Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
samba problem, cannot connect[SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
jserink
l33t
l33t


Joined: 30 Jan 2004
Posts: 944

PostPosted: Fri Dec 23, 2016 3:02 am    Post subject: samba problem, cannot connect[SOLVED] Reply with quote

Hi All:

I received a document I need to work on with some complex MSword formatting so need to work in it in my WIndows7 VM. I booted into my qemu session on all the mapped drives refused to connect with timeouts, so I did this:
Code:

jserinki7 jserink # smbclient -L \\\\192.168.100.1 -U jserink
Enter jserink's password:
protocol negotiation failed: NT_STATUS_IO_TIMEOUT


I have NO idea when this problem started. I donwgraded samba from V4.4.7, which was working, to 4.2.11 and I still have the problem. I never changed anything....I'm confused.
Here is my smb.conf file:
Code:

jserinki7 jserink # cat /etc/samba/smb.conf

[global]
netbios name = MILK
workgroup = TNS
wins support = yes
hosts allow = 192.168.100. 127.0.0.
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 IPTOS_LOWDELAY
use sendfile = yes
log level = 0 passdb:0 auth:0
client signing = auto
# need to add user with smbpasswd -a jserink
passdb backend = smbpasswd
#interfaces = tap0
interfaces = 192.168.100.1/24 127.0.0.1/24
security = user
max protocol = smb2
#client use spnego = No
server string = Samba Server %v
bind interfaces only = yes
map to guest = Bad Password

[WINDOWSD]
path = /home/jserink/folders/InfraStructure/
valid users = jserink
read only = no
write list = jserink jserinkwin7
fstype = ext4
browsable = yes

[XEROX]
path = /home/jserink/xerox/
comment = directory for scans
valid users = xerox
write list = xerox
case sensitive = no
strict locking = no
guest ok = yes
read only = no
fstype = ext4

[WINDOWSF]
path = /home/jserink/folders/
valid users = jserink
read only = no
write list = jserink jserinkwin7
fstype = ext4

[WINDOWSG]
path = /home/jserink/folders/manual/
valid users = jserink
read only = no
write list = jserink
fstype = ext4

[HOME]
path = /home/jserink/
valid users = jserink
read only = no
write list = jserink
browsable = no

[WINDOWSE]
path = /home/jserink/shr/
valid users = jserink
read only = no
write list = jserink
fstype = ext4

#[IMBS]
#path = /mnt/IMBS2014
#valid users = jserink
#read only = yes


This was working fine, and then not.
I have a doc I need to edit in my VM and I am dead in the water here.
As you can see, I tried to turn off security and that didn't fix it......

Googling as failed, this is my /etc/hosts file:
Code:

jserinki7 jserink # cat /etc/hosts
# /etc/hosts: Local Host Database
127.0.0.1   localhost
::1      localhost
192.168.100.1   MILK


I did a tcpdump on lo as doing in on tap produces nothing, and it showed nothing that stuck out.

Anyone else having this issue?

Cheers,
John

[Moderator edit: added [code] tags to preserve output layout. -Hu]


Last edited by jserink on Thu Dec 29, 2016 4:11 am; edited 1 time in total
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14396

PostPosted: Sat Dec 24, 2016 12:07 am    Post subject: Reply with quote

As far as I know, smbclient is, as its name suggests, a client used to contact SMB/CIFS servers. Your Samba configuration files control the Samba daemon that offers services to other systems, and should have no effect on smbclient. Since you also saw problems with the mapped drives, I suspect a problem independent of Samba. I suggest you start by providing the full virtual network topology. Tell us what IP address the host and guest are expected to use. Check those using ipconfig on Windows and ip a on Linux. Tell us the command line you give qemu to create the virtual network card. Check that both your host and guest have their firewalls configured to permit the traffic you need. Check that your routes are set so that the traffic is sent over the correct device. I find it suspicious that your tcpdump of the tap device showed no traffic. There should have been something sent, even if the peer dropped it due to a firewall.
Back to top
View user's profile Send private message
jserink
l33t
l33t


Joined: 30 Jan 2004
Posts: 944

PostPosted: Sat Dec 24, 2016 3:20 am    Post subject: Reply with quote

Hu:

Thanx for getting back to me on this.
I'm using smbclient to 'test' samba from the console, if it doesn't work its likely windows won't work.

Here is my setup in ASCII art:
Code:

tap0                      lo
  |                           |
192.168.100.1     127.0.0.1
  |                           |
VDE Switch--------------
  |                           |
QemuWin7        Linux Host
  |                           |
192.168.100.233   wlp3s0 OR enp0s25


This is my networking at home script:
Code:

jserinki7 jserink # cat linux/homenet.sh
#!/bin/bash
/etc/init.d/wicd start
ip addr del dev enp0s25 192.168.111.199/24


wicd is configured NOT to manage any wired connections, only wifi.

This is my prep script BEFORE firing up Qemu if running on wifi:
Code:

jserinki7 jserink # cat qemu/vde/vdepreparewlan0.sh
#!/bin/bash
vde_switch --numports 4 --mod 777 --group users --tap tap0 -x -d
ip addr add dev tap0 192.168.100.1/24 brd 192.168.100.255
ip link set dev tap0 up
echo "1" > /proc/sys/net/ipv4/ip_forward
dnsmasq --log-queries --interface=tap0
#iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o wlp3s0 -j MASQUERADE
iptables -A FORWARD -j ACCEPT
iptables -A INPUT -i tap0 -j ACCEPT

Here is my qemu startup command:
Code:

jserink@jserinki7 ~/qemu/vde $ cat startVM-1j.sh
#!/bin/bash
qemu-system-x86_64 -boot c -drive file=/home/jserink/VMs/Win_7_Pro.img,index=0,media=disk,format=raw -cdrom /home/jserink/CDs/virtio-win-0.1-49.iso -cpu host -m 12288 -smp 2 -usb -net nic,vlan=0,model=virtio,macaddr=52:54:00:00:EE:07 -net vde -rtc base=localtime -vga qxl -global qxl.vram_size=128000 -name Win7 -monitor telnet:127.0.0.1:12997,server,nowait,ipv4 -spice unix,addr=/tmp/vm_spice.socket,disable-ticketing,playback-compression=off -device virtio-serial-pci -device virtserialport,chardev=spicechannel0,name=com.redhat.spice.0 -chardev spicevmc,id=spicechannel0,name=vdagent -enable-kvm &


And now, new information from this morning, I'll put the results in a table but basically is the response to this command which look like this when successful:
Code:

jserink@jserinki7 ~ $ cat smbasjserink.txt
jserink@jserinki7 ~ $ smbclient -L \\localhost -U jserink
Enter jserink's password:
Domain=[TNS] OS=[Windows 6.1] Server=[Samba 4.2.11]

        Sharename       Type      Comment
        ---------       ----      -------
        WINDOWSD        Disk
        XEROX           Disk      directory for scans
        WINDOWSF        Disk
        WINDOWSG        Disk
        WINDOWSE        Disk
        IPC$            IPC       IPC Service (Samba Server 4.2.11)
Domain=[TNS] OS=[Windows 6.1] Server=[Samba 4.2.11]

        Server               Comment
        ---------            -------
        MILK                 Samba Server 4.2.11

        Workgroup            Master
        ---------            -------
        TNS                  MILK



Note I must use localhost as the target since tap0 is not created yet.
Code:

Test number   command run as     Command Env   Network     Command success
1                     jserink                    before X             none          Yes
2                     jserink                    In X                    none          Yes
3                     jserink                    In X                    homenet    No
4                     root                        before X             none          Yes
5                     root                        In X                    none          Yes
6                     root                        In X                    homenet    No


In short, its the wifi. After the wifi comes up, I have no mare access to samba.
Stopping and starting samba after wifi is up has no effect, I still get this following results:
Code:

jserink@jserinki7 ~ $ whoami
jserink
jserink@jserinki7 ~ $ smbclient -L \\127.0.0.1 -U jserink
Enter jserink's password:
protocol negotiation failed: NT_STATUS_IO_TIMEOUT


Code:
jserinki7 jserink # whoami
root
jserinki7 jserink # smbclient -L \\localhost -U jserink
Enter jserink's password:
protocol negotiation failed: NT_STATUS_IO_TIMEOUT



Ok, I am now going to stop wicd and see what happens, will keep you posted.

Cheers,
John

[Moderator edit: added many [code] tags to preserve output layout. -Hu]
Back to top
View user's profile Send private message
jserink
l33t
l33t


Joined: 30 Jan 2004
Posts: 944

PostPosted: Sat Dec 24, 2016 3:31 am    Post subject: Reply with quote

Ok, confirmed.
I stop wicd, wifi goes off, routing table gets flushed and /etc/resolv.conf becomes empty, smbclient succeeds.

