samba - Oct 2008 - Nmbd is using the wrong ip address as source

Hello,

I have a linux box with the following S/W versions:
CentOS release 5.2 (Final)
Linux ns.hostname.ro 2.6.18-92.1.13.el5 #1 SMP Wed Sep 24 19:32:05 EDT 2008
x86_64 x86_64 x86_64 GNU/Linux
Version 3.0.28-1.el5_2.1

My server has 2 IP interfaces, eth0: with the public ip address and br0: for the
private subnet.
Br0 being a bridge ip interface between eth1 and tap0 ( for openvpn ).

Now my problem is that the nmbd is doing the netbios broadcasts using the eth0
ip address instead
of the br0 one. I'm only interested in enabling samba on the local network
(br0). I have checked
this by using tcpdump on another linux machine in the network and saw the
broadcasts with the source
address the eth0 ip. Nmbd claims to win the master browsing election, but in
reality the windows machines
ignore the election packets and another machine becomes master and the browsing
list is messed up..
The smbd works just fine, connecting to the shares manually works correctly.

How can I make nmbd to use the correct ip address? ( btw, I removed the bridge
config just for testing
and only enabled ip on the eth1 and the same problem.. ). I saw that in the
previous version there was
a parameter "-I" to force the source address..

For reference this is my smb.conf:
[global]
        workgroup = HOSTNAME
        netbios name = HNS
        interfaces = 10.10.10.1 127.0.0.1
        hosts allow = 127.0.0., 10.10.10.
        bind interfaces only = yes
        socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
        preferred master = yes
        domain master = yes
        local master = yes
        os level = 100
        remote announce = 10.10.10.255/HOSTNAME
        socket address = 10.10.10.1
        log level = 1

[homes]
        comment = Home Directory
        valid users = %S
        read only = No
        browseable = No

[comun]
        comment = Public Stuff
        path = /disk2/comun
        force user = disk
        force group = disk2
        read only = No

Any help is highly appreciated.

Thank you,

Teodor

 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 3494 (20081003) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

Teodor Iacob wrote:
> Hello,
> 
> I have a linux box with the following S/W versions:
> CentOS release 5.2 (Final)
> Linux ns.hostname.ro 2.6.18-92.1.13.el5 #1 SMP Wed Sep 24 19:32:05 EDT 2008
x86_64 x86_64 x86_64 GNU/Linux
> Version 3.0.28-1.el5_2.1
> 
> My server has 2 IP interfaces, eth0: with the public ip address and br0:
for the private subnet.
> Br0 being a bridge ip interface between eth1 and tap0 ( for openvpn ).
> 
> Now my problem is that the nmbd is doing the netbios broadcasts using the
eth0 ip address instead
> of the br0 one. I'm only interested in enabling samba on the local
network (br0). I have checked
> this by using tcpdump on another linux machine in the network and saw the
broadcasts with the source
> address the eth0 ip. Nmbd claims to win the master browsing election, but
in reality the windows machines
> ignore the election packets and another machine becomes master and the
browsing list is messed up..
> The smbd works just fine, connecting to the shares manually works
correctly.
> 
> How can I make nmbd to use the correct ip address? ( btw, I removed the
bridge config just for testing
> and only enabled ip on the eth1 and the same problem.. ). I saw that in the
previous version there was
> a parameter "-I" to force the source address..
> 
> For reference this is my smb.conf:
> [global]
>         workgroup = HOSTNAME
>         netbios name = HNS
>         interfaces = 10.10.10.1 127.0.0.1
... why not just say "interfaces = br0" so that it binds to your
private
interface (which I presume owns 10.10.10.1)?  You don't need to have 
Samba listen on the loopback address if you can talk to it on another 
local address.
>         hosts allow = 127.0.0., 10.10.10.
>         bind interfaces only = yes
[snip]
>         remote announce = 10.10.10.255/HOSTNAME
>         socket address = 10.10.10.1
Don

Thanks for the update.  I was banging my head trying to figure out why
yours acted different from mine, with somewhat similar structures...

On Thu, 2008-10-09 at 12:58 +0300, Teodor Iacob wrote:
> ? 
> 
> Problem solved:
>  
> The origin was a bad configured SNAT rule that didn't include the
> output interface so it was doing NAT
> on its own IP addresses .. samba works correctly.
>  
> Teo
>  
> 
> 
> 
> 
> ______________________________________________________________________
> From: Teodor Iacob 
> Sent: Thursday, October 09, 2008 9:11 AM
> To: Frank Gruman
> Cc: samba@lists.samba.org
> Subject: RE: [Samba] Nmbd is using the wrong ip address as source
> 
> 
> 
> I have used also the interface names, with the same results.
> Thank you for your time, I'll see to it further on the technical
> list..
>  
> Teo
>  
> 
> 
> 
> 
> ______________________________________________________________________
> From: Frank Gruman [mailto:fgatwork@verizon.net] 
> Sent: Thursday, October 09, 2008 5:26 AM
> To: Teodor Iacob
> Cc: samba@lists.samba.org
> Subject: RE: [Samba] Nmbd is using the wrong ip address as source
> 
> 
> 
> 
> On Wed, 2008-10-08 at 09:21 +0300, Teodor Iacob wrote:
> 
> > ? 
> > Also nmblookup is using the external ip address: 
> > querying HDV on 10.10.10.255
> > 09:19:19.461813 IP X.X.X.X.45781 > 10.10.10.255.netbios-ns: NBT UDP
> > PACKET(137): QUERY; REQUEST; BROADCAST
> > 09:19:19.732139 IP X.X.X.X.45781 > 10.10.10.255.netbios-ns: NBT UDP
> > PACKET(137): QUERY; REQUEST; BROADCAST
> > 09:19:20.002136 IP X.X.X.X.45781 > 10.10.10.255.netbios-ns: NBT UDP
> > PACKET(137): QUERY; REQUEST; BROADCAST
> > name_query failed to find name HDV
> > 
> > The debugging information would show: 
> > params.c:pm_process() - Processing configuration file
> > "/etc/samba/smb.conf"
> > Processing section "[global]"
> > doing parameter workgroup = HOSTNAME
> > doing parameter netbios name = HDV
> > handle_netbios_name: set global_myname to: HDV
> > doing parameter interfaces = 10.10.10.1
> > doing parameter hosts allow = 127.0.0., 10.10.10.
> > doing parameter bind interfaces only = yes
> > doing parameter socket options = IPTOS_LOWDELAY TCP_NODELAY
> > SO_RCVBUF=8192 SO_SNDBUF=8192
> > doing parameter preferred master = yes
> > doing parameter domain master = yes
> > doing parameter local master = yes
> > doing parameter os level = 100
> > doing parameter remote announce = 10.10.10.255/HOSTNAME
> > doing parameter socket address = 10.10.10.255
> > doing parameter log level = 1
> > .. 
> > added interface ip=10.10.10.1 bcast=10.10.10.255 nmask=255.255.255.0
> > socket option SO_KEEPALIVE = 0
> > socket option SO_REUSEADDR = 1
> > socket option SO_BROADCAST = 1
> > .. 
> > Socket opened.
> > querying HDV on 10.10.10.255
> > Sending a packet of len 50 to (10.10.10.255) on port 137
> > tdb(unnamed): tdb_open_ex: could not open
> > file /var/cache/samba/unexpected.tdb: No such file or directory
> > tdb(unnamed): tdb_open_ex: could not open
> > file /var/cache/samba/unexpected.tdb: No such file or directory
> > tdb(unnamed): tdb_open_ex: could not open
> > file /var/cache/samba/unexpected.tdb: No such file or directory
> > Sending a packet of len 50 to (10.10.10.255) on port 137
> > tdb(unnamed): tdb_open_ex: could not open
> > file /var/cache/samba/unexpected.tdb: No such file or directory
> > tdb(unnamed): tdb_open_ex: could not open
> > file /var/cache/samba/unexpected.tdb: No such file or directory
> > tdb(unnamed): tdb_open_ex: could not open
> > file /var/cache/samba/unexpected.tdb: No such file or directory
> > Sending a packet of len 50 to (10.10.10.255) on port 137
> > tdb(unnamed): tdb_open_ex: could not open
> > file /var/cache/samba/unexpected.tdb: No such file or directory
> > tdb(unnamed): tdb_open_ex: could not open
> > file /var/cache/samba/unexpected.tdb: No such file or directory
> > tdb(unnamed): tdb_open_ex: could not open
> > file /var/cache/samba/unexpected.tdb: No such file or directory
> > name_query failed to find name HDV
> > .. 
> > 
> > 
> > ____________________________________________________________________
> > 
> > From: Frank Gruman [mailto:fgatwork@verizon.net] 
> > Sent: Tuesday, October 07, 2008 3:29 AM
> > To: Teodor Iacob
> > Cc: samba@lists.samba.org
> > Subject: RE: [Samba] Nmbd is using the wrong ip address as source
> > 
> > 
> > 
> > On Mon, 2008-10-06 at 09:05 +0300, Teodor Iacob wrote: 
> > 
> > > Hello, 
> > > Sorry for seeming impatient, I just had some rough night hours
> > > because of this problem :) 
> > > tcpdump shows: 
> > > 08:21:22.920832 IP X.X.X.X.netbios-dgm >
10.10.10.255.netbios-dgm:
> > > NBT UDP PACKET(138)
> > > 08:21:22.920986 IP X.X.X.X.netbios-dgm >
10.10.10.255.netbios-dgm:
> > > NBT UDP PACKET(138)
> > > 08:21:23.072063 IP X.X.X.X.netbios-ns >
10.10.10.255.netbios-ns:
> > > NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
> > > 08:21:23.072069 IP X.X.X.X.netbios-ns >
10.10.10.255.netbios-ns:
> > > NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
> > > 08:21:23.072073 IP X.X.X.X.netbios-ns >
10.10.10.255.netbios-ns:
> > > NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
> > > 08:21:23.072076 IP X.X.X.X.netbios-ns >
10.10.10.255.netbios-ns:
> > > NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
> > > 08:21:23.072079 IP X.X.X.X.netbios-ns >
10.10.10.255.netbios-ns:
> > > NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
> > > 08:21:24.072491 IP X.X.X.X.netbios-dgm >
10.10.10.255.netbios-dgm:
> > > NBT UDP PACKET(138)
> > > 08:21:24.072497 IP X.X.X.X.netbios-dgm >
10.10.10.255.netbios-dgm:
> > > NBT UDP PACKET(138)
> > > 08:21:24.072656 IP X.X.X.X.netbios-ns >
10.10.10.255.netbios-ns:
> > > NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
> > > 08:21:25.073432 IP X.X.X.X.netbios-ns >
10.10.10.255.netbios-ns:
> > > NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
> > > 08:21:25.073438 IP X.X.X.X.netbios-ns >
10.10.10.255.netbios-ns:
> > > NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
> > > 08:21:25.073441 IP X.X.X.X.netbios-ns >
10.10.10.255.netbios-ns:
> > > NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
> > > 
> > > ( where X.X.X.X is the public ip address of the linux server from
> > > eth0 ), this tcpdump was taken from another linux machine with
> > > the 
> > > ip: 10.10.10.2 
> > > The requested netstat output: 
> > > [root@ns ~]# netstat -nap |grep [sn]mbd
> > > tcp        0      0 10.10.10.1:139              0.0.0.0:*
> > > LISTEN      18538/smbd
> > > tcp        0      0 10.10.10.1:445              0.0.0.0:*
> > > LISTEN      18538/smbd
> > > udp        0      0 10.10.10.1:137              0.0.0.0:*
> > > 18542/nmbd
> > > udp        0      0 10.10.10.255:137            0.0.0.0:*
> > > 18542/nmbd
> > > udp        0      0 10.10.10.1:138              0.0.0.0:*
> > > 18542/nmbd
> > > udp        0      0 10.10.10.255:138            0.0.0.0:*
> > > 18542/nmbd
> > > unix  2      [ ]         DGRAM                    194986
> > > 18542/nmbd
> > > unix  2      [ ]         DGRAM                    194960
> > > 18538/smbd
> > > 
> > > nmblookup from both machines returns this: 
> > > querying server on 10.10.10.255
> > > name_query failed to find name server 
> > > Right now there are no PCs open in the network, but friday when I
> > > was testing various configurations, 
> > > I was able to see that one of the XP machines reported back as
> > > master browser ( I could see the share list 
> > > with _MSBROWSE_ as well. ) 
> > > 
> > >   
> > > However if I do a unicast request to 10.10.10.1 ( basically it
> > > acts as a wins server ): 
> > > querying HDV on 10.10.10.1
> > > 10.10.10.1 HDV<00>
> > > 
> > > In the nmbd.log I have: 
> > > [2008/10/06 08:52:50, 0] nmbd/nmbd.c:main(698)
> > >   Netbios nameserver version 3.0.28-1.el5_2.1 started.
