Samba "allow hosts" no longer works with hostnames

[darkphader]

[kimmie]

Hmm. First I typed out the stuff below. Then I decided to try out hosts allow for myself. I'm seeing the same problem as you. DOH! BTW I'm using glibc-2.10.1-r1 and samba-3.4.6. Seeing as I'd already typed the following I might as well post it, you might find it interesting. But I don't think it will solve your problem! Like I said, hmmmm.

If the problem is in name resolution, here's a couple more things to try. (I'm presuming you aren't using a wins server to resolve windows names, if you are, you should be fixing that somehow, but I can't really advise you there, I've never done that myself.)

• Your logs show ipv6 addresses. Do you have the machine named in hosts or LMHOSTS with the ipv6 address as well as ipv4?
  
  
• Use "smb ports = 139" instead of "445 139". The LANMAN protocol differs depending what port is used. This is usually used so that the server gets the name the client used to refer to it, so it can have multiple names, and multiple "personalities" using "include = ... %L ..."; I know this isn't your situation, but it's worth a shot.
  
  
• Make sure your samba is merged with USE=winbindd. Change the hosts line in /etc/nssswitch.conf to read "hosts: files dns wins" (actually, just add wins to the end, not sure what yours is now). This makes normal name lookups on your host go to nmbd if they can't be otherwise resolved. It has the handy side effect that you can now do things like "ping winbox" if WINBOX is a windows machine on your lan and it's not in dns or a hosts file. UNIX purists will probably hate this, but that fact is that often a home LAN doesn't have a dns server; maybe the router's too dumb and there's no other machine that's on all the time and suitable for a dns server. That's why LANMAN networking is peer-to-peer. This change allows you to take advantage of that. You can even do this on all your unix boxes by running nmbd on them too, no need for smbd. I use this myself, it's very practical. Also, don't get confused, there's no need to actually run a wins server (wnbindd), despite the USE flag.

[zutme]

[krinn]

try (if you can)
wget -4 rohling5://afile
then wget -6 rohling5://afile

[Anon-E-moose]

IPV6 is what is causing problems

[zutme]

[zutme]

[zutme]

I tried switching off IPv6 in Windows 7 and it didn't work. I also dual-boot this machine with Ubuntu. It didn't work trying to connect to it on Ubuntu either. Same hostname / IP in both Windows and Ubuntu.

[kimmie]

Well, I managed to get this working in my setup . Hopefully that means you can too!

I'm using /etc/hosts because reverse dns lookup doesn't work for my samba clients; from the "dig -x" results earlier in this thread it looks like it's the same for you.

To get "hosts allow" working, I needed to have "hostname lookups = Yes" and "hosts allow = clientname" in smb.conf. Also the clientname has to appear as the _canonical_ name (ie. the first one listed, not an alias) in /etc/hosts. If your hosts file entry looks like "10.0.1.1 clientname.mydomain clientname" it won't work. In this case, you'd need to put "hosts allow = clientname.mydomain" in your smb.conf to match the canonical name.

I'm using IPv4 addresses and it looks like you're using IPv6, so your /etc/hosts line should probably contain "::ffff:10.10.10.115 clientname" if it doesn't already. You can have both ipv4 and v6 lines in /etc/hosts for the same host.

Also, I've found I need to restart samba after changes to the hosts file, because it caches results.

FYI, as I said earlier, I'm using stable: samba-3.4.6 glibc-2.10.1-r1. You shouldn't need to move to unstable. Samba was built with USE="acl aio caps client cups doc examples netapi pam readline server smbclient swat syslog winbind -addns -ads -avahi -cluster -debug -fam -ldap -ldb -quota -smbsharemodes"

If it still doesn't work, a longshot: I'm using "name resolve order = host bcast" in /etc/smb.conf; that's not the default, which is "lmhosts host wins bcast". I don't believe that this setting controls reverse lookups, so it shouldn't make any difference; but if your setting doesn't contain "host" or if you're using LMHOSTS and there's a wrong entry in there then maybe that's causing the problem. But probably not, as I said it's a longshot.

Also, a word of caution (in opposition to some of the comments in this thread): Samba _can_ use netbios without fqdns, buts that's not the only way it resolves names, even in the default setup. In any case, it still does reverse name lookups using the resolver library (NOT netbios), which is configured by /etc/nsswitch.conf and /etc/host.conf AND /etc/resolv.conf, and which handles fqdns in different ways depending on configuration. Also, nslookup and dig will _never_ find names from /etc/hosts, forward or reverse because they only do dns queries. It's not simple, and it's confusing for everyone. If you want to get down and dirty with this stuff, a good place to look is http://pm.97things.oreilly.com/wiki/index.php/Linux_in_a_Windows_World/Sharing_Files_and_Printers/Linux_as_an_SMB/CIFS_Client

[Anon-E-moose]

Kimie, I agree that samba should be bounced when making config changes, I just took it for granted that others realized that.


Here are some links to getting samba and ipv6 working together (I time delimited the searches to the last 6 months or so)

http://www.google.com/search?q=samba+and+ipv6&hl=en&lr=lang_en&safe=off&sa=X&ei=I84lTJHzO4L48AbJutjWDw&ved=0CBUQpwU&tbs=cdr%3A1%2Ccd_min%3A1%2F1%2F2010%2Ccd_max%3A&tbo=s

Good luck
_________________
PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland

[zutme]

[kimmie]

Terrific! Now I have an excuse to to go have a beer!!!