Bug 188390

Summary: Samba shares do not work by default
Product: [Fedora] Fedora Reporter: Joel Schaerer <joel.schaerer>
Component: system-config-sambaAssignee: Nils Philippsen <nphilipp>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 5Keywords: Reopened
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-28 07:43:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joel Schaerer 2006-04-08 22:14:05 UTC 
Description of problem:

Due to iptables blocking incomming samba trafic by default, samba shares don't
work without difficult iptables reconfiguration.
Sys-config-samba does not warn in anyway about the problem, so the user is left
with a network that does not work, without any clue as to what may be the problem.

Expected results:
Intallation of the samba packages should provide the option to open ports.
If that is not possible, sys-config-samba should provide the option.
Comment 1 Joel Schaerer 2007-08-24 11:47:35 UTC 
How is this "not a bug"???
Comment 2 Nils Philippsen 2007-08-28 07:43:02 UTC 
This is not a bug in the configuration tool for Samba (or Samba itself) because:

- It is possible to break almost any application by misconfiguring the firewall.
- It is far from trivial to detect such wrong configuration reliably for a
single application. For instance (and this is just one example), a failed check
to reach a specific TCP port can be due to the firewall or SELinux.
- The user is asked about the firewall setting either during installation or the
first boot process (depends on the Fedora version). Therefore the argument that
he wasn't aware of it doesn't really count.

Like SELinux, a firewall is a Mandatory Access Control system where rules are
kept separate from the governed object (the Samba server app in this case). You
should've been asked about its settings during installation or the first bootup.
It would've been easy to enable Samba at that point (or during a later point
with system-config-securitylevel). I don't buy the argument that
system-config-samba or samba itself should somehow make up for that omission ;-).