Problems resolving linux box running Samba from XP

BillJennings · 10-21-2004, 04:44 AM

I have recently found a problem with Windows XP connecting to a Samba server when the Windows XP box has Service Pack 2 installed.

Did you do the backup with Windows XP SP1 or an earlier version of windows? ... and are you now trying to do the restore with Window XP with SP2 isntalled?

If so, here is what I found to be the problem on one of my servers. Service Pack 2 breaks Windows XP's ability to read files from Samba shares until you add:

use sendfile = no

to the global section of smb.conf.

Hope this helps.

Bill Jennings

DertyolBA$HTARD · 10-21-2004, 07:42 AM

Very Interesting, indeed.

Pengus · 10-21-2004, 01:56 PM

Well I fixed it. Seems that I don't need any advanced Samba config at all, I just needed to stop iptables, as it was blocking this computer from connecting at all. Thought /etc/hosts.allow 'ALL: 192.168.2.31' would work, but I guess iptables still blocked.

Instead of using /sbin/service iptables stop, is there an entry I can add to allow local network Samba connections? I've no idea how to begin messing with iptables at this point. The good thing is that I do have a router that handles security pretty well, except for a few forwarded ports to allow ssh and httpd when needed.

Thanks.

BillJennings · 10-21-2004, 02:34 PM

If you know the network and netmask of your subnet you can type this as root:

iptables -I INPUT -s <your_subnet_CIDR_goes_here> -j ACCEPT

This will allow any computer on your local subnet access to this server. Not just for Samba, but for all services. If you want to only allow Samba services you need to indicate the protocol (tcp or udp) and list the ports.

My recollection is that Samba listens on (both tcp and udp, so you will need two rules) ports 137, 138, 139, and 445.

So...

Code:

iptables -I INPUT -s <your_subnet_CIDR> -p tcp --dport 137:139 -j ACCEPT
iptables -I INPUT -s <your_subnet_CIDR> -p tcp --dport 445     -j ACCEPT
iptables -I INPUT -s <your_subnet_CIDR> -p udp --dport 137:139 -j ACCEPT
iptables -I INPUT -s <your_subnet_CIDR> -p ucp --dport 445     -j ACCEPT

Explanation:

"-I INPUT" means this rule is to be Inserted at the head of the rules controling INcoming packets destined for this machine
"-s <your_subnet_CIDR>" indicates packets with Source address inside your subnet
"-p tcp" means check the Protocol for TCP
"--dport 137:139" means check for Destination PORT 137 through 139
"-j ACCEPT" indicates what to do with packets meeting the above qualifications

Hope this helps.

Sincerely
Bill Jennings