LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-25-2004, 10:19 PM   #1
linuxpyro
Member
 
Registered: Apr 2004
Distribution: Gentoo
Posts: 134

Rep: Reputation: 16
Smaba and subnetworks


Hello, I'm having a bit of trouble here. My network has two subnetworks, one 192.168.1.* and one 192.168.2.*. The 192.168.1.* network has two Windows comps. The other one, 192.168.2.* is made of two Linux comps runnign Samba. A linux box functioning as a router sits between the two networks, and also runs Samba. I can ping hosts between the two subnets, and they're all on the same workgroup. However, I can't see the boxes on different subnets when I view all of the computers in the workgroup. In other words, I can't see any of the Linux boxes from 192.168.1.*, and I can't see any of the Windows boxes from 192.168.2.*. The router with Samba on it shows up on 192.168.2.* with the other Linux boxes. There is no firewall between the two networks to close the Windows file sharing port. Would a WINS server solve this? How do I configure Samba to do this?
 
Old 04-26-2004, 11:33 AM   #2
shubb
Member
 
Registered: Oct 2003
Location: San Francisco
Distribution: Slackware 13.37
Posts: 150

Rep: Reputation: 16
What you are seeing is a result of how MS networking works. They send out broadcasts to their subnet broadcast address which will not get forwarded across a router boundary. A WINS server should resolve this. Try adding the following line to one of your samba machines that you want to be the WINS server.

wins support = yes

For the other samba machines that you have, add the following lines.

wins support = no
wins server = 192.168.1.x
name resolve order = wins hosts lmhosts bcast

I have not verified this myself, but this is what I found on a quick Google search.
 
Old 05-13-2004, 11:21 AM   #3
Lenny
LQ Newbie
 
Registered: Sep 2003
Location: Up north
Posts: 22

Rep: Reputation: 0
I could need some help on this subject as well. I have a similar setup, but only one computer on each subnet and no samba server on the router. That is, something like this:

[windows machine (192.168.0.3)] <---> [router] <---> [linux machine w. samba (192.168.1.2)]

I can't access the samba share from windows either, even after I've set up a WINS server on the linux machine. I specified it's ip in tcp/ip "advanced properties" on the xp box.

As for the rest of the setup, it should be ok since the samba server was actually running on the router before, on the same subnet as the windows box, and was working there. I just moved the configuration files and all.

The smb.conf looks like this:
Code:
[global]
   workgroup = Dask
   netbios name = fiesta
   server string = Samba Server %v

load printers = no
log file = /var/log/samba/log.%m
log level = 3

hosts allow = 192.168.0.3 127.
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/private/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
remote browse sync = 192.168.0.3
remote announce = 192.168.0.255
time server = yes
wins support = yes
dns proxy = no
[storage]
   comment = Storage
   path = /stora
   valid users = lenny, nobody
   public = yes
   writable = yes
   write list = lenny
 
Old 05-13-2004, 03:25 PM   #4
shubb
Member
 
Registered: Oct 2003
Location: San Francisco
Distribution: Slackware 13.37
Posts: 150

Rep: Reputation: 16
Do you have IP connectivity to the samba server? Can you browse it if you browse directly to the IP of the server?
 
Old 05-13-2004, 04:03 PM   #5
WhatsHisName
Senior Member
 
Registered: Oct 2003
Location: /earth/usa/nj (UTC-5)
Distribution: RHL9;F1-10; CentOS4-5; DebianSarge-Squeeze
Posts: 1,151

Rep: Reputation: 46
Lenny: In addition to adding the linux address to the xp wins resolution configuration, try also adding the linux box netbios name / IP address to the xp /windows/system32/drivers/etc/lmhosts file and reboot. You probably already have the file /windows/system32/drivers/etc/LMHOSTS.SAM to use as an example.
 
Old 05-15-2004, 06:49 PM   #6
Lenny
LQ Newbie
 
Registered: Sep 2003
Location: Up north
Posts: 22

Rep: Reputation: 0
Thanks for your quick replies. I wasn't able to see them until today, since I attempted another solution: merging the networks (using 192.168.1.X on both interfaces). It didn't work, and when I tried to go back to the previous ip numbers, I accidently set my gateway to 192.168.1.0 and couldn't connect to it and I couldn't understand why... So anyway, it's been interesting.

shubb: I cannot connect to the server from any native windows programs. What do you mean by entering the ip directly, you mean like \\192.168.2.10 in explorer or my computer? No, that doesn't work either. Ssh works fine though.

