samba - Oct 2002 - Another Shot At It

After receiving no response to yesterday's message, I tried some more web 
scouring and more tinkering and dinking around with Samba...and I discovered 
what may be a major key to my problem...

I have 3 PC's...2 are Windoze and 1 is Linux.  Windoze machines are likely
to
understand how to share files across subnets using the same workgroup 
name...but is Samba as adept?  I have a feeling that is at the heart of my 
problem.  

I enabled wins support in my smb.conf and assigned the Samba box's IP
address
as the primary wins server on the WFW box. I also set Samba to be the domain 
master browser according to the instructions in BROWSING.txt.  All of this, 
alas, was useless as I still couldn't browse the Win-duhs shares from Linux 
or the Linux shares from Winduhs.  I feel that I'm getting much closer to my
goal (file sharing without using Windows) and would really appreciate any 
help any of you can offer.

Thanks in advance for any help you can provide.

DJ Busch

Here is my latest attempt at smb.conf:

[global]
	workgroup = LEGEND
	netbios name = LUKE
	server string = Dave's Linux Experiment Gone Wrong
	interfaces = eth0
	bind interfaces only = Yes
	security = SHARE
	encrypt passwords = Yes
	null passwords = Yes
	log file = /var/log/samba/log.%m
	debug level = 5
	max log size = 50
;	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	os level = 2
	lm announce = yes
	preferred master = yes
	domain master = yes
	dns proxy = No
	wins support = yes
	guest account = doodles
	hosts allow = ALL
	hosts deny = 

[homes]
	comment = Home Directories
	path = /home
	read only = No
	guest ok = Yes

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = No

[hp]
	path = /var/spool/samba
	read only = No
	guest ok = Yes
	printable = Yes
	printer name = hp

Since you've probably enabled the firewall settings when you installed 
RedHat, you're probably going to need to modify the 
/etc/sysconfig/ipchains file.

This line here is probably causing  you the most problem.
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT

In order to allow smb packets to be accepted you're going to need to 
open up the ports.  The easiest way to do this (I believe) is to insert 
these 2 lines above the line listed above.
-A input -p tcp -s 0/0 -d 0/0 137:139 -y -j ACCEPT
-A input -p udp -s 0/0 -d 0/0 137:139 -y -j ACCEPT
(Restart ipchains:  /etc/rc.d/init.d/ipchains restart)

I can't remember if you need the udp or not.

This is also opens you up to anybody.  You'll probably want to insert 
the acutal ip addresses of your two other machines in there.  This could 
be a problem though.
-A input -p tcp -s obi-wan-ip -d luke-ip 137:139 -y -j ACCEPT
-A input -p udp -s obi-wan-ip -d luke-ip 137:139 -y -j ACCEPT
...

One way to tell if you're got the smb ports locked down is to go to
http://www.grc.com from your linux machine.
Click Shields Up.  It should tell you whether or not it can see your 
windows share. After you add the lines to open up the ports, go back to 
the site and try again.  It should tell you the basic stuff like 
workgroup name.

You really should invest in some type of firewalling hardware/software, 
preferrably something that filter packets before they get to your machines.

James Hubbard



DJ Busch wrote:
> After receiving no response to yesterday's message, I tried some more
web
> scouring and more tinkering and dinking around with Samba...and I
discovered
> what may be a major key to my problem...
> 
> I have 3 PC's...2 are Windoze and 1 is Linux.  Windoze machines are
likely to
> understand how to share files across subnets using the same workgroup 
> name...but is Samba as adept?  I have a feeling that is at the heart of my 
> problem.  
> 
> I enabled wins support in my smb.conf and assigned the Samba box's IP
address
> as the primary wins server on the WFW box. I also set Samba to be the
domain
> master browser according to the instructions in BROWSING.txt.  All of this,
> alas, was useless as I still couldn't browse the Win-duhs shares from
Linux
> or the Linux shares from Winduhs.  I feel that I'm getting much closer
to my
> goal (file sharing without using Windows) and would really appreciate any 
> help any of you can offer.
> 
> Thanks in advance for any help you can provide.
> 
> DJ Busch
> 
> Here is my latest attempt at smb.conf:
> 
> [global]
> 	workgroup = LEGEND
> 	netbios name = LUKE
> 	server string = Dave's Linux Experiment Gone Wrong
> 	interfaces = eth0
> 	bind interfaces only = Yes
> 	security = SHARE
> 	encrypt passwords = Yes
> 	null passwords = Yes
> 	log file = /var/log/samba/log.%m
> 	debug level = 5
> 	max log size = 50
> ;	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> 	os level = 2
> 	lm announce = yes
> 	preferred master = yes
> 	domain master = yes
> 	dns proxy = No
> 	wins support = yes
> 	guest account = doodles
> 	hosts allow = ALL
> 	hosts deny = 
> 
> [homes]
> 	comment = Home Directories
> 	path = /home
> 	read only = No
> 	guest ok = Yes
> 
> [printers]
> 	comment = All Printers
> 	path = /var/spool/samba
> 	printable = Yes
> 	browseable = No
> 
> [hp]
> 	path = /var/spool/samba
> 	read only = No
> 	guest ok = Yes
> 	printable = Yes
> 	printer name = hp
>

On Thu, 2002-10-17 at 23:06, DJ Busch wrote:
> After receiving no response to yesterday's message, I tried some more
web
> scouring and more tinkering and dinking around with Samba...and I
discovered
> what may be a major key to my problem...
> 
> I have 3 PC's...2 are Windoze and 1 is Linux.  Windoze machines are
likely to
> understand how to share files across subnets using the same workgroup 
> name...but is Samba as adept?  I have a feeling that is at the heart of my 
> problem.  
um - why are all these pcs on different subnets?
windows cannot handle browsing across subnets without a WINS server
but you've enabled that so you should be okay.
> 
> I enabled wins support in my smb.conf and assigned the Samba box's IP
address
> as the primary wins server on the WFW box. I also set Samba to be the
domain
> master browser according to the instructions in BROWSING.txt.  All of this,
> alas, was useless as I still couldn't browse the Win-duhs shares from
Linux
> or the Linux shares from Winduhs.  I feel that I'm getting much closer
to my
> goal (file sharing without using Windows) and would really appreciate any 
> help any of you can offer.
you mention WFW - is that Windows for Workgroups?
that is from about 1993 you know...
I don't know if it can handle encrpted passwords.
> 
> Thanks in advance for any help you can provide.
> 
> DJ Busch
> 
> Here is my latest attempt at smb.conf:
> 
> [global]
> 	workgroup = LEGEND
> 	netbios name = LUKE
> 	server string = Dave's Linux Experiment Gone Wrong
> 	interfaces = eth0
> 	bind interfaces only = Yes
> 	security = SHARE
> 	encrypt passwords = Yes
do some checking to be sure the wfw can handle 3.11
> 	null passwords = Yes
> 	log file = /var/log/samba/log.%m
what do you see in these logs?
> 	debug level = 5
> 	max log size = 50
> ;	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> 	os level = 2
> 	lm announce = yes
i don't think you need lm announce
> 	preferred master = yes
> 	domain master = yes
i don't think you want this either try setting it to
"auto"
> 	dns proxy = No
> 	wins support = yes
> 	guest account = doodles
is this a valid account on the linux machine?
is it in /etc/smbpasswd?
it has to be both.
does it have at least read permission on /home?

This was sent to me some time back. It should help you.
Thanks to James Hubbard.

Since you've probably enabled the firewall settings when you installed
RedHat, you're probably going to need to modify the
/etc/sysconfig/ipchains file.

This line here is probably causing  you the most problem.
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT

In order to allow smb packets to be accepted you're going to need to
open up the ports.  The easiest way to do this (I believe) is to insert
these 2 lines above the line listed above.
-A input -p tcp -s 0/0 -d 0/0 137:139 -y -j ACCEPT
-A input -p udp -s 0/0 -d 0/0 137:139 -y -j ACCEPT
(Restart ipchains:  /etc/rc.d/init.d/ipchains restart)

I can't remember if you need the udp or not.

This is also opens you up to anybody.  You'll probably want to insert
the acutal ip addresses of your two other machines in there.  This could
be a problem though.
-A input -p tcp -s obi-wan-ip -d luke-ip 137:139 -y -j ACCEPT
-A input -p udp -s obi-wan-ip -d luke-ip 137:139 -y -j ACCEPT
...

One way to tell if you're got the smb ports locked down is to go to
http://www.grc.com from your linux machine.
Click Shields Up.  It should tell you whether or not it can see your
windows share. After you add the lines to open up the ports, go back to
the site and try again.  It should tell you the basic stuff like
workgroup name.

You really should invest in some type of firewalling hardware/software,
preferrably something that filter packets before they get to your machines.

James Hubbard



DJ Busch wrote:
  > After receiving no response to yesterday's message, I tried some more
web
  > scouring and more tinkering and dinking around with Samba...and I
discovered
  > what may be a major key to my problem...
  >
  > I have 3 PC's...2 are Windoze and 1 is Linux.  Windoze machines are
likely to
  > understand how to share files across subnets using the same workgroup
  > name...but is Samba as adept?  I have a feeling that is at the heart
of my
  > problem.
  >
  > I enabled wins support in my smb.conf and assigned the Samba box's IP
address
  > as the primary wins server on the WFW box. I also set Samba to be the
domain
  > master browser according to the instructions in BROWSING.txt.  All of
this,
  > alas, was useless as I still couldn't browse the Win-duhs shares from
Linux
  > or the Linux shares from Winduhs.  I feel that I'm getting much
closer to my
  > goal (file sharing without using Windows) and would really appreciate
any
  > help any of you can offer.
  >
  > Thanks in advance for any help you can provide.
  >
  > DJ Busch
  >
  > Here is my latest attempt at smb.conf:
  >
  > [global]
  > 	workgroup = LEGEND
  > 	netbios name = LUKE
  > 	server string = Dave's Linux Experiment Gone Wrong
  > 	interfaces = eth0
  > 	bind interfaces only = Yes
  > 	security = SHARE
  > 	encrypt passwords = Yes
  > 	null passwords = Yes
  > 	log file = /var/log/samba/log.%m
  > 	debug level = 5
  > 	max log size = 50
  > ;	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  > 	os level = 2
  > 	lm announce = yes
  > 	preferred master = yes
  > 	domain master = yes
  > 	dns proxy = No
  > 	wins support = yes
  > 	guest account = doodles
  > 	hosts allow = ALL
  > 	hosts deny   >
  > [homes]
  > 	comment = Home Directories
  > 	path = /home
  > 	read only = No
  > 	guest ok = Yes
  >
  > [printers]
  > 	comment = All Printers
  > 	path = /var/spool/samba
  > 	printable = Yes
  > 	browseable = No
  >
  > [hp]
  > 	path = /var/spool/samba
  > 	read only = No
  > 	guest ok = Yes
  > 	printable = Yes
  > 	printer name = hp
  >

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba