SAMBA configuration - Machine name

Michael H. Warfield mhw at WittsEnd.com
Thu Mar 16 23:56:20 UTC 2006 

On Thu, 2006-03-16 at 19:58 +0000, Andy Green wrote: 
> Mike McCarty wrote:
> > I've read all the help available on SAMBA available from GNOME.
> > 
> > I've got an MSDOS (6.0) machine with MSCLIENT over TCP/IP running
> > on it, and a Fedora Core 2 machine, using static IP addresses.
> > Each machine can successfully ping the other. But when I try
> > to establish a share connection from the MSDOS machine to the
> > Linux machine, the MSDOS machine cannot find the Linux machine.
> > 
> > JMCCARTY at AMD586 Q:\NET> net use * \\presario\tmp
> > [several second pause]
> > Error 53: The computer name specified in the network path cannot
> > be located.
> 
> Not much of a Samba user, but when I stuggled through getting it working
> I found Swat was helpful.  Some things only worked properly when
> windbindd was running, check

> service winbind status

> Also make sure you poked some holes in your firewall

> iptables -I INPUT -p tcp --dport 137:139 -j ACCEPT
> iptables -I INPUT -p tcp --dport 445 -j ACCEPT

Time out!

You missed one.  A critical one.  Plus a few other details...

Number one...  Firewall - critical...

iptables -I INPUT -p udp --dport 137 -j ACCEPT
                     ^^^

Without that, netbios/NMB name resolution ain't gonna work.  The name
browser contention is all based on 137 UDP (not TCP), especially that
old crap, which is purely broadcast based and won't utilize a WINS
server, even if you had one set up.

Number two...

If you manually poke holes in the firewall after the fact, after Samba
is already running, you'll probably need to restart Samba in order to
have it renegotiate its name and the master browser for the workgroup.
I've seen this one lots of times...  Samba on the server and the clients
out on the net are out of sync because of the firewall rules and it
either takes a restart of Samba to correct the name situation or a LONG
time for them all to figure it out.  Make sure you update your firewall
rules in /etc/sysconfig/iptables to make it permanent.

Number three...

        net use * \\presario\tmp
                             ^^^

Uh...  I didn't see a "tmp" section in the config files he later
posted...  Gotta have it or it's going to break.  I'm not sure about
that old msclient crap (which is past end of life, extremely insecure,
and not supported in any way shape or form nor guaranteed to work at any
point in the future with either Samba or even "real" Windows servers)
and what error it will print when a share name is not present (modern
stuff will complain about a network name not found during tree connect
or some such).

Off to the side, however, and back to the original posting...

Now, I'm not sure about that msclient software (which I have not seen in
over 15 years at this point) but all that old netbios stuff, all the way
back to the original Sytech (sp?) network (IBM PC Net) on which it was
based, supported machine names up to 15 characters (actually, the
netbios name is a 16 character fixed field with the 16th character being
a service indicator [0x20 being the service indicator for a file share
service]).  It was right there in the NMB/SMB protocol specification and
is in RFC 1001/1002 which brought the netbios/NMB/SMB network into the
tcp/udp/ip world.  I have no idea WHY msclient would be limiting the
name to 8 characters, but it shouldn't be.  There were some character
code limitations (such as no dot ".", since that delimited between the
netbios name and the "scope" name) but a "dash" should have been ok.  We
always had the ability to go to 15 characters.  UNFORTUNATELY, that old
protocol DID allow things we DON'T allow in DNS (such as spaces in
names) that caused all kinds of grief when attempting to integrate
Netbios / NMB with WINS, ADC, and DNS.  But that doesn't appear to be
the case here.

> If it still didn't work I would fire up tcpdump and look to see if the
> Linux box is broadcasting its existence and name.

Which it would have to do on UDP AND when Samba is restarted.  It will
rebroadcast at intervals later and would eventually resync, but it
thinks it already successfully added it's name, when the firewall rules
blocked the UDP traffic.

IAC...  The MS-DOS client can not query the server for it's name because
137/udp is blocked.

Sooo...

1) Poke the hole for 137/udp
2) Update your iptables conf file
3) Double check that you have a share section for the resource your are
requesting.
4) Restart the Samba server
5) Retest
6) (Just for shits and giggles) Try a longer name with only alpha
numerics.
7) Take this issue up on the Samba list (where there is lots of
expertise in dealing with whacked out antiquated versions of MS cruft).

> -Andy

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 309 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060316/d347a341/attachment-0001.sig>

More information about the fedora-list mailing list