WhatsHisName: Interesting. I put "192.168.2.10 server" in that file, I don't think any of the extra options are needed. Still can't find the computer though.

So, my current idea is to have a fake ip number, say 192.168.1.20, in the same subnet as the windows computer, and forward all samba related ports to that ip to the server using iptables. I'll report back when I know if it works.
 
Old 05-15-2004, 09:54 PM   #7
WhatsHisName
Senior Member
 
Registered: Oct 2003
Location: /earth/usa/nj (UTC-5)
Distribution: RHL9;F1-10; CentOS4-5; DebianSarge-Squeeze
Posts: 1,151

Rep: Reputation: 46
Lenny: This may sound stupid, but make sure the file is named “lmhosts” (i.e., dos “LMHOSTS.” and not “lmhosts.txt”. If you are like me and use notepad for simple editing, notepad always renames lmhosts.sam as lmhosts.txt, which is not recognized by windows.

Based on your initial text and the smb.conf info, lmhosts should contain:

#
192.168.1.2 fiesta #PRE #any comment like wins server
#

The #PRE forces preloading at boot time. If you changed the samba netbios name or the linux box IP address, then my above example is in error and use the correct info instead.

Adding the linux box to window’s lmhosts almost always fixes the ability of the windows box to find the wins server, and indirectly, the ability to find the other systems on the LAN. This in combination with activating the window’s WINS resolution in the TCP/IP configuration unusually clears up problems with the windows box finding other boxes on the LAN. The best thing that can happen to a microsoft-based LAN is to activate the wins server on a linux box and to point the windows boxes there.

As a side note, XP is a real pain when you are trying to search for something on a different subnet. Stubborn is another way to describe it.
 
Old 05-16-2004, 02:48 PM   #8
Lenny
LQ Newbie
 
Registered: Sep 2003
Location: Up north
Posts: 22

Rep: Reputation: 0
You were right, it was called lmhosts.txt. I fixed it, and I also updated the smb.conf to the new ip numbers (I changed them all in the chaos the day before yesterday). So now I think I have all that I should need:

* lmhosts contain the line you described (although fiesta is now 192.168.2.10).
* I have 192.168.2.10 as wins server in tcp/ip.
* smb.conf has the line "wins support = yes"

Still nothing though. Perhaps samba is misconfigured after all. I'll have to go through the samba howto again and see if it helps.
 
Old 05-17-2004, 10:00 AM   #9
WhatsHisName
Senior Member
 
Registered: Oct 2003
Location: /earth/usa/nj (UTC-5)
Distribution: RHL9;F1-10; CentOS4-5; DebianSarge-Squeeze
Posts: 1,151

Rep: Reputation: 46
Lenny: With all of the changes to your network, make sure that smb.conf “host allow” is correct, or just comment it out for now. Also, try defining your linux box as the domain master.

[global]
# host allow = .....
os level = 50
domain master = yes

Also, recheck that the linux and windows boxes don’t have firewalls blocking ports 137, 138, 139 and 445.
 
Old 05-17-2004, 10:15 AM   #10
WhatsHisName
Senior Member
 
Registered: Oct 2003
Location: /earth/usa/nj (UTC-5)
Distribution: RHL9;F1-10; CentOS4-5; DebianSarge-Squeeze
Posts: 1,151

Rep: Reputation: 46
Lenny: Regarding the windows WINS configuration (i.e., Advanced TCP/IP Settings), make sure that the “Enable LMHOSTS Lookup” box is checked under the WINS tab.
 
Old 05-17-2004, 12:03 PM   #11
shubb
Member
 
Registered: Oct 2003
Location: San Francisco
Distribution: Slackware 13.37
Posts: 150

Rep: Reputation: 16
Lenny, are you still not able to connect to the computer by IP address? i.e. \\192.168.... If not, then your problem is an IP problem and not necessarily a samba/WINS problem. You mentioned that you are running iptables. Are you sure that you have the correct ports open on your server? You need to have the following ports open to use samba

UDP ports 137 and 138
TCP ports 139 and 445

If you still cannot connect opening these ports, then try sniffing the ethernet port when you are trying to connect and see if it is trying to connect to a port that is closed on the server.
 
Old 05-18-2004, 08:11 AM   #12
Lenny
LQ Newbie
 
Registered: Sep 2003
Location: Up north
Posts: 22

Rep: Reputation: 0
Thanks for your replies.

The enable lmhosts box is checked, I'm sure of that. I'll try with a simpler configuration for samba using the domain master lines.

I do run iptables, but I added a rule to let all traffic between these two computers through. Perhaps it's still blocking the broadcasts, but using a wins server, the broadcasts aren't necessary are they?

I installed ethereal and tcpdump on the router, I'll check what actually happens when I try to connect to samba.

Ok, I have a few things to try now. I'll be back with the results in a day or two. Thanks again.
 
Old 05-19-2004, 04:00 PM   #13
Lenny
LQ Newbie
 
Registered: Sep 2003
Location: Up north
Posts: 22

Rep: Reputation: 0
Ok, I'm back with a few log entries and network sniffing results. The firewall log on the router shows that the broadcasts are stopped, but nothing else. (All dropped packages should be logged at least once). However, my understanding is that this doesn't matter, if there is a wins server running.
Code:
May 19 22:08:26 hugo iptables: Bad packet eth1:IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:7d:8c:f9:dd:08:00 SRC=192.168.1.11 DST=192.168.1.255 LEN=218 TOS=0x00 PREC=0x00 TTL=128 ID=8 PROTO=UDP SPT=138 DPT=138 LEN=198
May 19 22:08:18 hugo iptables: Bad packet eth2:IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:40:05:e3:f0:61:08:00 SRC=192.168.2.10 DST=192.168.2.255 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=38 DF PROTO=UDP SPT=138 DPT=138 LEN=221
Here's some lines from tethereal, network sniffer. This first block is the traffic on eth1, which is facing the desktop. I've had to remove a lot of hopefully unrelated lines here. Most of them came from the ssh connection I used to start the sniffer *stupid*
Code:
159.130639 Netronix_8c:f9:dd -> Broadcast    ARP Who has 192.168.1.1?  Tell 192.168.1.11
159.130821 RealtekS_81:00:44 -> Netronix_8c:f9:dd ARP 192.168.1.1 is at 00:e0:4c:81:00:44
159.131031 192.168.1.11 -> 192.168.2.10 NBNS Registration NB KABOMBO<00>
159.131663 00000000.00e07d8cf9dd -> 00000000.ffffffffffff NBIPX Check name KABOMBO<00>
159.133576 192.168.2.10 -> 192.168.1.11 NBNS Registration response NB 192.168.1.11
159.135038 192.168.1.11 -> 192.168.2.10 NBNS Registration NB DASK<00>
159.137522 192.168.2.10 -> 192.168.1.11 NBNS Registration response NB 192.168.1.11
183.735419 192.168.1.11 -> 192.168.1.255 BROWSER Browser Election Request
184.801573 192.168.1.11 -> 193.11.224.20 DNS Standard query PTR 10.2.168.192.in-addr.arpa
184.807934 193.11.224.20 -> 192.168.1.11 DNS Standard query response, No such name
189.262398 192.168.1.11 -> 192.168.1.255 NBNS Registration NB DASK<1d>
191.021370 192.168.2.10 -> 192.168.1.11 BROWSER Master Announcement
196.231314 00000000.00e07d8cf9dd -> 00000000.ffffffffffff IPX SAP Nearest Query
196.792088 192.168.1.11 -> 192.168.1.255 NBNS Registration NB <01><02>__MSBROWSE__<02><01>
199.115029 00000000.00e07d8cf9dd -> 00000000.ffffffffffff IPX SAP General Query
199.796117 192.168.1.11 -> 192.168.1.255 BROWSER Request Announcement KABOMBO
199.797559 192.168.1.11 -> 192.168.1.255 BROWSER Domain/Workgroup Announcement DASK, NT Workstation, Domain Enum
199.828303 00000000.00e07d8cf9dd -> 00000000.ffffffffffff NBIPX Check name DASK<1d>
199.835936 00000000.00e07d8cf9dd -> 00000000.ffffffffffff IPX SAP General Query
202.072646 192.168.1.11 -> 192.168.1.255 BROWSER Get Backup List Request
202.078969 00000000.00e07d8cf9dd -> 00000000.ffffffffffff NBIPX Check name <01><02>__MSBROWSE__<02><01>
204.341796 00000000.00e07d8cf9dd -> 00000000.ffffffffffff NBIPX Find name DASK<00>
206.594748 192.168.1.11 -> 192.168.1.255 NBNS Name query NB DASK<1b>
206.925126 00000000.00e07d8cf9dd -> 00000000.ffffffffffff NBIPX Find name <01><02>__MSBROWSE__<02><01>
209.508463 00000000.00e07d8cf9dd -> 00000000.ffffffffffff NBIPX Find name KABOMBO<00>
209.808857 00000000.00e07d8cf9dd -> 00000000.ffffffffffff NBIPX Find name DASK<1b>
217.799637 00000000.00e07d8cf9dd -> 00000000.ffffffffffff BROWSER Host Announcement KABOMBO, Workstation, Server, NT Workstat
ion, Potential Browser
259.794471 192.168.1.11 -> 192.168.1.255 BROWSER Domain/Workgroup Announcement DASK, NT Workstation, Domain Enum
Here it's capturing on eth2, which is facing the samba server:
Code:
Capturing on eth2
  0.000000 192.168.1.11 -> 192.168.2.10 NBNS Registration NB KABOMBO<00>
  0.001846 192.168.2.10 -> 192.168.1.11 NBNS Registration response NB 192.168.1.11
  0.003803 192.168.1.11 -> 192.168.2.10 NBNS Registration NB DASK<00>
  0.005865 192.168.2.10 -> 192.168.1.11 NBNS Registration response NB 192.168.1.11
  4.997679 BellTech_53:35:a6 -> AniCommu_e3:f0:61 ARP Who has 192.168.2.10?  Tell 192.168.2.1
  4.998393 AniCommu_e3:f0:61 -> BellTech_53:35:a6 ARP 192.168.2.10 is at 00:40:05:e3:f0:61
 11.889349 192.168.1.11 -> 192.168.2.10 NBNS Registration NB DASK<1e>
 11.891152 192.168.2.10 -> 192.168.1.11 NBNS Registration response NB 192.168.1.11
 16.888166 AniCommu_e3:f0:61 -> BellTech_53:35:a6 ARP Who has 192.168.2.1?  Tell 192.168.2.10
 16.888434 BellTech_53:35:a6 -> AniCommu_e3:f0:61 ARP 192.168.2.1 is at 00:00:1c:53:35:a6
 31.889043 192.168.2.10 -> 192.168.1.255 BROWSER Host Announcement FIESTA, Workstation, Server, Print Queue Server, Xenix Server, NT Workstation, NT Server
 31.889464 192.168.2.10 -> 192.168.1.11 BROWSER Master Announcement
 61.876353 192.168.2.10 -> 192.168.2.255 BROWSER Local Master Announcement FIESTA, Workstation, Server, Print Queue Server, Xenix Server, NT Workstation, NT Server, Master Browser, Domain Master Browser
 61.877014 192.168.2.10 -> 192.168.2.255 BROWSER Domain/Workgroup Announcement DASK, NT Workstation, Domain Enum
Here's a snippet from /var/log/samba/log.nmbd, the only samba log that contains anything.
Code:
[2004/05/19 22:07:53, 3] nmbd/nmbd_winsserver.c:wins_process_name_registration_request(817)
  wins_process_name_registration_request: Adding IP 255.255.255.255 to group name DASK<00>.
[2004/05/19 22:08:05, 3] nmbd/nmbd_winsserver.c:wins_process_name_registration_request(734)
  wins_process_name_registration_request: Group name registration for name DASK<1e> IP 192.168.1.11
[2004/05/19 22:08:05, 3] nmbd/nmbd_winsserver.c:wins_process_name_registration_request(817)
  wins_process_name_registration_request: Adding IP 255.255.255.255 to group name DASK<1e>.
[2004/05/19 22:08:05, 3] nmbd/nmbd_sendannounce.c:send_local_master_announcement(163)
  send_local_master_announcement: type c9a03 for name FIESTA on subnet 192.168.2.10 for workgroup DASK
[2004/05/19 22:08:05, 3] nmbd/nmbd_sendannounce.c:send_workgroup_announcement(182)
  send_workgroup_announcement: on subnet 192.168.2.10 for workgroup DASK
[2004/05/19 22:10:56, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1445)
  wins_process_name_query: name query for name *<1b> from IP 192.168.2.10
[2004/05/19 22:11:21, 2] nmbd/nmbd_browsesync.c:announce_local_master_browser_to_domain_master_browser(109)
  announce_local_master_browser_to_domain_master_browser:
  We are both a domain and a local master browser for workgroup DASK.  Do not announce to ourselves.
[2004/05/19 22:11:21, 2] nmbd/nmbd_browsesync.c:sync_with_dmb(151)
  sync_with_dmb:
  Initiating sync with domain master browser FIESTA<20> at IP 192.168.2.10 for workgroup DASK
[2004/05/19 22:16:21, 3] nmbd/nmbd_sendannounce.c:send_local_master_announcement(163)
  send_local_master_announcement: type c9a03 for name FIESTA on subnet 192.168.2.10 for workgroup DASK
[2004/05/19 22:16:21, 3] nmbd/nmbd_sendannounce.c:send_workgroup_announcement(182)
  send_workgroup_announcement: on subnet 192.168.2.10 for workgroup DASK
My current smb.conf is trimmed down to this:
Code:
[global]
  workgroup = Dask
  netbios name = fiesta
  security = user
  encrypt passwords = yes
  smb passwd file = /etc/samba/private/smbpasswd
  log file = /var/log/samba/log.%m
  log level = 3
  hosts allow = 192.168.1.11 127.
  wins support = yes
  os level = 50
  domain master = yes
  remote browse sync = 192.168.1.11
  remote announce = 192.168.1.255
[share]
  comment = share
  path = /stora
  public = yes
  writable = yes
  browsable = yes
What about this, does it look right? Can you see anything that could cause a problem?

