Bug 38102
Summary: | Samba nmblookup fails using default installation | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Need Real Name <sboland> |
Component: | samba | Assignee: | Trond Eivind Glomsrxd <teg> |
Status: | CLOSED NOTABUG | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.1 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2001-05-07 19:10:45 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Need Real Name
2001-04-27 19:12:22 UTC
Do you have a firewall configured? If the firewall is installed by default on the Redhat7.1 system, then yes. Otherwise no. The machines in question are on the same network segment. There is firewall configuration in the installer, yes... What does 'ipchains -L input' say? Here is the output.. I don't seen anything set to reject the samba ports though. Chain input (policy ACCEPT): target prot opt source destination ports ACCEPT udp ------ ausdhcp.aus.pervasive.com anywhere domain -> any ACCEPT all ------ anywhere anywhere n/a REJECT tcp -y---- anywhere anywhere any -> 0:1023 REJECT tcp -y---- anywhere anywhere any -> nfs REJECT udp ------ anywhere anywhere any -> 0:1023 REJECT udp ------ anywhere anywhere any -> nfs REJECT tcp -y---- anywhere anywhere any -> x11:6009 REJECT tcp -y---- anywhere anywhere any -> xfs It's rejecting TCP connections on ports < 1023 (and UDP also); that certainly will do it. Sorry, my brain was nonfunctional during the previous reply. Yes, it's obvious that tcp and udp where blocked on the ports I needed. I'm still not sure where during the installation I was prompted to include the default firewall setup. It might be neccessary to add code to the samba start script to check for access to the required ports and inform the user when this will be a problem. To solve my problem I simply edited /etc/sysconfig/ipchains manually to remove the reject rules. A better solution would have denied access outside the local network, but I was just trying for quick confirmation. Thank you for the help. Does the need for samba script check count as a separate bug that will need to be opened? Otherwise this one should now be closed. I don't know that we can change the init script in that manner, as it's non-trivial to deduce from the firewall rules whether or not it's blocked intentionally; for example, that output doesn't say anything about the interfaces things are or aren't blocked on. A good point. The problem is when the firewall rules are included, a user needs to poke holes in the firewall for SMB to work. This is not evidenced in any of the configuration tools or the smb.conf file. At a minimum this conflict will need better documentation for poor ignorant souls like myself. :) Options I can see: 1. Warn during samba install if the default firewall rules were installed. Problem: could be ignored. 2. Have the samba install add ACCEPT rules for the SMB ports to the ipchains file. Problem: dangerous to secure environments 3. Add definitions of wild, NMZ, and safe network zones. Use these to determine firewall rules in the first place. Determining "I'd like to firewall this, but not this, and of course this interface is safe" is an administrative task, not a bug. |