|
Accesing a samba directory from Windows
I have been asked to set up Samba on a RHEL 5.3 server so files can be viewed from Windows desktop PCs. I think I have everything correct on the Linux side, and I can run 'smbclient //localhost/Downloads' without a problem.
But the documentation I am reading says that Windows should now be able to connect, and that is not happening. I am using "Map Network Drive" under "Tools" in Windows Explorer. (Is that correct?) I attempt to map the "Y" drive to \\myserver\Downloads, and get the following: "The specified server cannot perform the requested operation". The same message occurs on both Vista and XP, and using the numeric IP address of the Linux server does not help. Here is my smb.conf file on Linux: [global] workgroup = {My Windows workgroup name} server string = Samba Linux Server hosts allow = 192.168. 127. {The IP address of my PCs} log file = /var/log/samba/%m.log security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [Downloads] comment = Downloads path = /sharedata browseable = yes writable = yes public = yes read only = no [homes] comment = /home/sambashare browseable = yes writable = yes public = yes If anybody has any idea what I am doing wrong, I would appreciate any help. Sanford Stein CyberTools Inc. |
Have you got IP connectivity between the windoze machines and the server?
Are you running a firewall on the server that may be blocking the connections? The path to your Downloads looks fishy. It should be the full path to Downloads. ie /sharedata/Downloads . Have the windoze users got accounts on the linux system? Have you added them with smbpasswd? You should be able to map the drive after the server is running correctly. Have you verified the smb.conf file with testparm? Are you sure smbd and nmbd are both running? |
Cliff,
Thanks for your prompt reply. My answers are below. Thanks, SS Have you got IP connectivity between the windoze machines and the server? -- Yes, I can ssh from the Windows box to the Linux server Are you running a firewall on the server that may be blocking the connections? -- Yes. Maybe that is the issue. I ran netstat and I think it shows me that the smb port is 445. I will add iptables statements opening up this port to my Windows box and restart the firewall (can't do that right now). The path to your Downloads looks fishy. It should be the full path to Downloads. ie /sharedata/Downloads . -- I thought that my smb.conf maps 'Downloads' to /sharedata. At any rate, I tried \\server\sharedata, \\server\Downloads, and \\server\sharedata\Downloads on map network drive on Windows and none of them work. Have the windoze users got accounts on the linux system? Have you added them with smbpasswd? -- In Map Network Drive, I choose "different user" and entered a legit login and password from the Linux box (added with smbpasswd). You should be able to map the drive after the server is running correctly. Have you verified the smb.conf file with testparm? -- Yes, it is verified with testparm. Are you sure smbd and nmbd are both running? -- Yes, both processes are running |
The blocked port will prevent connectivity. Let me know what happens after the port is open.
|
Cliff,
I opened ports 137, 138, and 139 in my firewall (I got these ports from another thread in this forum) and still get the same result: "The network path is not found". This happens even when using a workstation on the same subnet. # smbclient //localhost/Downloads does work on the server Thanks for your help, SS |
I believe the three ports you need open are 137, 139 and 445. I have Samba running on my main system, brought up nmap, and scanned it. Those are the ports that are opened for Samba.
I don't know what 138 may have to do with it. I would also suggest you go here --> http://us1.samba.org/samba/docs/using_samba/toc.html go to chapter 12, trouble shooting, and have a look through that material. It is very detailed and gives lots of information on how to verify the various components are or are not working. It has bailed me out several times. If you can, install nmap on a work station so you can scan the server externally, that may give you a clew about the ports. nmap has a gui front end that makes it easy to use. It will run command line also. Hope this helps. |
Try a temporary disabling of SELinux (setenforce 0) and see if that works. In any case, turn it back on (setenforce 1), then we cant sort it out if that's the issue.
Also, look in your samba logs and audit log (/var/log/samba/relevant_log_file and /var/log/audit/audit.log). |
Cliff,
SELinux was disabled on my server. No matter what I do (setenforce 0, setenforce 1, setenforce Enforcing) it remains disable, and samba connection still fails. This is from my nmbd.log: [2009/04/15 00:01:19, 0] libsmb/nmblib.c:send_udp(793) Packet send failed to 10.10.10.255(137) ERRNO=Operation not permitted [2009/04/15 00:01:19, 0] nmbd/nmbd_packets.c:send_netbios_packet(163) send_netbios_packet: send_packet() to IP 10.10.10.255 port 137 failed [2009/04/15 00:01:19, 0] nmbd/nmbd_namequery.c:query_name(245) query_name: Failed to send packet trying to query name CYBERTOOLS<1d> [2009/04/15 00:01:19, 0] libsmb/nmblib.c:send_udp(793) Packet send failed to 192.168.168.255(137) ERRNO=Operation not permitted [2009/04/15 00:01:19, 0] nmbd/nmbd_packets.c:send_netbios_packet(163) send_netbios_packet: send_packet() to IP 192.168.168.255 port 137 failed [2009/04/15 00:01:19, 0] nmbd/nmbd_namequery.c:query_name(245) query_name: Failed to send packet trying to query name CYBERTOOLS<1d> Hope this helps and thanks, SS |
Cliff,
More information: When I go to another Linux box on the same subnet and enter: smbclient //{IP address}/Downloads or smbclient //{Workgroup}/Downloads -I {IP address} I get a timeout trying to connect to port 139. Here are my iptables commands for port 139 (SAMBAPORT)on the target server: iptables -A INPUT -p tcp -s $LOCAL_WAN -d $MY_IP --dport $SAMBAPORT -j ACCEPT iptables -A INPUT -p tcp -s $VPN -d $MY_IP --dport $SAMBAPORT -j ACCEPT iptables -A INPUT -p tcp -s $GUEST2 -d $MY_IP --dport $SAMBAPORT -j ACCEPT iptables -A OUTPUT -p tcp -s $LOCAL_WAN -d $MY_IP --dport $SAMBAPORT -j ACCEPT iptables -A OUTPUT -p tcp -s $VPN -d $MY_IP --dport $SAMBAPORT -j ACCEPT iptables -A OUTPUT -p tcp -s $GUEST2 -d $MY_IP --sport $SAMBAPORT --syn -m state --state NEW -j ACCEPT iptables -A INPUT -p tcp -d $MY_IP --dport $SAMBAPORT -j LOG --log-prefix "DROP " --log-ip-options --log-tcp-options iptables -A INPUT -p tcp -d $MY_IP --dport $SAMBAPORT -j REJECT (I have also tried setting SAMBAPORT to 445 -- same result) Hope this helps, SS |
Sorry, I can not help with the IP tables stuff. Have you installed nmap on a system so you verify if 137, 139 and 445 are opened?
|
nmblib.log isn't relevant. look in the relevant samba log - you have them named after the accessing machine if you read your config.
If your machine is otherwise protected, try disabling the firewall altogether for a few minutes. Read http://us3.samba.org/samba/docs/man/...#firewallports Here are my iptables rules that work Code:
$IPTABLES -A tcp_packets_LAN_in -p TCP -i $LAN_IFACE --dport 137:139 -j allowedCan you show the output of "smbclient -L localhost" from the server as well please, plus that of "pdbedit -L -v" |
Just a bit more - can you post "ls -l /sharedata".
You're homes definition is very non-standard, it should be something like /home/%U since [homes] is a special case. |
Billymayday, sorry I did not acknowledge you in my last post--I did not realize that someone else had jumped in. Thanks to you and Cliff for all the time you are devoting to this.
After downloading and installing nmap, I run 'nmap localhost' and it shows that ports 139 and 445 are open but not port 137. Is this potentially the problem? How do I get that port to be open? (It is in /etc/services as netbios-ns.) On another linux box, I ran 'nmap {IP of Samba server}' and I got a lot of output but nothing mentioning open ports. What would be the correct syntax in this case? I do not have nmap on my Windows workstation. The only log files in /var/log/samba are peach.log, 127.0.0.1.log, nmbd.log and smbd.log. There is no log file which refers to either of the accessing machines that I have tried. I will try all of the following: 1. Billymayday's iptables rules 2. Reading the info at the two websites that you pointed me to 3. Disabling the firewall (I can't do that right now--will need to disconnect the server from the Internet later) I will also modify the definition in [homes] although I assume that is not causing my problem. The output from everything Billymayday requested follows. Hope this helps and thank you both again. SS ----------------------------------------------------------------------- $ smbclient -L localhost Password: Domain=[PEACH] OS=[Unix] Server=[Samba 3.0.33-3.7.el5] Sharename Type Comment --------- ---- ------- Downloads Disk Downloads IPC$ IPC IPC Service (Samba Linux Server) mbp5vdrzqtui Disk Home Directoru Domain=[PEACH] OS=[Unix] Server=[Samba 3.0.33-3.7.el5] Server Comment --------- ------- Workgroup Master --------- ------- CYBERTOOLS [root@peach etc]# pdbedit -L -v --------------- Unix username: mbp5vdrzqtui NT username: Account Flags: [U ] User SID: S-1-5-21-2587274180-164814312-3828657243-2000 Primary Group SID: S-1-5-21-2587274180-164814312-3828657243-513 Full Name: Home Directory: \\peach\mbp5vdrzqtui HomeDir Drive: Logon Script: Profile Path: \\peach\mbp5vdrzqtui\profile Domain: PEACH Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: Mon, 13 Apr 2009 16:11:33 EDT Password can change: Mon, 13 Apr 2009 16:11:33 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF --------------- Unix username: l5ul8fqltnpw NT username: Account Flags: [U ] User SID: S-1-5-21-2587274180-164814312-3828657243-2002 Primary Group SID: S-1-5-21-2587274180-164814312-3828657243-513 Full Name: Home Directory: \\peach\l5ul8fqltnpw HomeDir Drive: Logon Script: Profile Path: \\peach\l5ul8fqltnpw\profile Domain: PEACH Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: Tue, 14 Apr 2009 14:57:23 EDT Password can change: Tue, 14 Apr 2009 14:57:23 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF --------------- Unix username: root NT username: Account Flags: [U ] User SID: S-1-5-21-2587274180-164814312-3828657243-1000 Primary Group SID: S-1-5-21-2587274180-164814312-3828657243-513 Full Name: root Home Directory: \\peach\root HomeDir Drive: Logon Script: Profile Path: \\peach\root\profile Domain: PEACH Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: Mon, 13 Apr 2009 16:37:59 EDT Password can change: Mon, 13 Apr 2009 16:37:59 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF --------------- Unix username: pcguest NT username: Account Flags: [U ] User SID: S-1-5-21-2587274180-164814312-3828657243-2014 Primary Group SID: S-1-5-21-2587274180-164814312-3828657243-513 Full Name: Home Directory: \\peach\pcguest HomeDir Drive: Logon Script: Profile Path: \\peach\pcguest\profile Domain: PEACH Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: Tue, 14 Apr 2009 18:05:49 EDT Password can change: Tue, 14 Apr 2009 18:05:49 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [root@peach etc]# ls -l /sharedata total 4 -rwxr-xr-x 1 root root 28 Apr 9 17:13 atestfile [root@peach etc]# cat /sharedata/atestfile This is a Samba test file. [root@peach etc]# |
Cliff or Billymayday or anyone else listening out there,
I think I have this narrowed down to a problem binding nmbd to port 137 when I start Samba. I get errors in the nmbd.log such as: [2009/04/17 12:12:25, 0] nmbd/nmbd_nameregister.c:register_name(514) register_name: Failed to send packet trying to register name CYBERTOOLS<1e> [2009/04/17 12:12:25, 0] libsmb/nmblib.c:send_udp(793) Packet send failed to 10.10.10.255(138) ERRNO=Operation not permitted [2009/04/17 12:12:25, 0] nmbd/nmbd_nameregister.c:register_name(514) register_name: Failed to send packet trying to register name CYBERTOOLS<1e> [2009/04/17 12:12:25, 0] libsmb/nmblib.c:send_udp(793) Packet send failed to 192.168.168.255(137) ERRNO=Operation not permitted My interfaces line in smb.conf is: interfaces = 127.0.0.1 10.10.10.252/24 192.168.168.252/24 I have also tried to use the acutal internet IP of the server, and it reverts to trying 10.10.10.255. I have also tried substituting eth0 for the 10.10.10 address and eth2 for the 192.168.168 address and get the same result. If I use only localhost, the log complains about "no non-loopback local interfaces". Can anybody see anything that I'm missing? Thanks in advance, SS |
One thing I would suggest is to have a look at /etc/xinetd.conf file to see what may be in there for starting the samba damenos. There is some information in Ch 12 Samaba Troubleshooting on the dameons, it points you back to xinetd.conf. Some Samba installs will add lines in there to start the dameons. They may be causing port 137 to be in use. Then the bind will fail.
I can't be sure, but I think it may be part or all of the problem. ( I posted the link to the smaba doc earlier in the thread ). Hope this helps. |
| All times are GMT -5. The time now is 11:32 PM. |