samba access FC16 problem

g8jvm · #1 2nd February 2012, 03:02 PM

Hi
I've set up a server on the debian machine and can not access the printer from within VitualBox.
So mad idea is to set up a samba server on the laptop virtualbox is running on .
And try to use the network printer which is OK with CUPS.

The network connection is bridged, the ip address of the laptop running FC16 is 192.168.101.5
I have followed the SElinux section in smb.conf

.

Code:

[root@lappy ~]# smbclient -L \\LAPTOP\\ -U richard
Enter richard's password: 
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
[root@lappy ~]# smbclient -L \\Laptop\\ -U richard
Enter richard's password: 
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
[root@lappy ~]# smbclient -L 192.168.101.5 -U richard
Enter richard's password: 
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE

Although the netbios name in smb.conf is LAPTOP, it appears in winxp as Laptop.

my sm.conf

Code:

        workgroup = workgroup
        server string = Samba Server Version %v

        netbios name = LAPTOP

        interfaces = lo wlan0
        hosts allow = 127. 192.168.101/24
        remote announce = 192.168.101.255
        remote browse sync = 192.168.101.255

        security = user
;       passdb backend = tdbsam

        domain master = yes
        domain logons = yes

        # the following login script name is determined by the machine name
        # (%m):
;       logon script = %m.bat
        # the following login script name is determined by the UNIX user used:
;       logon script = %u.bat
;       logon path = \\%L\Profiles\%u
        # use an empty path to disable profile support:
;       logon path =

        # various scripts can be used on a domain controller or a stand-alone
        # machine to add or delete corresponding UNIX accounts:

;       add user script = /usr/sbin/useradd "%u" -n -g users
;       add group script = /usr/sbin/groupadd "%g"
;       add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
;       delete user script = /usr/sbin/userdel "%u"
;       delete user from group script = /usr/sbin/userdel "%u" "%g"
;       delete group script = /usr/sbin/groupdel "%g"

;       local master = yes
        os level = 33
        preferred master = yes

;       wins support = yes
;       wins server = w.x.y.z
;       wins proxy = yes

;       dns proxy = yes

I'm happy with the shares

What have I stupidly missed ?

TIA
Richard

nonamedotc · #2 2nd February 2012, 03:46 PM

Did you already check the firewall settings? Just to make sure everything is fine with samba configuration file, try testparm and see if it gives any error to start with.

g8jvm · #3 2nd February 2012, 03:57 PM

The firewall is open to the samba ports and the bridging port as well as port 80.
testparm shows no errors.
I would copy over my smb.conf from the Debian machine, but that was built with gadmin-samba, pity thats not available with fedora.
Richard

nonamedotc · #4 2nd February 2012, 04:16 PM

You might already have seen this. If not, try this perhaps? It might help. http://forums.fedoraforum.org/showthread.php?t=231173

---------- Post added at 10:16 AM ---------- Previous post was at 10:14 AM ----------

Quote:

Originally Posted by g8jvm

Code:

        workgroup = workgroup
        server string = Samba Server Version %v

        netbios name = LAPTOP

        interfaces = lo wlan0
        hosts allow = 127. 192.168.101/24
        remote announce = 192.168.101.255
        remote browse sync = 192.168.101.255

        security = user
;       passdb backend = tdbsam

        domain master = yes
        domain logons = yes

Just checking. You have that the IP is correct ??? I messed this once. Something else from samba mailing list. https://lists.samba.org/archive/samb...er/164263.html. Hope this helps.

g8jvm · #5 2nd February 2012, 05:39 PM

I have copied over the smb.conf from the Debian box , so the problem is in the smb.conf above.
Richard

g8jvm · #6 3rd February 2012, 01:13 PM

After working with the copied smb.conf , it has reverted back to its earlier state.
So it looks like something is actively changing it.
SELinux is in permissive mode, the ip address is correct at 192.168.101.0/24
I never use 192.168.1.0/24 as thats the first address subnet a hacker will look for.
Same smb.conf on both machines, This one Debian Wheezy, g8jvm-server, and the laptop runing FC16, laptop,

Code:

richard@g8jvm:~$ smbclient -L \\g8jvm-server\\ -U richard
WARNING: The "null passwords" option is deprecated
WARNING: The "password level" option is deprecated
Unknown parameter encountered: "update encrypted"
Ignoring unknown parameter "update encrypted"
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Enter richard's password: 
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.2]

	Sharename       Type      Comment
	---------       ----      -------
	homes           Disk      Home Directories
	netlogon        Disk      Network Logon Service
	pdf-documents   Disk      Converted PDF Documents
	pdf-printer     Printer   PDF Printer Service
	IPC$            IPC       IPC Service (Samba file and print server)
	Stylus-Photo-R285 Printer   EPSON Stylus Photo R285
	richard         Disk      Home Directories
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.2]

	Server               Comment
	---------            -------
	G8JVM-LAPTOP         Samba file and print server
	G8JVM-SERVER         Samba file and print server
	LAPPPY               lappy

	Workgroup            Master
	---------            -------
	WORKGROUP            G8JVM-SERVER


richard@g8jvm:~$ smbclient -L \\lappy\\ -U richard
WARNING: The "null passwords" option is deprecated
WARNING: The "password level" option is deprecated
Unknown parameter encountered: "update encrypted"
Ignoring unknown parameter "update encrypted"
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Enter richard's password: 
Connection to lappy failed (Error NT_STATUS_BAD_NETWORK_NAME)
richard@g8jvm:~$

The smb.conf I'm using on both is , (sorry for the length of it)

Code:

richard@g8jvm:~$ cat /etc/samba/smb.conf

[global]
netbios name = G8JVM-SERVER
server string = Samba file and print server
workgroup = Workgroup
security = user
hosts allow = 127. 192.168.101.
interfaces = 127.0.0.1/8 192.168.101.0/24
bind interfaces only = yes
remote announce = 192.168.101.255
remote browse sync = 192.168.101.255
printcap name = cups
load printers = yes
cups options = raw
printing = cups
guest account = smbguest
log file = /var/log/samba/samba.log
max log size = 1000
null passwords = no
username level = 6
password level = 6
encrypt passwords = true
unix password sync = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
domain master = yes
preferred master = yes
domain logons = no
os level = 64
logon drive = m:
logon home = \\%L\homes\%u
logon path = \\%L\profiles\%u
logon script = %G.bat
time server = no
name resolve order = wins lmhosts bcast
wins support = no
wins proxy = no
dns proxy = no
preserve case = yes
short preserve case = yes
client use spnego = no
client signing = no
client schannel = no
server signing = no
server schannel = no
nt pipe support = yes
nt status support = yes
allow trusted domains = no
obey pam restrictions = yes
enable spoolss = yes
client plaintext auth = no
disable netbios = no
follow symlinks = no
update encrypted = yes
pam password change = no
passwd chat timeout = 120
hostname lookups = no
username map = /etc/samba/smbusers
passdb backend = tdbsam
passwd program = /usr/bin/passwd '%u'
passwd chat = *New*password* %n\n *ReType*new*password* %n\n *passwd*changed*\n
add user script = /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s /dev/null '%u'
add user to group script = /usr/sbin/useradd -d /dev/null -c 'Samba User Account' -s /dev/null -g '%g' '%u'
add group script = /usr/sbin/groupadd '%g'
delete user script = /usr/sbin/userdel '%u'
delete user from group script = /usr/sbin/userdel '%u' '%g'
delete group script = /usr/sbin/groupdel '%g'
add machine script = /usr/sbin/useradd -d /dev/null -g sambamachines -c 'Samba Machine Account' -s /dev/null -M '%u'
machine password timeout = 120
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /dev/null
winbind use default domain = yes
winbind separator = @
winbind cache time = 360
winbind trusted domains only = yes
winbind nested groups = no
winbind nss info = no
winbind refresh tickets = no
winbind offline logon = no

[homes]
comment = Home Directories
path = /home/richard
read only = no
available = yes
browseable = yes
writable = yes
guest ok = no
public = no
printable = no
locking = no
strict locking = no

[netlogon]
comment = Network Logon Service
path = /home/netlogon
read only = no
available = yes
browseable = yes
writable = no
guest ok = no
public = no
printable = no
locking = no
strict locking = no

[profiles]
comment = User Profiles
path = /var/samba/profiles
read only = no
available = yes
browseable = no
writable = yes
guest ok = no
public = no
printable = no
create mode = 0600
directory mask = 0700
locking = no
strict locking = no

[printers]
comment = EPSON Stylus Photo R285
path = /home/richard/smb-spool
browseable = yes
writable = yes
guest ok = yes
public = yes
printable = yes
locking = no
strict locking = no

[pdf-documents]
path = /home/pdf-documents
comment = Converted PDF Documents
available = yes
browseable = yes
writeable = yes
guest ok = yes
locking = no
strict locking = no

[pdf-printer]
path = /tmp
comment = PDF Printer Service
printable = yes
guest ok = yes
use client driver = yes
printing = bsd
print command = /usr/bin/gadmin-samba-pdf %s %u
lpq command =

This is really giving me grief

I double checked access to the laptop, killed virtualbox which runs in bridged mode, and pinged the laptop
and got:-

Code:

From 192.168.101.8 icmp_seq=31 Destination Host Prohibited
From 192.168.101.8 icmp_seq=32 Destination Host Prohibited

The firewall is OK, is there anything can change the config ?
SELinux is definatly in permissive mode,
Disabling the firewall has no effect on the ping response freo the laptop.
I can ping this machine from the laptop

But a traceroute times out
I had no problem until I installed a damn VM, as I need to bits of s/w that wont run on linux.
This is not logical, wel not my logic

TIA
Richard

---------- Post added at 01:13 PM ---------- Previous post was at 12:36 PM ----------

Hi
here's the problem
system-config-firewall is available to the user with user password.
To change the firewall iptables requires root access

So when virtualbox was installed it altered the firewall directly, prohibiting icmp

As system-config-firewall only requires a user password it can't alter iptables..

NICE ONE,,,,,NOT

I'll hunt through the repos for a proper firewall front end.

Richard

jpollard · #7 3rd February 2012, 02:32 PM

Don't use 192.168.0.0/24 for an IP number. It isn't. This is a network number and can't be used except for broadcast/multi-cast packets.

g8jvm · #8 3rd February 2012, 03:43 PM

I cant see anywhere I've used that subnet ?????
Richard

jpollard · #9 3rd February 2012, 03:47 PM

192.168.101.0/24...

This is a network specification. As such, it is a network number, not an IP number.

Quote:

SELinux is in permissive mode, the ip address is correct at 192.168.101.0/24

Sorry, not an IP address. Valid addresses range from 192.168.101.1 to 192.168.101.254 (255 is the broadcast address).