> > >   Copyright Andrew Tridgell and the Samba Team 1992-2007
> > > [2008/10/06 08:52:51, 0]
> > > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(290)
> > >   become_domain_master_browser_bcast:
> > >   Attempting to become domain master browser on workgroup
HOSTNAME
> > > on subnet 10.10.10.1
> > > [2008/10/06 08:52:51, 0]
> > > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(303)
> > >   become_domain_master_browser_bcast: querying subnet 10.10.10.1
> > > for domain master browser on workgroup HOSTNAME
> > > [2008/10/06 08:53:01, 0]
> > > nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
> > >   ***** 
> > >   Samba server HNS is now a domain master browser for workgroup
> > > HOSTNAME on subnet 10.10.10.1 
> > >   *****
> > > [2008/10/06 08:53:15, 0]
> > > nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
> > >   ***** 
> > >   Samba name server HNS is now a local master browser for
> > > workgroup HOSTNAME on subnet 10.10.10.1 
> > >   *****
> > > 
> > > Thank you for your time! 
> > > Teodor 
> > > 
> > > 
> > >
__________________________________________________________________
> > > 
> > > 
> > > From: Frank Gruman [mailto:fgatwork@verizon.net] 
> > > Sent: Sunday, October 05, 2008 10:28 PM
> > > To: Teodor Iacob
> > > Cc: samba@lists.samba.org
> > > Subject: RE: [Samba] Nmbd is using the wrong ip address as source
> > > 
> > > 
> > > 
> > > On Sun, 2008-10-05 at 18:35 +0300, Teodor Iacob wrote: 
> > > 
> > > > Does anybody have a suggestion for another list or forum to
address
> > > > this issue?
> > > > 
> > > > 
> > > > > -----Original Message-----
> > > > > From: Teodor Iacob 
> > > > > Sent: 4 octombrie 2008 09:14
> > > > > To: samba@piven.org; samba@lists.samba.org
> > > > > Subject: RE: [Samba] Nmbd is using the wrong ip address
as source
> > > > > 
> > > > >  
> > > > > 
> > > > > > -----Original Message-----
> > > > > > From: samba-bounces+theo=macsys.eu@lists.samba.org
> > > > > >
[mailto:samba-bounces+theo=macsys.eu@lists.samba.org] On Behalf Of
> > > > > > samba@piven.org
> > > > > > Sent: Saturday, October 04, 2008 4:41 AM
> > > > > > To: samba@lists.samba.org
> > > > > > Subject: Re: [Samba] Nmbd is using the wrong ip
address as source
> > > > > > 
> > > > > > Teodor Iacob wrote:
> > > > > > > Hello,
> > > > > > > 
> > > > > > > I have a linux box with the following S/W
versions:
> > > > > > > CentOS release 5.2 (Final)
> > > > > > > Linux ns.hostname.ro 2.6.18-92.1.13.el5 #1
SMP Wed Sep 24
> > > > > > 19:32:05 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
> > > > > > > Version 3.0.28-1.el5_2.1
> > > > > > > 
> > > > > > > My server has 2 IP interfaces, eth0: with the
public ip
> > > > > > address and br0: for the private subnet.
> > > > > > > Br0 being a bridge ip interface between eth1
and tap0 ( for
> > > > > > openvpn ).
> > > > > > > 
> > > > > > > Now my problem is that the nmbd is doing the
netbios
> > > > > > broadcasts using the eth0 ip address instead
> > > > > > > of the br0 one. I'm only interested in
enabling samba on
> > > > > > the local network (br0). I have checked
> > > > > > > this by using tcpdump on another linux
machine in the
> > > > > > network and saw the broadcasts with the source
> > > > > > > address the eth0 ip. Nmbd claims to win the
master browsing
> > > > > > election, but in reality the windows machines
> > > > > > > ignore the election packets and another
machine becomes
> > > > > > master and the browsing list is messed up..
> > > > > > > The smbd works just fine, connecting to the
shares manually
> > > > > > works correctly.
> > > > > > > 
> > > > > > > How can I make nmbd to use the correct ip
address? ( btw, I
> > > > > > removed the bridge config just for testing
> > > > > > > and only enabled ip on the eth1 and the same
problem.. ). I
> > > > > > saw that in the previous version there was
> > > > > > > a parameter "-I" to force the
source address..
> > > > > > > 
> > > > > > > For reference this is my smb.conf:
> > > > > > > [global]
> > > > > > >         workgroup = HOSTNAME
> > > > > > >         netbios name = HNS
> > > > > > >         interfaces = 10.10.10.1 127.0.0.1
> > > > > > 
> > > > > > ... why not just say "interfaces = br0"
so that it binds to your
> > > > > > private interface (which I presume owns
10.10.10.1)?  You
> > > > > don't need 
> > > > > > to have Samba listen on the loopback address if
you can
> > > > > talk to it on 
> > > > > > another local address.
> > > > > 
> > > > > I mentioned also br0 in my quest of trying all
possibilities
> > > > > I could think of.. No change.
> > > > > But bind is only for listening, my problem is when nmbd
it
> > > > > sends packets by itself to make the election. I told
you smbd
> > > > > works fine and I can see from netstat -an at the LISTEN
part
> > > > > that it was only bound to the 10.10.10.1:139 and
10.10.10.1:445
> > > > > 
> > > > > 
> > > > > > 
> > > > > > >         hosts allow = 127.0.0., 10.10.10.
> > > > > > >         bind interfaces only = yes
> > > > > > [snip]
> > > > > > >         remote announce =
10.10.10.255/HOSTNAME
> > > > > > >         socket address = 10.10.10.1
> > > > > > 
> > > > > > Don
> > > 
> > > 
> > > First of all, thank you for your patience on volunteer attempts
to
> > > help you resolve your issue (considering it is still the weekend
> > > in much of the world).
> > > 
> > > Now, can you include a portion of the tcpdump you viewed from the
> > > other machine (particularly the part where the wrong address is
> > > appearing).  Also, I am assuming you have restarted both smbd and
> > > nmbd after each configuration change.
> > > 
> > > To verify that your samba settings are being read properly, try
to
> > > run "netstat -nap |grep [sn]mbd" to see which ports are
open on
> > > your local machine.  Also, try running "nmblookup -B
10.10.10.255
> > > server" to ensure that nmbd is responding to name server
queries
> > > on the broadcast address.
> > > 
> > > I Googled a moment, and came up with much of the above from her -
> > > http://samba.org/~tpot/articles/multiple-interfaces.html
> > > 
> > > Let us know how it goes.
> > > 
> > > Regards,
> > > Frank 
> > > 
> > 
> > 
> > Thanks for the output.  
> > 
> > I can honestly say that I don't know why your public IP would be
> > coming back in the tcpdump.  I will have to leave that one to
> > greater minds than mine.  The other outputs look good except for the
> > nmblookup failure.  I think I didn't provide enough information
for
> > you - the "server" attribute should be the name of a machine
on your
> > network (a node).  That should fix the success of that query.
> > 
> > Also, try to add the "-d 8" parameter to add additional
debug output
> > to this command.  It should give you a lot more information about
> > how it is performing lookups.  If you even want to test a step
> > further, rather than setting the "interfaces =
<ip_address>"
> > parameter in smb.conf, try to set it back to the interface
> > name ?"interfaces = <ifc name, e.g. eth1>".  I recall
a posting a
> > long time ago that made references to this, so all of mine use ifc
> > names rather than IP addresses.
> > 
> > Regards,
> > Frank
> > 
> > 
> 
> Theo,
> 
> I must admit, I am coming to an end on what I can help you with.  My
> only last suggestion is to change your smb.conf file to set the
> interfaces back to the device rather than the IP address.  I don't
> know how much difference it will make...
> 
> The next step (barring anyone else speaking up here) would be to
> engage the samba-technical list.  To me, it appears that your
> configuration is in line with the documentation, so you may have a
> valid issue to head to that side with.
> 
> Regards,
> Frank