I would take a look at the routing in the Clavister FW. Im not sure on
this but see what kind of traffic is on port 445 maybe its blocked and u
need it.
Leo R. Lundgren wrote:
> Hello,
>
> I'm having problems getting my samba setup to work at a little LAN i
> partially maintain. I've been reading quite a lot about what I could
think
> of being related to my problems/setup, and I've also googled my ass off
:(
>
> So here I am, resorting to you guys in hope of help =] Sorry to say, but I
> don't have much experience, and therefore I'm a bit lost at the
moment. Not
> sure what exactly to do to straighten this out.
>
> So, my setup is as follows:
>
> GAMMA 192.168.1.2
> |
> | 192.168.1.1
> [Clavister FW]
> | 192.168.0.1
> |
> ALFA 192.168.0.3
> Client1-N DHCP
>
> I've left out a number of irrelevant boxes. Everything of this is
connected
> through a switch, but is divided in two nets for minor reasons such as
> logging etc. I'll call 192.168.0.0 net 0 and the other one net 1.
>
> GAMMA runs OpenBSD 3.5 and Samba 2.2.9. Dmesg attached below.
> ALFA is a Win 2003 Server, and Clients 1-N are a mix of mainly WinXP boxes.
>
> The Clavister doesn't filter anything between the two nets, and has
> directed broadcasts enabled (as does GAMMA, not sure if that's needed).
>
> Please consider everything belonging to the workgroup THCCA, since
that's
> what should interest GAMMA :)
>
> The clients and ALFA has their WINS server set to GAMMA, and gamma has
it's
> wins support on. My samba config for GAMMA is as follows:
>
> ---
> [global]
> remote announce = 192.168.0.255
> netbios name = GAMMA
> workgroup = THCCA
> server string = THCCA GAMMA SMB-server
> ;;hosts allow = 192.168.
> guest account = guest
> log level = 2
> max log size = 500
> security = share
> os level = 65
> ;;domain master = yes
> preferred master = yes
> wins support = yes
> ;;encrypt passwords = yes
> load printers = no
>
> [Gemensam]
> comment = Common storage
> path = /var/samba/storage/common
> public = yes
> only guest = yes
> writable = yes
> printable = no
> ---
>
> So, what I want to do is basically make GAMMA part of the workgroup THCCA
> on net 0. GAMMA is alone on net 1. At first I tried making GAMMA an LMB
> and DMB, but I've now moved on to just using remote announce to try and
> make it visible to the 192.168.0 LMB of THCCA, because of my troubles and
> the fact that it seems nicer as long as I don't need any clients/smb-
> servers residing on net 1. I figure that I the LMB gets aware of GAMMA, and
> the WINS is working properly, everything should be fine ^^.
>
> As you can see, there's one share, Gemensam, and it's verified to
work well,
> as does the server, when I put another browsing client on net 1.
>
> However, GAMMA doesn't register in whoever is the MB of THCCA on the
bcast
> of net 0, and there are some issues to/part of it that I think are somewhat
> basic to solving this (just a guesst though):
>
> 1) It seems that whatever UDP traffic GAMMA sends, tcpdump reports bad
> checksum =/
> 2) Everytime i see samba sending it's remote announce broadcast,
nothing is
> returned.
> 3) I can't see anything going to port 137 on GAMMA, from net 0, which
makes
> me wonder why there's no traffic to the WINS server (GAMMA).
>
> I'll start with `tcpdump -n -t -vv -p port 137 or 138 or 139`:
>
> 192.168.1.2.138 > 192.168.0.255.138: udp 223 (ttl 64, id 19089, bad
cksum e7!)
> 192.168.1.2.138 > 192.168.1.255.138: udp 223 (ttl 64, id 27854, bad
cksum e7!)
> 192.168.1.2.27750 > 192.168.1.214.139: S [bad tcp cksum cb94!]
2289896371:2289896371(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale
0,nop,nop,timestamp 744041270 0> (DF) (ttl 64, id 36328, bad cksum 14!)
>
> 192.168.1.214.3173 > 192.168.1.2.139: F [tcp sum ok] 495:495(0) ack 325
win 63916 (DF) (ttl 128, id 28179)
> 192.168.1.2.139 > 192.168.1.214.3173: . [bad tcp cksum 3077!] ack 496
win 17520 (DF) (ttl 64, id 24982, bad cksum 14!)
