From owner-freebsd-questions Sun Oct 27 10:57:49 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E3F4237B401 for ; Sun, 27 Oct 2002 10:57:43 -0800 (PST) Received: from mail.bg (dialup252.varna.spnet.net [213.169.38.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5B8C43E77 for ; Sun, 27 Oct 2002 10:57:38 -0800 (PST) (envelope-from dpenev@mail.bg) Received: from mail.bg (localhost [127.0.0.1]) by mail.bg (8.12.5/8.12.5) with ESMTP id g9RHv1SI000306; Sun, 27 Oct 2002 19:57:01 +0200 (EET) (envelope-from dpenev@mail.bg) Received: (from root@localhost) by mail.bg (8.12.5/8.12.5/Submit) id g9RHudZa000297; Sun, 27 Oct 2002 19:56:39 +0200 (EET) Date: Sun, 27 Oct 2002 19:56:39 +0200 From: "D. Penev" To: sroberts@dsl.pipex.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] Message-ID: <20021027175639.GA240@earth.dpsca.bg> Mail-Followup-To: sroberts@dsl.pipex.com, freebsd-questions@FreeBSD.ORG References: <1035155219.539.2.camel@Demon.vickiandstacey.com> <3DB35946.4070908@cream.org> <1035225240.539.14.camel@Demon.vickiandstacey.com> <20021026212622.GA240@earth.dpsca.bg> <1035668870.382.53.camel@Demon.vickiandstacey.com> <20021027071532.GA263@earth.dpsca.bg> <1035715849.2189.26.camel@Demon.vickiandstacey.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <1035715849.2189.26.camel@Demon.vickiandstacey.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Oct 27, 2002 at 10:50:47AM +0000, Stacey Roberts wrote: >Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] >From: Stacey Roberts >To: "D. Penev" >Cc: FreeBSD Questions >Date: 27 Oct 2002 10:50:47 +0000 > >Hi, > Here's the relevant lines in my firewall: >00620 allow udp from any to any 137 keep-state out xmit sis0 >00621 allow tcp from any to any 137 keep-state out xmit sis0 Add: 00622 allow udp from to any 137,138 keep-state in recv sis0 >00623 allow log logamount 10 tcp from to me 137,138 ^^ use any because win2k use broadcast if you don't have wins server >keep-state in recv sis0 setup >00624 allow udp from any to any 138 keep-state out xmit sis0 >00625 allow tcp from any to any 138 keep-state out xmit sis0 > >The output from nbtstat -A : >"Host not found" > >The output from nbtstat -c: >"No names in cache" > >After running both commands, no new entries in /var/log/security appear >for packets issued from Win2K box. > >Hope this helps. > >Stacey > >On Sun, 2002-10-27 at 07:15, D. Penev wrote: >> On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote: >> >Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] >> >From: Stacey Roberts >> >To: "D. Penev" >> >Cc: FreeBSD Questions >> >Date: 26 Oct 2002 22:47:48 +0100 >> > >> >Hi, >> > Thanks for the reply. I should mention that I've made some progress >> >with my efforts to set up a samba PDC for my Win2K clients. >> > >> >First of all I am now able to successfully complete all tests in the >> >recommended "DIAGNOSTICS.TXT" at >> >http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:- >> > >> >test 8: On the PC type the command "net view \\BIGSERVER" >> > >> >Specifically, I am only able to complete this test by using the IP Addr >> >of the samba server in place of its name. Likewise for test 9 that >> >follows. >> > >> >Recapping, I *am* able to serve share dirs to *NIX clients as well as >> >the Win2K boxes, with the caveat that for the Windows boxes, I have to >> >use the IP Addr of the samba server. This is not an issue for other >> >(*NIX) client hosts. >> > >> >Needless to say, I am not as yet able to have the Win2K boxes join the >> >domain as described in Chapter 9. (How to Configure Samba 2.2 as a >> >Primary Domain Controller - 9.4.3. Joining the Client to the Domain.4.3. >> >Joining the Client to the Domain). I still get the MS error when I click >> >"OK" after entering the domain as defined in smb.conf. >> > >> >Hope this presents somewhat a clearer description of the current status >> >here. Do get back to if you would require more information in assisting >> >me in resolving this. >> >> >From you description of the problem it's looks like that win2k box can't >> make resolving of names to ip address. That's why I accent to firewall >> because according to you logs ipfw block port 137, which is used to >> resolve NetBIOS names to IP address. I make a little test and block port >> 137 on my PDC (Samba 2.2.4 on NetBSD) and results are the same as yours. >> If that is true (blocking of netbios-ns port) you PDC can't register >> as domain controler, and workstations when is joined to domain can't find >> who is PDC for this domain. >> What are you firewall rules? >> What's show "nbtstat -A YOU_SAMBA_SERVER" and "nbtstat -c" on win2k box? >> >> > >> >Thanks >> > >> >On Sat, 2002-10-26 at 22:26, D. Penev wrote: >> >> On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote: >> >> >Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] >> >> >From: Stacey Roberts >> >> >To: Andrew Boothman >> >> >Cc: sroberts@dsl.pipex.com, >> >> > FreeBSD Questions >> >> >Date: 21 Oct 2002 19:33:58 +0100 >> >> > >> >> >Hello, >> >> > I'd appreciate some help from anyone who's got samba 2.2.6 running >> >> >on FreeBSD as a PDC for Win2K client wkstations, please. >> >> > >> >> >I'm trying to following the SAMBA How-To at: >> >> >http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60 >> >> >but fail at the smbclient -L stage: >> >> > >> >> ># smbclient -L -N Demon >> >> >added interface ip=192.168.1.8 bcast=192.168.1.255 nmask=255.255.255.0 >> >> >Packet send failed to 192.168.1.255(137) ERRNO=Permission denied >> >> >Connection to -N failed >> >> ># >> >> > >> >> >I get these entries in /var/log/security: >> >> >Oct 21 19:31:08 Demon /kernel: ipfw: 910 Deny UDP :2308 >> >> >:137 out via sis0 >> >> >> >> You firewall blocks packets to port 137 (netbios-ns). That's >> >> why you can access samba server with ip address and not by name. >> >> >> >> > >> >> >Please help me out here. >> >> > >> >> >Stacey >> >> > >> >> >On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: >> >> >> Stacey Roberts wrote: >> >> >> > Hello, >> >> >> > I've got 2 WIN2K Pro workstations on my home lan that I'd like to >> >> >> > enable network logon for. I've been banging my head against a wall for >> >> >> > the last four hours trying to get this sorted, but to no avail. >> >> >> > >> >> >> > I keep getting the same error when trying to enter the Domain name into >> >> >> > the "WORKGROUP" field in Win2K network properties: >> >> >> > >> >> >> > "The following error occured validating the name "my_domainname", This >> >> >> > condition may be caused by a DNS lookup problem. For more information >> >> >> > about troubleshooting common DNS lookup problems see the following >> >> >> > Microsoft blah., blah.., blah.., >> >> >> > >> >> >> > The specified domain either does not exist or could not be contacted". >> >> >> >> >> >> Have you added machine accounts to the FreeBSD box for the client boxes? >> >> >> >> >> >> You need machine accounts that look like clientname$ (dollar sign at >> >> >> end) added both as local accounts and then again with smbpasswd passing >> >> >> whatever the appropriate switch is to create a machine account. >> >> >> >> >> >> I have a FreeBSD box here acting as a PDC so we should be able to find >> >> >> the problem. >> >> >> >> >> >> Andrew. >> >> >> >> >> >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> >> >> with "unsubscribe freebsd-questions" in the body of the message >> >> >-- >> >> >Stacey Roberts >> >> >B.Sc (HONS) Computer Science >> >> > >> >> >Web: www.vickiandstacey.com >> >> > >> >> >> >> >> >> >> >> -- >> >> Regards, >> >> D. Penev >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> >> with "unsubscribe freebsd-questions" in the body of the message >> >-- >> >Stacey Roberts >> >B.Sc (HONS) Computer Science >> > >> >Web: www.vickiandstacey.com >> > >> >> >> >> -- >> Regards, >> D. Penev >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >-- >Stacey Roberts >B.Sc (HONS) Computer Science > >Web: www.vickiandstacey.com > -- Regards, D. Penev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message