5

Samba 3.5 on Centos 6.3

Synopsis: I set up Samba on my linux host, but none of my Win machines on the subnet can see the host name.

My host name (WOLTEST) does not show up in any of the Win network lists (net view, for example). So, \\WOLTEST\share-name comes back empty-handed

I can ping the Linux ip address (192.168.44.140) from the Win machines, but I cannot get to the share with \\192.168.44.140\share-name.

There are a few similar posts on ServerFault, but none helped.

Here's the relevant parts of my smb.conf:

[global]
workgroup = LANGROUP
server string = Samba Server Version %v

security = user
passdb backend = tdbsam

[web]
path = /volume1/web
writeable = yes
browseable = yes
valid users = michael
guest ok = yes

I also tried "wins support = yes", but it didn't help. There are no wins servers on the LAN.

I ran smbpasswd -a michael

Then I restarted smb & nmb.

Here are the relevant lines from /var/log/messages

[2012/07/30 16:17:05.161348,  0] smbd/server.c:501(smbd_open_one_socket)
 smbd_open_once_socket: open_socket_in: Address already in use
[2012/07/30 16:17:05.166246,  0] smbd/server.c:501(smbd_open_one_socket)
 smbd_open_once_socket: open_socket_in: Address already in use
[2012/07/30 16:17:38.237999,  0] nmbd/nmbd_become_lmb.c:395(become_local_master_stage2)
*****

Samba name server WOLTEST is now a local master browser for
                 workgroup LANGROUP on subnet 192.168.44.140

I've googled the phrase "Address already in use", and everyone says to ignore it.

The one red flag for me is the phrase "on subnet 192.168.44.140". That IP is not a subnet. It's the IP of the host.

I don't know of any way to change that to subnet 192.168.44.0. But it's not the elected browser, anyway, so I'm not sure it would matter.

SELinux is off

I've searched everywhere and read the samba doc, and I seem to be doing everything right.

Is there something I've missed?

oksofar
  • 115
  • 2
  • 6

2 Answers2

5

You've covered my usual suspects, but there is one word I didn't see in there and that's iptables. Could it be as easy as not having opened the right holes in the on-by-default firewall? I have had that whack me a time or three.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
  • That was it! Just to test, I stopped the iptables service, and waited a while. I could then access the share. So now I need to come up with some specific rules. – oksofar Aug 01 '12 at 04:17
  • I found these rules via google, and I tested them. -A INPUT -p udp -m udp --dport 137 -j ACCEPT -A INPUT -p udp -m udp --dport 138 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT – oksofar Aug 01 '12 at 05:44
  • When in doubt, follow the money....or in this case, the packet. Firewalling causes all kinds of headaches simply because it's usually forgotten about. – Avery Payne Feb 04 '15 at 18:59
1

I suggest you to use system-config-firewall, a simple gui that can make these choice for you, anyway these rules should work:

-A INPUT -p tcp -m tcp  -m multiport  --dports 445,139  -m state --state NEW  -j ACCEPT
-A INPUT -p udp -m udp  -m multiport  --dports 138,137,139  -m state --state NEW  -j ACCEPT
tombolinux
  • 243
  • 1
  • 5
  • Thank you, it's good to have those rules. But system-config-firewall is no longer available for CentOS 6.3. – oksofar Aug 02 '12 at 16:43
  • I find it in this official repository: http://centos.arcticnetwork.ca/6.3/os/i386/Packages/ for i386 and for x86_64. There are 3 files: system-config-firewall-1.2.27-5.el6.noarch.rpm, system-config-firewall-base-1.2.27-5.el6.noarch.rpm and system-config-firewall-tui-1.2.27-5.el6.noarch.rpm, the tui version is shell only. – tombolinux Aug 02 '12 at 16:55