Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Samba "allow hosts" no longer works with hostnames
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
zutme
n00b
n00b


Joined: 11 Dec 2003
Posts: 38

PostPosted: Thu Jun 24, 2010 2:44 am    Post subject: Samba "allow hosts" no longer works with hostnames Reply with quote

I believe this started when I upgraded to 3.4.6. It no longer works when I uses hostnames instead of IP addresses in smb.conf

This is my smb.conf
Code:
# Samba config file created using SWAT
# from UNKNOWN (10.10.10.115)
# Date: 2010/06/23 21:40:23

[global]
   interfaces = eth0
   security = SHARE
   ldap ssl = no

[samba-share]
   comment = All my files for Windows users
   path = /mnt/storage/PUBLIC
   guest ok = Yes

[xfer]
   comment = You can write to this
   path = /mnt/storage/xfer
   read only = No
   guest ok = Yes

[trusted$]
   comment = Michael only
   path = /mnt/storage
   read list = michael
   write list = michael
   read only = No
   guest ok = Yes
   hosts allow = 10.10.10.115


I would like to use the hostname instead of the IP address there on that last line, but if I do that I can no longer access the share.

I can ping the hostname on either end. The hostname is in the hosts file on the server.

Thanks in advance. Sorry if this is unclear.

EDIT: This is a much more verbose version of the conf file

Code:

# Samba config file created using SWAT
# from UNKNOWN (10.10.10.115)
# Date: 2010/06/23 21:44:37

[global]
   dos charset = CP850
   unix charset = UTF-8
   display charset = LOCALE
   workgroup = WORKGROUP
   netbios name = ROHLING1
   netbios aliases =
   netbios scope =
   server string = Samba 3.4.6
   interfaces = eth0
   bind interfaces only = No
   security = SHARE
   auth methods =
   encrypt passwords = Yes
   update encrypted = No
   client schannel = Auto
   server schannel = Auto
   allow trusted domains = Yes
   map to guest = Never
   null passwords = No
   obey pam restrictions = No
   password server = *
   smb passwd file = /var/lib/samba/private/smbpasswd
   private dir = /var/lib/samba/private
   passdb backend = tdbsam
   algorithmic rid base = 1000
   root directory =
   guest account = nobody
   enable privileges = Yes
   pam password change = No
   passwd program =
   passwd chat = *new*password* %n\n *new*password* %n\n *changed*
   passwd chat debug = No
   passwd chat timeout = 2
   check password script =
   username map =
   password level = 0
   username level = 0
   unix password sync = No
   restrict anonymous = 0
   lanman auth = No
   ntlm auth = Yes
   client NTLMv2 auth = No
   client lanman auth = No
   client plaintext auth = No
   preload modules =
   dedicated keytab file =
   kerberos method = default
   map untrusted to domain = No
   log level = 0
   syslog = 1
   syslog only = No
   log file =
   max log size = 5000
   debug timestamp = Yes
   debug prefix timestamp = No
   debug hires timestamp = No
   debug pid = No
   debug uid = No
   debug class = No
   enable core files = Yes
   smb ports = 445 139
   large readwrite = Yes
   max protocol = NT1
   min protocol = CORE
   min receivefile size = 0
   read raw = Yes
   write raw = Yes
   disable netbios = No
   reset on zero vc = No
   acl compatibility = auto
   defer sharing violations = Yes
   nt pipe support = Yes
   nt status support = Yes
   announce version = 4.9
   announce as = NT
   max mux = 50
   max xmit = 16644
   name resolve order = lmhosts wins host bcast
   max ttl = 259200
   max wins ttl = 518400
   min wins ttl = 21600
   time server = No
   unix extensions = Yes
   use spnego = Yes
   client signing = auto
   server signing = No
   client use spnego = Yes
   client ldap sasl wrapping = plain
   enable asu support = No
   svcctl list =
   deadtime = 0
   getwd cache = Yes
   keepalive = 300
   lpq cache time = 30
   max smbd processes = 0
   paranoid server security = Yes
   max disk size = 0
   max open files = 16384
   socket options = TCP_NODELAY
   use mmap = Yes
   hostname lookups = No
   name cache timeout = 660
   ctdbd socket =
   cluster addresses =
   clustering = No
   load printers = Yes
   printcap cache time = 750
   printcap name =
   cups server =
   cups connection timeout = 30
   iprint server =
   disable spoolss = No
   addport command =
   enumports command =
   addprinter command =
   deleteprinter command =
   show add printer wizard = Yes
   os2 driver map =
   mangling method = hash2
   mangle prefix = 1
   max stat cache size = 256
   stat cache = Yes
   machine password timeout = 604800
   add user script =
   rename user script =
   delete user script =
   add group script =
   delete group script =
   add user to group script =
   delete user from group script =
   set primary group script =
   add machine script =
   shutdown script =
   abort shutdown script =
   username map script =
   logon script =
   logon path = \\%N\%U\profile
   logon drive =
   logon home = \\%N\%U
   domain logons = No
   init logon delayed hosts =
   init logon delay = 100
   os level = 20
   lm announce = Auto
   lm interval = 60
   preferred master = No
   local master = Yes
   domain master = Auto
   browse list = Yes
   enhanced browsing = Yes
   dns proxy = Yes
   wins proxy = No
   wins server =
   wins support = No
   wins hook =
   kernel oplocks = Yes
   lock spin time = 200
   oplock break wait time = 0
   ldap admin dn =
   ldap delete dn = No
   ldap group suffix =
   ldap idmap suffix =
   ldap machine suffix =
   ldap passwd sync = no
   ldap replication sleep = 1000
   ldap suffix =
   ldap ssl = no
   ldap ssl ads = No
   ldap timeout = 15
   ldap connection timeout = 2
   ldap page size = 1024
   ldap user suffix =
   ldap debug level = 0
   ldap debug threshold = 10
   eventlog list =
   add share command =
   change share command =
   delete share command =
   preload =
   lock directory = /var/cache/samba
   state directory = /var/lib/samba
   cache directory = /var/lib/samba
   pid directory = /var/run/samba
   default service =
   message command =
   get quota command =
   set quota command =
   remote announce =
   remote browse sync =
   socket address = 0.0.0.0
   homedir map =
   afs username map =
   afs token lifetime = 604800
   log nt token command =
   time offset = 0
   NIS homedir = No
   registry shares = No
   usershare allow guests = No
   usershare max shares = 0
   usershare owner only = Yes
   usershare path = /var/lib/samba/usershares
   usershare prefix allow list =
   usershare prefix deny list =
   usershare template share =
   panic action =
   perfcount module =
   host msdfs = Yes
   passdb expand explicit = No
   idmap backend = tdb
   idmap alloc backend =
   idmap cache time = 604800
   idmap negative cache time = 120
   idmap uid =
   idmap gid =
   template homedir = /home/%D/%U
   template shell = /bin/false
   winbind separator = \
   winbind cache time = 300
   winbind reconnect delay = 30
   winbind enum users = No
   winbind enum groups = No
   winbind use default domain = No
   winbind trusted domains only = No
   winbind nested groups = Yes
   winbind expand groups = 1
   winbind nss info = template
   winbind refresh tickets = No
   winbind offline logon = No
   winbind normalize names = No
   winbind rpc only = No
   comment =
   path =
   username =
   invalid users =
   valid users =
   admin users =
   read list =
   write list =
   printer admin =
   force user =
   force group =
   read only = Yes
   acl check permissions = Yes
   acl group control = No
   acl map full control = Yes
   create mask = 0744
   force create mode = 00
   security mask = 0777
   force security mode = 00
   directory mask = 0755
   force directory mode = 00
   directory security mask = 0777
   force directory security mode = 00
   force unknown acl user = No
   inherit permissions = No
   inherit acls = No
   inherit owner = No
   guest only = No
   administrative share = No
   guest ok = No
   only user = No
   hosts allow =
   hosts deny =
   allocation roundup size = 1048576
   aio read size = 0
   aio write size = 0
   aio write behind =
   ea support = No
   nt acl support = Yes
   profile acls = No
   map acl inherit = No
   afs share = No
   smb encrypt = auto
   block size = 1024
   change notify = Yes
   directory name cache size = 100
   kernel change notify = Yes
   max connections = 0
   min print space = 0
   strict allocate = No
   strict sync = No
   sync always = No
   use sendfile = No
   write cache size = 0
   max reported print jobs = 0
   max print jobs = 1000
   printable = No
   printing = bsd
   cups options =
   print command = lpr -r -P'%p' %s
   lpq command = lpq -P'%p'
   lprm command = lprm -P'%p' %j
   lppause command =
   lpresume command =
   queuepause command =
   queueresume command =
   printer name =
   use client driver = No
   default devmode = Yes
   force printername = No
   printjob username = %U
   default case = lower
   case sensitive = Auto
   preserve case = Yes
   short preserve case = Yes
   mangling char = ~
   hide dot files = Yes
   hide special files = No
   hide unreadable = No
   hide unwriteable files = No
   delete veto files = No
   veto files =
   hide files =
   veto oplock files =
   map archive = Yes
   map hidden = No
   map system = No
   map readonly = yes
   mangled names = Yes
   store dos attributes = No
   dmapi support = No
   browseable = Yes
   access based share enum = No
   browsable = Yes
   blocking locks = Yes
   csc policy = manual
   fake oplocks = No
   locking = Yes
   oplocks = Yes
   level2 oplocks = Yes
   oplock contention limit = 2
   posix locking = Yes
   strict locking = Auto
   share modes = Yes
   dfree cache time = 0
   dfree command =
   copy =
   preexec =
   preexec close = No
   postexec =
   root preexec =
   root preexec close = No
   root postexec =
   available = Yes
   volume =
   fstype = NTFS
   set directory = No
   wide links = No
   follow symlinks = Yes
   dont descend =
   magic script =
   magic output =
   delete readonly = No
   dos filemode = No
   dos filetimes = Yes
   dos filetime resolution = No
   fake directory create times = No
   vfs objects =
   msdfs root = No
   msdfs proxy =