edit: If I sniff when trying to connect through explorer, I get these lines:
Code:
504.148998 192.168.1.11 -> 192.168.2.10 TCP 1093 > www [SYN] Seq=0 Ack=0 Win=64240 Len=0 MSS=1460
504.149819 192.168.2.10 -> 192.168.1.11 TCP [TCP ZeroWindow] www > 1093 [RST, ACK] Seq=0 Ack=0 Win=0 Len=0
504.645546 192.168.1.11 -> 192.168.2.10 TCP 1093 > www [SYN] Seq=0 Ack=0 Win=64240 Len=0 MSS=1460
504.646268 192.168.2.10 -> 192.168.1.11 TCP [TCP ZeroWindow] www > 1093 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
505.146167 192.168.1.11 -> 192.168.2.10 TCP 1093 > www [SYN] Seq=0 Ack=0 Win=64240 Len=0 MSS=1460
505.146916 192.168.2.10 -> 192.168.1.11 TCP [TCP ZeroWindow] www > 1093 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
...but no connection.

Last edited by Lenny; 05-19-2004 at 04:09 PM.
 
Old 05-20-2004, 02:22 AM   #14
shubb
Member
 
Registered: Oct 2003
Location: San Francisco
Distribution: Slackware 13.37
Posts: 150

Rep: Reputation: 16
Where was the last packet trace taken? When you see the [RST, ACK], that means that iptables is blocking that port. That means that the server that was sniffed on has http blocked in iptables.

As far as the samba goes, you dont need to worry about WINS just yet. You can't even connect via IP, so WINS is not going to make a bit of difference.

On the router and the samba server, type "iptables -L" and it will print out the rules that are active. If you dont see a rule like the one below, but for the netbios TCP and UDP ports, then iptables is blocking it.

ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
 
Old 05-20-2004, 06:54 PM   #15
Lenny
LQ Newbie
 
Registered: Sep 2003
Location: Up north
Posts: 22

Rep: Reputation: 0
Removed a long post with my iptables configuration and the outputs of iptables -L

I'm so stupid I think I should win some kind of trophy. I've had zone alarm running on windows the whole time. I forgot all about it! Why have two firewalls?

I've wasted your time. I'm so embarrassed, but I'm also happy that it's working and that I'm not posting here using my real name

Thanks very much for the help, both of you!

Last edited by Lenny; 05-20-2004 at 07:14 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Smaba PDC Problem rshooper Linux - Software 8 08-17-2004 06:48 PM
smaba problam ! on suse 9.1 starking Linux - Networking 1 07-04-2004 08:04 AM
smbadduser in Smaba v.3??? jonfa Linux - Networking 1 06-13-2004 02:41 PM
smaba server config johnnycash Linux - General 3 03-23-2004 05:52 AM
NFS Problems in 2 Subnetworks HugOnline Linux - Networking 3 04-09-2003 11:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration