Phil Quesinberry
2013-Apr-18 14:34 UTC
[Samba] Strange behavior when using 'hosts allow' parameter
I wanted to bring attention to some odd behavior which I don't believe is intentional. With Samba running, I can go to a Windows machine on the network (10.0.0.0/24) and see all of the Samba shares by pulling up an Explorer window and going to \\Server1 Everything appears to work as expected. However, if I populate the 'hosts allow' parameter within smb.conf as follows: hosts allow = 10.0.0. 127. I can no longer see the shares by going to \\Server1 I can, however, go to \\Server1\sharename and pull that up just fine, I just can't see the root path which contains all of the shares. While this seems like a handy way to keep users from browsing to see what shares are available, I don't think that was the intent. Configuration info is included below, I'll be happy to provide any additional information required upon request. Testparm output: Load smb config files from /usr/local/samba/etc/smb.conf rlimit_max: increasing rlimit_max (2048) to minimum Windows limit (16384) Processing section "[netlogon]" Processing section "[sysvol]" Processing section "[hldata]" Processing section "[C]" Processing section "[D]" Processing section "[MacData]" Processing section "[printers]" Processing section "[print$]" Loaded services file OK. Server role: ROLE_ACTIVE_DIRECTORY_DC Press enter to see a dump of your service definitions [global] workgroup = HERSCHLAUREN realm = HERSCHLAUREN.COM server string = HerschLinux interfaces = 10.0.0.15/24, 127.0.0.1/8 server role = active directory domain controller passdb backend = samba_dsdb deadtime = 15 add machine script = /usr/sbin/useradd -n -g machines -d /dev/null -s /sbin/nologin %u preferred master = Yes domain master = Yes wins support = Yes allow dns updates = nonsecure and secure dns forwarder = 10.0.0.1 rpc_server:tcpip = no rpc_daemon:spoolssd = embedded rpc_server:spoolss = embedded rpc_server:winreg = embedded rpc_server:ntsvcs = embedded rpc_server:eventlog = embedded rpc_server:srvsvc = embedded rpc_server:svcctl = embedded rpc_server:default = external idmap config * : backend = tdb invalid users = nobody, root hosts allow = 10.0.0., 127. map archive = No map readonly = no store dos attributes = Yes vfs objects = dfs_samba4, acl_xattr [netlogon] path = /usr/local/samba/var/locks/sysvol/herschlauren.com/scripts [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [hldata] comment = Data directory for entire Windows share (Samba) path = /hldata valid users = administrator, lhall, pquesinb, tcordes, vquesinberry, phil read only = No [C] comment = C: Drive path = /hldata/C valid users = administrator, lhall, pquesinb, tcordes, vquesinberry, phil read only = No [D] comment = D: Drive path = /hldata/D valid users = administrator, lhall, pquesinb, tcordes, vquesinberry, phil read only = No [MacData] comment = MacData directory path = /hldata/D/D Drive/MacData valid users = administrator, lhall, pquesinb, tcordes, vquesinberry, phil read only = No [printers] comment = All Printers path = /usr/local/samba/var/spool printable = Yes print ok = Yes browseable = No [print$] comment = Point and Print Printer Drivers path = /usr/local/samba/var/print Version is 4.1.0pre1-GIT-0fa404c Phil Quesinberry Q Systems Engineering, Inc. Embedded Systems Hardware/Software Development and VoIP Business Telephone Hosting Improve your business telephone services and save money (410) 969-8002 http://www.qsystemsengineering.com <http://www.qsystemsengineering.com/>
Phil Quesinberry
2013-Apr-19 15:58 UTC
[Samba] Strange behavior when using 'hosts allow' parameter
Some additional info on this. When copying files from another host on the network which is allowed by the hosts allow entry, I get 'denied by access rules' entries filling the log at over 1000 lines per second. Log level is currently set to 3. I'm guessing I need to file a bug report: [2013/04/19 00:24:49, 0] ../source4/lib/socket/access.c:356(socket_check_access) socket_check_access: Denied connection to 'smbd' from LOCAL/unixdom (LOCAL/unixdom) [2013/04/19 00:24:49, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'denied by access rules' [2013/04/19 00:24:49, 3] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[denied by access rules] [2013/04/19 00:24:49, 3] ../source4/lib/socket/access.c:298(only_ipaddrs_in_list) only_ipaddrs_in_list: list has non-ip address (10.0.0.) [2013/04/19 00:24:49, 0] ../source4/lib/socket/access.c:356(socket_check_access) socket_check_access: Denied connection to 'smbd' from LOCAL/unixdom (LOCAL/unixdom) [2013/04/19 00:24:49, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'denied by access rules' [2013/04/19 00:24:49, 3] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[denied by access rules] [2013/04/19 00:24:49, 3] ../source4/lib/socket/access.c:298(only_ipaddrs_in_list) only_ipaddrs_in_list: list has non-ip address (10.0.0.) [2013/04/19 00:24:49, 0] ../source4/lib/socket/access.c:356(socket_check_access) socket_check_access: Denied connection to 'smbd' from LOCAL/unixdom (LOCAL/unixdom) [2013/04/19 00:24:49, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'denied by access rules' [2013/04/19 00:24:49, 3] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[denied by access rules] [2013/04/19 00:24:49, 3] ../source4/lib/socket/access.c:298(only_ipaddrs_in_list) only_ipaddrs_in_list: list has non-ip address (10.0.0.) [2013/04/19 00:24:49, 0] ../source4/lib/socket/access.c:356(socket_check_access) socket_check_access: Denied connection to 'smbd' from LOCAL/unixdom (LOCAL/unixdom) [2013/04/19 00:24:49, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'denied by access rules' [2013/04/19 00:24:49, 3] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[denied by access rules] [2013/04/19 00:24:49, 3] ../source4/lib/socket/access.c:298(only_ipaddrs_in_list) only_ipaddrs_in_list: list has non-ip address (10.0.0.) [2013/04/19 00:24:49, 0] ../source4/lib/socket/access.c:356(socket_check_access) socket_check_access: Denied connection to 'smbd' from LOCAL/unixdom (LOCAL/unixdom) [2013/04/19 00:24:49, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'denied by access rules' [2013/04/19 00:24:49, 3] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[denied by access rules] [2013/04/19 00:24:49, 3] ../source4/lib/socket/access.c:298(only_ipaddrs_in_list) only_ipaddrs_in_list: list has non-ip address (10.0.0.) [2013/04/19 00:24:49, 0] ../source4/lib/socket/access.c:356(socket_check_access) socket_check_access: Denied connection to 'smbd' from LOCAL/unixdom (LOCAL/unixdom) [2013/04/19 00:24:49, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'denied by access rules' [2013/04/19 00:24:49, 3] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[denied by access rules] [2013/04/19 00:24:49, 3] ../source4/lib/socket/access.c:298(only_ipaddrs_in_list) only_ipaddrs_in_list: list has non-ip address (10.0.0.) [2013/04/19 00:24:49, 0] ../source4/lib/socket/access.c:356(socket_check_access) socket_check_access: Denied connection to 'smbd' from LOCAL/unixdom (LOCAL/unixdom) [2013/04/19 00:24:49, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'denied by access rules' [2013/04/19 00:24:49, 3] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[denied by access rules] [2013/04/19 00:24:49, 3] ../source4/lib/socket/access.c:298(only_ipaddrs_in_list) -- View this message in context: http://samba.2283325.n4.nabble.com/Strange-behavior-when-using-hosts-allow-parameter-tp4646968p4647026.html Sent from the Samba - General mailing list archive at Nabble.com.
Reasonably Related Threads
- Apparent bug remains in v4.0.7 - Hosts allow parameter causing errors and vey slow MS Office document access
- 4.05 stable - domain join attempt failing with "NO DNS zone information found in source domain, not replicating DNS", followed by LDAP error 50
- No NTLM with PAM after upgrade
- Requested xxxx scheme, but we have a NULL password after upgrade
- Directory Permissions?