FedoraForum.org - Fedora Support Forums and Community
Page 1 of 2 1 2 LastLast
Results 1 to 15 of 16
  1. #1
    Join Date
    Jun 2008
    Posts
    38

    Samba upgrade to 3.2.0 (F9) causes IPv6 problems

    After upgrading to F9 from F8, my samba shares have ceased to be accessible from one remote machine (but not from another remote machine).

    This is a result of samba-3.2.0 (as in F9) using IPv6, but I know nothing at all about that, so I am appealing for help!

    In my samba log directory (/var/log/samba) I now have files which look like:

    __ffff_192.168.1.4.log

    The computer with the IP address 192.168.1.4 is called iyonix.bgnet.

    In the log file __ffff_192.168.1.4.log I have:

    [2008/06/17 17:43:37, 0] lib/util_sock.c:matchname(1670)
    matchname: host name/address mismatch: ::ffff:192.168.1.4 != iyonix.bgnet
    [2008/06/17 17:43:37, 0] lib/util_sock.c:get_peer_name(1791)
    Matchname failed on iyonix.bgnet ::ffff:192.168.1.4
    [2008/06/17 17:43:40, 0] lib/util_sock.c:matchname(1670)
    matchname: host name/address mismatch: ::ffff:192.168.1.4 != iyonix.bgnet
    [2008/06/17 17:43:40, 0] lib/util_sock.c:get_peer_name(1791)
    Matchname failed on iyonix.bgnet ::ffff:192.168.1.4

    From another machine, mybgpc (192.168.1.5) I can connect, and I get a log entry in its file mybgpc.log as follows:

    [2008/06/17 17:44:39, 1] smbd/service.c:make_connection_snum(1188)
    mybgpc (::ffff:192.168.1.5) connect to service PCfiles initially as user mybg (uid=500, gid=500) (pid 3376)
    [2008/06/17 17:44:43, 1] smbd/service.c:make_connection_snum(1188)
    mybgpc (::ffff:192.168.1.5) connect to service Misc initially as user mybg (uid=500, gid=500) (pid 3376)
    [2008/06/17 17:44:47, 1] smbd/service.c:make_connection_snum(1188)
    mybgpc (::ffff:192.168.1.5) connect to service FamilyPhotos initially as user mybg (uid=500, gid=500) (pid 3376)
    [2008/06/17 17:55:01, 1] smbd/service.c:close_cnum(1399)
    mybgpc (::ffff:192.168.1.5) closed connection to service Misc
    [2008/06/17 17:55:01, 1] smbd/service.c:close_cnum(1399)
    mybgpc (::ffff:192.168.1.5) closed connection to service FamilyPhotos

    ... but I also get a file __ffff_192.168.1.5.log which has:

    [2008/06/17 17:44:06, 0] lib/util_sock.c:matchname(1670)
    matchname: host name/address mismatch: ::ffff:192.168.1.5 != mybgpc.bgnet
    [2008/06/17 17:44:06, 0] lib/util_sock.c:get_peer_name(1791)
    Matchname failed on mybgpc.bgnet ::ffff:192.168.1.5

    How can I get the matchname stuff to work properly?

    I am completely stuck!

  2. #2
    Join Date
    Jun 2008
    Posts
    38
    I have found a solution (albeit not 100% perfect).

    It is clear that all of the problems result from samba's handling of IPv6. I can see where it happens in the source code, but the cause is, I suspect, something outside of samba which is affecting it when it tries to do reverse DNS. Instead of getting 'iyonix.bgnet' back, it is getting ::ffff:192.168.1.4 .

    For the time being, I have removed samba-3.2.0 from my system and built myself a copy of samba-3.0.30 (the fc8 rpm has too many dependencies which clash ...).

    This has solved the problem, but I would prefer a cleaner solution!

    Any ideas?
    Last edited by mikebg; 18th June 2008 at 09:03 PM. Reason: spelling mistake

  3. #3
    Join Date
    Aug 2007
    Posts
    8
    I am having problems printing via samba since upgrading from
    F7 to F9. I am now convinced that it is because of IPV6 issues. I am also seeing log entries such as you describe. See my original post at:

    http://forums.fedoraforum.org/forum/...d.php?t=192136

    Thanks for offering one possible solution.

  4. #4
    Join Date
    Jun 2008
    Posts
    38
    Quote Originally Posted by pickman
    I am having problems printing via samba since upgrading from
    F7 to F9. I am now convinced that it is because of IPV6 issues. I am also seeing log entries such as you describe. See my original post at:

    http://forums.fedoraforum.org/forum/...d.php?t=192136

    Thanks for offering one possible solution.
    Anything new? I recently had an upgrade of samba with yum and found I had to reinstall my copy of samba-3.0.30 to get back my connectivity. Can we really be the only two people having problems?

  5. #5
    Join Date
    Aug 2007
    Posts
    8
    I successfully turned off ipv6 on all systems, but it did not fix my printing problem. The ultimate solution was to move the printer to another Fedora machine on the LAN. After re-installing the printer, cups, and samba on a different machine, I was able to finally get network printing to work. I never could figure out why it stopped working on the original system after the F9 upgrade.

  6. #6
    Join Date
    Jun 2008
    Posts
    38
    Still nothing new? I have tried installing the newer releases of samba but there is nothing I can get working in 3.2.x, so I keep having to reinstall my 3.0 version after yum puts in the latest 3.2 release ... There must be a simple solution to this problem! Developers??

  7. #7
    Join Date
    Jul 2007
    Posts
    134
    Like you gentlemen, I too am having problems with samba on Fedora 10. I cannot get my newly installed system to logon to my Primary Domain Controller (Fedora 8/Fedora Directory Server). I've isolated the problem to the fact that samba will not accept incoming packets from the PDC, and so users cannot logon. AS far as my needs are concerned, this means that F10 is useless as a domain workstation. I shall have one last install and see if I can get the **** thing to work, but if not it's back to Fedora 8 for me.

  8. #8
    Join Date
    Sep 2008
    Location
    Denver foothills - CO
    Posts
    31
    I'm experiencing a similar set of problems. I've had unreliable SMB connectivity ever since I set up this F9 server. The box has a long history of different distros and problems. It worked well several years ago, but I won't go into the whole story, other than to say F9 was a clean install.

    Connections used to take a very long time to connect or reject. I finally solved that part by finding some stuff in resolv.conf that wasn't correct. But it still doesn't give me connectivity.

    I get an XP log in screen and when I fill it in, it just returns immediately. I checked the log file and found a bunch of IP6 type mismatches like described here. I commented out my hosts allow string (I'm wondering if it needs to be in IP6 form these days) and the messages went away, but login still isn't sucessful.

    I've spend a whole day working on this and have learned a lot, but its still not working. With log level set to 2 I see it log me in sucessfully anonymously, then:

    [2009/02/16 22:06:52, 3] auth/auth_winbind.c:check_winbind_security(54)
    check_winbind_security: Not using winbind, requested domain [ESRDSN] was for this SAM.
    [2009/02/16 22:06:52, 2] auth/auth.c:check_ntlm_password(318)
    check_ntlm_password: Authentication for user [Wilton] -> [Wilton] FAILED with error NT_STATUS_WRONG_PASSWORD
    [2009/02/16 22:06:52, 3] smbd/error.c:error_packet_set(61)
    error packet at smbd/sesssetup.c(127) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE

    I have used smbpasswd as root to set the password again (just in case it wasn't correct or I didn't remember it). It is now known to be the same as the linux login password which works. I'm at a total loss.

    Wilton

    P.S.: Here's my smb.conf (sans comments)

    [global]

    workgroup = ESRDSN
    security = user
    idmap uid = 16777216-33554431
    idmap gid = 16777216-33554431
    ; template shell = /bin/false
    winbind use default domain = false
    winbind offline logon = false
    read only = no

    netbios name = LXSERVE

    server string = LxServe


    ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
    ; hosts allow = 192.168.0. 127.0.0.1


    log file = /var/log/samba/log.%m
    max log size = 50
    log level = 2

    passdb backend = tdbsam


    domain master = yes
    domain logons = yes

    ; local master = no
    os level = 33
    preferred master = yes


    wins support = yes
    ; wins server = w.x.y.z
    ; wins proxy = yes

    dns proxy = no

    ; load printers = yes
    cups options = raw

    printcap name = /etc/printcap
    printing = cups

    username map = /etc/samba/smbusers
    ; encrypt passwords = yes
    guest ok = yes
    ; guest account = nobody
    ; store dos attributes = yes

