samba - Jul 2018 - Samba Share : Connection refused

Hi everyone,

I have a small issue on our main samba server. We added a hardware 
firewall with different zones and now I want to get access from new 
development LAN (192.168.4.) to samba (192.168.0.) but I get information 
about access denied on windows 7 (net use Error 5).
Firewall is open to all internal LANs. I checked the smb.conf and, for 
me, it seems to be fine. I added hosts allow before holiday and it 
worked, but after my holiday access is denied. Maybe I am blind and you 
may give me a hint, please...

Log :

[2018/07/09 09:37:06.872551,  0] ../source3/lib/access.c:338(allow_access)
   Denied connection from 192.168.4.111 (192.168.4.111)


smb.conf :

[global]
     workgroup = workgroup
     passdb backend = tdbsam
     printing = cups
     printcap name = cups
     printcap cache time = 750
     cups options = raw
     map to guest = Bad User
     #include = /etc/samba/dhcp.conf
     logon path = \\%L\profiles\.msprofile
     logon home = \\%L\%U\.9xprofile
     logon drive = P:
     usershare allow guests = No
     add machine script = /usr/sbin/useradd  -c Machine -d 
/var/lib/nobody -s /bin/false %m$
     domain logons = No
     domain master = No
     security = user
     wins support = Yes
     netbios name = SRV1
     create mask = 0770
     directory mask = 0770
     log file = /var/log/samba/log.%I
     log level = 2
     hosts allow = 192.168.0.0/24 192.168.4.0/24
     hosts deny = ALL

Thanks for your efforts !

br
Sascha

On Mon, 9 Jul 2018 10:21:50 +0200
Sascha Wiechmann via samba <samba at lists.samba.org> wrote:
> Hi everyone,
> 
> I have a small issue on our main samba server. We added a hardware 
> firewall with different zones and now I want to get access from new 
> development LAN (192.168.4.) to samba (192.168.0.) but I get
> information about access denied on windows 7 (net use Error 5).
> Firewall is open to all internal LANs. I checked the smb.conf and,
> for me, it seems to be fine. I added hosts allow before holiday and
> it worked, but after my holiday access is denied. Maybe I am blind
> and you may give me a hint, please...
> 
> Log :
> 
> [2018/07/09 09:37:06.872551,
> 0] ../source3/lib/access.c:338(allow_access) Denied connection from
> 192.168.4.111 (192.168.4.111)
> 
> 
> smb.conf :
> 
> [global]
>      workgroup = workgroup
>      passdb backend = tdbsam
>      printing = cups
>      printcap name = cups
>      printcap cache time = 750
>      cups options = raw
>      map to guest = Bad User
>      #include = /etc/samba/dhcp.conf
>      logon path = \\%L\profiles\.msprofile
>      logon home = \\%L\%U\.9xprofile
>      logon drive = P:
>      usershare allow guests = No
>      add machine script = /usr/sbin/useradd  -c Machine -d 
> /var/lib/nobody -s /bin/false %m$
>      domain logons = No
>      domain master = No
>      security = user
>      wins support = Yes
>      netbios name = SRV1
>      create mask = 0770
>      directory mask = 0770
>      log file = /var/log/samba/log.%I
>      log level = 2
>      hosts allow = 192.168.0.0/24 192.168.4.0/24
>      hosts deny = ALL
> 
> Thanks for your efforts !
> 
> br
> Sascha
> 
There appears to be something wrong with that smb.conf. If I I copy it
into a file on my computer and run 'testparm' against it, I get this:
testparm testsmb.conf
Load smb config files from testsmb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Unknown parameter encountered: "    security"
Ignoring unknown parameter "    security"
Unknown parameter encountered: "    netbios name"
Ignoring unknown parameter "    netbios name"
Unknown parameter encountered: "    printing"
Ignoring unknown parameter "    printing"
Unknown parameter encountered: "    printcap name"
Ignoring unknown parameter "    printcap name"
Unknown parameter encountered: "    printcap cache time"
Ignoring unknown parameter "    printcap cache time"
Unknown parameter encountered: "    cups options"
Ignoring unknown parameter "    cups options"
Unknown parameter encountered: "    map to guest"
Ignoring unknown parameter "    map to guest"
Unknown parameter encountered: "    logon path"
Ignoring unknown parameter "    logon path"
Unknown parameter encountered: "    logon home"
Ignoring unknown parameter "    logon home"
Unknown parameter encountered: "    logon drive"
Ignoring unknown parameter "    logon drive"
Unknown parameter encountered: "    usershare allow guests"
Ignoring unknown parameter "    usershare allow guests"
Unknown parameter encountered: "    add machine script"
Ignoring unknown parameter "    add machine script"
Unknown parameter encountered: "    domain logons"
Ignoring unknown parameter "    domain logons"
Unknown parameter encountered: "    domain master"
Ignoring unknown parameter "    domain master"
Unknown parameter encountered: "    wins support"
Ignoring unknown parameter "    wins support"
Unknown parameter encountered: "    create mask"
Ignoring unknown parameter "    create mask"
Unknown parameter encountered: "    directory mask"
Ignoring unknown parameter "    directory mask"
Unknown parameter encountered: "    log file"
Ignoring unknown parameter "    log file"
Unknown parameter encountered: "    log level"
Ignoring unknown parameter "    log level"
Unknown parameter encountered: "    hosts allow"
Ignoring unknown parameter "    hosts allow"
Unknown parameter encountered: "    hosts deny"
Ignoring unknown parameter "    hosts deny"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
	idmap config * : backend = tdb

Or to put it another way, it doesn't seem to like any of your
parameters.

Removing the leading blank space and replacing it with 4 spaces seems
to cure this. It then leads to the next problem, you have 'domain
master = No' and testparm now says your smb.conf is for a
'ROLE_STANDALONE', so why do you have all the domain settings ?

Rowland