LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-13-2009, 04:35 PM   #1
Sanford Stein
Member
 
Registered: Jun 2008
Location: Evanston, Illinois
Distribution: RHEL 6.4
Posts: 126

Rep: Reputation: 17
Accesing a samba directory from Windows


I have been asked to set up Samba on a RHEL 5.3 server so files can be viewed from Windows desktop PCs. I think I have everything correct on the Linux side, and I can run 'smbclient //localhost/Downloads' without a problem.

But the documentation I am reading says that Windows should now be able to connect, and that is not happening.

I am using "Map Network Drive" under "Tools" in Windows Explorer.
(Is that correct?) I attempt to map the "Y" drive to
\\myserver\Downloads, and get the following:

"The specified server cannot perform the requested operation".

The same message occurs on both Vista and XP, and using the numeric IP
address of the Linux server does not help.

Here is my smb.conf file on Linux:

[global]
workgroup = {My Windows workgroup name}
server string = Samba Linux Server
hosts allow = 192.168. 127. {The IP address of my PCs}
log file = /var/log/samba/%m.log
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

[Downloads]
comment = Downloads
path = /sharedata
browseable = yes
writable = yes
public = yes
read only = no

[homes]
comment = /home/sambashare
browseable = yes
writable = yes
public = yes

If anybody has any idea what I am doing wrong, I would appreciate any help.

Sanford Stein
CyberTools Inc.
 
Old 04-13-2009, 06:48 PM   #2
camorri
LQ Guru
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2
Posts: 5,143

Rep: Reputation: 503Reputation: 503Reputation: 503Reputation: 503Reputation: 503Reputation: 503
Have you got IP connectivity between the windoze machines and the server?

Are you running a firewall on the server that may be blocking the connections?

The path to your Downloads looks fishy. It should be the full path to Downloads. ie /sharedata/Downloads .

Have the windoze users got accounts on the linux system? Have you added them with smbpasswd?

You should be able to map the drive after the server is running correctly.

Have you verified the smb.conf file with testparm?

Are you sure smbd and nmbd are both running?
 
Old 04-14-2009, 09:24 AM   #3
Sanford Stein
Member
 
Registered: Jun 2008
Location: Evanston, Illinois
Distribution: RHEL 6.4
Posts: 126

Original Poster
Rep: Reputation: 17
Cliff,

Thanks for your prompt reply. My answers are below.

Thanks,
SS


Have you got IP connectivity between the windoze machines and the server?

-- Yes, I can ssh from the Windows box to the Linux server

Are you running a firewall on the server that may be blocking the connections?

-- Yes. Maybe that is the issue.
I ran netstat and I think it shows me that the smb port is 445.
I will add iptables statements opening up this port to my Windows
box and restart the firewall (can't do that right now).

The path to your Downloads looks fishy. It should be the full path to Downloads. ie /sharedata/Downloads .

-- I thought that my smb.conf maps 'Downloads' to /sharedata. At any
rate, I tried \\server\sharedata, \\server\Downloads, and
\\server\sharedata\Downloads on map network drive on Windows and
none of them work.

Have the windoze users got accounts on the linux system? Have you added them with smbpasswd?

-- In Map Network Drive, I choose "different user" and entered a legit
login and password from the Linux box (added with smbpasswd).

You should be able to map the drive after the server is running correctly.

Have you verified the smb.conf file with testparm?

-- Yes, it is verified with testparm.

Are you sure smbd and nmbd are both running?

-- Yes, both processes are running
 
Old 04-14-2009, 09:30 AM   #4
camorri
LQ Guru
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2
Posts: 5,143

Rep: Reputation: 503Reputation: 503Reputation: 503Reputation: 503Reputation: 503Reputation: 503
The blocked port will prevent connectivity. Let me know what happens after the port is open.
 
Old 04-14-2009, 03:16 PM   #5
Sanford Stein
Member
 
Registered: Jun 2008
Location: Evanston, Illinois
Distribution: RHEL 6.4
Posts: 126

Original Poster
Rep: Reputation: 17
Cliff,

I opened ports 137, 138, and 139 in my firewall (I got these ports from another thread in this forum) and still get the same result:
"The network path is not found". This happens even when using a workstation on the same subnet.

# smbclient //localhost/Downloads does work on the server

Thanks for your help,
SS
 
Old 04-14-2009, 06:29 PM   #6
camorri
LQ Guru
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2
Posts: 5,143

Rep: Reputation: 503Reputation: 503Reputation: 503Reputation: 503Reputation: 503Reputation: 503
I believe the three ports you need open are 137, 139 and 445. I have Samba running on my main system, brought up nmap, and scanned it. Those are the ports that are opened for Samba.

I don't know what 138 may have to do with it.

I would also suggest you go here --> http://us1.samba.org/samba/docs/using_samba/toc.html

go to chapter 12, trouble shooting, and have a look through that material. It is very detailed and gives lots of information on how to verify the various components are or are not working. It has bailed me out several times.

If you can, install nmap on a work station so you can scan the server externally, that may give you a clew about the ports. nmap has a gui front end that makes it easy to use. It will run command line also.

Hope this helps.
 
Old 04-14-2009, 06:39 PM   #7
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Try a temporary disabling of SELinux (setenforce 0) and see if that works. In any case, turn it back on (setenforce 1), then we cant sort it out if that's the issue.

Also, look in your samba logs and audit log (/var/log/samba/relevant_log_file and /var/log/audit/audit.log).
 
Old 04-15-2009, 09:10 AM   #8
Sanford Stein
Member
 
Registered: Jun 2008
Location: Evanston, Illinois
Distribution: RHEL 6.4
Posts: 126

Original Poster
Rep: Reputation: 17
Cliff,

SELinux was disabled on my server. No matter what I do
(setenforce 0, setenforce 1, setenforce Enforcing) it remains disable, and samba connection still fails.

This is from my nmbd.log:

[2009/04/15 00:01:19, 0] libsmb/nmblib.c:send_udp(793)
Packet send failed to 10.10.10.255(137) ERRNO=Operation not permitted
[2009/04/15 00:01:19, 0] nmbd/nmbd_packets.c:send_netbios_packet(163)
send_netbios_packet: send_packet() to IP 10.10.10.255 port 137 failed
[2009/04/15 00:01:19, 0] nmbd/nmbd_namequery.c:query_name(245)
query_name: Failed to send packet trying to query name CYBERTOOLS<1d>
[2009/04/15 00:01:19, 0] libsmb/nmblib.c:send_udp(793)
Packet send failed to 192.168.168.255(137) ERRNO=Operation not permitted
[2009/04/15 00:01:19, 0] nmbd/nmbd_packets.c:send_netbios_packet(163)
send_netbios_packet: send_packet() to IP 192.168.168.255 port 137 failed
[2009/04/15 00:01:19, 0] nmbd/nmbd_namequery.c:query_name(245)
query_name: Failed to send packet trying to query name CYBERTOOLS<1d>

Hope this helps and thanks,
SS
 
Old 04-15-2009, 10:16 AM   #9
Sanford Stein
Member
 
Registered: Jun 2008
Location: Evanston, Illinois
Distribution: RHEL 6.4
Posts: 126

Original Poster
Rep: Reputation: 17
Cliff,

More information:

When I go to another Linux box on the same subnet and enter:

smbclient //{IP address}/Downloads or
smbclient //{Workgroup}/Downloads -I {IP address}

I get a timeout trying to connect to port 139.
Here are my iptables commands for port 139 (SAMBAPORT)on the target server:

iptables -A INPUT -p tcp -s $LOCAL_WAN -d $MY_IP --dport $SAMBAPORT -j ACCEPT
iptables -A INPUT -p tcp -s $VPN -d $MY_IP --dport $SAMBAPORT -j ACCEPT
iptables -A INPUT -p tcp -s $GUEST2 -d $MY_IP --dport $SAMBAPORT -j ACCEPT
iptables -A OUTPUT -p tcp -s $LOCAL_WAN -d $MY_IP --dport $SAMBAPORT -j ACCEPT
iptables -A OUTPUT -p tcp -s $VPN -d $MY_IP --dport $SAMBAPORT -j ACCEPT
iptables -A OUTPUT -p tcp -s $GUEST2 -d $MY_IP --sport $SAMBAPORT --syn -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -d $MY_IP --dport $SAMBAPORT -j LOG --log-prefix "DROP " --log-ip-options --log-tcp-options
iptables -A INPUT -p tcp -d $MY_IP --dport $SAMBAPORT -j REJECT

(I have also tried setting SAMBAPORT to 445 -- same result)

Hope this helps,
SS
 
Old 04-15-2009, 12:46 PM   #10
camorri
LQ Guru
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2
Posts: 5,143

Rep: Reputation: 503Reputation: 503Reputation: 503Reputation: 503Reputation: 503Reputation: 503
Sorry, I can not help with the IP tables stuff. Have you installed nmap on a system so you verify if 137, 139 and 445 are opened?
 
Old 04-15-2009, 03:36 PM   #11
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
nmblib.log isn't relevant. look in the relevant samba log - you have them named after the accessing machine if you read your config.

If your machine is otherwise protected, try disabling the firewall altogether for a few minutes.

Read http://us3.samba.org/samba/docs/man/...#firewallports

Here are my iptables rules that work

Code:
$IPTABLES -A tcp_packets_LAN_in -p TCP -i $LAN_IFACE --dport 137:139 -j allowed
$IPTABLES -A tcp_packets_LAN_in -p TCP -i $LAN_IFACE --dport microsoft-ds -j allowed
Note microsoft-ds is 445

Can you show the output of "smbclient -L localhost" from the server as well please, plus that of "pdbedit -L -v"

Last edited by billymayday; 04-15-2009 at 03:50 PM.
 
Old 04-15-2009, 03:53 PM   #12
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Just a bit more - can you post "ls -l /sharedata".

You're homes definition is very non-standard, it should be something like

/home/%U

since [homes] is a special case.
 
Old 04-15-2009, 05:22 PM   #13
Sanford Stein
Member
 
Registered: Jun 2008
Location: Evanston, Illinois
Distribution: RHEL 6.4
Posts: 126

Original Poster
Rep: Reputation: 17
Billymayday, sorry I did not acknowledge you in my last post--I did not realize that someone else had jumped in. Thanks to you and Cliff for all the time you are devoting to this.

After downloading and installing nmap, I run 'nmap localhost' and it shows that ports 139 and 445 are open but not port 137. Is this potentially the problem? How do I get that port to be open?
(It is in /etc/services as netbios-ns.)

On another linux box, I ran 'nmap {IP of Samba server}' and I got a lot of output but nothing mentioning open ports. What would be the correct syntax in this case? I do not have nmap on my Windows workstation.

The only log files in /var/log/samba are peach.log, 127.0.0.1.log, nmbd.log and smbd.log. There is no log file which refers to either of the accessing machines that I have tried.

I will try all of the following:
1. Billymayday's iptables rules
2. Reading the info at the two websites that you pointed me to
3. Disabling the firewall (I can't do that right now--will need to
disconnect the server from the Internet later)

I will also modify the definition in [homes] although I assume that is not causing my problem.

The output from everything Billymayday requested follows. Hope this helps and thank you both again.

SS

-----------------------------------------------------------------------
$ smbclient -L localhost
Password:
Domain=[PEACH] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]

Sharename Type Comment
--------- ---- -------
Downloads Disk Downloads
IPC$ IPC IPC Service (Samba Linux Server)
mbp5vdrzqtui Disk Home Directoru
Domain=[PEACH] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]

Server Comment
--------- -------

Workgroup Master
--------- -------
CYBERTOOLS

[root@peach etc]# pdbedit -L -v
---------------
Unix username: mbp5vdrzqtui
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2587274180-164814312-3828657243-2000
Primary Group SID: S-1-5-21-2587274180-164814312-3828657243-513
Full Name:
Home Directory: \\peach\mbp5vdrzqtui
HomeDir Drive:
Logon Script:
Profile Path: \\peach\mbp5vdrzqtui\profile
Domain: PEACH
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Mon, 13 Apr 2009 16:11:33 EDT
Password can change: Mon, 13 Apr 2009 16:11:33 EDT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username: l5ul8fqltnpw
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2587274180-164814312-3828657243-2002
Primary Group SID: S-1-5-21-2587274180-164814312-3828657243-513
Full Name:
Home Directory: \\peach\l5ul8fqltnpw
HomeDir Drive:
Logon Script:
Profile Path: \\peach\l5ul8fqltnpw\profile
Domain: PEACH
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Tue, 14 Apr 2009 14:57:23 EDT
Password can change: Tue, 14 Apr 2009 14:57:23 EDT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username: root
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2587274180-164814312-3828657243-1000
Primary Group SID: S-1-5-21-2587274180-164814312-3828657243-513
Full Name: root
Home Directory: \\peach\root
HomeDir Drive:
Logon Script:
Profile Path: \\peach\root\profile
Domain: PEACH
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Mon, 13 Apr 2009 16:37:59 EDT
Password can change: Mon, 13 Apr 2009 16:37:59 EDT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username: pcguest
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2587274180-164814312-3828657243-2014
Primary Group SID: S-1-5-21-2587274180-164814312-3828657243-513
Full Name:
Home Directory: \\peach\pcguest
HomeDir Drive:
Logon Script:
Profile Path: \\peach\pcguest\profile
Domain: PEACH
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Tue, 14 Apr 2009 18:05:49 EDT
Password can change: Tue, 14 Apr 2009 18:05:49 EDT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@peach etc]# ls -l /sharedata
total 4
-rwxr-xr-x 1 root root 28 Apr 9 17:13 atestfile
[root@peach etc]# cat /sharedata/atestfile
This is a
Samba
test file.

[root@peach etc]#
 
Old 04-17-2009, 11:27 AM   #14
Sanford Stein
Member
 
Registered: Jun 2008
Location: Evanston, Illinois
Distribution: RHEL 6.4
Posts: 126

Original Poster
Rep: Reputation: 17
Cliff or Billymayday or anyone else listening out there,

I think I have this narrowed down to a problem binding nmbd to port 137 when I start Samba.

I get errors in the nmbd.log such as:

[2009/04/17 12:12:25, 0] nmbd/nmbd_nameregister.c:register_name(514)
register_name: Failed to send packet trying to register name CYBERTOOLS<1e>
[2009/04/17 12:12:25, 0] libsmb/nmblib.c:send_udp(793)
Packet send failed to 10.10.10.255(138) ERRNO=Operation not permitted
[2009/04/17 12:12:25, 0] nmbd/nmbd_nameregister.c:register_name(514)
register_name: Failed to send packet trying to register name CYBERTOOLS<1e>
[2009/04/17 12:12:25, 0] libsmb/nmblib.c:send_udp(793)
Packet send failed to 192.168.168.255(137) ERRNO=Operation not permitted


My interfaces line in smb.conf is:

interfaces = 127.0.0.1 10.10.10.252/24 192.168.168.252/24

I have also tried to use the acutal internet IP of the server, and it reverts to trying 10.10.10.255. I have also tried substituting eth0 for the 10.10.10 address and eth2 for the 192.168.168 address and get the same result. If I use only localhost, the log complains about
"no non-loopback local interfaces".

Can anybody see anything that I'm missing?

Thanks in advance,
SS
 
Old 04-17-2009, 12:38 PM   #15
camorri
LQ Guru
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2
Posts: 5,143

Rep: Reputation: 503Reputation: 503Reputation: 503Reputation: 503Reputation: 503Reputation: 503
One thing I would suggest is to have a look at /etc/xinetd.conf file to see what may be in there for starting the samba damenos. There is some information in Ch 12 Samaba Troubleshooting on the dameons, it points you back to xinetd.conf. Some Samba installs will add lines in there to start the dameons. They may be causing port 137 to be in use. Then the bind will fail.

I can't be sure, but I think it may be part or all of the problem. ( I posted the link to the smaba doc earlier in the thread ).

Hope this helps.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SAMBA on a Windows Active Directory xKintaro Linux - Networking 7 12-20-2008 10:22 PM
samba problems accesing openoffice spredsheets flyereddie Linux - Networking 4 11-24-2006 03:19 PM
Accesing a share on windows g77s80 Linux - Networking 1 05-10-2006 04:26 AM
Samba: Home directory files do not appear in windows ryan12345 Linux - Networking 1 05-14-2005 02:57 AM
samba - users can see system files etc when accesing share t3___ Linux - Software 8 01-08-2004 01:31 AM


All times are GMT -5. The time now is 12:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration