[Gllug] Howto make Samba work on Suse10.1

Emon emon at nerdshack.com
Sat Oct 14 17:33:58 UTC 2006


On 10/10/2006 03:40 PM, chanka perera wrote:
> Hi ,
> 
> you have to check your firewall rules, whether it has allowed netbios
> /samba to allow from trusted local network,
> 
> send us your iptables -L out put.. or add rules accordingly. i don't
> find any issue with your samba configuration files.
> 
> regards,
> 
> chanka perera
> 

I have in the meantime reinstalled Suse10.1 & and setup samba according
to the instruction on this site.....

<http://www.tweakhound.com/linux/samba/page_1.htm>

But to no effect :-(

I noticed these warnings when my pc boots.

*********************
SuSEfirewall2: Warning: FW_ALLOW_INCOMING_HIGHPORTS_TCP is depricated
and will likely be removed in future

iptables-batch v1.3.5 invalid TCP port/service 'netbios-ns' specified
Try 'iptables-batch -h' or 'iptables-batch --help' for more information

SuSEfirewall2: Error: iptables-batch failed, rerunning using iptables
iptables v1.3.5 invalid TCP port/service 'netbios-ns' specified
**********************

I am pasting the smb.conf file & the output of

Emon

--------------------X---------------------------


# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2006/10/14 19:23:43

[global]
workgroup = LANLINK
map to guest = Bad User
printcap name = cups
add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s
/bin/false %m$
logon path = \\%L\profiles\.msprofile
logon drive = P:
logon home = \\%L\%U\.9xprofile
os level = 2
preferred master = No
local master = No
domain master = No
hosts allow = 192.168.0.0/255.255.255.0
cups options = raw
include = /etc/samba/dhcp.conf

[homes]
comment = Home Directories
valid users = %S, %D%w%S
read only = No
inherit acls = Yes
browseable = No

[profiles]
comment = Network Profiles Service
path = %H
read only = No
create mask = 0600
directory mask = 0700
store dos attributes = Yes

[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/

[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes

[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin, root
force group = ntadmin
create mask = 0664
directory mask = 0775

[share]
comment = For All
path = /media/MAGICSTORE/SHARE/
read only = no
inherit acls = yes
guest ok = yes
case sensitive = no
msdfs proxy = no

-------------------------X----------------------

magicbox:/home/emon # iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
input_ext  all  --  anywhere             anywhere
input_ext  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            limit: avg
3/min burst 5 LOG level warning tcp-options ip-options prefix
`SFW2-IN-ILL-TARGET '
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            limit: avg
3/min burst 5 LOG level warning tcp-options ip-options prefix
`SFW2-FWD-ILL-ROUTING '

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state
NEW,RELATED,ESTABLISHED
LOG        all  --  anywhere             anywhere            limit: avg
3/min burst 5 LOG level warning tcp-options ip-options prefix
`SFW2-OUT-ERROR '

Chain forward_ext (0 references)
target     prot opt source               destination

Chain input_ext (2 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            icmp
source-quench
ACCEPT     icmp --  anywhere             anywhere            icmp
echo-request
ACCEPT     icmp --  anywhere             anywhere            state
RELATED,ESTABLISHED icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere            state
RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            state
RELATED,ESTABLISHED icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere            state
RELATED,ESTABLISHED icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere            state
RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT     icmp --  anywhere             anywhere            state
RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT     icmp --  anywhere             anywhere            state
RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT     icmp --  anywhere             anywhere            state
RELATED,ESTABLISHED icmp redirect
LOG        tcp  --  anywhere             anywhere            limit: avg
3/min burst 5 tcp dpt:microsoft-ds flags:FIN,SYN,RST,ACK/SYN LOG level
warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:microsoft-ds
LOG        tcp  --  anywhere             anywhere            limit: avg
3/min burst 5 tcp dpt:netbios-dgm flags:FIN,SYN,RST,ACK/SYN LOG level
warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:netbios-dgm
LOG        tcp  --  anywhere             anywhere            limit: avg
3/min burst 5 tcp dpt:netbios-ns flags:FIN,SYN,RST,ACK/SYN LOG level
warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:netbios-ns
LOG        tcp  --  anywhere             anywhere            limit: avg
3/min burst 5 tcp dpt:netbios-ssn flags:FIN,SYN,RST,ACK/SYN LOG level
warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:netbios-ssn
ACCEPT     udp  --  anywhere             anywhere            udp
dpt:netbios-dgm
ACCEPT     udp  --  anywhere             anywhere            udp
dpt:netbios-ns
reject_func  tcp  --  anywhere             anywhere            tcp
dpt:ident state NEW
LOG        tcp  --  anywhere             anywhere            limit: avg
3/min burst 5 tcp spt:microsoft-ds dpts:1024:65535
flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options
prefix `SFW2-INext-ACC-HIGH '
ACCEPT     tcp  --  anywhere             anywhere            tcp
spt:microsoft-ds dpts:1024:65535
LOG        udp  --  anywhere             anywhere            limit: avg
3/min burst 5 state NEW udp spt:microsoft-ds dpts:1024:65535 LOG level
warning tcp-options ip-options prefix `SFW2-INext-ACC-HiUDP '
ACCEPT     udp  --  anywhere             anywhere            state NEW
udp spt:microsoft-ds dpts:1024:65535
LOG        all  --  anywhere             anywhere            limit: avg
3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options
ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP       all  --  anywhere             anywhere            PKTTYPE =
multicast
LOG        tcp  --  anywhere             anywhere            limit: avg
3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning
tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG        icmp --  anywhere             anywhere            limit: avg
3/min burst 5 LOG level warning tcp-options ip-options prefix
`SFW2-INext-DROP-DEFLT '
LOG        udp  --  anywhere             anywhere            limit: avg
3/min burst 5 LOG level warning tcp-options ip-options prefix
`SFW2-INext-DROP-DEFLT '
LOG        all  --  anywhere             anywhere            limit: avg
3/min burst 5 state INVALID LOG level warning tcp-options ip-options
prefix `SFW2-INext-DROP-DEFLT-INV '
DROP       all  --  anywhere             anywhere

Chain reject_func (1 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere            reject-with
tcp-reset
REJECT     udp  --  anywhere             anywhere            reject-with
icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with
icmp-proto-unreachable
magicbox:/home/emon #


> On 10/9/06, Emon <emon at nerdshack.com> wrote:
>> Hi all
>>
>> I am a novice user & I have just switched over to Suse10.1 from
>> Slackware10.2
>> (been running Slackware since Slackware9.1)
>>
>> I have 4 PC connected to a home LAN. 1 running Linux, & others are
>> running WinXP
>>
>> 1)
>> I have (somewhat) setup samba using Yast, but the thing is, if the
>> firewall turned off, then I am able to access the LAN from my Suse box,
>> otherwise it says "Unable to find any workgroups in your local network.
>> This might be caused by an enabled firewall."  But as far as I can
>> recall there was an option during samba configuration to "Open Firewall
>> ports"... which I did... so what could be going wrong??
>>
>> The XP boxes are able to access my samba server without any problem
>> though.
>>
>> I am also pasting my /etc/samba/smb.conf
>>
>> Thanks in advance :-)
>> Emon
>>
>> # smb.conf is the main Samba configuration file. You find a full
>> commented
>> # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
>> # samba-doc package is installed.
>> # Date: 2006-05-02
>> [global]
>>         workgroup = LANLINK
>>         bind interfaces only = true
>>         interfaces = eth0 192.170.0.1
>>         hosts allow = 192.170.0.0/255.255.255.0 127.0.0.1
>>         log level = 1
>>         log file = /var/log/samba/log.%m
>>         max log size = 1024
>>         printing = cups
>>         printcap name = cups
>>         printcap cache time = 750
>>         cups options = raw
>>         map to guest = Bad User
>>         include = /etc/samba/dhcp.conf
>>         logon path = \\%L\profiles\.msprofile
>>         logon home = \\%L\%U\.9xprofile
>>         logon drive = P:
>>         add machine script = /usr/sbin/useradd  -c Machine -d
>> /var/lib/nobody
>> -s /bin/false %m$
>>         domain logons = No
>>         domain master = No
>>         netbios name = magicbox
>>         security = user
>> [homes]
>>         comment = Home Directories
>>         valid users = %S, %D%w%S
>>         browseable = No
>>         read only = No
>>         inherit acls = Yes
>> [profiles]
>>         comment = Network Profiles Service
>>         path = %H
>>         read only = No
>>         store dos attributes = Yes
>>         create mask = 0600
>>         directory mask = 0700
>> [users]
>>         comment = All users
>>         path = /home
>>         read only = No
>>         inherit acls = Yes
>>         veto files = /aquota.user/groups/shares/
>> [groups]
>>         comment = All groups
>>         path = /home/groups
>>         read only = No
>>         inherit acls = Yes
>> [printers]
>>         comment = All Printers
>>         path = /var/tmp
>>         printable = Yes
>>         create mask = 0600
>>         browseable = No
>> [print$]
>>         comment = Printer Drivers
>>         path = /var/lib/samba/drivers
>>         write list = @ntadmin root
>>         force group = ntadmin
>>         create mask = 0664
>>         directory mask = 0775
>> [share]
>>         inherit acls = Yes
>>         path = /media/hd/MAGICSTORE/share/
>>         read only = No
>>         create mask = 0775
>>         browseable = Yes
>>         public = yes
>>
>>
>>
>>
>>
>> -- 
>> Gllug mailing list  -  Gllug at gllug.org.uk
>> http://lists.gllug.org.uk/mailman/listinfo/gllug
>>




-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list