I start wicd, wifi comes up, routing table gets populated and /etc/resolv.conf gets the address of the wifi router, smbclient fails.

Looking at the global section of my smb.conf file, I made the following changes since I assumed that when the wifi comes up, my originating IP address is no longer 127.0.0.1 but 192.168.1.12 from the wifi:
Code:

[global]
netbios name = MILK
workgroup = TNS
wins support = yes
dns proxy = no
hosts allow = 192.168.100. 127.0.0. 192.168.1. 192.168.111.199
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 IPTOS_LOWDELAY
use sendfile = yes
log level = 0 passdb:0 auth:0
client signing = yes
# need to add user with smbpasswd -a jserink
passdb backend = smbpasswd
#interfaces = tap0
interfaces = 192.168.100.1 127.0.0.1
security = user
max protocol = smb2
#client use spnego = No
server string = Samba Server %v
bind interfaces only = yes
encrypt passwords = yes
map to guest = bad user

But this still didn't fix it, I still get the NT_STATUS_IO_TIMEOUT error.

At least I know what to work on now.

Cheers,
John

[Moderator edit: added [code] tags to preserve output layout. -Hu]
Back to top
View user's profile Send private message
jserink
l33t
l33t


Joined: 30 Jan 2004
Posts: 944

PostPosted: Sat Dec 24, 2016 5:38 am    Post subject: Reply with quote

Sorry for the pathetic ASCII art failure above....
Even my results table are all garbled....

In short, my wifi is borking my samba, I need to figure that out.
Back to top
View user's profile Send private message
jserink
l33t
l33t


Joined: 30 Jan 2004
Posts: 944

PostPosted: Sat Dec 24, 2016 8:38 am    Post subject: Reply with quote

Update:

Using ncat I have confirmed that I can connect to TCP services on ports 445 and 139 with wicd running or not.
Using Ncat on UDP I have confirmed I can conenct to 138 and 137 with wicd up or down.

So its not ports being blocked.

I can ping 127.0.0.1 with wifi up or down.

wierd.

john
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14396

PostPosted: Sat Dec 24, 2016 4:19 pm    Post subject: Reply with quote

Your ASCII art would survive, at least partially, if you use [code] tags, which is why I keep editing your posts to add them. The layout isn't perfect, and I didn't try to fix the alignment, only to add code tags around each block of output.

You provided almost all the information I requested, but you left out what looks like it might be the most important piece. Please post the output of ip route from Linux in both the working and non-working cases. If that is not helpful, I suggest using strace to know exactly what peer smbclient tries to contact, since you said that raw connections through NCat work as desired.
Back to top
View user's profile Send private message
jserink
l33t
l33t


Joined: 30 Jan 2004
Posts: 944

PostPosted: Tue Dec 27, 2016 6:58 am    Post subject: Reply with quote

Hi Hu:

Ok, this is before I start wicd:
Code:

jserinki7 jserink # whoami
root
jserinki7 jserink # ip route
jserinki7 jserink #
jserinki7 jserink # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/sit 0.0.0.0 brd 0.0.0.0
3: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether d0:67:e5:33:04:bf brd ff:ff:ff:ff:ff:ff
4: wlp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 24:77:03:04:61:50 brd ff:ff:ff:ff:ff:ff

jserink@jserinki7 ~ $ whoami
jserink
jserink@jserinki7 ~ $ smbclient -L localhost -U jserink
Enter jserink's password:
Domain=[TNS] OS=[Windows 6.1] Server=[Samba 4.2.11]

   Sharename       Type      Comment
   ---------       ----      -------
   WINDOWSD        Disk     
   XEROX           Disk      directory for scans
   WINDOWSF        Disk     
   WINDOWSG        Disk     
   WINDOWSE        Disk     
   IPC$            IPC       IPC Service (Samba Server 4.2.11)
Domain=[TNS] OS=[Windows 6.1] Server=[Samba 4.2.11]

   Server               Comment
   ---------            -------
   MILK                 Samba Server 4.2.11

   Workgroup            Master
   ---------            -------
   TNS                  MILK


As you can see, the routing table is empty and smbclient works as expected.
Next is after I start wicd and the wifi comes up:
Code:

jserinki7 jserink # whoami
root
jserinki7 jserink # ip route
default via 192.168.1.254 dev wlp3s0  src 192.168.1.12  metric 304
192.168.1.0/24 dev wlp3s0  proto kernel  scope link  src 192.168.1.12  metric 304
jserinki7 jserink # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/sit 0.0.0.0 brd 0.0.0.0
3: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether d0:67:e5:33:04:bf brd ff:ff:ff:ff:ff:ff
4: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 24:77:03:04:61:50 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.12/24 brd 192.168.1.255 scope global wlp3s0
       valid_lft forever preferred_lft forever
    inet6 fe80::2677:3ff:fe04:6150/64 scope link
       valid_lft forever preferred_lft forever

jserink@jserinki7 ~ $ whoami
jserink
jserink@jserinki7 ~ $ smbclient -L localhost -U jserink
Enter jserink's password:
protocol negotiation failed: NT_STATUS_IO_TIMEOUT


Very odd.
Here is the netstat output while wifi is up with a putty session opened to 127.0.0.1:139 and another putty session opened to 127.0.0.1:445:
Code:

jserinki7 jserink # netstat -autpn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      2849/cupsd         
tcp        0      0 127.0.0.1:445           0.0.0.0:*               LISTEN      2957/smbd           
tcp        0      0 127.0.0.1:139           0.0.0.0:*               LISTEN      2957/smbd           
tcp        0      0 0.0.0.0:22222           0.0.0.0:*               LISTEN      2991/sshd           
tcp        0      0 127.0.0.1:7634          0.0.0.0:*               LISTEN      2906/hddtemp       
tcp        0      0 127.0.0.1:45243         127.0.0.1:445           ESTABLISHED 10014/putty         
tcp        0      0 192.168.1.12:60570      74.125.200.94:80        ESTABLISHED 6465/libpepflashpla
tcp        0      0 192.168.1.12:46968      74.125.200.94:443       ESTABLISHED 6465/libpepflashpla
tcp        0      0 127.0.0.1:7634          127.0.0.1:37464         TIME_WAIT   -                   
tcp        0      1 192.168.1.12:60604      74.125.68.138:443       LAST_ACK    -                   
tcp        0      0 127.0.0.1:445           127.0.0.1:45243         ESTABLISHED 10108/smbd         
tcp        0      0 192.168.1.12:54242      74.125.200.113:443      ESTABLISHED 6465/libpepflashpla
tcp        0      0 127.0.0.1:7634          127.0.0.1:37460         TIME_WAIT   -                   
tcp        0      0 192.168.1.12:52720      74.125.130.188:5228     ESTABLISHED 6465/libpepflashpla
tcp        0      0 127.0.0.1:7634          127.0.0.1:37472         TIME_WAIT   -                   
tcp        0      0 192.168.1.12:43766      74.125.130.18:443       ESTABLISHED 6465/libpepflashpla
tcp        0      0 127.0.0.1:7634          127.0.0.1:37486         TIME_WAIT   -                   
tcp        0      1 192.168.1.12:39554      74.125.130.102:443      LAST_ACK    -                   
tcp        0      0 127.0.0.1:53157         127.0.0.1:139           ESTABLISHED 9873/putty         
tcp        0      0 192.168.1.12:54924      74.125.130.100:443      ESTABLISHED 6465/libpepflashpla
tcp        0      0 192.168.1.12:38394      74.125.130.189:443      ESTABLISHED 6465/libpepflashpla
tcp        0      0 127.0.0.1:7634          127.0.0.1:37466         TIME_WAIT   -                   
tcp        0      0 127.0.0.1:7634          127.0.0.1:37470         TIME_WAIT   -                   
tcp        0      0 127.0.0.1:7634          127.0.0.1:37488         TIME_WAIT   -                   
tcp        0      1 192.168.1.12:47096      204.187.15.12:443       LAST_ACK    -                   
tcp        0      0 127.0.0.1:7634          127.0.0.1:37468         TIME_WAIT   -                   
tcp        0      0 192.168.1.12:45780      74.125.200.132:443      ESTABLISHED 6465/libpepflashpla
tcp        0      0 192.168.1.12:60162      74.125.68.100:443       ESTABLISHED 6465/libpepflashpla
tcp        0      0 127.0.0.1:7634          127.0.0.1:37462         TIME_WAIT   -                   
tcp        0      0 127.0.0.1:7634          127.0.0.1:37476         TIME_WAIT   -                   
tcp        0      0 127.0.0.1:7634          127.0.0.1:37482         TIME_WAIT   -                   
tcp        0      0 192.168.1.12:51210      74.125.200.139:80       ESTABLISHED 6465/libpepflashpla
tcp        0      0 127.0.0.1:139           127.0.0.1:53157         ESTABLISHED 9961/smbd           
tcp        0      0 127.0.0.1:7634          127.0.0.1:37474         TIME_WAIT   -                   
tcp        0      0 192.168.1.12:35014      74.125.130.139:443      ESTABLISHED 6465/libpepflashpla
tcp6       0      0 ::1:631                 :::*                    LISTEN      2849/cupsd         
tcp6       0      0 :::22222                :::*                    LISTEN      2991/sshd           
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           6465/libpepflashpla
udp        0      0 0.0.0.0:68              0.0.0.0:*                           5858/dhcpcd         
udp    83712      0 0.0.0.0:137             0.0.0.0:*                           2963/nmbd           
udp    68096      0 0.0.0.0:138             0.0.0.0:*                           2963/nmbd         


So it appears that 139 and 445 are open and connected so nothing is blocking.
Scratching my head here.

Cheers,
john
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14396

PostPosted: Wed Dec 28, 2016 3:21 am    Post subject: Reply with quote

An empty routing table looks wrong to me. I would investigate why, when your wireless is down, you have no routes at all. I have a suspicion that your problem is that, without a route for loopback, when you bring up wireless, its default route begins capturing traffic that ought to be routed over lo.
Back to top
View user's profile Send private message
jserink
l33t
l33t


Joined: 30 Jan 2004
Posts: 944

PostPosted: Wed Dec 28, 2016 5:41 am    Post subject: Reply with quote

Good tips Hu.

Ok, it turns out that I had neglected to add net.lo to the default runlevel, I've fixed that now and when I stop /etc/init.d/wicd i get this:
Code:

jserinki7 jserink # ip route
default via 192.168.1.254 dev wlp3s0  src 192.168.1.12  metric 304
127.0.0.0/8 via 127.0.0.1 dev lo
192.168.1.0/24 dev wlp3s0  proto kernel  scope link  src 192.168.1.12  metric 304
jserinki7 jserink # /etc/init.d/wicd stop
 * Stopping wicd daemon and closing connections ...                       [ ok ]
jserinki7 jserink # ip route
127.0.0.0/8 via 127.0.0.1 dev lo


Unfortunately, that doesn't fix my problem. Samba behaves the same way, when wicd is off:
Code:


jserink@jserinki7 ~ $ smbclient -L \\127.0.0.1 -U jserink%dad_7419
Domain=[TNS] OS=[Windows 6.1] Server=[Samba 4.2.11]

   Sharename       Type      Comment
   ---------       ----      -------
   WINDOWSD        Disk     
   XEROX           Disk      directory for scans
   WINDOWSF        Disk     
   WINDOWSG        Disk     
   WINDOWSE        Disk     
   IPC$            IPC       IPC Service (Samba Server 4.2.11)
Domain=[TNS] OS=[Windows 6.1] Server=[Samba 4.2.11]

   Server               Comment
   ---------            -------
   MILK                 Samba Server 4.2.11

   Workgroup            Master
   ---------            -------
   TNS                  MILK


When wicd is started and wifi is connected:
Code:

jserink@jserinki7 ~ $ smbclient -L \\127.0.0.1 -U jserink%dad_7419
protocol negotiation failed: NT_STATUS_IO_TIMEOUT


We're getting close to cracking this. Any other thoughts?

Cheers,
John
Back to top
View user's profile Send private message
jserink
l33t
l33t


Joined: 30 Jan 2004
Posts: 944

PostPosted: Thu Dec 29, 2016 4:17 am    Post subject: Reply with quote

Hi All:

This issue is fixed.

I added the following line to the smb.conf file:
log level = 3

and then did a tail -f /var/log/samba/log.smbd

When I ran this:
smbclient -L \\192.168.100.1 -U jserink

There was a bunch of stuff that came out ending with this:
Code:

[2016/12/29 12:09:28.038288,  3] ../lib/util/util_net.c:256(interpret_string_addr_internal)
  interpret_string_addr_internal: getaddrinfo failed for name jserinki7 (flags 34) [Temporary failure in name resolution]


So I added this in my /etc/hosts file:
127.0.0.1 jserink

fixed.

Cheers,
john
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum