Unable to access Samba share on CentOS 5.4 from windows XP or Vista
I can't be the first one with this problem. What am I missing?
I have setup Samba servers in the past, just none under SELinux. The last one I configured was a couple years ago, so I wouldn't doubt I'm a bit rusty. ---- Environment summary: Clean server install of CentOS 5.4 includes SELinux - lets call this 'server' - updated samba to 3.0.33-3.15.el5_4.1 Client1 - Windows XP sp4 - WINS configuration uses 'server' noted above Client2 - Windows Vista - WINS configuration uses 'server' noted above ---- What works / what doesn't ------ Clients can see the server (XP and vista) in network neighborhood. The following does not work from windows (xp or vista) net view net view \\server net view \\server-ip net view \\server\share This does work on the server smbclient -L \\server smbclient -L \\server --user validuser smbclient -L \\client1 --user validuser ---- What I have configured and tried (config/output below) -------- firewall ports for samba are open SELinux enforcing or permissive file context is set on share samba booleans are set ***firewall -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p udp --dport 139 -j ACCEPT ***SELinux mode/booleans # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 21 Policy from config file: targeted # getsebool -a | grep smb allow_smbd_anon_write --> off smbd_disable_trans --> on # getsebool -a | grep samba samba_domain_controller --> on samba_enable_home_dirs --> on samba_export_all_ro --> off samba_export_all_rw --> off samba_share_fusefs --> off samba_share_nfs --> off use_samba_home_dirs --> on virt_use_samba --> off ***filesystem # semanage fcontext -a -t samba_share_t ’/share/photos(/.*)?’ # restorecon -R -v /share/photos ***Disks ]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda3 9920624 2070872 7337684 23% / /dev/sda1 101086 19146 76721 20% /boot tmpfs 1846656 0 1846656 0% /dev/shm /dev/mapper/VolGroup00-xen 100791728 202540 95469188 1% /xen /dev/mapper/VolGroup00-photo00 251981556 191716 238989840 1% /share/photos /dev/mapper/VolGroup00-dmsdoc00 100791728 192256 95479472 1% /share/alfresco none 1846656 104 1846552 1% /var/lib/xenstored ***smb.conf [global] workgroup = workgroup netbios name = server security = user name resolve order = wins hosts lmhosts bcast encrypt passwords = yes hosts allow = 192.168.0. hosts deny = 192.168.122. interfaces = eth0 passdb backend = tdbsam oslevel = 222 local master = yes domain master = yes preferred master = yes cups options = raw username map = /etc/samba/smbusers wins support = yes log level = 4 guest ok = yes [photo] comment = Photos path = /share/photos read only = yes guest ok = yes |
You don't mention what version of XP and Vista. Are they the home version?
If so, that is most likely the problem. |
Sorry forgot that part.
XP is Pro SP4 Vista is Home. Also as a new note.... I disabled the firewall and can get through now. What rules do I need then to get Samba working? I vaguely remember doing this about 11 years ago. Now if I can only dust off the system which is sitting in my basement with the server running samba, Apache and a router..... Now if I can only remember the root password.... |
Somewhat on topic. I have noticed errors in the XP pro systems log indicating an error when the CentOS server attempts to become the browse master for the workgroup.
--- names changed to protect the innocent ---- The master browser has received a server announcement from the computer SERVER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AAAABBBB-EEEE-EEEE-. The master browser is stopping or an election is being forced. |
Re firewall settings : http://troy.jdmz.net/samba/fw/
|
Here is an update...
I disabled the firewall and everything started to work. It turns out I added the firewall rules in iptables after the -DENY rule. Once I moved the Samba rules before the DENY rule, everything worked fine. Silly mistake on my part. I know better than that. Thanks for the help. |
All times are GMT -5. The time now is 08:10 PM. |