From owner-freebsd-questions Sun Oct 27 11:14:29 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA62437B401 for ; Sun, 27 Oct 2002 11:14:22 -0800 (PST) Received: from nemesis.systems.pipex.net (nemesis.systems.pipex.net [62.241.160.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5B3A43E42 for ; Sun, 27 Oct 2002 11:14:21 -0800 (PST) (envelope-from stacey@Demon.vickiandstacey.com) Received: from Demon (81-86-129-77.dsl.pipex.com [81.86.129.77]) by nemesis.systems.pipex.net (Postfix) with ESMTP id D25CE160080E0; Sun, 27 Oct 2002 19:14:15 +0000 (GMT) Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts Reply-To: sroberts@dsl.pipex.com To: "D. Penev" Cc: sroberts@dsl.pipex.com, FreeBSD Questions In-Reply-To: <20021027175639.GA240@earth.dpsca.bg> References: <1035155219.539.2.camel@Demon.vickiandstacey.com> <3DB35946.4070908@cream.org> <1035225240.539.14.camel@Demon.vickiandstacey.com> <20021026212622.GA240@earth.dpsca.bg> <1035668870.382.53.camel@Demon.vickiandstacey.com> <20021027071532.GA263@earth.dpsca.bg> <1035715849.2189.26.camel@Demon.vickiandstacey.com> <20021027175639.GA240@earth.dpsca.bg> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-g87ovi9pOiD8z/ktb5nM" X-Mailer: Ximian Evolution 1.0.8 Date: 27 Oct 2002 19:14:21 +0000 Message-Id: <1035746063.65564.22.camel@Demon.vickiandstacey.com> Mime-Version: 1.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --=-g87ovi9pOiD8z/ktb5nM Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, I've got a break-through.., I've been testing with new ipfw options and now I'm able to get past entering the "Domain" and clicking "OK". Now I am getting the "Password to log into Domain" dialogue box appear. This is the amended rule that appears to make this work: $fwcmd add 00622 allow log udp from $oip to me 137-139 in via $oif $fwcmd add 00624 allow udp from any to any 137-139 out via $oif However, for now, I'm getting: "The specified user does not exist" when I enter [root] and [root's samba passwd] Any thoughts? Don't think I'm not appreciating your patient efforts to assist me. Cheers! Stacey On Sun, 2002-10-27 at 17:56, D. Penev wrote: > On Sun, Oct 27, 2002 at 10:50:47AM +0000, Stacey Roberts wrote: > >Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients= ?] > >From: Stacey Roberts > >To: "D. Penev" > >Cc: FreeBSD Questions > >Date: 27 Oct 2002 10:50:47 +0000 > > > >Hi, > > Here's the relevant lines in my firewall: > >00620 allow udp from any to any 137 keep-state out xmit sis0 > >00621 allow tcp from any to any 137 keep-state out xmit sis0 >=20 > Add: >=20 > 00622 allow udp from to any 137,138 keep-state in recv sis0 >=20 > >00623 allow log logamount 10 tcp from to me 137,138 > ^^ use any because > win2k use broadca= st > if you don't have > wins server > >keep-state in recv sis0 setup > >00624 allow udp from any to any 138 keep-state out xmit sis0 > >00625 allow tcp from any to any 138 keep-state out xmit sis0 > > > >The output from nbtstat -A : > >"Host not found" > > > >The output from nbtstat -c: > >"No names in cache" > > > >After running both commands, no new entries in /var/log/security appear > >for packets issued from Win2K box. > > > >Hope this helps. > > > >Stacey > > > >On Sun, 2002-10-27 at 07:15, D. Penev wrote: > >> On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote: > >> >Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clie= nts?] > >> >From: Stacey Roberts > >> >To: "D. Penev" > >> >Cc: FreeBSD Questions > >> >Date: 26 Oct 2002 22:47:48 +0100 > >> > > >> >Hi, > >> > Thanks for the reply. I should mention that I've made some progress > >> >with my efforts to set up a samba PDC for my Win2K clients. > >> > > >> >First of all I am now able to successfully complete all tests in the > >> >recommended "DIAGNOSTICS.TXT" at > >> >http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:- > >> > > >> >test 8: On the PC type the command "net view \\BIGSERVER" > >> > > >> >Specifically, I am only able to complete this test by using the IP Ad= dr > >> >of the samba server in place of its name. Likewise for test 9 that > >> >follows. > >> > > >> >Recapping, I *am* able to serve share dirs to *NIX clients as well as > >> >the Win2K boxes, with the caveat that for the Windows boxes, I have t= o > >> >use the IP Addr of the samba server. This is not an issue for other > >> >(*NIX) client hosts. > >> > > >> >Needless to say, I am not as yet able to have the Win2K boxes join th= e > >> >domain as described in Chapter 9. (How to Configure Samba 2.2 as a > >> >Primary Domain Controller - 9.4.3. Joining the Client to the Domain.4= .3. > >> >Joining the Client to the Domain). I still get the MS error when I cl= ick > >> >"OK" after entering the domain as defined in smb.conf. > >> > > >> >Hope this presents somewhat a clearer description of the current stat= us > >> >here. Do get back to if you would require more information in assisti= ng > >> >me in resolving this. > >>=20 > >> >From you description of the problem it's looks like that win2k box ca= n't > >> make resolving of names to ip address. That's why I accent to firewall > >> because according to you logs ipfw block port 137, which is used to=20 > >> resolve NetBIOS names to IP address. I make a little test and block po= rt > >> 137 on my PDC (Samba 2.2.4 on NetBSD) and results are the same as your= s. > >> If that is true (blocking of netbios-ns port) you PDC can't register > >> as domain controler, and workstations when is joined to domain can't f= ind > >> who is PDC for this domain. > >> What are you firewall rules? > >> What's show "nbtstat -A YOU_SAMBA_SERVER" and "nbtstat -c" on win2k bo= x? > >> =20 > >> > > >> >Thanks > >> > > >> >On Sat, 2002-10-26 at 22:26, D. Penev wrote: > >> >> On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote: > >> >> >Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clien= ts?] > >> >> >From: Stacey Roberts > >> >> >To: Andrew Boothman > >> >> >Cc: sroberts@dsl.pipex.com, > >> >> > FreeBSD Questions > >> >> >Date: 21 Oct 2002 19:33:58 +0100 > >> >> > > >> >> >Hello, > >> >> > I'd appreciate some help from anyone who's got samba 2.2.6 ru= nning > >> >> >on FreeBSD as a PDC for Win2K client wkstations, please. > >> >> > > >> >> >I'm trying to following the SAMBA How-To at: > >> >> >http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60 > >> >> >but fail at the smbclient -L stage: > >> >> > > >> >> ># smbclient -L -N Demon > >> >> >added interface ip=3D192.168.1.8 bcast=3D192.168.1.255 nmask=3D255= .255.255.0 > >> >> >Packet send failed to 192.168.1.255(137) ERRNO=3DPermission denied > >> >> >Connection to -N failed > >> >> >#=20 > >> >> > > >> >> >I get these entries in /var/log/security: > >> >> >Oct 21 19:31:08 Demon /kernel: ipfw: 910 Deny UDP :2308 > >> >> >:137 out via sis0 > >> >>=20 > >> >> You firewall blocks packets to port 137 (netbios-ns). That's > >> >> why you can access samba server with ip address and not by name. > >> >>=20 > >> >> >=20 > >> >> >Please help me out here. > >> >> > > >> >> >Stacey > >> >> > > >> >> >On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: > >> >> >> Stacey Roberts wrote: > >> >> >> > Hello,=20 > >> >> >> > I've got 2 WIN2K Pro workstations on my home lan that I'd= like to > >> >> >> > enable network logon for. I've been banging my head against a = wall for > >> >> >> > the last four hours trying to get this sorted, but to no avail= .=20 > >> >> >> >=20 > >> >> >> > I keep getting the same error when trying to enter the Domain = name into > >> >> >> > the "WORKGROUP" field in Win2K network properties:=20 > >> >> >> >=20 > >> >> >> > "The following error occured validating the name "my_domainnam= e", This > >> >> >> > condition may be caused by a DNS lookup problem. For more info= rmation > >> >> >> > about troubleshooting common DNS lookup problems see the follo= wing > >> >> >> > Microsoft blah., blah.., blah..,=20 > >> >> >> >=20 > >> >> >> > The specified domain either does not exist or could not be con= tacted". > >> >> >>=20 > >> >> >> Have you added machine accounts to the FreeBSD box for the clien= t boxes? > >> >> >>=20 > >> >> >> You need machine accounts that look like clientname$ (dollar sig= n at=20 > >> >> >> end) added both as local accounts and then again with smbpasswd = passing=20 > >> >> >> whatever the appropriate switch is to create a machine account. > >> >> >>=20 > >> >> >> I have a FreeBSD box here acting as a PDC so we should be able t= o find=20 > >> >> >> the problem. > >> >> >>=20 > >> >> >> Andrew. > >> >> >>=20 > >> >> >>=20 > >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> >> >> with "unsubscribe freebsd-questions" in the body of the message > >> >> >--=20 > >> >> >Stacey Roberts > >> >> >B.Sc (HONS) Computer Science > >> >> > > >> >> >Web: www.vickiandstacey.com > >> >> > > >> >>=20 > >> >>=20 > >> >>=20 > >> >> --=20 > >> >> Regards, > >> >> D. Penev > >> >>=20 > >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> >> with "unsubscribe freebsd-questions" in the body of the message > >> >--=20 > >> >Stacey Roberts > >> >B.Sc (HONS) Computer Science > >> > > >> >Web: www.vickiandstacey.com > >> > > >>=20 > >>=20 > >>=20 > >> --=20 > >> Regards, > >> D. Penev > >>=20 > >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> with "unsubscribe freebsd-questions" in the body of the message > >--=20 > >Stacey Roberts > >B.Sc (HONS) Computer Science > > > >Web: www.vickiandstacey.com > > >=20 >=20 >=20 > --=20 > Regards, > D. Penev --=20 Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com --=-g87ovi9pOiD8z/ktb5nM Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUAPbw7C5vQeubckvvXAQGbKAf/cfgmp2M6ISTr3Z3UHezr3DI5qia+Fq6D ZCvqPZehmUx9VHug20IqOmUKbrzRt8VCMVD17hf01QI3AkeGjt29GOvOXFFiGD38 5iVOCEo5gr1fW0a3wkOHTfwFd7SL+3DAA2alzHICNJTuSet+1HniCIoqFJINE8LI cH+MLe6oEoSLZqgHFHouKbZLDv2S1cwPrp/XDqbM7E/TxmflLtQTT4xTmX2QSCXi jbGBUvsYIW/fmG+kQr2WsO2J+eTlbE6qYo6V5DTNidLqG6qQoduLweU8u3zBM5XX z9n8wScg99eDTLxkTKAlMw6HjyldD3CXOdnTnsrcAyDSIGM3CEttmw== =A8M7 -----END PGP SIGNATURE----- --=-g87ovi9pOiD8z/ktb5nM-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message