jcdole@free.fr
2008-Jul-23 10:49 UTC
[Samba] smbclient does not connect anonymously localy on fresh install
Hello.
I have some problem, with a new configuration on a new PC.
I want to setup a SAMBA PDC using an HOWTO.
This howto was working on OPENSUSE 10.1 with a X86 processor and I have used it
a lot of time.
Now I use OPENSUSE 10.3.
The new PC run a X64 processor.
After the fresh install and following :
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html
I could not make smbclient connecting samba anonymously from the server
(localy).
I use ldap, but for the moment ldap is not configured and not started.
But smb.conf is configured for using ldap :
passdb backend = ldapsam:ldap://127.0.0.1
I was thinking that smbclient can connect localy anonymously even if ldap is not
running.
What is wrong?
. uname -r
. --------
2.6.22.18-0.2-default
.
.
. rpm -aq | grep samba
. --------------------
samba-client-3.2.0-24.1.123
samba-doc-3.2.0-24.1.123
samba-krb-printing-3.2.0-24.1.123
yast2-samba-client-2.15.11-33
samba-3.2.0-24.1.123
yast2-samba-server-2.15.7-57
samba-python-3.0.26a-3.7
samba-devel-3.2.0-24.1.123
kdebase3-samba-3.5.7-87.5
samba-winbind-3.2.0-24.1.123
.
.
. rpm -aq | grep ldap
. -------------------
python-ldap-2.3.1-18
perl-ldap-0.33-81
pam_ldap-184-48
yast2-ldap-2.15.1-83
openldap2-devel-2.3.41-2.1
ldapcpplib-0.0.4-95
yast2-ldap-client-2.15.12-37
php5-ldap-5.2.6-0.1
openldap2-client-2.3.41-2.1
ldap-account-manager-2.3.0-0.pm.0
yast2-ldap-server-2.15.5-76
openldap2-2.3.41-1.1
ldapsmb-1.34b-110.8.123
nss_ldap-257-17
perl-ldap-ssl-0.33-81
.
.
. iptables -L -v
. --------------
Chain INPUT (policy ACCEPT 402K packets, 24M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 401K packets, 17M bytes)
pkts bytes target prot opt in out source destination
.
.
. ping -c 5 127.0.0.1
. -------------------
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.077 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.091 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.043 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.056 ms
64 bytes from 127.0.0.1: icmp_seq=5 ttl=64 time=0.043 ms
--- 127.0.0.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4003ms
rtt min/avg/max/mdev = 0.043/0.062/0.091/0.019 ms
.
.
. ping -c 5 LINUX-SRV
. -------------------
PING LINUX-SRV.HATHOR.NWK (127.0.0.2) 56(84) bytes of data.
64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=1 ttl=64 time=0.098 ms
64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=2 ttl=64 time=0.067 ms
64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=4 ttl=64 time=0.067 ms
64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=5 ttl=64 time=0.052 ms
--- LINUX-SRV.HATHOR.NWK ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 0.052/0.067/0.098/0.019 ms
.
.
. ping -c 5 192.168.169.100
. -------------------------
PING 192.168.169.100 (192.168.169.170) 56(84) bytes of data.
64 bytes from 192.168.169.170: icmp_seq=1 ttl=64 time=0.078 ms
64 bytes from 192.168.169.170: icmp_seq=2 ttl=64 time=0.082 ms
64 bytes from 192.168.169.170: icmp_seq=3 ttl=64 time=0.041 ms
64 bytes from 192.168.169.170: icmp_seq=4 ttl=64 time=0.061 ms
64 bytes from 192.168.169.170: icmp_seq=5 ttl=64 time=0.038 ms
--- 192.168.169.170 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.038/0.060/0.082/0.018 ms
.
.
. netstat -an | egrep '(:137|:138|:139|:445)'
. -------------------------------------------
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
udp 0 0 192.168.169.170:137 0.0.0.0:*
udp 0 0 0.0.0.0:137 0.0.0.0:*
udp 0 0 192.168.169.170:138 0.0.0.0:*
udp 0 0 0.0.0.0:138 0.0.0.0:*
.
.
