Skip site navigation (1)Skip section navigation (2)
Date:      27 Oct 2002 19:14:21 +0000
From:      Stacey Roberts <stacey@Demon.vickiandstacey.com>
To:        "D. Penev" <dpenev@mail.bg>
Cc:        sroberts@dsl.pipex.com, FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject:   Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
Message-ID:  <1035746063.65564.22.camel@Demon.vickiandstacey.com>
In-Reply-To: <20021027175639.GA240@earth.dpsca.bg>
References:  <1035155219.539.2.camel@Demon.vickiandstacey.com> <3DB35946.4070908@cream.org> <1035225240.539.14.camel@Demon.vickiandstacey.com> <20021026212622.GA240@earth.dpsca.bg> <1035668870.382.53.camel@Demon.vickiandstacey.com> <20021027071532.GA263@earth.dpsca.bg> <1035715849.2189.26.camel@Demon.vickiandstacey.com>  <20021027175639.GA240@earth.dpsca.bg>

next in thread | previous in thread | raw e-mail | index | archive | help

--=-g87ovi9pOiD8z/ktb5nM
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi,
   I've got a break-through..,

I've been testing with new ipfw options and now I'm able to get past
entering the "Domain" and clicking "OK".

Now I am getting the "Password to log into Domain" dialogue box appear.
This is the amended rule that appears to make this work:
$fwcmd add 00622 allow log udp from $oip to me 137-139 in via $oif
$fwcmd add 00624 allow udp from any to any 137-139 out via $oif

However, for now, I'm getting: "The specified user does not exist" when
I enter [root] and [root's samba passwd]

Any thoughts? Don't think I'm not appreciating your patient efforts to
assist me.

