Samba? windows can't connect to linux.

[arthurking]

I've configured samba B4 when I was running 9.1, via swat and/or webmin. I preferred webmin.

Now I'm running 9.2, samba 2.2.8a and I can fully access winXP from 9.2.

But, even though I can see my 'Samba Server 2.2.8a' computer on my 'home' workgroup in network places, it says I don't have permission and to see my admin (me) when I try to connect. The login prompt doesn't come up.

This is a home (playing around with everything to see how it works) network, and one of the reasons for my upgrade to 9.2 was because of the exact opposite problem with samba 2.2.7a on 9.1. I had it working fine for a time, then I probably stuffed up something unknowingly and Linux couldn't access winXP ??

I must be overlooking some small detail and there's no firewall running on linux. When there was(guarddog) it was configured to allow everything from winXP box. Firewall on winXP is set to allow all ports & protocals from linux etc. Users were set with authentication, to map my windows users to my linux users (me & me), guest account on, etc.

 

Not an 'Earth saving' problem I have, just curious

 

All help will be rewarded hansomely with wads of cas...... oops....kind words and praise sung 'bout Ye.

 

I'm totally stuck.

[Gowator]

Before I open a special pay pal account.... :deal:

 

Anyway,

To access Win from Linux doesnt really need any samba stuff except the deintion of the smb filesystem (i.e. CIFS)

However there is all the authentification etc to take careof so in practice its a bit more complex :D

 

you have a few options, the easiest of which is to use plain text passwords ... but this obviously isn't secure. You set this in the registry somewhere for the HKEY_LOCAL_MACHINE... I have to soemwhere at home.

 

The second is to make sure your shares are mapped properly.

Windows uses IP$ (or similar) as the generic share. You should have admin priv's to use this share in windows but the actual implementation is specific to the version of windows (surprise surprise)

 

But you should be able to connect directly to a share below so long as the user you are supplying the credentials for has access to that share.

 

You need to make sure the passwords and usernames are identical and perhaps the easiest way is to make a user like guest and assign guest RW to the specific share and make sure the passwords are synchronised (or nono existent whilst you get it working at home) In linux you can actually just remove the password with smbpasswd -n <user> (if memory serves)

 

Anyway, my usual philosophy is start out simple and then add security ....

Hope this helps....

[Vdubjunkie]

I may have misread this, and apologize if I did, but I think arthurking is saying he cannot map shares on his XP box shared by his nix box. If that is the case, the first thing I would do is ditch the gui... anybody know me not see that coming?

 

Open up two terminals. Su to root on both and "killall smbd" "killall nmbd". Then on each terminal "nmbd -i" and "smbd -i" on the other. Nmbd won't likely help you much, but it is all interesting to watch anyway. Watch that smbd as you try to connect.

 

Other things to look over are to visually inspect the /etc/samba/smbpasswd file to ensure the user you are logged in as on the XP box is in there. Once you are sure it is in there, make sure it also exists in /etc/passwd and /etc/shadow (this last one keeps you from having to go plain text on passwords). Once you see that they all exist, sync up the passwords with the following:

passwd <username>

smbpasswd <username>

All of this is to be done as root. Another nice thing to do on the nix box is to perform a "testparm" to make sure all your syntax is good in /etc/samba/smb.conf and then a "smbclient2 -L localhost" or "smbclient -L localhost" for those running pre 2.2.8a. That will show you everything "you" are sharing.

 

Ok, hope this helps. If not, let us know. I have a pretty good amount of experience with Samba troubleshooting as I run a decent little sized mixed network.

[arthurking]

Hi and thanks for your replies,

Vdubjunkie, you got it! I can't understand it, when I had samba running B4 on 9.1 I used what I think are the same settings.

My users on the two different boxes are, winXP= Arthur, Wife. Mdk9.2= root, Arthur, Wife(she doesn't use it yet!).

Using webin to configure samba I set my users, under Username mapping(Unix to Windows) as Arthur-Arthur, Kate-Kate, and I've setting root-Arthur, still no dice.

As I've stated, I had samba running B4 and when I attempted a winXP->Mandrake9.1 connection through Network Neighborhood, windows prompted me for a password, like a login prompt, where I typed my password and got connected.

Now I don't get the login prompt(box) just the warning saying I have no permission.

 

Now I'm typing the # smbclient2 -L localhost and I'm getting 'connection refused'.

When I browse # ~ -L winXP I see the shares!

So now, I believed that I had no firewall set, it's looking like a firewall rule or something. If so, I never had this problem B4. Is 9.2 configured by default to close port 139? I have no I idea how to move from here. I guessing I'm going to have to install a frontend to iptables(I don't know how to set rules) does any one recommend any. I've previously used guarddog on 9.1 and I may have somehow broken samba with it, otherwise easy to understand, with trusted zone and internet zone methodolgy.

 

All help appreciated, thanks.

[Gowator]

Firewall.

I havn't used guarddog but hear good things.

Shorewall is also very good BUT the mandrake config is very confusing.

You can install it usinjg urpmi but then I heartily recommend using the shorewall easystart configs from there site.

 

After that its just a case of using webmin.

(the sorewall docs are really goos and thourough but refer tot heir config not the mandrkae one)

 

If you suspect you have IP tables running you can just diable the service (for now) and see if that helps samba.

Then install a front end like shorewall or guarddog afterwards to make setting the rules easier.

 

But Id still start off and just set samba password to use NO PASSWORD until you are sure where the problem lies. After that you can play about with mapping UNIX->Windows.

 

Fully agree with ditching the GUI... (no surprises there)

If a wizard won't work you usually end up in double the mess afterwards....

 

so stop the iptables service if its running with

/etc/init.d/<iptables> stop ??? (Im on NT at work :D so replace iptables with the name of the service)

and remove it from the init.d scripts with

chkconfig <iptables> off

 

For a single port you can easily check the rules from the CLI and check 139 is open however if you planb on using iptables anyway then you mighest well install a config tool like guarddog or shorewall anyway, if not just stop it...

[Vdubjunkie]

did you get this one to go? Your "connection refused" message I have personally seen.. uh recently. In my case it was "prelude" causing the problem. I had decided to install it and see how good it was and hadn't yet config'd it. However, it was in the startup routine, so...

If all else fails, do a "ps auxw" and check out all the stuff running. Take all your apps to nothing first to lighten the list and go through all of them figuring out what they are with "man" or a google search or whatever. Kill anything you don't need. Make sure to restart smbd and nmbd after each thing you kill to retest. In my case nmbd wouldn't even stay running, so I didn't NEED to kill it, but you get the idea.