Hi, I've been trying to get SSH tunnelling working with Samba. I'm using a Windows XP and a RedHat 8.0 box. I've closely followed the instructions from the HOWTO manual in order to set this up to no avail. I think the problem comes from the fact that my lmhosts file has no effect on the NetBIOS name cache when I preload it with the command 'nbtstat -R'. I checked the cache with 'nbtstat -c'. This is what I have in my lmhosts file: 127.0.0.1 SAMBASERVER #PRE If I change the IP to something other than 127.0.0.1 then it appears in the NetBIOS cache. I get the following error message when I run the command 'net view \\sambaserver': "System error 52 has occurred. You were not connected because a duplicate name exists on the network. Go to System in Control Panel to change the computer name and try again." Thanks for any leads Franky _________________________________________________________________ MSN Messenger : discutez en direct avec vos amis ! http://messenger.fr.msn.ca/
On Mon, 10 Feb 2003, [iso-8859-1] Fran?ois Mayrand wrote:> Hi, > > I've been trying to get SSH tunnelling working with Samba. I'm using a > Windows XP and a RedHat 8.0 box. I've closely followed the instructions from > the HOWTO manual in order to set this up to no avail.Do you mean to say that MS Windows (any version) supports SSL? - John T.> > I think the problem comes from the fact that my lmhosts file has no effect > on the NetBIOS name cache when I preload it with the command 'nbtstat -R'. I > checked the cache with 'nbtstat -c'. > > This is what I have in my lmhosts file: > > 127.0.0.1 SAMBASERVER #PRE > > If I change the IP to something other than 127.0.0.1 then it appears in the > NetBIOS cache. > > I get the following error message when I run the command 'net view > \\sambaserver': > > "System error 52 has occurred. > > You were not connected because a duplicate name exists on the network. Go to > System in Control Panel to change the computer name and try again." > > Thanks for any leads > > Franky > > > > > > _________________________________________________________________ > MSN Messenger : discutez en direct avec vos amis ! > http://messenger.fr.msn.ca/ > >-- John H Terpstra Email: jht@samba.org
>Do you mean to say that MS Windows (any version) supports SSL?Of course not. I'm using PuTTY as an SSH client and it works fine. I can connect to the samba server and port forward port 139 without any problems. However, I really don't think my SSH connection has anything to do with the problem I described... Thanks anyways>From: John H Terpstra <jht@samba.org> >To: Fran?ois Mayrand <mayrf00@hotmail.com> >CC: samba@lists.samba.org >Subject: Re: [Samba] Samba/Windows XP and SSH tunnelling >Date: Mon, 10 Feb 2003 08:37:01 +0000 (GMT) > >On Mon, 10 Feb 2003, [iso-8859-1] Fran?ois Mayrand wrote: > > > Hi, > > > > I've been trying to get SSH tunnelling working with Samba. I'm using a > > Windows XP and a RedHat 8.0 box. I've closely followed the instructions >from > > the HOWTO manual in order to set this up to no avail. > >Do you mean to say that MS Windows (any version) supports SSL? > >- John T. > > > > > I think the problem comes from the fact that my lmhosts file has no >effect > > on the NetBIOS name cache when I preload it with the command 'nbtstat >-R'. I > > checked the cache with 'nbtstat -c'. > > > > This is what I have in my lmhosts file: > > > > 127.0.0.1 SAMBASERVER #PRE > > > > If I change the IP to something other than 127.0.0.1 then it appears in >the > > NetBIOS cache. > > > > I get the following error message when I run the command 'net view > > \\sambaserver': > > > > "System error 52 has occurred. > > > > You were not connected because a duplicate name exists on the network. >Go to > > System in Control Panel to change the computer name and try again." > > > > Thanks for any leads > > > > Franky > > > > > > > > > > > > _________________________________________________________________ > > MSN Messenger : discutez en direct avec vos amis ! > > http://messenger.fr.msn.ca/ > > > > > >-- >John H Terpstra >Email: jht@samba.org_________________________________________________________________ MSN Messenger : discutez en direct avec vos amis ! http://messenger.fr.msn.ca/
Oops, dat was 'posed to go to samba@lists.samba.org, too (: /dev/idal --- Chris de Vidal <cdevidal@yahoo.com> wrote:> --- Jon Niehof <jniehof@paladigm.com> wrote: > > > I'm using PuTTY as an SSH client and it works > > fine. I can connect to the > > > samba server and port forward port 139 without > any > > problems. > > Are you forwarding *just* 139? Can you provide a > > list of > > everything you're forwarding, what it's forwarding > > to, etc? > > Perhaps as a plink command line? > > The firewall on my workstation (inside our otherwise > firewalled network) has UDP 137+8 and TCP 139 open, > so > you should probably forward those UDP ports, too. I > don't know if PuTTY will let you forward UDP though. > > /dev/idal__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
You cannot forward UDP using SSH. This is why the hack to set the remote server's Netbios name to 127.0.0.1 using lmhosts is used. I tried this before and it seems that Windows 2000/XP refuse to load the loopback address as a valid netbios destination IP. Can the original poster tell me what happens when he tries to ping the remote hostname? Does he get replies from 127.0.0.1? Or does it just not resolve and using 'nbtstat -c' shows no evidence of it being loaded from the lmhosts? I suspect the latter - try changing the entry in lmhosts to something other than the loopback and then do a 'nbtstat -R' to flush the cache. An 'nbtstat -c' will then show it listed in the cache. HTH Noel> The firewall on my workstation (inside our otherwise > firewalled network) has UDP 137+8 and TCP 139 open, > so > you should probably forward those UDP ports, too. I > don't know if PuTTY will let you forward UDP though.
Fran?ois
I am afraid you have reached the exact same conclusions that i did and from
what i could figure there was no way it would work becasue of the refusal of
2000/XP to load the loopback from lmhosts.
If you do figure it out then let me know! It would certainly be very useful
but for the moment i am using Freeswan,
Cheers,
Noel
-----Original Message-----
From: Fran?ois Mayrand [mailto:mayrf00@hotmail.com]
Sent: 10 February 2003 20:30
To: Noel Kelly
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba/Windows XP and SSH tunnelling
Hi Noel,
Great! I'm glad to see you had the same problem caching the loopback on
Windows XP.
How did you solve this? Here is my setup info and the answers to your
questions.
My samba server's IP is 192.168.0.2
I have a firewall on the samba server blocking port 139. I want to block
this port and force my file transfers to go through the SSH tunnel.
I'm forwarding the local 139 port on the Windows box to the samba
server's
port 139 with PuTTY:
plink 192.168.0.2 -l username -L 139:192.168.0.2:139 -v
My lmhosts file contains: 127.0.0.1 SAMBASERVER #PRE
I flushed the cache and preloaded it with 'nbtstat -R'
I checked the cache with 'nbtstat -c' and the binding between 127.0.0.1
and
SAMBASERVER doesn't appear.
> Can the original poster tell me what happens when he tries to ping the
> remote hostname?
ping 192.168.0.2 --> It works
Does he get replies from 127.0.0.1?
net view 127.0.0.1 --> This shows my shares on my Windows XP box instead of
my shares on SAMBASERVER
If I change my lmhosts file to: 192.168.0.2 SAMBASERVER #PRE
I can load it into the NetBIOS cache without any problems but...
this doesn't solve the problem because when I run
'net view \\SAMBASERVER' I get an error 1234 (No service at port 139).
This is because of my firewall on the server that blocks connections to port
139.
In this configuration the Windows box is trying to connect directly to port
139 on
the Samba box.
That's the whole point of this exercise. I don't want to connect
directly to
port 139 on the server, I want it to go through the SSH tunnel.
Thanks,
Fran?ois
----- Original Message -----
From: "Noel Kelly" <nkelly@citrusnetworks.net>
To: <chris@devidal.tv>; "Jon Niehof"
<jniehof@paladigm.com>; "'Fran?ois
Mayrand'" <mayrf00@hotmail.com>
Cc: <samba@lists.samba.org>
Sent: Monday, February 10, 2003 2:24 PM
Subject: RE: [Samba] Samba/Windows XP and SSH tunnelling
> You cannot forward UDP using SSH. This is why the hack to set the remote
> server's Netbios name to 127.0.0.1 using lmhosts is used.
>
> I tried this before and it seems that Windows 2000/XP refuse to load the
> loopback address as a valid netbios destination IP.
>
> Can the original poster tell me what happens when he tries to ping the
> remote hostname? Does he get replies from 127.0.0.1? Or does it just not
> resolve and using 'nbtstat -c' shows no evidence of it being loaded
from
the> lmhosts? I suspect the latter - try changing the entry in lmhosts to
> something other than the loopback and then do a 'nbtstat -R' to
flush the
> cache. An 'nbtstat -c' will then show it listed in the cache.
>
> HTH
> Noel
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.449 / Virus Database: 251 - Release Date: 27/01/2003
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.449 / Virus Database: 251 - Release Date: 27/01/2003