. nmap -p 1-65535 localhost
. -------------------------
Starting Nmap 4.20 ( http://insecure.org ) at 2008-07-23 12:10 CEST
Interesting ports on localhost (127.0.0.1):
Not shown: 65526 closed ports
PORT STATE SERVICE
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
631/tcp open ipp
901/tcp open samba-swat
Nmap finished: 1 IP address (1 host up) scanned in 4.782 seconds
.
.
. testparm
. --------
[global]
dos charset = 850
unix charset = ISO8859-1
workgroup = HATHOR.NWK
server string = HATHOR Samba-LDAP PDC Server
interfaces = eth0, lo
passdb backend = ldapsam:ldap://127.0.0.1
username map = /etc/samba/smbusers
log level = 1024
log file = /var/log/samba/%m.log
max log size = 10000
time server = Yes
deadtime = 10
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%g"
"%u"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%g" "%u"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" %u
logon script = scripts\logon.bat
logon path = \\%L\Profiles\%U
logon drive = V:
logon home = \\%L\%U
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=Ldap_Admin,dc=ldap_hathor,dc=nwk
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers,ou=Users
ldap passwd sync = Yes
ldap suffix = dc=ldap_hathor,dc=nwk
ldap ssl = no
ldap user suffix = ou=People,ou=Users
idmap uid = 15000-20000
idmap gid = 15000-20000
create mask = 0640
directory mask = 0750
hosts allow = 192.168.169., 127.0.0.
nt acl support = No
cups options = raw
case sensitive = No
hide unreadable = Yes
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
.
.
. smbclient -L localhost -N
. -------------------------
session setup failed: Call timed out: server did not respond after 20000
milliseconds
.
.
. nmblookup -B LINUX-SRV __SAMBA__
. --------------------------------
Received a packet of len 62 from (127.0.0.2) port 137
nmb packet from 127.0.0.2(137) header: id=16583 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=__SAMBA__<00> rr_type=32 rr_class=1 ttl=259200
answers 0 char `....d hex 6000C0A88264
Got a positive name query response from 127.0.0.2 ( 192.168.169.170 )
192.168.169.170 __SAMBA__<00>
LINUX-SRV:~ #
.
.
. nmblookup -B LINUX-SRV '*'
. --------------------------
Received a packet of len 62 from (127.0.0.2) port 137
nmb packet from 127.0.0.2(137) header: id=30342 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=*<00> rr_type=32 rr_class=1 ttl=259200
answers 0 char `....d hex 6000C0A88264
Got a positive name query response from 127.0.0.2 ( 192.168.169.170 )
192.168.169.170 *<00>
LINUX-SRV:~ #
.
.
. nmblookup -d 2 '*'
. ------------------
added interface eth0 ip=192.168.169.170 bcast=192.168.169.255
netmask=255.255.255.0
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
querying * on 192.168.169.255
Got a positive name query response from 192.168.169.170 ( 192.168.169.170 )
192.168.169.170 *<00>
LINUX-SRV:~ #
.
.
. smbclient -L //LINUX-SRV/publique -Uroot_user%a_password
. --------------------------------------------------------
Receiving SMB: Server stopped responding
session setup failed: Call timed out: server did not respond after 20000
milliseconds
.
.
Termin?
Scott Lovenberg
2008-Jul-23 11:12 UTC
[Samba] smbclient does not connect anonymously localy on fresh install
jcdole@free.fr wrote:> Hello. > > I have some problem, with a new configuration on a new PC. > I want to setup a SAMBA PDC using an HOWTO. > This howto was working on OPENSUSE 10.1 with a X86 processor and I have used it > a lot of time. > > Now I use OPENSUSE 10.3. > The new PC run a X64 processor. > > After the fresh install and following : > http://samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html > I could not make smbclient connecting samba anonymously from the server > (localy). > > I use ldap, but for the moment ldap is not configured and not started. > But smb.conf is configured for using ldap : > passdb backend = ldapsam:ldap://127.0.0.1 > > I was thinking that smbclient can connect localy anonymously even if ldap is not > running. > What is wrong? > > > > . uname -r > . -------- > 2.6.22.18-0.2-default > . > . > . rpm -aq | grep samba > . -------------------- > samba-client-3.2.0-24.1.123 > samba-doc-3.2.0-24.1.123 > samba-krb-printing-3.2.0-24.1.123 > yast2-samba-client-2.15.11-33 > samba-3.2.0-24.1.123 > yast2-samba-server-2.15.7-57 > samba-python-3.0.26a-3.7 > samba-devel-3.2.0-24.1.123 > kdebase3-samba-3.5.7-87.5 > samba-winbind-3.2.0-24.1.123 > . > . > . rpm -aq | grep ldap > . ------------------- > python-ldap-2.3.1-18 > perl-ldap-0.33-81 > pam_ldap-184-48 > yast2-ldap-2.15.1-83 > openldap2-devel-2.3.41-2.1 > ldapcpplib-0.0.4-95 > yast2-ldap-client-2.15.12-37 > php5-ldap-5.2.6-0.1 > openldap2-client-2.3.41-2.1 > ldap-account-manager-2.3.0-0.pm.0 > yast2-ldap-server-2.15.5-76 > openldap2-2.3.41-1.1 > ldapsmb-1.34b-110.8.123 > nss_ldap-257-17 > perl-ldap-ssl-0.33-81 > . > . > . iptables -L -v > . -------------- > Chain INPUT (policy ACCEPT 402K packets, 24M bytes) > pkts bytes target prot opt in out source destination > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > > Chain OUTPUT (policy ACCEPT 401K packets, 17M bytes) > pkts bytes target prot opt in out source destination > . > . > . ping -c 5 127.0.0.1 > . ------------------- > PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. > 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.077 ms > 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.091 ms > 64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.043 ms > 64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.056 ms > 64 bytes from 127.0.0.1: icmp_seq=5 ttl=64 time=0.043 ms > > --- 127.0.0.1 ping statistics --- > 5 packets transmitted, 5 received, 0% packet loss, time 4003ms > rtt min/avg/max/mdev = 0.043/0.062/0.091/0.019 ms > . > . > . ping -c 5 LINUX-SRV > . ------------------- > PING LINUX-SRV.HATHOR.NWK (127.0.0.2) 56(84) bytes of data. > 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=1 ttl=64 time=0.098 ms > 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=2 ttl=64 time=0.067 ms > 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=3 ttl=64 time=0.055 ms > 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=4 ttl=64 time=0.067 ms > 64 bytes from LINUX-SRV.HATHOR.NWK (127.0.0.2): icmp_seq=5 ttl=64 time=0.052 ms > > --- LINUX-SRV.HATHOR.NWK ping statistics --- > 5 packets transmitted, 5 received, 0% packet loss, time 4001ms > rtt min/avg/max/mdev = 0.052/0.067/0.098/0.019 ms > . > . > . ping -c 5 192.168.169.100 > . ------------------------- > PING 192.168.169.100 (192.168.169.170) 56(84) bytes of data. > 64 bytes from 192.168.169.170: icmp_seq=1 ttl=64 time=0.078 ms > 64 bytes from 192.168.169.170: icmp_seq=2 ttl=64 time=0.082 ms > 64 bytes from 192.168.169.170: icmp_seq=3 ttl=64 time=0.041 ms > 64 bytes from 192.168.169.170: icmp_seq=4 ttl=64 time=0.061 ms > 64 bytes from 192.168.169.170: icmp_seq=5 ttl=64 time=0.038 ms > > --- 192.168.169.170 ping statistics --- > 5 packets transmitted, 5 received, 0% packet loss, time 4002ms > rtt min/avg/max/mdev = 0.038/0.060/0.082/0.018 ms > . > . > . netstat -an | egrep '(:137|:138|:139|:445)' > . ------------------------------------------- > tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN > tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN > udp 0 0 192.168.169.170:137 0.0.0.0:* > udp 0 0 0.0.0.0:137 0.0.0.0:* > udp 0 0 192.168.169.170:138 0.0.0.0:* > udp 0 0 0.0.0.0:138 0.0.0.0:* > . > . > . nmap -p 1-65535 localhost > . ------------------------- > > Starting Nmap 4.20 ( http://insecure.org ) at 2008-07-23 12:10 CEST > Interesting ports on localhost (127.0.0.1): > Not shown: 65526 closed ports > PORT STATE SERVICE > 22/tcp open ssh > 23/tcp open telnet > 25/tcp open smtp > 80/tcp open http > 111/tcp open rpcbind > 139/tcp open netbios-ssn > 445/tcp open microsoft-ds > 631/tcp open ipp > 901/tcp open samba-swat > > Nmap finished: 1 IP address (1 host up) scanned in 4.782 seconds > . > . > . testparm > . -------- > [global] > dos charset = 850 > unix charset = ISO8859-1 > workgroup = HATHOR.NWK > server string = HATHOR Samba-LDAP PDC Server > interfaces = eth0, lo > passdb backend = ldapsam:ldap://127.0.0.1 > username map = /etc/samba/smbusers > log level = 1024 > log file = /var/log/samba/%m.log > max log size = 10000 > time server = Yes > deadtime = 10 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > printcap name = cups > add user script = /usr/local/sbin/smbldap-useradd -m "%u" > delete user script = /usr/local/sbin/smbldap-userdel "%u" > add group script = /usr/local/sbin/smbldap-groupadd -p "%g" > add user to group script = /usr/local/sbin/smbldap-groupmod -m "%g" "%u" > delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%g" "%u" > set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" %u > logon script = scripts\logon.bat > logon path = \\%L\Profiles\%U > logon drive = V: > logon home = \\%L\%U > domain logons = Yes > os level = 255 > preferred master = Yes > domain master = Yes > wins support = Yes > ldap admin dn = cn=Ldap_Admin,dc=ldap_hathor,dc=nwk > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap machine suffix = ou=Computers,ou=Users > ldap passwd sync = Yes > ldap suffix = dc=ldap_hathor,dc=nwk > ldap ssl = no > ldap user suffix = ou=People,ou=Users > idmap uid = 15000-20000 > idmap gid = 15000-20000 > create mask = 0640 > directory mask = 0750 > hosts allow = 192.168.169., 127.0.0. > nt acl support = No > cups options = raw > case sensitive = No > hide unreadable = Yes > dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd > > . > . > . smbclient -L localhost -N > . ------------------------- > session setup failed: Call timed out: server did not respond after 20000 > milliseconds > . > . > . nmblookup -B LINUX-SRV __SAMBA__ > . -------------------------------- > Received a packet of len 62 from (127.0.0.2) port 137 > nmb packet from 127.0.0.2(137) header: id=16583 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=__SAMBA__<00> rr_type=32 rr_class=1 ttl=259200 > answers 0 char `....d hex 6000C0A88264 > Got a positive name query response from 127.0.0.2 ( 192.168.169.170 ) > 192.168.169.170 __SAMBA__<00> > LINUX-SRV:~ # > . > . > . nmblookup -B LINUX-SRV '*' > . -------------------------- > Received a packet of len 62 from (127.0.0.2) port 137 > nmb packet from 127.0.0.2(137) header: id=30342 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=*<00> rr_type=32 rr_class=1 ttl=259200 > answers 0 char `....d hex 6000C0A88264 > Got a positive name query response from 127.0.0.2 ( 192.168.169.170 ) > 192.168.169.170 *<00> > LINUX-SRV:~ # > . > . > . nmblookup -d 2 '*' > . ------------------ > added interface eth0 ip=192.168.169.170 bcast=192.168.169.255 > netmask=255.255.255.0 > added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 > querying * on 192.168.169.255 > Got a positive name query response from 192.168.169.170 ( 192.168.169.170 ) > 192.168.169.170 *<00> > LINUX-SRV:~ # > . > . > . smbclient -L //LINUX-SRV/publique -Uroot_user%a_password > . -------------------------------------------------------- > Receiving SMB: Server stopped responding > session setup failed: Call timed out: server did not respond after 20000 > milliseconds > . > . > Termin? > >I believe you need a "|map to guest = bad user" and/or "guest account = nobody" for anonymous access to be automated.|