[samba-share]
   comment = All my files for Windows users
   path = /mnt/storage/PUBLIC
   guest ok = Yes

[xfer]
   comment = You can write to this
   path = /mnt/storage/xfer
   read only = No
   guest ok = Yes

[trusted$]
   comment = Michael only
   path = /mnt/storage
   read list = michael
   write list = michael
   read only = No
   guest ok = Yes
   hosts allow = 10.10.10.115
Back to top
View user's profile Send private message
kimmie
Guru
Guru


Joined: 08 Sep 2004
Posts: 531
Location: Australia

PostPosted: Thu Jun 24, 2010 1:10 pm    Post subject: Reply with quote

This is the problem IMHO:
Code:
hostname lookups = No

No is a no no, yes? Yes is what you want. :D
Back to top
View user's profile Send private message
zutme
n00b
n00b


Joined: 11 Dec 2003
Posts: 38

PostPosted: Thu Jun 24, 2010 1:25 pm    Post subject: Reply with quote

Man I thought you had it, but it still doesn't work.

New (verbose) smb.conf

Code:

# Samba config file created using SWAT
# from UNKNOWN (10.10.10.115)
# Date: 2010/06/24 08:24:17

[global]
   dos charset = CP850
   unix charset = UTF-8
   display charset = LOCALE
   workgroup = WORKGROUP
   netbios name = ROHLING1
   netbios aliases =
   netbios scope =
   server string = Samba 3.4.6
   interfaces = eth0
   bind interfaces only = No
   security = SHARE
   auth methods =
   encrypt passwords = Yes
   update encrypted = No
   client schannel = Auto
   server schannel = Auto
   allow trusted domains = Yes
   map to guest = Never
   null passwords = No
   obey pam restrictions = No
   password server = *
   smb passwd file = /var/lib/samba/private/smbpasswd
   private dir = /var/lib/samba/private
   passdb backend = tdbsam
   algorithmic rid base = 1000
   root directory =
   guest account = nobody
   enable privileges = Yes
   pam password change = No
   passwd program =
   passwd chat = *new*password* %n\n *new*password* %n\n *changed*
   passwd chat debug = No
   passwd chat timeout = 2
   check password script =
   username map =
   password level = 0
   username level = 0
   unix password sync = No
   restrict anonymous = 0
   lanman auth = No
   ntlm auth = Yes
   client NTLMv2 auth = No
   client lanman auth = No
   client plaintext auth = No
   preload modules =
   dedicated keytab file =
   kerberos method = default
   map untrusted to domain = No
   log level = 0
   syslog = 1
   syslog only = No
   log file =
   max log size = 5000
   debug timestamp = Yes
   debug prefix timestamp = No
   debug hires timestamp = No
   debug pid = No
   debug uid = No
   debug class = No
   enable core files = Yes
   smb ports = 445 139
   large readwrite = Yes
   max protocol = NT1
   min protocol = CORE
   min receivefile size = 0
   read raw = Yes
   write raw = Yes
   disable netbios = No
   reset on zero vc = No
   acl compatibility = auto
   defer sharing violations = Yes
   nt pipe support = Yes
   nt status support = Yes
   announce version = 4.9
   announce as = NT
   max mux = 50
   max xmit = 16644
   name resolve order = lmhosts wins host bcast
   max ttl = 259200
   max wins ttl = 518400
   min wins ttl = 21600
   time server = No
   unix extensions = Yes
   use spnego = Yes
   client signing = auto
   server signing = No
   client use spnego = Yes
   client ldap sasl wrapping = plain
   enable asu support = No
   svcctl list =
   deadtime = 0
   getwd cache = Yes
   keepalive = 300
   lpq cache time = 30
   max smbd processes = 0
   paranoid server security = Yes
   max disk size = 0
   max open files = 16384
   socket options = TCP_NODELAY
   use mmap = Yes
   hostname lookups = Yes
   name cache timeout = 660
   ctdbd socket =
   cluster addresses =
   clustering = No
   load printers = Yes
   printcap cache time = 750
   printcap name =
   cups server =
   cups connection timeout = 30
   iprint server =
   disable spoolss = No
   addport command =
   enumports command =
   addprinter command =
   deleteprinter command =
   show add printer wizard = Yes
   os2 driver map =
   mangling method = hash2
   mangle prefix = 1
   max stat cache size = 256
   stat cache = Yes
   machine password timeout = 604800
   add user script =
   rename user script =
   delete user script =
   add group script =
   delete group script =
   add user to group script =
   delete user from group script =
   set primary group script =
   add machine script =
   shutdown script =
   abort shutdown script =
   username map script =
   logon script =
   logon path = \\%N\%U\profile
   logon drive =
   logon home = \\%N\%U
   domain logons = No
   init logon delayed hosts =
   init logon delay = 100
   os level = 20
   lm announce = Auto
   lm interval = 60
   preferred master = No
   local master = Yes
   domain master = Auto
   browse list = Yes
   enhanced browsing = Yes
   dns proxy = Yes
   wins proxy = No
   wins server =
   wins support = No
   wins hook =
   kernel oplocks = Yes
   lock spin time = 200
   oplock break wait time = 0
   ldap admin dn =
   ldap delete dn = No
   ldap group suffix =
   ldap idmap suffix =
   ldap machine suffix =
   ldap passwd sync = no
   ldap replication sleep = 1000
   ldap suffix =
   ldap ssl = no
   ldap ssl ads = No
   ldap timeout = 15
   ldap connection timeout = 2
   ldap page size = 1024
   ldap user suffix =
   ldap debug level = 0
   ldap debug threshold = 10
   eventlog list =
   add share command =
   change share command =
   delete share command =
   preload =
   lock directory = /var/cache/samba
   state directory = /var/lib/samba
   cache directory = /var/lib/samba
   pid directory = /var/run/samba
   default service =
   message command =
   get quota command =
   set quota command =
   remote announce =
   remote browse sync =
   socket address = 0.0.0.0
   homedir map =
   afs username map =
   afs token lifetime = 604800
   log nt token command =
   time offset = 0
   NIS homedir = No
   registry shares = No
   usershare allow guests = No
   usershare max shares = 0
   usershare owner only = Yes
   usershare path = /var/lib/samba/usershares
   usershare prefix allow list =
   usershare prefix deny list =
   usershare template share =
   panic action =
   perfcount module =
   host msdfs = Yes
   passdb expand explicit = No
   idmap backend = tdb
   idmap alloc backend =
   idmap cache time = 604800
   idmap negative cache time = 120
   idmap uid =
   idmap gid =
   template homedir = /home/%D/%U
   template shell = /bin/false
   winbind separator = \
   winbind cache time = 300
   winbind reconnect delay = 30
   winbind enum users = No
   winbind enum groups = No
   winbind use default domain = No
   winbind trusted domains only = No
   winbind nested groups = Yes
   winbind expand groups = 1
   winbind nss info = template
   winbind refresh tickets = No
   winbind offline logon = No
   winbind normalize names = No
   winbind rpc only = No
   comment =
   path =
   username =
   invalid users =
   valid users =
   admin users =
   read list =
   write list =
   printer admin =
   force user =
   force group =
   read only = Yes
   acl check permissions = Yes
   acl group control = No
   acl map full control = Yes
   create mask = 0744
   force create mode = 00
   security mask = 0777
   force security mode = 00
   directory mask = 0755
   force directory mode = 00
   directory security mask = 0777
   force directory security mode = 00
   force unknown acl user = No
   inherit permissions = No
   inherit acls = No
   inherit owner = No
   guest only = No
   administrative share = No
   guest ok = No
   only user = No
   hosts allow =
   hosts deny =
   allocation roundup size = 1048576
   aio read size = 0
   aio write size = 0
   aio write behind =
   ea support = No
   nt acl support = Yes
   profile acls = No
   map acl inherit = No
   afs share = No
   smb encrypt = auto
   block size = 1024
   change notify = Yes
   directory name cache size = 100
   kernel change notify = Yes
   max connections = 0
   min print space = 0
   strict allocate = No
   strict sync = No
   sync always = No
   use sendfile = No
   write cache size = 0
   max reported print jobs = 0
   max print jobs = 1000
   printable = No
   printing = bsd
   cups options =
   print command = lpr -r -P'%p' %s
   lpq command = lpq -P'%p'
   lprm command = lprm -P'%p' %j
   lppause command =
   lpresume command =
   queuepause command =
   queueresume command =
   printer name =
   use client driver = No
   default devmode = Yes
   force printername = No
   printjob username = %U
   default case = lower
   case sensitive = Auto
   preserve case = Yes
   short preserve case = Yes
   mangling char = ~
   hide dot files = Yes
   hide special files = No
   hide unreadable = No
   hide unwriteable files = No
   delete veto files = No
   veto files =
   hide files =
   veto oplock files =
   map archive = Yes
   map hidden = No
   map system = No
   map readonly = yes
   mangled names = Yes
   store dos attributes = No
   dmapi support = No
   browseable = Yes
   access based share enum = No
   browsable = Yes
   blocking locks = Yes
   csc policy = manual
   fake oplocks = No
   locking = Yes
   oplocks = Yes
   level2 oplocks = Yes
   oplock contention limit = 2
   posix locking = Yes
   strict locking = Auto
   share modes = Yes
   dfree cache time = 0
   dfree command =
   copy =
   preexec =
   preexec close = No
   postexec =
   root preexec =
   root preexec close = No
   root postexec =
   available = Yes
   volume =
   fstype = NTFS
   set directory = No
   wide links = No
   follow symlinks = Yes
   dont descend =
   magic script =
   magic output =
   delete readonly = No
   dos filemode = No
   dos filetimes = Yes
   dos filetime resolution = No
   fake directory create times = No
   vfs objects =
   msdfs root = No
   msdfs proxy =

[samba-share]
   comment = All my files for Windows users
   path = /mnt/storage/PUBLIC
   guest ok = Yes

[xfer]
   comment = You can write to this
   path = /mnt/storage/xfer
   read only = No
   guest ok = Yes

[trusted$]
   comment = Michael only
   path = /mnt/storage
   read list = michael
   write list = michael
   read only = No
   guest ok = Yes
   hosts allow = rohling5
Back to top
View user's profile Send private message
kimmie
Guru
Guru


Joined: 08 Sep 2004
Posts: 531
Location: Australia

PostPosted: Thu Jun 24, 2010 2:08 pm    Post subject: Reply with quote

Ah crap, me too. Did you try using the fqdn instead? Grrrr.
Back to top
View user's profile Send private message
zutme
n00b
n00b


Joined: 11 Dec 2003
Posts: 38

PostPosted: Thu Jun 24, 2010 2:45 pm    Post subject: Reply with quote

The Windows computer is not a member of any domain, so I don't know what I would enter for a FQDN. This used to work with no problem for at least a year. I have no idea what the problem is.
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 7466

PostPosted: Thu Jun 24, 2010 2:54 pm    Post subject: Reply with quote

check that, maybe you upgrade glibc with samba ?
https://forums.gentoo.org/viewtopic-t-833342-highlight-.html
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 4995
Location: Dallas area

PostPosted: Thu Jun 24, 2010 4:26 pm    Post subject: Reply with quote

zutme wrote:
The Windows computer is not a member of any domain, so I don't know what I would enter for a FQDN. This used to work with no problem for at least a year. I have no idea what the problem is.


What do you get when you do "ping rohling5" from the command line?
_________________
PRIME x570-pro, 3700x, RX 550 - 5.8 zen kernel
Acer E5-575 (laptop), i3-7100u - i965 - 5.5 zen kernel
---both---
gcc 9.3.0, profile 17.1 (no-pie & modified) amd64-no-multilib, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
zutme
n00b
n00b


Joined: 11 Dec 2003
Posts: 38

PostPosted: Thu Jun 24, 2010 4:37 pm    Post subject: Reply with quote

Anon-E-moose wrote:
zutme wrote:
The Windows computer is not a member of any domain, so I don't know what I would enter for a FQDN. This used to work with no problem for at least a year. I have no idea what the problem is.


What do you get when you do "ping rohling5" from the command line?


Code:

PING rohling5 (10.10.10.115) 56(84) bytes of data.
64 bytes from rohling5 (10.10.10.115): icmp_seq=1 ttl=128 time=0.205 ms
64 bytes from rohling5 (10.10.10.115): icmp_seq=2 ttl=128 time=0.117 ms
64 bytes from rohling5 (10.10.10.115): icmp_seq=3 ttl=128 time=0.121 ms
64 bytes from rohling5 (10.10.10.115): icmp_seq=4 ttl=128 time=0.170 ms
64 bytes from rohling5 (10.10.10.115): icmp_seq=5 ttl=128 time=0.127 ms
64 bytes from rohling5 (10.10.10.115): icmp_seq=6 ttl=128 time=0.121 ms
^C
--- rohling5 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 4996ms
rtt min/avg/max/mdev = 0.117/0.143/0.205/0.034 ms
Back to top
View user's profile Send private message
zutme
n00b
n00b


Joined: 11 Dec 2003
Posts: 38

PostPosted: Thu Jun 24, 2010 4:39 pm    Post subject: Reply with quote

krinn wrote:
check that, maybe you upgrade glibc with samba ?
https://forums.gentoo.org/viewtopic-t-833342-highlight-.html


I updated to the latest stable glibc. No luck. Are you saying I should try unstable? I was thinking this probably was a samba thing not a dns thing cause I can ping the windows computer by hostname and it is in the hosts file on the gentoo server.

Edit:
I'm recompiling samba now. I don't know if that was necessary.
Edit:
recompiled, restarted still doesn't work


Last edited by zutme on Thu Jun 24, 2010 5:30 pm; edited 2 times in total
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 4995
Location: Dallas area

PostPosted: Thu Jun 24, 2010 4:50 pm    Post subject: Reply with quote

zutme wrote:
I was thinking this probably was a samba thing not a dns thing cause I can ping the windows computer by hostname and it is in the hosts file on the gentoo server.


It has something to do with either samba, or the way samba does hostname resolution.
Ping works, so the networking/dns resolution works.


If you change the hosts allow line to "hosts allow = # rohling5" does it work?
_________________
PRIME x570-pro, 3700x, RX 550 - 5.8 zen kernel
Acer E5-575 (laptop), i3-7100u - i965 - 5.5 zen kernel
---both---
gcc 9.3.0, profile 17.1 (no-pie & modified) amd64-no-multilib, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
zutme
n00b
n00b


Joined: 11 Dec 2003
Posts: 38

PostPosted: Thu Jun 24, 2010 5:30 pm    Post subject: Reply with quote

Anon-E-moose wrote:
zutme wrote:
I was thinking this probably was a samba thing not a dns thing cause I can ping the windows computer by hostname and it is in the hosts file on the gentoo server.