Cheers!
Stacey

On Sun, 2002-10-27 at 17:56, D. Penev wrote:
> On Sun, Oct 27, 2002 at 10:50:47AM +0000, Stacey Roberts wrote:
> >Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients=
?]
> >From: Stacey Roberts <stacey@Demon.vickiandstacey.com>
> >To: "D. Penev" <dpenev@mail.bg>
> >Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
> >Date: 27 Oct 2002 10:50:47 +0000
> >
> >Hi,
> >  Here's the relevant lines in my firewall:
> >00620 allow udp from any to any 137 keep-state out xmit sis0
> >00621 allow tcp from any to any 137 keep-state out xmit sis0
>=20
> Add:
>=20
> 00622 allow udp from <Win2KBox> to any 137,138 keep-state in recv sis0
>=20
> >00623 allow log logamount 10 tcp from <Win2KBox> to me 137,138
>                                                      ^^ use any because
>                                                         win2k use broadca=
st
>                                                         if you don't have
>                                                         wins server
> >keep-state in recv sis0 setup
> >00624 allow udp from any to any 138 keep-state out xmit sis0
> >00625 allow tcp from any to any 138 keep-state out xmit sis0
> >
> >The output from nbtstat -A <SAMBA_SERVER_IP>:
> >"Host not found"
> >
> >The output from nbtstat -c:
> >"No names in cache"
> >
> >After running both commands, no new entries in /var/log/security appear
> >for packets issued from Win2K box.
> >
> >Hope this helps.
> >
> >Stacey
> >
> >On Sun, 2002-10-27 at 07:15, D. Penev wrote:
> >> On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote:
> >> >Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clie=
nts?]
> >> >From: Stacey Roberts <stacey@Demon.vickiandstacey.com>
> >> >To: "D. Penev" <dpenev@mail.bg>
> >> >Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
> >> >Date: 26 Oct 2002 22:47:48 +0100
> >> >
> >> >Hi,
> >> >  Thanks for the reply. I should mention that I've made some progress
> >> >with my efforts to set up a samba PDC for my Win2K clients.
> >> >
> >> >First of all I am now able to successfully complete all tests in the
> >> >recommended "DIAGNOSTICS.TXT" at
> >> >http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:-
> >> >
> >> >test 8: On the PC type the command "net view \\BIGSERVER"
> >> >
> >> >Specifically, I am only able to complete this test by using the IP Ad=
dr
> >> >of the samba server in place of its name. Likewise for test 9 that
> >> >follows.
> >> >
> >> >Recapping, I *am* able to serve share dirs to *NIX clients as well as
> >> >the Win2K boxes, with the caveat that for the Windows boxes, I have t=
o
> >> >use the IP Addr of the samba server. This is not an issue for other
> >> >(*NIX) client hosts.
> >> >
> >> >Needless to say, I am not as yet able to have the Win2K boxes join th=
e
> >> >domain as described in Chapter 9. (How to Configure Samba 2.2 as a
> >> >Primary Domain Controller - 9.4.3. Joining the Client to the Domain.4=
.3.
> >> >Joining the Client to the Domain). I still get the MS error when I cl=
ick
> >> >"OK" after entering the domain as defined in smb.conf.
> >> >
> >> >Hope this presents somewhat a clearer description of the current stat=
us
> >> >here. Do get back to if you would require more information in assisti=
ng
> >> >me in resolving this.
> >>=20
> >> >From you description of the problem it's looks like that win2k box ca=
n't
> >> make resolving of names to ip address. That's why I accent to firewall
> >> because according to you logs ipfw block port 137, which is used to=20
> >> resolve NetBIOS names to IP address. I make a little test and block po=
rt
> >> 137 on my PDC (Samba 2.2.4 on NetBSD) and results are the same as your=
s.
> >> If that is true (blocking of netbios-ns port) you PDC can't register
> >> as domain controler, and workstations when is joined to domain can't f=
ind
> >> who is PDC for this domain.
> >> What are you firewall rules?
> >> What's show "nbtstat -A YOU_SAMBA_SERVER" and "nbtstat -c" on win2k bo=
x?
> >> =20
> >> >
> >> >Thanks
> >> >
> >> >On Sat, 2002-10-26 at 22:26, D. Penev wrote:
> >> >> On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote:
> >> >> >Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clien=
ts?]
> >> >> >From: Stacey Roberts <stacey@Demon.vickiandstacey.com>
> >> >> >To: Andrew Boothman <andrew@cream.org>
> >> >> >Cc: sroberts@dsl.pipex.com,
> >> >> >	FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
> >> >> >Date: 21 Oct 2002 19:33:58 +0100
> >> >> >
> >> >> >Hello,
> >> >> >     I'd appreciate some help from anyone who's got samba 2.2.6 ru=
nning
> >> >> >on FreeBSD as a PDC for Win2K client wkstations, please.
> >> >> >
> >> >> >I'm trying to following the SAMBA How-To at:
> >> >> >http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60
> >> >> >but fail at the smbclient -L <PDC host> stage:
> >> >> >
> >> >> ># smbclient -L -N Demon
> >> >> >added interface ip=3D192.168.1.8 bcast=3D192.168.1.255 nmask=3D255=
.255.255.0
> >> >> >Packet send failed to 192.168.1.255(137) ERRNO=3DPermission denied
> >> >> >Connection to -N failed
> >> >> >#=20
> >> >> >
> >> >> >I get these entries in /var/log/security:
> >> >> >Oct 21 19:31:08 Demon /kernel: ipfw: 910 Deny UDP <My IP>:2308
> >> >> ><net.255>:137 out via sis0
> >> >>=20
> >> >> You firewall blocks packets to port 137 (netbios-ns). That's
> >> >> why you can access samba server with ip address and not by name.
> >> >>=20
> >> >> >=20
> >> >> >Please help me out here.
> >> >> >
> >> >> >Stacey
> >> >> >
> >> >> >On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote:
> >> >> >> Stacey Roberts wrote:
> >> >> >> > Hello,=20
> >> >> >> >      I've got 2 WIN2K Pro workstations on my home lan that I'd=
 like to
> >> >> >> > enable network logon for. I've been banging my head against a =
wall for
> >> >> >> > the last four hours trying to get this sorted, but to no avail=
.=20
> >> >> >> >=20
> >> >> >> > I keep getting the same error when trying to enter the Domain =
name into
> >> >> >> > the "WORKGROUP" field in Win2K network properties:=20
> >> >> >> >=20
> >> >> >> > "The following error occured validating the name "my_domainnam=
e", This
> >> >> >> > condition may be caused by a DNS lookup problem. For more info=
rmation
> >> >> >> > about troubleshooting common DNS lookup problems see the follo=
wing
> >> >> >> > Microsoft blah., blah.., blah..,=20
> >> >> >> >=20
> >> >> >> > The specified domain either does not exist or could not be con=
tacted".
> >> >> >>=20
> >> >> >> Have you added machine accounts to the FreeBSD box for the clien=
t boxes?
> >> >> >>=20
> >> >> >> You need machine accounts that look like clientname$ (dollar sig=
n at=20
> >> >> >> end) added both as local accounts and then again with smbpasswd =
passing=20
> >> >> >> whatever the appropriate switch is to create a machine account.
> >> >> >>=20
> >> >> >> I have a FreeBSD box here acting as a PDC so we should be able t=
o find=20
> >> >> >> the problem.
> >> >> >>=20
> >> >> >> Andrew.
> >> >> >>=20
> >> >> >>=20
> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org
> >> >> >> with "unsubscribe freebsd-questions" in the body of the message
> >> >> >--=20
> >> >> >Stacey Roberts
> >> >> >B.Sc (HONS) Computer Science
> >> >> >
> >> >> >Web: www.vickiandstacey.com
> >> >> >
> >> >>=20
> >> >>=20
> >> >>=20
> >> >> --=20
> >> >> Regards,
> >> >> D. Penev
> >> >>=20
> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org
> >> >> with "unsubscribe freebsd-questions" in the body of the message
> >> >--=20
> >> >Stacey Roberts
> >> >B.Sc (HONS) Computer Science
> >> >
> >> >Web: www.vickiandstacey.com
> >> >
> >>=20
> >>=20
> >>=20
> >> --=20
> >> Regards,
> >> D. Penev
> >>=20
> >> To Unsubscribe: send mail to majordomo@FreeBSD.org
> >> with "unsubscribe freebsd-questions" in the body of the message
> >--=20
> >Stacey Roberts
> >B.Sc (HONS) Computer Science
> >
> >Web: www.vickiandstacey.com
> >
>=20
>=20
>=20
> --=20
> Regards,
> D. Penev
--=20
Stacey Roberts
B.Sc (HONS) Computer Science

Web: www.vickiandstacey.com


--=-g87ovi9pOiD8z/ktb5nM
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQEVAwUAPbw7C5vQeubckvvXAQGbKAf/cfgmp2M6ISTr3Z3UHezr3DI5qia+Fq6D
ZCvqPZehmUx9VHug20IqOmUKbrzRt8VCMVD17hf01QI3AkeGjt29GOvOXFFiGD38
5iVOCEo5gr1fW0a3wkOHTfwFd7SL+3DAA2alzHICNJTuSet+1HniCIoqFJINE8LI
cH+MLe6oEoSLZqgHFHouKbZLDv2S1cwPrp/XDqbM7E/TxmflLtQTT4xTmX2QSCXi
jbGBUvsYIW/fmG+kQr2WsO2J+eTlbE6qYo6V5DTNidLqG6qQoduLweU8u3zBM5XX
z9n8wScg99eDTLxkTKAlMw6HjyldD3CXOdnTnsrcAyDSIGM3CEttmw==
=A8M7
-----END PGP SIGNATURE-----

--=-g87ovi9pOiD8z/ktb5nM--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1035746063.65564.22.camel>