    [homes]
    comment = Home Directories
    browseable = no
    writable = yes
    ; valid users = %S
    ; valid users = MYDOMAIN\%S

    [printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = yes
    ; writable = No
    printable = yes

    [wilton]
    comment = wilton on LxServ
    path = /home/wilton
    writeable = Yes
    ; browseable = yes
    valid users = wilton

    [ESR]
    comment = ESR on LxServ
    path = /home/ESR
    writeable = yes
    ; browseable = yes
    valid users = wilton
    Last edited by whelm; 17th February 2009 at 06:11 AM. Reason: Added smb.conf

  9. #9
    Join Date
    Sep 2008
    Location
    Denver foothills - CO
    Posts
    31
    OK, I seem to have resolved this problem on my machine. Here is what I have found for anyone else that is needing it.

    Many problems with Samba aren't Samba problems at all, they are underlying network related problems. As mentioned in my previous post, a large delay in client responses turned out to be related to wrong information in resolv.conf.

    My underlying problem was domain related. The server is serving a web page under the name www.esrdsn.com, which is mapped to my one and only public IP address. The computer itself is behind a rounter on a LAN with a 192.168.0 class C IP address. Thinking I was doing the right thing, I named the workgroup esrdsn, like the web page, and identified the server's domain as esrdsn.com and its full local name as lxserve.esrdsn.com. The problem is that internet DNS servers know esrdsn by a public IP and the computer is actually on a private LAN. So a DNS lookup of esrdsn.com is going to return an IP address that will only reach the computer for port 80 (www) traffic (which the router forwards). Anything else (Samba?) will fail resulting in mismatches.

    The solution in this case was to remove the domain name from resolv.conf (the LAN doesn't really even need a domain name), put only the computer name (lxserve) in hosts, and change the workgroup name to something different in all the affected computers--no more problem.

    Wilton
    Last edited by whelm; 19th February 2009 at 06:12 PM. Reason: clarification

  10. #10
    Join Date
    Apr 2005
    Posts
    18
    One solution to the name mismatch errors (e.g. matchname: host name/address mismatch: ::ffff:192.168.1.5 != mybgpc.bgnet) is to disable IPv6. This is quite easily done by creating a file in /etc/modprobe.d - you can call it what you like but a helpful name like "disable-ipv6" is useful. The contents of this should read:-

    Code:
    install ipv6 /bin/true
    After a reboot, IPv6 will be disabled and you shouldn't get any mismatch error messages if you enable the "allow hosts" entries in your samba configuration. Bug? Feature? Who knows...

  11. #11
    Join Date
    Sep 2008
    Location
    Denver foothills - CO
    Posts
    31
    Very interesting on several accounts:

    1. This seems to imply that the problem is IP6 related which is why I and others didn't notice it before.

    2. Is it a bug in the IP6 implementation (on F9/10) or a designed in "feature" of IP6?

    3. Supposedly IP6 is disabled on this machine. I have already forgotten what I looked at, but I disabled it when I installed F9 and I did check to see if it was disabled. However, it appears that there may be various levels of being disabled, as I was getting mismatch messages against IP6 addresses, and there were other indications that at least some IP6 related code was being executed.

    Wilton

  12. #12
    Join Date
    Jan 2005
    Posts
    5,059
    I'm running F10 (with allll the updates)
    and F11 (Beta by tomorrow)

    and I don't have any of those problems.

    $#@
    1234

    Youv'e got to know when to hold 'em,
    know when to fold 'em,
    known when to walk away,
    from the bugs of
    Yesssssss Terrrrrrrr DAYYYYYYYYY! Yeh

    SJ

    Youth is wasted on the young.
    Do the Math

  13. #13
    Join Date
    Mar 2009
    Posts
    11
    I think the problem is not ipv6 related, but due to a dns problem.
    The same hostname must resolve to the same ip address on both client and server.

    For example, there may be a different ip specified in one of the hosts files.
    Or, you may be running your own internal nameserver with a private domain and the client is told to use another, external dns.

    I am unable to test this at the moment, since I do not have access to those clients from here, but I know some are configured to use an external dns...

  14. #14
    Join Date
    Jan 2009
    Location
    New Zealand
    Posts
    68

    Same samba matchname failed prob on FC10 - only for networked servers

    I'm having the same sort of issues with FC10. I don't have a solution but perhaps a different angle. I'm not trying to connect a windows server to samba, but a FC10 client to an FC10 server, both servers are setup to allow ipv6.

    On the server I'm getting the
    May 6 19:54:14 falcon smbd[31759]: Matchname failed on eagle-private ::ffff:169.254.218.186

    On the client I'm getting
    [mark@eagle ~]$ smbclient -N -L falcon-private
    Anonymous login successful
    Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.2.11-0.30.fc10]

    Sharename Type Comment
    --------- ---- -------
    WinXP Disk WinXP Backup Drive
    eagle Disk Eagle Backup Drive
    osprey Disk Eagle Backup Drive
    firebird Disk Firebird Backup Drive
    IPC$ IPC IPC Service (Samba Server Version 3.2.11-0.30.fc10)
    timeout connecting to 169.254.218.183:139
    Connection to falcon-private failed (Error NT_STATUS_ACCESS_DENIED)
    NetBIOS over TCP disabled -- no workgroup available

    All my servers use hosts files, no DNS. Although all the hosts files only contain ipV4 entries. I have tried adding various entries to match with no joy.

    However I'm not sure where it's getting the ffff:169.254.218.183 from. I have noticed in my setup where the 169 address is a second alias on a single ethernet card ifcfg tells me eth0 has an inet6 addr of fe80::20c:6eff:fe63:c7a2/64 which is nothing like the 192.168.1 address it lives on, eth0:1 I am trying to use for the samba connection has no inet6 addr assigned so I guess it just gets ffff shoved on the front ???.


    -- Anyway --
    it certainly seems to be a reverse lookup problem of some sort. The Matchname failed is consistent whenever I try to connect to samba from any of my other linux servers (it's not a windows client only problem) .

    When I run the same command above on the FC10 server running the samba server, it just works. It should be noted I have no ipv6 entries in the hosts file on the samba server either, it just works ok there.

    [mark@falcon ~]$ smbclient -N -L falcon-private
    Anonymous login successful
    Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.2.11-0.30.fc10]

    Sharename Type Comment
    --------- ---- -------
    WinXP Disk WinXP Backup Drive
    eagle Disk Eagle Backup Drive
    osprey Disk Eagle Backup Drive
    firebird Disk Firebird Backup Drive
    IPC$ IPC IPC Service (Samba Server Version 3.2.11-0.30.fc10)
    Anonymous login successful
    Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.2.11-0.30.fc10]

    Server Comment
    --------- -------
    FALCON Samba Server Version 3.2.11-0.30.fc10

    Workgroup Master
    --------- -------
    WORKGROUP FALCON
    [mark@falcon ~]$

    I don't want to disable ipv6 so am also curious about any possible solution.

  15. #15
    Join Date
    Mar 2009
    Posts
    11

    Solved!

    Solved the problem!
    I made a few tweaks in smb.conf that got rid of the errors. Im not sure which tweak is responsible, so I list them here:

    --
    interfaces = lo br0
    bind interfaces only = true

    Interface br0 is my bridge interface, that holds members eth0 to eth2. I added the "bind interfaces only" to make sure that samba won't listen on them individually.

    --
    hosts allow = 10. 127.

    Oops, I had forgotten to allow localhost (127.)... You may also remove this line completely if you trust your network.

    --
    oplocks = False

    Probably has nothing to do with this problem, but it solved some client caching problem on another server so I added it to this one too. Makes connections more reliable at a little performance expense (probably not noticeable on todays fast networks).

    --
    smb ports = 139

    This will remove port 445 support. Should work if you are not using Active Directory.
    Gets rid of errors like "getpeername failed. Error was Transport endpoint is not connected". see http://forums.gentoo.org/viewtopic-t-304678.html

Page 1 of 2 1 2 LastLast

Similar Threads

  1. samba IPv6
    By sambanav6 in forum Servers & Networking
    Replies: 0
    Last Post: 12th March 2009, 07:04 AM
  2. Replies: 2
    Last Post: 3rd September 2008, 02:11 PM
  3. Samba problems after upgrade
    By jocke4u in forum Servers & Networking
    Replies: 4
    Last Post: 24th November 2006, 03:36 PM
  4. Problems after Samba upgrade on FC4 server
    By mwtb in forum Servers & Networking
    Replies: 1
    Last Post: 31st July 2006, 09:15 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •