Phil Quesinberry
2013-Jul-04 04:50 UTC
[Samba] Apparent bug remains in v4.0.7 - Hosts allow parameter causing errors and vey slow MS Office document access
>From smb.conf:hosts allow = 10.0.0. 127. Same story using the following syntax instead: hosts allow = 10.0.0.0/24 127.0.0.1/8 If I comment out the hosts allow line, the slow MS Office document access and most of the errors in the log go away.>From log.samba:[2013/07/04 00:15:52, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2013/07/04 00:15:52, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid signature! [2013/07/04 00:16:03, 0] ../source4/lib/socket/access.c:356(socket_check_access) socket_check_access: Denied connection to 'smbd' from LOCAL/unixdom (LOCAL/unixdom) [2013/07/04 00:16:03, 0] ../source4/lib/socket/access.c:356(socket_check_access) socket_check_access: Denied connection to 'smbd' from LOCAL/unixdom (LOCAL/unixdom) [2013/07/04 00:16:03, 0] ../source4/lib/socket/access.c:356(socket_check_access) socket_check_access: Denied connection to 'smbd' from LOCAL/unixdom (LOCAL/unixdom) ... (dozens to hundreds of these "Denied connection to smbd" messages per second)>From log.smbd:[2013/07/04 00:17:11.857930, 1] ../source3/rpc_server/rpc_ncacn_np.c:622(make_external_rpc_pipe_p) tstream_npa_connect_recv to /usr/local/samba/var/run/ncalrpc/np for pipe wkssvc and user HERSCHLAUREN\vquesinberry failed: Broken pipe [2013/07/04 00:17:11.860705, 1] ../source3/rpc_server/rpc_ncacn_np.c:622(make_external_rpc_pipe_p) tstream_npa_connect_recv to /usr/local/samba/var/run/ncalrpc/np for pipe wkssvc and user HERSCHLAUREN\vquesinberry failed: Broken pipe [2013/07/04 00:17:37.207795, 1] ../source3/rpc_server/rpc_ncacn_np.c:622(make_external_rpc_pipe_p) tstream_npa_connect_recv to /usr/local/samba/var/run/ncalrpc/np for pipe wkssvc and user HERSCHLAUREN\vquesinberry failed: Connection reset by peer [2013/07/04 00:17:37.210691, 1] ../source3/rpc_server/rpc_ncacn_np.c:622(make_external_rpc_pipe_p) tstream_npa_connect_recv to /usr/local/samba/var/run/ncalrpc/np for pipe wkssvc and user HERSCHLAUREN\vquesinberry failed: Connection reset by peer [2013/07/04 00:17:37.213195, 1] ../source3/rpc_server/rpc_ncacn_np.c:622(make_external_rpc_pipe_p) tstream_npa_connect_recv to /usr/local/samba/var/run/ncalrpc/np for pipe wkssvc and user HERSCHLAUREN\vquesinberry failed: Connection reset by peer [2013/07/04 00:17:37.219431, 1] ../source3/rpc_server/rpc_ncacn_np.c:622(make_external_rpc_pipe_p) tstream_npa_connect_recv to /usr/local/samba/var/run/ncalrpc/np for pipe wkssvc and user HERSCHLAUREN\vquesinberry failed: Connection reset by peer I just compiled and am now running 4.07 stable but the problem was also present in 4.0.6. We'd like to be able to use the hosts allow parameter to ensure that no one outside the LAN can access the server but I can always use iptables to do the job if necessary. Testparm output: Load smb config files from /usr/local/samba/etc/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[netlogon]" Processing section "[sysvol]" Processing section "[homes]" Processing section "[hldata]" Processing section "[C]" Processing section "[D]" Processing section "[MacData]" Processing section "[QBooks]" Processing section "[printers]" Processing section "[print$]" Loaded services file OK. Server role: ROLE_ACTIVE_DIRECTORY_DC Press enter to see a dump of your service definitions [global] workgroup = HERSCHLAUREN realm = HERSCHLAUREN.COM server string = HerschLinux server role = active directory domain controller passdb backend = samba_dsdb max log size = 524288 deadtime = 15 add machine script = /usr/sbin/useradd -n -g machines -d /dev/null -s /sbin/nologin %u preferred master = Yes domain master = Yes wins support = Yes allow dns updates = nonsecure and secure dns forwarder = 10.0.0.1 rpc_server:tcpip = no rpc_daemon:spoolssd = embedded rpc_server:spoolss = embedded rpc_server:winreg = embedded rpc_server:ntsvcs = embedded rpc_server:eventlog = embedded rpc_server:srvsvc = embedded rpc_server:svcctl = embedded rpc_server:default = external idmap config * : backend = tdb invalid users = nobody, root hosts allow = 10.0.0., 127. map archive = No map readonly = no store dos attributes = Yes vfs objects = dfs_samba4, acl_xattr [netlogon] path = /usr/local/samba/var/locks/sysvol/herschlauren.com/scripts [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [homes] path = /home read only = No [hldata] comment = Data directory for entire Windows share (Samba) path = /hldata valid users = *CENSORED* read only = No [C] comment = C: Drive path = /hldata/C valid users = *CENSORED* [D] comment = D: Drive path = /hldata/D valid users = *CENSORED* read only = No [MacData] comment = MacData directory path = /hldata/D/D Drive/MacData valid users = *CENSORED* read only = No [QBooks] comment = QuickBooks directory path = /hldata/D/D Drive/qbooks valid users = *CENSORED* [printers] comment = All Printers path = /usr/local/samba/var/spool printable = Yes print ok = Yes browseable = No [print$] comment = Point and Print Printer Drivers path = /usr/local/samba/var/print Regards, Phil Quesinberry Q Systems Engineering, Inc. Embedded Hardware/Software Development and VoIP Business Telephone Hosting Improve your business telephone services and save money (410) 969-8002 http://www.qsystemsengineering.com <http://www.qsystemsengineering.com/>
Reasonably Related Threads
- Strange behavior when using 'hosts allow' parameter
- 4.05 stable - domain join attempt failing with "NO DNS zone information found in source domain, not replicating DNS", followed by LDAP error 50
- Can't join domain as additional domain controller
- Error joining domain: tstream_npa_connect_recv to /run/samba/ncalrpc/np for pipe lsarpc
- Directory Permissions?
Wisdom of the Ancients