> 192.168.1.2.139 > 192.168.1.214.3173: F [bad tcp cksum 2f77!] 325:325(0)
ack 496 win 17520 (DF) (ttl 64, id 21299, bad cksum 14!)
> 192.168.1.214.3173 > 192.168.1.2.139: . [tcp sum ok] ack 326 win 63916
(DF) (ttl 128, id 28180)
>
> Some snippets from the tcpdump to illustrate the bad checksum complaints.
> I've looked everywhere for info on this, but without luck. As you can
see
> in the dmesg, there seems to be some weirdness with the xl0 drivers, but
> except for samba, this box also serves DNS, XDMCP, Squid, and of course
> SSH, which makes me look at other possible causes before thinking
that's
> the problem. I mean, there has been no problems what so ever except for
> with this. Not saying anything though :)
>
> In the first snippet line, samba tries to send a remote announce to the
> bcast of net 0, at least I guess that's the case. But there's
nothing
> returned, never ever. Perhaps there shouldn't be anything returned, or
> nothing is returned because the packet gets dropped by the target boxes
> because they're faulty (chksum)?
>
> And lastly, what could be the cause of there going no traffic to the samba
> WINS? The interface is in promiscious mode, so I should most likely see it
> if it was there :/ I see all kinds of smb traffic flowing around on the
> other net, and there's a whole bunch of computers in the THCCA
workgroup
> on net 0..
>
> Does anyone have a fine idea of what I should do here? I'm as I said, a
bit
> lost. I'm not sure where to go from here, nor which tools to use. I
supply
> a few command outputs below in the hope that you find some of it useful,
> who knows :)
>
> Sorry for a messy mail, might have something to do with the time, it's
way
> past sleeping hours :7
>
> Greatest regards, and great thanks for any help I get. I'd be happy to
> supply whatever details are needed.
>
> Leo R. Lundgren
>
>
> ---
> Temporary WinXP client on net 1> ping gamma
>
> Sending signals to gamma [192.168.1.2] with 32 bytes of data:
> Reply from 192.168.1.2: bytes=32 tid=2ms TTL=255
>
> (Since I cannot nslookup gamma, the above should indeed utilize WINS)
>
>
> ---
> Temporary WinXP client on net 1> nbtstat -a gamma
>
> Node-IP-adress: [192.168.1.214] Scope-ID: []
>
> NetBIOS-nametable for remote computer
>
> Name Type Status
> ---------------------------------------------
> GAMMA <00> UNIQUE Registered
> GAMMA <03> UNIQUE Registered
> GAMMA <20> UNIQUE Registered
> ..__MSBROWSE__.<01> GROUP Registered
> THCCA <00> GROUP Registered
> THCCA <1D> UNIQUE Registered
> THCCA <1E> GROUP Registered
>
>
> ---
> GAMMA# smbclient -N -L gamma
> added interface ip=192.168.1.2 bcast=192.168.1.255 nmask=255.255.255.0
> Domain=[THCCA] OS=[Unix] Server=[Samba 2.2.9]
>
> Sharename Type Comment
> --------- ---- -------
> Gemensam Disk Gemensamt lagringsutrymme
> IPC$ IPC IPC Service (THCCA GAMMA SMB-server)
> ADMIN$ Disk IPC Service (THCCA GAMMA SMB-server)
>
> Server Comment
> --------- -------
> GAMMA THCCA GAMMA SMB-server
> ZAIR Temporary WinXP client on net 1
>
> Workgroup Master
> --------- -------
> THCCA GAMMA
>
>
> ---
> GAMMA# nmblookup __SAMBA__
> querying __SAMBA__ on 192.168.1.255
> name_query failed to find name __SAMBA__
>
> GAMMA# nmblookup -M -
> querying __MSBROWSE__ on 192.168.1.255
> name_query failed to find name __MSBROWSE__#01
>
> GAMMA# nmblookup -M '*' <-- Read this somewhere..
> querying * on 192.168.1.255
> name_query failed to find name *#1d
>
> GAMMA# nmblookup -U 192.168.1.2 '*'
> querying * on 192.168.1.2
> 192.168.1.2 *<00>
>
>
> ---
> GAMMA dmesg:
>
> OpenBSD 3.5-stable (GAMMA) #0: Tue Jun 29 11:27:50 CEST 2004
> rawtaz@GAMMA.intra.net:/usr/src/sys/arch/i386/compile/GAMMA
> cpu0: Intel(R) Celeron(R) CPU 1.80GHz ("GenuineIntel" 686-class)
2.03 GHz
> cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM
> real mem = 535605248 (523052K)
> avail mem = 490070016 (478584K)
> using 4278 buffers containing 26882048 bytes (26252K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+(00) BIOS, date 04/22/03, BIOS32 rev. 0 @ 0xf0010
> apm0 at bios0: Power Management spec V1.2
> apm0: AC on, battery charge unknown
> pcibios0 at bios0: rev. 2.1 @ 0xf0000/0x10000
> pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xf5410/256 (14 entries)
> pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER
LPC" rev 0x00)
> pcibios0: PCI bus #2 is the last bus
> bios0: ROM list: 0xc0000/0x8000 0xc8000/0x800
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82865G/PE/P CPU-I/0-1" rev
0x02
> ppb0 at pci0 dev 1 function 0 "Intel 82865G/PE/P CPU-AGP" rev
0x02
> pci1 at ppb0 bus 1
> uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02:
irq 11
> usb0 at uhci0: USB revision 1.0
> uhub0 at usb0
> uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
> uhub0: 2 ports with 2 removable, self powered
> uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02:
irq 5
> usb1 at uhci1: USB revision 1.0
> uhub1 at usb1
> uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
> uhub1: 2 ports with 2 removable, self powered
> "Intel 82801EB/ER USB" rev 0x02 at pci0 dev 29 function 7 not
configured
> ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xc2
> pci2 at ppb1 bus 2
> vga1 at pci2 dev 9 function 0 "Matrox MGA 1064SG 220MHz" rev 0x03
> wsdisplay0 at vga1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> xl0 at pci2 dev 13 function 0 "3Com 3c905C 100Base-TX" rev 0x78:
irq 10xl0: command never completed!
> xl0: command never completed!
> xl0: command never completed!
> address 00:04:75:fb:42:85
> exphy0 at xl0 phy 24: 3Com internal media interface
> xl0: command never completed!
> xl0: command never completed!
> xl0: command never completed!
> pcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02
> pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev
0x02: DMA, channel 0 configured to compatibility, channel 1 confi
> gured to compatibility
> wd0 at pciide0 channel 0 drive 0: <WDC WD400BB-00DEA0>
> wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors
> atapiscsi0 at pciide0 channel 0 drive 1
> scsibus0 at atapiscsi0: 2 targets
> cd0 at scsibus0 targ 0 lun 0: <HL-DT-ST, CD-ROM GCR-8522B, 1.00>
SCSI0 5/cdrom removable
> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
> cd0(pciide0:0:1): using PIO mode 0, DMA mode 1
> wd1 at pciide0 channel 1 drive 0: <WDC WD1600JB-00EVA0>
> wd1: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
> wd2 at pciide0 channel 1 drive 1: <WDC WD1600BB-00FTA0>
> wd2: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
> wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
> wd2(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 5
> "Intel 82801EB/ER SMBus" rev 0x02 at pci0 dev 31 function 3 not
configured
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pmsi0 at pckbc0 (aux slot)
> pckbc0: using irq 12 for aux slot
> wsmouse0 at pmsi0 mux 0
> pcppi0 at isa0 port 0x61
> midi0 at pcppi0: <PC speaker>
> sysbeep0 at pcppi0
> lpt0 at isa0 port 0x378/4 irq 7
> lm0 at isa0 port 0x290/8: W83627THF
> npx0 at isa0 port 0xf0/16: using exception 16
> pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
> biomask c860 netmask cc60 ttymask dce2
> pctr: user-level cycle counter enabled
> Kernelized RAIDframe activated
> dkcsum: wd0 matched BIOS disk 80
> dkcsum: wd1 matched BIOS disk 81
> dkcsum: wd2 matched BIOS disk 82
> root on wd0a
> rootdev=0x0 rrootdev=0x300 rawdev=0x302
> raid0: Component /dev/wd1a being configured at row: 0 col: 0
> Row: 0 Column: 0 Num Rows: 1 Num Columns: 2
> Version: 2 Serial Number: 12345 Mod Counter: 207
> Clean: Yes Status: 0
> raid0: Component /dev/wd2a being configured at row: 0 col: 1
> Row: 0 Column: 1 Num Rows: 1 Num Columns: 2
> Version: 2 Serial Number: 12345 Mod Counter: 207
> Clean: Yes Status: 0
> raid0 (root)
>