Begin forwarded message:> From: Margaret_Doll <Margaret_Doll@brown.edu> > Date: Wed Dec 14, 2005 1:09:24 PM US/Eastern > To: samba <samba@lists.samba.org> > Subject: [Samba] RHEL4 and samba > > I brought over the /etc/samba directory from a RHEL3 system to a RHEL4 > system. > > I disable selinux in case there was a problem with a port being blocked > > iptables has port 139 and 445 enabled. > > I can see the server in the Windows Network Neighborhood but the user > cannot connect because they are unauthorized to attach from their > computer. > > Most of the test in the samba documentation work except. > > smbclient -L server -N > > shows no computers, but does show the shares and > > SERVER COMMENTS > > myserver server comments > > Workgroup Master > ------------- > > myworkgroup > 2nd workgroup master2 > 3rd workgroup master3 > > > nmblookup -B myserver __SAMBA__ > querying __SAMBA__ on correct ip address > name_query failed to find name __SAMBA__ > > nmblooup -M myworkgroup > querying myworkgroup on mysubnet > ip address of a client myworkgroup<1d> > > "netstat -a" show netbios-ns > > What do I have set up incorrectly? > > > --I found that from the computers I cannot attach to the server through the network neighborhood. I can, however, log into the server if I do a search on the computer. So the server is not "announcing" itself. How do I fix this problem? Is this a firewall problem?
Margaret_Doll wrote:> > > Begin forwarded message: > >> From: Margaret_Doll <Margaret_Doll@brown.edu> >> Date: Wed Dec 14, 2005 1:09:24 PM US/Eastern >> To: samba <samba@lists.samba.org> >> Subject: [Samba] RHEL4 and samba >> >> I brought over the /etc/samba directory from a RHEL3 system to a >> RHEL4 system. >> >> I disable selinux in case there was a problem with a port being blocked >> >> iptables has port 139 and 445 enabled. >>open ports 137 and 138, I forget which one, but the announcement is on one of these ports, you also need to check your protocols tcp udp as far as iptables is concerned. Usually in this cases I open up all protocols and the ports needed(check the protocols udp and tcp on 139 445 also) and then start DROP ing or REJECT ing ports-protocols until it breaks. selinux should not be an issue with this.>> I can see the server in the Windows Network Neighborhood but the user >> cannot connect because they are unauthorized to attach from their >> computer. >> >> Most of the test in the samba documentation work except. >> >> smbclient -L server -N >> >> shows no computers, but does show the shares and >> >> SERVER COMMENTS >> >> myserver server comments >> >> Workgroup Master >> ------------- >> >> myworkgroup >> 2nd workgroup master2 >> 3rd workgroup master3 >> >> >> nmblookup -B myserver __SAMBA__ >> querying __SAMBA__ on correct ip address >> name_query failed to find name __SAMBA__ >> >> nmblooup -M myworkgroup >> querying myworkgroup on mysubnet >> ip address of a client myworkgroup<1d> >> >> "netstat -a" show netbios-ns >> >> What do I have set up incorrectly? >> >> >> -- > > I found that from the computers I cannot attach to the server through > the network neighborhood. I can, however, log into the server > if I do a search on the computer. So the server is not "announcing" > itself. > > How do I fix this problem? Is this a firewall problem? >
On Wednesday, December 14, 2005, at 04:42 PM, Philip Washington wrote:> Margaret_Doll wrote: > >> >> >> Begin forwarded message: >> >>> From: Margaret_Doll <Margaret_Doll@brown.edu> >>> Date: Wed Dec 14, 2005 1:09:24 PM US/Eastern >>> To: samba <samba@lists.samba.org> >>> Subject: [Samba] RHEL4 and samba >>> >>> I brought over the /etc/samba directory from a RHEL3 system to a >>> RHEL4 system. >>> >>> I disable selinux in case there was a problem with a port being >>> blocked >>> >>> iptables has port 139 and 445 enabled. >>> > open ports 137 and 138, I forget which one, but the announcement > is on one of these ports, you also need to check your protocols tcp > udp as far as iptables is concerned. Usually in this cases I open > up all protocols and the ports needed(check the protocols udp and tcp > on 139 445 also) and then start DROP ing or REJECT ing > ports-protocols until it breaks. > selinux should not be an issue with this.I opened the tcp, udp ports in the iptables, restarted iptables, restarted smb. I still have the same problems with nmbd. People can do a search for the server.nnn.nnn.edu and find themselves logged in, but the server in the Network Neighborhood is "not available" The printers from the Windows computers have to be created using the complete path of the server, ie. server.nnn.nnn.edu, instead of the samba name. iptables --list ... ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ns ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-dgm ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ssn> >>> I can see the server in the Windows Network Neighborhood but the >>> user cannot connect because they are unauthorized to attach from >>> their computer. >>> >>> Most of the test in the samba documentation work except. >>> >>> smbclient -L server -N >>> >>> shows no computers, but does show the shares and >>> >>> SERVER COMMENTS >>> >>> myserver server comments >>> >>> Workgroup Master >>> ------------- >>> >>> myworkgroup >>> 2nd workgroup master2 >>> 3rd workgroup master3 >>> >>> >>> nmblookup -B myserver __SAMBA__ >>> querying __SAMBA__ on correct ip address >>> name_query failed to find name __SAMBA__ >>> >>> nmblooup -M myworkgroup >>> querying myworkgroup on mysubnet >>> ip address of a client myworkgroup<1d> >>> >>> "netstat -a" show netbios-ns >>> >>> What do I have set up incorrectly? >>> >>> >>> -- >> >> I found that from the computers I cannot attach to the server through >> the network neighborhood. I can, however, log into the server >> if I do a search on the computer. So the server is not "announcing" >> itself. >> >> How do I fix this problem? Is this a firewall problem? >> >
Margaret_Doll wrote:> > On Wednesday, December 14, 2005, at 04:42 PM, Philip Washington wrote: > >> Margaret_Doll wrote: >> >>> >>> >>> Begin forwarded message: >>> >>>> From: Margaret_Doll <Margaret_Doll@brown.edu> >>>> Date: Wed Dec 14, 2005 1:09:24 PM US/Eastern >>>> To: samba <samba@lists.samba.org> >>>> Subject: [Samba] RHEL4 and samba >>>> >>>> I brought over the /etc/samba directory from a RHEL3 system to a >>>> RHEL4 system. >>>> >>>> I disable selinux in case there was a problem with a port being >>>> blocked >>>> >>>> iptables has port 139 and 445 enabled. >>>> >> open ports 137 and 138, I forget which one, but the announcement >> is on one of these ports, you also need to check your protocols tcp >> udp as far as iptables is concerned. Usually in this cases I >> open up all protocols and the ports needed(check the protocols udp >> and tcp on 139 445 also) and then start DROP ing or REJECT ing >> ports-protocols until it breaks. >> selinux should not be an issue with this. > > > I opened the tcp, udp ports in the iptables, restarted iptables, > restarted smb. > > I still have the same problems with nmbd. People can do a search for > the server.nnn.nnn.edu and find themselves logged in, but the server > in the Network Neighborhood is "not available" The printers from the > Windows computers > have to be created using the complete path of the server, ie. > server.nnn.nnn.edu, instead of the samba name. > > iptables --list > ... > ACCEPT udp -- anywhere anywhere state NEW > udp dpt:netbios-ns > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:netbios-ns > ACCEPT udp -- anywhere anywhere state NEW > udp dpt:netbios-dgm > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:netbios-dgm > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:netbios-ssn > ACCEPT udp -- anywhere anywhere state NEW > udp dpt:netbios-ssn > >Would it be possible to turn off iptables altogether and try. service iptables stop service smb restart You may have to wait a few minutes for the master browser to pick it up. Here is a copy of a simple smb.conf I have running on a test machine running RHEL4 [global] workgroup = COMPA server string = Samba Server interfaces = 10.10.10.167/24 log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 printer admin = @ntadmin, root cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba read only = No guest ok = Yes printable = Yes default devmode = Yes browseable = No [print$] comment = Printer driver Download Area path = /etc/samba/drivers write list = @ntadmin, root, philip guest ok = Yes [Shared] path = /home/philip/SHARED valid users = philip read only = No hosts allow = 10.10.10.169, 10.10.10.238>> >>>> I can see the server in the Windows Network Neighborhood but the >>>> user cannot connect because they are unauthorized to attach from >>>> their computer. >>>> >>>> Most of the test in the samba documentation work except. >>>> >>>> smbclient -L server -N >>>> >>>> shows no computers, but does show the shares and >>>> >>>> SERVER COMMENTS >>>> >>>> myserver server comments >>>> >>>> Workgroup Master >>>> ------------- >>>> >>>> myworkgroup >>>> 2nd workgroup master2 >>>> 3rd workgroup master3 >>>> >>>> >>>> nmblookup -B myserver __SAMBA__ >>>> querying __SAMBA__ on correct ip address >>>> name_query failed to find name __SAMBA__ >>>> >>>> nmblooup -M myworkgroup >>>> querying myworkgroup on mysubnet >>>> ip address of a client myworkgroup<1d> >>>> >>>> "netstat -a" show netbios-ns >>>> >>>> What do I have set up incorrectly? >>>> >>>> >>>> -- >>> >>> >>> I found that from the computers I cannot attach to the server through >>> the network neighborhood. I can, however, log into the server >>> if I do a search on the computer. So the server is not "announcing" >>> itself. >>> >>> How do I fix this problem? Is this a firewall problem? >>> >> >