I have a network with a few domains and a two subnets(for now).

I've come across a snag while setting up my smbd.

I can't seem to connect to it(rh 8.0) from any of my comps(nt's and rh's) when using my server' name. I can ping it with the ip and the domain name, but I get nada when just using the server's name.

I set up the bios name on my smbd.conf file and what workgroup it is. I can even see my server listed on my nt's under that workgroup(same domain, diff subnet(can that be an issue?)). But I can't connect to it.

At first I thought it was a dns problem because I couldn't even ping my server using the name from itself(if i remember correctly.) Then i put a line in the /etc/resolv.conf that settled that issue.

So now I think it must be a NetBIOS issue. But when I try nmblookup -S [server] it says that it failed to find name [server].

Now for the more samba-related side of this problem. When I try to get in from a linux box(same subnet) using the connect is refused. Even when I put -I [ip address] or [domain name] it won't connect. It gave me a connection refused [ip]:139. So I nmaped my server and 137,138,139 ports are open. That doesn't make sense.

I'm fairly certain it's not a "user" problem because I have the same accounts on both boxes.

I'm sure once I get the name issue taken care of it will all be worked out.



~Thanks

*I'm using SWAT


[global]
workgroup = [workgroup]
netbios name = [server]
server string = samba server
encrypt passwords = Yes
obey pam restrictions = Yes
passwd program = /usr/bin/passwd
passwd chat = *New*password* %n\n *Retype*new*password* % n\n *passwd:*all*authenticatio*tokens*updated*successfully*
unix password sync = Yes
name resolved order = wins bcast hosts lmhosts
socket options = TCP_NODELAY SO_RCVBUF =8192 SO_SNDBUFF=8192
dns proxy = No
remote annouce = (subnet 1) 0.0.0.* (is * ok?)/[domain]
directory mask = 0777
hosts allow = 0.0.0.* 1.1.1.* (the 2 subnets with *'s on the end)
printing = cups

[homes]
comment = Home Directories
path = /homes
valid users = %S
read only = No
create mask = 0775
guest ok = Yes

Not quite. If your iptables blocks above ports (REJECT) you can get such info. Have you done nmap from same host as samba is running or from any external one?

I did it from the same machine
nmap -v -sS localhost
nmap -v -sU localhost

had a similar problem. iptables was blocking the ports. I'd say check out what "iptables -L" gives you. If the right ports arent open run RHs firewall config and add 137,138,139 in BOTH tcp and udp to permitted ports.

oh, another thought. Run 'netstat -pl' to check and make sure it is samba (smbd and nmbd) listening to those ports.

I very rarely use that mechanism to connect, I always use the IP address
as I don't run a WINS service anywhere.

Try:

smbclient //a.b.c.d/<share/ <password> -U <user>

that should drop you at the smb:/ prompt.

Hope that helps.

Wisey, that doesn't even work-- I get "connection refused."

As for "iptables -L" :
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- my.dns.server anywhere udp spt:domain
REJECT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp reject-with icmp-port-unreachable

//////////////////////////////
netstat -pl
Active Internet connections (only servers)

tcp 0 0 *:netbios-ssn *:* LISTEN 5119/smbd

udp 0 0 me:netbios-ns *:* 5123/nmbd
udp 0 0 *:netbios-ns *:* 5123/nmbd
udp 0 0 me:netbios-dgm *:* 5123/nmbd
udp 0 0 *:netbios-dgm *:* 5123/nmbd

Active UNIX domain sockets (only servers)

#there are no signs of smbd/nmbd in this section..... is it supposed to be like this?

What are your logs saying? If nothing is getting generated the
smb/nmb traffic isn't getting through. If there are entries then the
configuration is fried for some reason so we will need to see the
conf files before we can help

There should be errors being created on connection attempts in
/var/log/samba/smbd.log
/var/log/samba/<workstation connecting>.log

For example, two log entries for an unconfigured system.

[root@apples dave]# tail -f /var/log/samba/smbd.log
[2003/10/23 16:07:38, 0] smbd/server.c:main(751)
standard input is not a socket, assuming -D option

[root@apples dave]# tail -f /var/log/samba/ws04.log
[2003/10/23 16:09:22, 0] passdb/pdb_smbpasswd.cdb_getsampwnam(1369)
unable to open passdb database.

mehesque

I do not know if this might help you.

For the last two days I had a problem connection to win2k from my RedHat 7.1 laptop. I can see the laptop computer icon in window, but when I clicked it, it says there is no server.

I just solved the problem in the following way. As matter of fact I got a hint from your messages.
I look at the ipchains and, by using lokkit, lowered the security level to medium.
More precisely, I customized the accessibility such as ftp and telnet. And it works perfectly.

Hey, this might not be worth it because today or tomorrow I'm going to have to set up samba/pdc on a new computer and scrap this one. My boss is giving me his new dual processer xion precesion 650 because it was "too loud."

But I still want to figure this out.

The smdb.log keeps showing the same error again and again.

[2003/10/20 11:28:50, 0] smbd/oplock_linux.c:linux_init_kernel_oplocks(287)
Failed to setup RT_SIGNAL_LEASE handler


As for ipchains, I have iptables, but I'm sure there's something comprable to "lokkit."

One part is done. I had two mistakes that I found.

I didn't have the WINS server IP in there, so now I can ping from within the domain with just the server's name.

Also, on "Allow Host" they don't accept the * . So I just took those out.

I still cannot connect from any clients. Now in the log I am getting this error
wins_srv_died(): WINS server [wins server ip] appears to be down.

Turns out that the WINS server is on a 3rd subnet different than my server and client(which are now on the same subnet).

But that really doesn't matter because I still can't connect with just the server's IP either.

I flushed my iptables:

/sbin/iptables -F

Seems to work well-- could someone tell me why and if there are any drawbacks.

I was looking for the solution to the initially described problem : That with Samba 3.0 I couldn't use NetBios names , but only the server's IP address to connect to it.

I think I've found the solution. For me, I've enabled the socket option SO_BROADCAST
I came to the conclusion that this was what was missing when doing some basic investigations:
- The name of my samba server couldn't be resolved by windows clients using regular network browsing, nor by Linux clients using smbmount / smbclient.
- The IP address could be used instead of the name, which would work. The PC would then show up in the correct workgroup, but not by name, but by IP address.
- A direct lookup using nbtstat -A <server IP> worked. This would resolve all the information from the server. But then nbtstat -r would not display it. However, the samba server was from that point on known by its name on the PC on which nbtstat was run (with -A).

Mainly this last thing made me doubt the broadcast, as nbtstat -r displays all broadcasting servers.
So, having found this SO_BROADCAST socket option in smb.conf manual page, figured I'd give it a try :-) and it works.
So, add a line:

socket options = TCP_NODELAY SO_BROADCAST

I have checked my samba 2.2.3 config, which reads only TCP_NODELAY as socket option. Appearantly the broadcast was taken for granted?

Well, let me know if this does or does not work for you.

Cheers,
Nash


PS. About iptables -F , if you wonder what the disadvantage is of giving that command : Your firewall is now down. Please check a manual page on iptables ;-)