samba - Nov 2005 - Bind to eth1 only problem

Hello,

I am trying to setup a samba server as a pdc bound to eth1 only (testing 
network). however I still seeing samba bind to eth0. I am running a debian 
unstable box... any ideas? do you need anything more to go on? (see 
attachments)

I am starting smbd and nmbd up using a startup script out of 
/etc/init.d with the options:
--exec /usr/sbin/nmbd -- -s /etc/samba/smb.ts.conf -D;
--exec /usr/sbin/smbd -- -s /etc/samba/smb.ts.conf -D;

Linux version 2.6.13 (root@mpk) (gcc version 4.0.2 20050917 (prerelease) 
(Debian 4.0.1-8)) #1 SMP Fri Sep 23 12:45:10 PDT 2005

version.txt	version of samba
nmap.eth0.txt	nmap output of public network (the one smb should NOT bind to)
nmap.eth1.txt	nmap output of internal network (the one smb should bind to)
smb.ts.conf	my samba config
testperm.txt	output of testperm against my samba config

any help or ideas how to get this to bind only to eth1 would be great!

_________________________________________________________________________
Info:                           Email:
Joseph T. Duncan                  work: duncanjo@ucs.orst.edu
Student Computing Facilities	  Home: Joseph.Duncan@orst.edu
-------------- next part --------------
mpk:/etc/samba# smbd --version
Version 3.0.20b-Debian

-------------- next part --------------
mpk:/etc/samba# nmap -sSU external.ip.address

Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-11-02 15:38 PST
Interesting ports on hostname.external.foo.bar (external.ip.address):
(The 3141 ports scanned but not shown below are in state: closed)
PORT    STATE         SERVICE
22/tcp  open          ssh
68/udp  open|filtered dhcpclient
80/tcp  open          http
137/udp open|filtered netbios-ns
138/udp open|filtered netbios-dgm
631/tcp open          ipp
631/udp open|filtered unknown

Nmap finished: 1 IP address (1 host up) scanned in 1.546 seconds
-------------- next part --------------
mpk:/etc/samba# nmap -sSU 172.16.0.1

Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-11-02 15:39 PST
Interesting ports on mpk.ts.testnetwork (172.16.0.1):
(The 3139 ports scanned but not shown below are in state: closed)
PORT    STATE         SERVICE
22/tcp  open          ssh
68/udp  open|filtered dhcpclient
80/tcp  open          http
137/udp open|filtered netbios-ns
138/udp open|filtered netbios-dgm
139/tcp open          netbios-ssn
445/tcp open          microsoft-ds
631/tcp open          ipp
631/udp open|filtered unknown

Nmap finished: 1 IP address (1 host up) scanned in 1.564 seconds

-------------- next part --------------
## Bind to external interface only

interfaces = eth1
bind interfaces only = yes

[global]
   workgroup = TsNLB
   netbios name = MPK
   server string = %h dc (Samba %v)
   wins support = yes
   dns proxy = no
   name resolve order = host lmhosts wins bcast
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   encrypt passwords = true
   passdb backend = tdbsam guest
   obey pam restrictions = yes
   invalid users = root
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
   socket options = TCP_NODELAY
   domain master = yes
   domain logons = yes
   os level = 33
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   add user script = /usr/sbin/useradd -m '%u'
   delete user script = /usr/sbin/userdel -r '%u'
   add group script = /usr/sbin/groupadd '%g'
   delete group script = /usr/sbin/groupdel '%g'
   add user to group script = /usr/sbin/usermod -G '%g' '%u'
   add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null
'%u'

[homes]
   comment = Home Directories
   browseable = no
   writable = no
   create mask = 0700
   directory mask = 0700

[netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   guest ok = yes
   writable = no
   share modes = no

[printers]
   comment = All Printers
   browseable = no
   path = /tmp
   printable = yes
   public = no
   writable = no
   create mode = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no


-------------- next part --------------
mpk:/etc/samba# testparm smb.ts.conf
Load smb config files from smb.ts.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
        workgroup = TSNLB
        server string = %h dc (Samba %v)
        interfaces = eth1
        bind interfaces only = Yes
        obey pam restrictions = Yes
        passdb backend = tdbsam, guest
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        name resolve order = host lmhosts wins bcast
        add user script = /usr/sbin/useradd -m '%u'
        delete user script = /usr/sbin/userdel -r '%u'
        add group script = /usr/sbin/groupadd '%g'
        delete group script = /usr/sbin/groupdel '%g'
        add user to group script = /usr/sbin/usermod -G '%g'
'%u'
        add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null
'%u'
        domain logons = Yes
        os level = 33
        domain master = Yes
        dns proxy = No
        wins support = Yes
        panic action = /usr/share/samba/panic-action %d
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        invalid users = root

[homes]
        comment = Home Directories
        create mask = 0700
        directory mask = 0700
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /home/samba/netlogon
        guest ok = Yes
        share modes = No

[printers]
        comment = All Printers
        path = /tmp
        create mask = 0700
        printable = Yes
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/printers

On 11/2/05, Noah Dain <noahdain@gmail.com> wrote:
> On 11/2/05, Joseph T. Duncan <duncanjo@ucs.orst.edu> wrote:
> > Hello,
> >
> > I am trying to setup a samba server as a pdc bound to eth1 only
(testing
> > network). however I still seeing samba bind to eth0. I am running a
debian
> > unstable box... any ideas? do you need anything more to go on? (see
> > attachments)
> >
> > I am starting smbd and nmbd up using a startup script out of
> > /etc/init.d with the options:
> > --exec /usr/sbin/nmbd -- -s /etc/samba/smb.ts.conf -D;
> > --exec /usr/sbin/smbd -- -s /etc/samba/smb.ts.conf -D;
> >
> > Linux version 2.6.13 (root@mpk) (gcc version 4.0.2 20050917
(prerelease)
> > (Debian 4.0.1-8)) #1 SMP Fri Sep 23 12:45:10 PDT 2005
> >
> > version.txt     version of samba
> > nmap.eth0.txt   nmap output of public network (the one smb should NOT
bind to)
> > nmap.eth1.txt   nmap output of internal network (the one smb should
bind to)
> > smb.ts.conf     my samba config
> > testperm.txt    output of testperm against my samba config
> >
> > any help or ideas how to get this to bind only to eth1 would be great!
> >
> >
_________________________________________________________________________
> > Info:                           Email:
> > Joseph T. Duncan                  work: duncanjo@ucs.orst.edu
> > Student Computing Facilities      Home: Joseph.Duncan@orst.edu
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> >
> >
>
in smb.conf [global]:
  bind interfaces only = yes
  interfaces = 192.168.1.1/24

works for me, but running debian stable.

interface names vary per unix, so maybe that's why samba just uses the
ip addresses.

--
Noah Dain

top part of my smb.conf now looks like:

[global]
bind interfaces only = yes
interfaces = 176.16.0.1/23

and i get the following results (and lazy so here are my ip addresses ;p)

-----------
mpk:/etc/samba# nmap -sSU 128.193.161.23

Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-11-03 10:33 
PST
Interesting ports on mpk.scf.oregonstate.edu (128.193.161.23):
(The 3141 ports scanned but not shown below are in state: closed)
PORT    STATE         SERVICE
22/tcp  open          ssh
68/udp  open|filtered dhcpclient
80/tcp  open          http
137/udp open|filtered netbios-ns
138/udp open|filtered netbios-dgm
631/tcp open          ipp
631/udp open|filtered unknown

Nmap finished: 1 IP address (1 host up) scanned in 1.515 seconds
mpk:/etc/samba# nmap -sSU 172.16.0.1

Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-11-03 10:33 
PST
Interesting ports on mpk.ts.scf.oregonstate.edu (172.16.0.1):
(The 3139 ports scanned but not shown below are in state: closed)
PORT    STATE         SERVICE
22/tcp  open          ssh
68/udp  open|filtered dhcpclient
80/tcp  open          http
137/udp open|filtered netbios-ns
138/udp open|filtered netbios-dgm
139/tcp open          netbios-ssn
445/tcp open          microsoft-ds
631/tcp open          ipp
631/udp open|filtered unknown

Nmap finished: 1 IP address (1 host up) scanned in 1.519 seconds
---------------------

as you can see samba is still binding netbios-ns and netbios-dgm to both 
interfaces(local loop back interface as well) :/ but not netbios-ssn or 
microsoft-ds

maybe i should grab a clean copy of the source and build it myself and see 
if i get better results. any other ideas?

_________________________________________________________________________
Info:                           Email:
Joseph T. Duncan                  work: duncanjo@ucs.orst.edu
Student Computing Facilities	  Home: Joseph.Duncan@orst.edu