd after it became browse master.

BTW, I dislike Red Hat too...but I built the machine for someone else who
insisted on it, and high security is a must.
10-02-2007, 04:14 PM
unix

Re: Various Samba 2.2.7a problems

On Thu, 26 Jun 2003 01:05:28 -0600,
Diana Pyro <dianapyro@yahoo.com>, in
<vfl6q7lpmtkm0a@corp.supernews.com> wrote:

+> BTW, I dislike Red Hat too...but I built the machine for someone else who
+> insisted on it, and high security is a must.

And they want Microsoft filesharing available?

You may want to double check that the RH firewall has allowed the
relevant MS networking ports (137, 138, 139 and possibly 445) to be
accessed...

Typically, I disable the RH firewall, and build my own iptables
ruleset.

James
--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.
10-02-2007, 04:15 PM
unix

Re: Various Samba 2.2.7a problems

On 26 Jun 2003, I R A Darth Aggie wrote:
[color=blue]
> On Thu, 26 Jun 2003 01:05:28 -0600,
> Diana Pyro <dianapyro@yahoo.com>, in
>
> +> BTW, I dislike Red Hat too...but I built the machine for someone else who
> +> insisted on it, and high security is a must.
>
> And they want Microsoft filesharing available?[/color]

SNORT!
[color=blue]
> You may want to double check that the RH firewall has allowed the
> relevant MS networking ports (137, 138, 139 and possibly 445) to be
> accessed...[/color]

I've only installed "high" once, with RedHat 9. With IP filtering
in the kernel rather than front-ended with TCP-wrappers or similar
software, turning-off a port means that the app on the remote machine
receives literally no response to its attempt at opening a socket to a
blocked port. Not a denial message followed by a socket close, just dead
air. Since you chose "high" security, _every_ port will exhibit this,
regardless of what you're running locally, until you change the iptables
rules or disable it.
[color=blue]
> James[/color]

* Nick Geovanis
| IT Computing Svcs
| Northwestern Univ
| [email]n-geovanis@nwu.edu[/email]
+------------------->
10-02-2007, 04:15 PM
unix

Re: Various Samba 2.2.7a problems

Nicholas Geovanis wrote:
[color=blue]
> On 26 Jun 2003, I R A Darth Aggie wrote:
>[color=green]
>> On Thu, 26 Jun 2003 01:05:28 -0600,
>> Diana Pyro <dianapyro@yahoo.com>, in
>>
>> +> BTW, I dislike Red Hat too...but I built the machine for someone else
>> who +> insisted on it, and high security is a must.
>>
>> And they want Microsoft filesharing available?[/color]
>
> SNORT![/color]

Well, it's either that or I teach a bunch of data-entry people in their 40s
how to use Linux...a lose-lose situation.
[color=blue]
>[color=green]
>> You may want to double check that the RH firewall has allowed the
>> relevant MS networking ports (137, 138, 139 and possibly 445) to be
>> accessed...[/color]
>
> I've only installed "high" once, with RedHat 9. With IP filtering
> in the kernel rather than front-ended with TCP-wrappers or similar
> software, turning-off a port means that the app on the remote machine
> receives literally no response to its attempt at opening a socket to a
> blocked port. Not a denial message followed by a socket close, just dead
> air. Since you chose "high" security, _every_ port will exhibit this,
> regardless of what you're running locally, until you change the iptables
> rules or disable it.[/color]

I changed the iptables rules, and now they can connect to each other all
they please. I'm curious about how the win98 box got any data for its
network neighborhood. Is that sent out unsolicited?

That also leaves me with the other problem--my log.nmbd is filled with
errors like this every 15 minutes. I'm still looking into it, but if anyone
has helpful hints, please let me know.

[2003/06/26 18:58:10, 0]
nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(35
find_domain_master_name_query_fail:
Unable to find the Domain Master Browser name HELL<1b> for the workgroup
HELL.
Unable to sync browse lists in this workgroup.

[color=blue]
>[color=green]
>> James[/color]
>
> * Nick Geovanis
> | IT Computing Svcs
> | Northwestern Univ
> | [email]n-geovanis@nwu.edu[/email]
> +------------------->[/color]