It has something to do with either samba, or the way samba does hostname resolution.
Ping works, so the networking/dns resolution works.


If you change the hosts allow line to "hosts allow = # rohling5" does it work?


No luck here
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 4995
Location: Dallas area

PostPosted: Thu Jun 24, 2010 5:41 pm    Post subject: Reply with quote

zutme wrote:
Anon-E-moose wrote:
zutme wrote:
I was thinking this probably was a samba thing not a dns thing cause I can ping the windows computer by hostname and it is in the hosts file on the gentoo server.


It has something to do with either samba, or the way samba does hostname resolution.
Ping works, so the networking/dns resolution works.


If you change the hosts allow line to "hosts allow = # rohling5" does it work?


No luck here


What I recommended does is open it completely to any host.
You have a problem but it's not connected to hostnames.

What type windows machine (98/XP/Vista/7) is it?
_________________
PRIME x570-pro, 3700x, RX 550 - 5.8 zen kernel
Acer E5-575 (laptop), i3-7100u - i965 - 5.5 zen kernel
---both---
gcc 9.3.0, profile 17.1 (no-pie & modified) amd64-no-multilib, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
zutme
n00b
n00b


Joined: 11 Dec 2003
Posts: 38

PostPosted: Thu Jun 24, 2010 5:44 pm    Post subject: Reply with quote

Anon-E-moose wrote:
zutme wrote:
Anon-E-moose wrote:
zutme wrote:
I was thinking this probably was a samba thing not a dns thing cause I can ping the windows computer by hostname and it is in the hosts file on the gentoo server.


It has something to do with either samba, or the way samba does hostname resolution.
Ping works, so the networking/dns resolution works.


If you change the hosts allow line to "hosts allow = # rohling5" does it work?


No luck here


What I recommended does is open it completely to any host.
You have a problem but it's not connected to hostnames.

What type windows machine (98/XP/Vista/7) is it?


It is a Windows 7 machine, but it works if I use the machines IP address just fine so it must have something to do with the hostname right?
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 4995
Location: Dallas area

PostPosted: Thu Jun 24, 2010 6:06 pm    Post subject: Reply with quote

If you do "dig -x 10.10.10.115 " what do you get?
_________________
PRIME x570-pro, 3700x, RX 550 - 5.8 zen kernel
Acer E5-575 (laptop), i3-7100u - i965 - 5.5 zen kernel
---both---
gcc 9.3.0, profile 17.1 (no-pie & modified) amd64-no-multilib, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
zutme
n00b
n00b


Joined: 11 Dec 2003
Posts: 38

PostPosted: Thu Jun 24, 2010 6:15 pm    Post subject: Reply with quote

Anon-E-moose wrote:
If you do "dig -x 10.10.10.115 " what do you get?

Code:

dig -x 10.10.10.115

; <<>> DiG 9.4.3-P5 <<>> -x 10.10.10.115
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16477
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;115.10.10.10.in-addr.arpa.     IN      PTR

;; Query time: 54 msec
;; SERVER: 10.10.10.1#53(10.10.10.1)
;; WHEN: Thu Jun 24 13:15:01 2010
;; MSG SIZE  rcvd: 43
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 4995
Location: Dallas area

PostPosted: Thu Jun 24, 2010 6:35 pm    Post subject: Reply with quote

So you're not getting a reverse dns lookup with dig

if you have nslookup what does "nslookup rohling5" return
_________________
PRIME x570-pro, 3700x, RX 550 - 5.8 zen kernel
Acer E5-575 (laptop), i3-7100u - i965 - 5.5 zen kernel
---both---
gcc 9.3.0, profile 17.1 (no-pie & modified) amd64-no-multilib, eudev, openrc, openbox, palemoon


Last edited by Anon-E-moose on Thu Jun 24, 2010 6:37 pm; edited 1 time in total
Back to top
View user's profile Send private message
zutme
n00b
n00b


Joined: 11 Dec 2003
Posts: 38

PostPosted: Thu Jun 24, 2010 6:36 pm    Post subject: Reply with quote

Anon-E-moose wrote:
So you're not getting a reverse dns lookup

if you have nslookup what does "nslookup rohling5" return

Code:

 nslookup rohling5
Server:         10.10.10.1
Address:        10.10.10.1#53

Name:   rohling5
Address: 10.10.10.115
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 4995
Location: Dallas area

PostPosted: Thu Jun 24, 2010 6:40 pm    Post subject: Reply with quote

it looks like the fqdn is "rohling5" otherwise it would have given something more with nslookup.

Not sure what your problem is, other than I would cut the smb.conf file down to only a few options,
until it starts working then add back whatever you need.

for me, it's a pretty short smb.conf
Code:
[global]

   workgroup = WORKGROUP

   server string = Samba Server

   security = share

   hosts allow = 192.168.1. 127.

   max log size = 50

   local master = yes

   domain master = yes

   preferred master = yes

   wins support = yes

   dns proxy = no

[n]
    comment = n filesystem
    path = /n
    read only = No
    guest ok = Yes

[mnt]
    comment = cd filesystem
    path = /mnt
    read only = Yes
    guest ok = Yes

_________________
PRIME x570-pro, 3700x, RX 550 - 5.8 zen kernel
Acer E5-575 (laptop), i3-7100u - i965 - 5.5 zen kernel
---both---
gcc 9.3.0, profile 17.1 (no-pie & modified) amd64-no-multilib, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
zutme
n00b
n00b


Joined: 11 Dec 2003
Posts: 38

PostPosted: Thu Jun 24, 2010 6:47 pm    Post subject: Reply with quote

Anon-E-moose wrote:
it looks like the fqdn is "rohling5" otherwise it would have given something more with nslookup.

Not sure what your problem is, other than I would cut the smb.conf file down to only a few options,
until it starts working then add back whatever you need.

for me, it's a pretty short smb.conf
Code:
[global]

   workgroup = WORKGROUP

   server string = Samba Server

   security = share

   hosts allow = 192.168.1. 127.

   max log size = 50

   local master = yes

   domain master = yes

   preferred master = yes

   wins support = yes

   dns proxy = no

[n]
    comment = n filesystem
    path = /n
    read only = No
    guest ok = Yes

[mnt]
    comment = cd filesystem
    path = /mnt
    read only = Yes
    guest ok = Yes


Mine's actually pretty short too. The big long one I pasted above is something that swat produces when you ask it to display all options.

Here is what the smb.conf file actually looks like:
Code:

[samba-share]
        comment = All my files for Windows users
        path = /mnt/storage/PUBLIC
        guest ok = Yes

[xfer]
        comment = You can write to this
        path = /mnt/storage/xfer
        read only = No
        guest ok = Yes

[trusted$]
        comment = Michael only
        path = /mnt/storage
        read list = michael
        write list = michael
        read only = No
        guest ok = Yes
        hosts allow = 10.10.10.115


Maybe swat is doing something weird. I guess I'll just stick with using the IP address unless anyone else has any ideas.
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 7466

PostPosted: Thu Jun 24, 2010 10:32 pm    Post subject: Reply with quote

Anon-E-moose wrote:

It has something to do with either samba, or the way samba does hostname resolution.
Ping works, so the networking/dns resolution works.


not necessary, there's a function in libc to resolve dns (i think specially fqdn) that is know (for me, google for glibc+dns to get a point) to get in trouble, and if an application use it, application is in trouble, if the application doesn't use glibc then, problem doesn't appears.

You should check the link i gave and you will see the user is able to ping but was unable to resolve dns from some programs. And this was a glibc issue.

zutme:
You should try upgrading glibc, specially if you own a 2.9* version (maybe some others version as well, i know glibc trouble with dns from many glibc versions), well, at least, it won't kill you, building glibc should take 20 minutes, an easy test so.

And like grOsshirn (the user from the other thread) does, you also didn't mention your glibc version, even if it fail you should provide it, it might help (at least me !) to know one that fail and what version is working (i understand, we can't think about everything), so if it work, please provide working glibc version and also failing one for others users (and again for me)
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Thu Jun 24, 2010 10:45 pm    Post subject: Reply with quote

krinn wrote:

not necessary, there's a function in libc to resolve dns (i think specially fqdn) that is know (for me, google for glibc+dns to get a point) to get in trouble, and if an application use it, application is in trouble, if the application doesn't use glibc then, problem doesn't appears.


++

They are numerous, and well documented - for example: http://sourceware.org/bugzilla/show_bug.cgi?id=4980

It's among the reasons for this - http://blog.aurel32.net/?p=47
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
darkphader
Veteran
Veteran


Joined: 09 May 2002
Posts: 1199
Location: Motown

PostPosted: Thu Jun 24, 2010 11:27 pm    Post subject: Reply with quote

Samba uses NetBIOS, FQDN is meaningless here. FYI, "security = share" is deprecated and I highly recommend against using it - use "security = user" instead.

Is the client computer providing its hostname? Check the samba logs (usually /var/log/samba) for entries with that hostname. If you don't see any it could be on the client end.

Chris
_________________
WYSIWYG - What You See Is What You Grep
Back to top
View user's profile Send private message
zutme
n00b
n00b


Joined: 11 Dec 2003
Posts: 38

PostPosted: Fri Jun 25, 2010 1:04 pm    Post subject: Reply with quote

darkphader wrote:
Samba uses NetBIOS, FQDN is meaningless here. FYI, "security = share" is deprecated and I highly recommend against using it - use "security = user" instead.

Is the client computer providing its hostname? Check the samba logs (usually /var/log/samba) for entries with that hostname. If you don't see any it could be on the client end.

Chris


Looks like you are right. What do you make of this?

Code:

[2010/06/25 07:55:29,  0] printing/pcap.c:178(pcap_cache_reload)
  Unable to open printcap file /etc/printcap for read!
[2010/06/25 07:55:29,  0] printing/pcap.c:178(pcap_cache_reload)
  Unable to open printcap file /etc/printcap for read!
[2010/06/25 07:59:50,  0] printing/pcap.c:178(pcap_cache_reload)
  Unable to open printcap file /etc/printcap for read!
[2010/06/25 07:59:50,  0] printing/pcap.c:178(pcap_cache_reload)
  Unable to open printcap file /etc/printcap for read!
[2010/06/25 07:59:50,  0] printing/pcap.c:178(pcap_cache_reload)
  Unable to open printcap file /etc/printcap for read!
[2010/06/25 07:59:50,  0] printing/pcap.c:178(pcap_cache_reload)
  Unable to open printcap file /etc/printcap for read!
[2010/06/25 07:59:53,  1] smbd/service.c:1240(close_cnum)
  __ffff_10.10.10.115 (::ffff:10.10.10.115) closed connection to service trusted$
[2010/06/25 07:59:54,  0] smbd/server.c:1073(main)
  smbd version 3.4.6 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2009
[2010/06/25 07:59:54,  0] printing/pcap.c:178(pcap_cache_reload)
  Unable to open printcap file /etc/printcap for read!
[2010/06/25 07:59:54,  0] printing/pcap.c:178(pcap_cache_reload)
  Unable to open printcap file /etc/printcap for read!
[2010/06/25 07:59:54,  0] smbd/server.c:457(smbd_open_one_socket)
  smbd_open_once_socket: open_socket_in: Address already in use
[2010/06/25 07:59:54,  0] smbd/server.c:457(smbd_open_one_socket)
  smbd_open_once_socket: open_socket_in: Address already in use
[2010/06/25 08:00:11,  1] smbd/service.c:1063(make_connection_snum)
  __ffff_10.10.10.115 (::ffff:10.10.10.115) connect to service samba-share initially as user michael (uid=1001, gid=100) (pid 16391)
[2010/06/25 08:00:11,  1] smbd/service.c:1063(make_connection_snum)
  __ffff_10.10.10.115 (::ffff:10.10.10.115) connect to service xfer initially as user michael (uid=1001, gid=100) (pid 16391)
[2010/06/25 08:00:11,  0] lib/util_sock.c:1564(matchname)
  matchname: host name/address mismatch: ::ffff:10.10.10.115 != rohling5
[2010/06/25 08:00:11,  0] lib/util_sock.c:1685(get_peer_name)
  Matchname failed on rohling5 ::ffff:10.10.10.115
[2010/06/25 08:00:11,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:11,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:11,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:11,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:26,  1] smbd/service.c:1240(close_cnum)
  __ffff_10.10.10.115 (::ffff:10.10.10.115) closed connection to service samba-share
[2010/06/25 08:00:26,  1] smbd/service.c:1240(close_cnum)
  __ffff_10.10.10.115 (::ffff:10.10.10.115) closed connection to service xfer
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)
  Denied connection from UNKNOWN (::ffff:10.10.10.115)
Back to top
View user's profile Send private message
zutme
n00b
n00b


Joined: 11 Dec 2003
Posts: 38

PostPosted: Fri Jun 25, 2010 1:06 pm    Post subject: Reply with quote

krinn wrote:
Anon-E-moose wrote:

It has something to do with either samba, or the way samba does hostname resolution.
Ping works, so the networking/dns resolution works.


not necessary, there's a function in libc to resolve dns (i think specially fqdn) that is know (for me, google for glibc+dns to get a point) to get in trouble, and if an application use it, application is in trouble, if the application doesn't use glibc then, problem doesn't appears.

You should check the link i gave and you will see the user is able to ping but was unable to resolve dns from some programs. And this was a glibc issue.

zutme:
You should try upgrading glibc, specially if you own a 2.9* version (maybe some others version as well, i know glibc trouble with dns from many glibc versions), well, at least, it won't kill you, building glibc should take 20 minutes, an easy test so.

And like grOsshirn (the user from the other thread) does, you also didn't mention your glibc version, even if it fail you should provide it, it might help (at least me !) to know one that fail and what version is working (i understand, we can't think about everything), so if it work, please provide working glibc version and also failing one for others users (and again for me)


Currently running sys-libs/glibc-2.11.1

Should I upgrade to the unstable? If I do should I recompile samba for the changes to go into effect?
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 7466

PostPosted: Fri Jun 25, 2010 1:22 pm    Post subject: Reply with quote

i don't think so, i'm using 2.10 and it works, even it's not a proof 2.11 (branching tree can affect a version when a version in the middle might use a non affect branch...) cannot be affect, well, it shouldn't :)


but i will keep in mind 2.11.1 might be affect.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum