[Gllug] Howto make Samba work on Suse10.1
Emon
emon at nerdshack.com
Sat Oct 14 17:33:58 UTC 2006
On 10/10/2006 03:40 PM, chanka perera wrote:
> Hi ,
>
> you have to check your firewall rules, whether it has allowed netbios
> /samba to allow from trusted local network,
>
> send us your iptables -L out put.. or add rules accordingly. i don't
> find any issue with your samba configuration files.
>
> regards,
>
> chanka perera
>
I have in the meantime reinstalled Suse10.1 & and setup samba according
to the instruction on this site.....
<http://www.tweakhound.com/linux/samba/page_1.htm>
But to no effect :-(
I noticed these warnings when my pc boots.
*********************
SuSEfirewall2: Warning: FW_ALLOW_INCOMING_HIGHPORTS_TCP is depricated
and will likely be removed in future
iptables-batch v1.3.5 invalid TCP port/service 'netbios-ns' specified
Try 'iptables-batch -h' or 'iptables-batch --help' for more information
SuSEfirewall2: Error: iptables-batch failed, rerunning using iptables
iptables v1.3.5 invalid TCP port/service 'netbios-ns' specified
**********************
I am pasting the smb.conf file & the output of
Emon
--------------------X---------------------------
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2006/10/14 19:23:43
[global]
workgroup = LANLINK
map to guest = Bad User
printcap name = cups
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s
/bin/false %m$
logon path = \\%L\profiles\.msprofile
logon drive = P:
logon home = \\%L\%U\.9xprofile
os level = 2
preferred master = No
local master = No
domain master = No
hosts allow = 192.168.0.0/255.255.255.0
cups options = raw
include = /etc/samba/dhcp.conf
[homes]
comment = Home Directories
valid users = %S, %D%w%S
read only = No
inherit acls = Yes
browseable = No
[profiles]
comment = Network Profiles Service
path = %H
read only = No
create mask = 0600
directory mask = 0700
store dos attributes = Yes
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin, root
force group = ntadmin
create mask = 0664
directory mask = 0775
[share]
comment = For All
path = /media/MAGICSTORE/SHARE/
read only = no
inherit acls = yes
guest ok = yes
case sensitive = no
msdfs proxy = no
-------------------------X----------------------
magicbox:/home/emon # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg
3/min burst 5 LOG level warning tcp-options ip-options prefix
`SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg
3/min burst 5 LOG level warning tcp-options ip-options prefix
`SFW2-FWD-ILL-ROUTING '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg
3/min burst 5 LOG level warning tcp-options ip-options prefix
`SFW2-OUT-ERROR '
Chain forward_ext (0 references)
target prot opt source destination
Chain input_ext (2 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp
source-quench
ACCEPT icmp -- anywhere anywhere icmp
echo-request
ACCEPT icmp -- anywhere anywhere state
RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state
RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state
RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state
RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state
RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state
RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state
RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state
RELATED,ESTABLISHED icmp redirect
LOG tcp -- anywhere anywhere limit: avg
3/min burst 5 tcp dpt:microsoft-ds flags:FIN,SYN,RST,ACK/SYN LOG level
warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds
LOG tcp -- anywhere anywhere limit: avg
3/min burst 5 tcp dpt:netbios-dgm flags:FIN,SYN,RST,ACK/SYN LOG level
warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-dgm
LOG tcp -- anywhere anywhere limit: avg
3/min burst 5 tcp dpt:netbios-ns flags:FIN,SYN,RST,ACK/SYN LOG level
warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ns
LOG tcp -- anywhere anywhere limit: avg
3/min burst 5 tcp dpt:netbios-ssn flags:FIN,SYN,RST,ACK/SYN LOG level
warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp
dpt:netbios-ssn
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere udp
dpt:netbios-ns
reject_func tcp -- anywhere anywhere tcp
dpt:ident state NEW
LOG tcp -- anywhere anywhere limit: avg
3/min burst 5 tcp spt:microsoft-ds dpts:1024:65535
flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options
prefix `SFW2-INext-ACC-HIGH '
ACCEPT tcp -- anywhere anywhere tcp
spt:microsoft-ds dpts:1024:65535
LOG udp -- anywhere anywhere limit: avg
3/min burst 5 state NEW udp spt:microsoft-ds dpts:1024:65535 LOG level
warning tcp-options ip-options prefix `SFW2-INext-ACC-HiUDP '
ACCEPT udp -- anywhere anywhere state NEW
udp spt:microsoft-ds dpts:1024:65535
LOG all -- anywhere anywhere limit: avg
3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options
ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP all -- anywhere anywhere PKTTYPE =
multicast
LOG tcp -- anywhere anywhere limit: avg
3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning
tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg
3/min burst 5 LOG level warning tcp-options ip-options prefix
`SFW2-INext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg
3/min burst 5 LOG level warning tcp-options ip-options prefix
`SFW2-INext-DROP-DEFLT '
LOG all -- anywhere anywhere limit: avg
3/min burst 5 state INVALID LOG level warning tcp-options ip-options
prefix `SFW2-INext-DROP-DEFLT-INV '
DROP all -- anywhere anywhere
Chain reject_func (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with
tcp-reset
REJECT udp -- anywhere anywhere reject-with
icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with
icmp-proto-unreachable
magicbox:/home/emon #
> On 10/9/06, Emon <emon at nerdshack.com> wrote:
>> Hi all
>>
>> I am a novice user & I have just switched over to Suse10.1 from
>> Slackware10.2
>> (been running Slackware since Slackware9.1)
>>
>> I have 4 PC connected to a home LAN. 1 running Linux, & others are
>> running WinXP
>>
>> 1)
>> I have (somewhat) setup samba using Yast, but the thing is, if the
>> firewall turned off, then I am able to access the LAN from my Suse box,
>> otherwise it says "Unable to find any workgroups in your local network.
>> This might be caused by an enabled firewall." But as far as I can
>> recall there was an option during samba configuration to "Open Firewall
>> ports"... which I did... so what could be going wrong??
>>
>> The XP boxes are able to access my samba server without any problem
>> though.
>>
>> I am also pasting my /etc/samba/smb.conf
>>
>> Thanks in advance :-)
>> Emon
>>
>> # smb.conf is the main Samba configuration file. You find a full
>> commented
>> # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
>> # samba-doc package is installed.
>> # Date: 2006-05-02
>> [global]
>> workgroup = LANLINK
>> bind interfaces only = true
>> interfaces = eth0 192.170.0.1
>> hosts allow = 192.170.0.0/255.255.255.0 127.0.0.1
>> log level = 1
>> log file = /var/log/samba/log.%m
>> max log size = 1024
>> printing = cups
>> printcap name = cups
>> printcap cache time = 750
>> cups options = raw
>> map to guest = Bad User
>> include = /etc/samba/dhcp.conf
>> logon path = \\%L\profiles\.msprofile
>> logon home = \\%L\%U\.9xprofile
>> logon drive = P:
>> add machine script = /usr/sbin/useradd -c Machine -d
>> /var/lib/nobody
>> -s /bin/false %m$
>> domain logons = No
>> domain master = No
>> netbios name = magicbox
>> security = user
>> [homes]
>> comment = Home Directories
>> valid users = %S, %D%w%S
>> browseable = No
>> read only = No
>> inherit acls = Yes
>> [profiles]
>> comment = Network Profiles Service
>> path = %H
>> read only = No
>> store dos attributes = Yes
>> create mask = 0600
>> directory mask = 0700
>> [users]
>> comment = All users
>> path = /home
>> read only = No
>> inherit acls = Yes
>> veto files = /aquota.user/groups/shares/
>> [groups]
>> comment = All groups
>> path = /home/groups
>> read only = No
>> inherit acls = Yes
>> [printers]
>> comment = All Printers
>> path = /var/tmp
>> printable = Yes
>> create mask = 0600
>> browseable = No
>> [print$]
>> comment = Printer Drivers
>> path = /var/lib/samba/drivers
>> write list = @ntadmin root
>> force group = ntadmin
>> create mask = 0664
>> directory mask = 0775
>> [share]
>> inherit acls = Yes
>> path = /media/hd/MAGICSTORE/share/
>> read only = No
>> create mask = 0775
>> browseable = Yes
>> public = yes
>>
>>
>>
>>
>>
>> --
>> Gllug mailing list - Gllug at gllug.org.uk
>> http://lists.gllug.org.uk/mailman/listinfo/gllug
>>
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list