samba - Jan 2007 - Testing subnets with samba[Scanned]

OK before i start, this was something i was just testing while everyone was in
training this afternoon. I have never had to deal with subnets before as we only
have a few users, but decided to do a little bit of messing around to gain some
experience.

Basically we have one server (mandriva 2006) running samba, it has two 4 port
ethernet cards in it but only utilitising one port from each card. (10.10.10.1
and 10.10.10.3)
Every machine on the network is using the same subnet mask (255.255.255.0) 
All machines are connected using one cisco switch.

What I tried was enabling one of the other ports on the server and giving it the
following details:
IP address: 10.10.10.32
Netmask: 255.255.255.224
Broadcast: 10.10.10.63

After enabling the card, everything seemed ok (I could ping the machine from
mine straight away) However when I changed my network settings (win98) to the
same subnet, samba would not let me login.

The message was  "password expired or logon server refused connection"
I could not login at all until I reset my network settings back to the default
subnet 255.255.25.0.

Would be grateful if anyone could shed some light on this as I don't
understand why I could not login.

Thanks
Dave.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/15/2007 11:49 AM, David Greenhall escreveu:
> OK before i start, this was something i was just testing 
> while everyone was in training this afternoon. I have
> never had to deal with subnets before as we only have a
> few users, but decided to do a little bit of messing
> around to gain some experience.
> 
> Basically we have one server (mandriva 2006) running 
> samba, it has two 4 port ethernet cards in it but
> only utilitising one port from each card. (10.10.10.1
> and 10.10.10.3)
> Every machine on the network is using the same subnet 
> mask (255.255.255.0)
> All machines are connected using one cisco switch.
> 
> What I tried was enabling one of the other ports on the 
> server and giving it the following details:
> IP address: 10.10.10.32
> Netmask: 255.255.255.224
> Broadcast: 10.10.10.63
> 
> After enabling the card, everything seemed ok (I could 
> ping the machine from mine straight away) However when
> I changed my network settings (win98) to the same subnet,
> samba would not let me login.
> 
> The message was  "password expired or logon server refused 
> connection"
> I could not login at all until I reset my network settings 
> back to the default subnet 255.255.25.0.
> 
> Would be grateful if anyone could shed some light on this 
> as I don't understand why I could not login.
	It seems that you probably have some restrictions on
the smb.conf (like not allowing other networks) or you didn't
"broadcast" properly, in any case, we will need the important
part of your smb.conf so we can check the details (and not
hard guess from the explanation). :-)

> Thanks
> Dave.
	Kind regards,

- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFrOP9Cj65ZxU4gPQRAmAnAJ9VPw58CL3C4NRqUBo3/0QcdbhFMwCfWobH
x8s489N1taUWZ4p2ZN9eHOQ=Rlux
-----END PGP SIGNATURE-----

-----Original Message-----
From: Felipe Augusto van de Wiel [mailto:felipe@paranacidade.org.br] 
Sent: 16 January 2007 14:41
To: samba@lists.samba.org
Subject: Re: [Samba] Testing subnets with samba[Scanned]


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/15/2007 11:49 AM, David Greenhall escreveu:
> OK before i start, this was something i was just testing
> while everyone was in training this afternoon. I have
> never had to deal with subnets before as we only have a
> few users, but decided to do a little bit of messing
> around to gain some experience.
> 
> Basically we have one server (mandriva 2006) running
> samba, it has two 4 port ethernet cards in it but
> only utilitising one port from each card. (10.10.10.1
> and 10.10.10.3)
> Every machine on the network is using the same subnet 
> mask (255.255.255.0)
> All machines are connected using one cisco switch.
> 
> What I tried was enabling one of the other ports on the
> server and giving it the following details:
> IP address: 10.10.10.32
> Netmask: 255.255.255.224
> Broadcast: 10.10.10.63
> 
> After enabling the card, everything seemed ok (I could
> ping the machine from mine straight away) However when
> I changed my network settings (win98) to the same subnet,
> samba would not let me login.
> 
> The message was  "password expired or logon server refused
> connection"
> I could not login at all until I reset my network settings 
> back to the default subnet 255.255.25.0.
> 
> Would be grateful if anyone could shed some light on this
> as I don't understand why I could not login.
	It seems that you probably have some restrictions on
the smb.conf (like not allowing other networks) or you didn't
"broadcast" properly, in any case, we will need the important part of
your smb.conf so we can check the details (and not hard guess from the
explanation). :-)

> Thanks
> Dave.
	Kind regards,

- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de
Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFrOP9Cj65ZxU4gPQRAmAnAJ9VPw58CL3C4NRqUBo3/0QcdbhFMwCfWobH
x8s489N1taUWZ4p2ZN9eHOQ=Rlux
-----END PGP SIGNATURE-----
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Ok I probably should have copied the smb file to start with, my apologies.

# Global parameters
[global]
	passwd program = /usr/bin/passwd %u 
	passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
	passwd chat debug = Yes 
	password level = 8 
	username level = 8 
	unix password sync = Yes 
	use sendfile = no
	interfaces = eth1 eth5 lo (this was the only line I changed after enabling the
other cards: adding eth4)
	bind interfaces only = yes
	hosts allow = 10.10.10.0/24
	hosts deny  = 0.0.0.0/0
	ldap ssl = no
	idmap gid = 15000-20000 
	delete user from group script = /usr/sbin/groupmod -R %u %g 
	dns proxy = No
	netbios name = SERVER
	keep alive = 30
	printing = bsd
	logon script = %U.bat
	local master = Yes
	hide files = /desktop.ini/Desktop.ini/
	workgroup = WORK
	os level = 35
	add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u 
	max log size = 50
	delete user script = /usr/sbin/userdel -r %u 
	log level = 3
	log file = /var/log/samba/log.%m
	add group script = /usr/sbin/groupadd %g 
	delete group script = /usr/sbin/groupdel %g 
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	add user to group script = /usr/sbin/groupmod -A %u %g 
	logon drive = P
	username map = /etc/samba/user.map
	domain master = Yes
	encrypt passwords = yes
	passdb backend = tdbsam
	wins support = Yes
	server string = Samba Server %v
	unix password sync = yes
	logon path = \\%L\%U\profile
	default service = Companies
	add user script = /usr/sbin/useradd -m %u 
	domain logons = Yes

-----Original Message-----
From: Felipe Augusto van de Wiel [mailto:felipe@paranacidade.org.br] 
Sent: 17 January 2007 16:45
To: samba@lists.samba.org
Subject: Re: [Samba] Testing subnets with samba[Scanned]


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/16/2007 12:52 PM, David Greenhall escreveu:
> -----Original Message-----
> From: Felipe Augusto van de Wiel [mailto:felipe@paranacidade.org.br]
> Sent: 16 January 2007 14:41
> To: samba@lists.samba.org
> Subject: Re: [Samba] Testing subnets with samba[Scanned]
> 
> 
> On 01/15/2007 11:49 AM, David Greenhall escreveu:
[...]
>>>Basically we have one server (mandriva 2006) running
>>>samba, it has two 4 port ethernet cards in it but
>>>only utilitising one port from each card. (10.10.10.1
>>>and 10.10.10.3)
>>>Every machine on the network is using the same subnet
>>>mask (255.255.255.0)
>>>All machines are connected using one cisco switch.
>>>
>>>What I tried was enabling one of the other ports on the server and 
>>>giving it the following details: IP address: 10.10.10.32
>>>Netmask: 255.255.255.224
>>>Broadcast: 10.10.10.63
>>>
>>>After enabling the card, everything seemed ok (I could
>>>ping the machine from mine straight away) However when
>>>I changed my network settings (win98) to the same subnet, samba
would
>>>not let me login.
>>>
>>>The message was  "password expired or logon server refused 
>>>connection" I could not login at all until I reset my network 
>>>settings back to the default subnet 255.255.25.0.
>>>
>>>Would be grateful if anyone could shed some light on this
>>>as I don't understand why I could not login.
>> 
>> 
>> 	It seems that you probably have some restrictions on
>> the smb.conf (like not allowing other networks) or you
>> didn't "broadcast" properly, in any case, we will need
the
>> important part of your smb.conf so we can check the details
>> (and not hard guess from the explanation). :-)
> Ok I probably should have copied the smb file to start with, my 
> apologies.
	:-)

> # Global parameters
> [global]
[...]
> 	interfaces = eth1 eth5 lo
> 		(this was the only line I changed after
		enabling the other cards:  adding eth4)
> 	bind interfaces only = yes
> 	hosts allow = 10.10.10.0/24
> 	hosts deny  = 0.0.0.0/0
	Ok, so you had a rule for networks you accept and what
ports you bind to. Here is where we need to figure out the whole picture.

	Looking closely you said in your first message that you
did the following setup:

	>>>IP address: 10.10.10.32
	>>>Netmask: 255.255.255.224
	>>>Broadcast: 10.10.10.63


	If that's right we have a small problem, not Samba related
but network related. Using .224 as a mask, creates networks with 32 IP number,
but you lost the first (net address) and the last one (broadcast address), which
means that you should not use .32 as an IP address.
			1st			2nd
	net-address	10.10.10.0		10.10.10.32
	address space	10.10.10.[1-30]		10.10.10.[33-62]
	broadcast	10.10.10.31		10.10.10.63

	Considering that you are using a /24 to allow conections
and you had the right interfaces to bind to, I should say that changing the IP
address would solve the problem. (At least, I hope so). :-)


	Kind regards,

- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de
Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFrlKHCj65ZxU4gPQRAvr6AJ4gM8VwihqhdrLNnywrsUzQ7BdLTQCgz9lB
TxW46EAFR5ICe1vIN6d6uCE=Dk75
-----END PGP SIGNATURE-----
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Ahh... That is something I didn't know. So in theory, if I changed the
server to:
IP Address: 10.10.10.33
Subnet: 255.255.255.224
Broadcast: 10.10.10.63

Then providing my workstation had an IP address within the range of 34-62 with
the same subnet, it should connect me?

Thanks
Dave.