-   Linux - Server (
-   -   Unable to access Samba share on CentOS 5.4 from windows XP or Vista (

kphannan 01-23-2010 03:47 PM

Unable to access Samba share on CentOS 5.4 from windows XP or Vista
I can't be the first one with this problem. What am I missing?

I have setup Samba servers in the past, just none under SELinux. The last one I configured was a couple years ago, so I wouldn't doubt I'm a bit rusty.

---- Environment summary:
Clean server install of CentOS 5.4 includes SELinux
- lets call this 'server'
- updated samba to 3.0.33-3.15.el5_4.1

Client1 - Windows XP sp4 - WINS configuration uses 'server' noted above
Client2 - Windows Vista - WINS configuration uses 'server' noted above

---- What works / what doesn't ------
Clients can see the server (XP and vista) in network neighborhood.
The following does not work from windows (xp or vista)
net view
net view \\server
net view \\server-ip
net view \\server\share

This does work on the server
smbclient -L \\server
smbclient -L \\server --user validuser
smbclient -L \\client1 --user validuser

---- What I have configured and tried (config/output below) --------
firewall ports for samba are open
SELinux enforcing or permissive
file context is set on share
samba booleans are set

-A RH-Firewall-1-INPUT -s -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -s -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -s -m state --state NEW -m tcp -p udp --dport 139 -j ACCEPT

***SELinux mode/booleans
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted

# getsebool -a | grep smb
allow_smbd_anon_write --> off
smbd_disable_trans --> on

# getsebool -a | grep samba
samba_domain_controller --> on
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_share_fusefs --> off
samba_share_nfs --> off
use_samba_home_dirs --> on
virt_use_samba --> off

# semanage fcontext -a -t samba_share_t /share/photos(/.*)?
# restorecon -R -v /share/photos

]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda3 9920624 2070872 7337684 23% /
/dev/sda1 101086 19146 76721 20% /boot
tmpfs 1846656 0 1846656 0% /dev/shm
100791728 202540 95469188 1% /xen
251981556 191716 238989840 1% /share/photos
100791728 192256 95479472 1% /share/alfresco
none 1846656 104 1846552 1% /var/lib/xenstored

workgroup = workgroup
netbios name = server
security = user
name resolve order = wins hosts lmhosts bcast
encrypt passwords = yes
hosts allow = 192.168.0.
hosts deny = 192.168.122.
interfaces = eth0
passdb backend = tdbsam
oslevel = 222
local master = yes
domain master = yes
preferred master = yes
cups options = raw
username map = /etc/samba/smbusers
wins support = yes
log level = 4
guest ok = yes

comment = Photos
path = /share/photos
read only = yes
guest ok = yes

carltm 01-23-2010 08:38 PM

You don't mention what version of XP and Vista. Are they the home version?
If so, that is most likely the problem.

kphannan 01-23-2010 09:23 PM

Sorry forgot that part.
XP is Pro SP4
Vista is Home.

Also as a new note.... I disabled the firewall and can get through now. What rules do I need then to get Samba working? I vaguely remember doing this about 11 years ago. Now if I can only dust off the system which is sitting in my basement with the server running samba, Apache and a router..... Now if I can only remember the root password....

kphannan 01-23-2010 09:26 PM

Somewhat on topic. I have noticed errors in the XP pro systems log indicating an error when the CentOS server attempts to become the browse master for the workgroup.

--- names changed to protect the innocent ----
The master browser has received a server announcement from the computer SERVER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AAAABBBB-EEEE-EEEE-. The master browser is stopping or an election is being forced.

chrism01 01-24-2010 08:01 PM

Re firewall settings :

kphannan 01-26-2010 09:08 AM

Here is an update...
I disabled the firewall and everything started to work. It turns out I added the firewall rules in iptables after the -DENY rule. Once I moved the Samba rules before the DENY rule, everything worked fine. Silly mistake on my part. I know better than that. Thanks for the help.

All times are GMT -5. The time now is 05:42 PM.