1

I've installed Samba4 and have the smb.conf file as follows:

 [global]
         workgroup = WORKGROUP
         server string = Samba Server
         realm = REXIALO.COM
         netbios name = REXIALO.COM
         security = user
         map to guest = Bad Password
         bind interfaces only = no
         interfaces = lo venet0
         log file = /var/log/samba/samba.log
         max log size = 1000
 
 [webroot]
         path = /usr/local/apache/htdocs
         comment = Example.com webroot directory
         read only = No

I can connect from the same server with smbclient.

Localhost:

# smbclient -L localhost -U root

Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.11]

    Sharename       Type      Comment
    ---------       ----      -------
    webroot         Disk      RexiAlo webroot directory
    IPC$            IPC       IPC Service (RexiAlo Samba Server) Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.11]

    Server               Comment
    ---------            -------

    Workgroup            Master
    ---------            -------Enter root's password:

network:

# smbclient -L rexialo.com -U

Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.11]

    Sharename       Type      Comment
    ---------       ----      -------
    webroot         Disk      RexiAlo webroot directory
    IPC$            IPC       IPC Service (RexiAlo Samba Server) Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.11]

    Server               Comment
    ---------            -------

    Workgroup            Master
    ---------            -------

The problem is when I try to map to the smb webroot from Windows 7, it asks for user/pass but just times out and then prompts for credentials. The samba.log file does not show any activity other than the startup of the smbd process.

Any help would be appreciated.

tcpdump output (server side)

# tcpdump|grep neal-pc
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
08:45:43.945262 IP rexialo.com.ssh > neal-pc.60224: Flags [P.], seq 4145385672:4145385880, ack 188947689, win 502, length 208
08:45:44.190147 IP neal-pc.60224 > rexialo.com.ssh: Flags [.], ack 208, win 53124, length 0
08:46:10.622737 IP neal-pc > rexialo.com: ICMP echo request, id 1, seq 216, length 40
08:46:10.622787 IP rexialo.com > neal-pc: ICMP echo reply, id 1, seq 216, length 40
08:46:27.901123 IP rexialo.com.ssh > neal-pc.60224: Flags [P.], seq 208:640, ack 1, win 502, length 432
08:46:28.144050 IP neal-pc.60224 > rexialo.com.ssh: Flags [.], ack 640, win 53016, length 0
08:46:29.528999 IP neal-pc.60497 > rexialo.com.http: Flags [S], seq 434975840, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
08:46:29.529058 IP rexialo.com.http > neal-pc.60497: Flags [S.], seq 1268998490, ack 434975841, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0
08:46:29.574194 IP neal-pc.60497 > rexialo.com.http: Flags [.], ack 1, win 16425, length 0
08:46:29.581169 IP neal-pc.60497 > rexialo.com.http: Flags [P.], seq 1:133, ack 1, win 16425, length 132
08:46:29.581225 IP rexialo.com.http > neal-pc.60497: Flags [.], ack 133, win 245, length 0
08:46:29.907133 IP rexialo.com.ssh > neal-pc.60224: Flags [P.], seq 640:1488, ack 1, win 502, length 848
08:46:30.152728 IP neal-pc.60224 > rexialo.com.ssh: Flags [.], ack 1488, win 53248, length 0
08:46:31.077482 IP rexialo.com.http > neal-pc.60497: Flags [.], seq 1:1461, ack 133, win 245, length 1460
08:46:31.077508 IP rexialo.com.http > neal-pc.60497: Flags [.], seq 1461:2921, ack 133, win 245, length 1460
08:46:31.077520 IP rexialo.com.http > neal-pc.60497: Flags [.], seq 2921:4381, ack 133, win 245, length 1460
08:46:31.077530 IP rexialo.com.http > neal-pc.60497: Flags [.], seq 4381:5841, ack 133, win 245, length 1460
08:46:31.077541 IP rexialo.com.http > neal-pc.60497: Flags [.], seq 5841:7301, ack 133, win 245, length 1460
08:46:31.077552 IP rexialo.com.http > neal-pc.60497: Flags [.], seq 7301:8761, ack 133, win 245, length 1460
08:46:31.077572 IP rexialo.com.http > neal-pc.60497: Flags [.], seq 8761:10221, ack 133, win 245, length 1460
Community
  • 1
Satalink
  • 188
  • 1
  • 7
  • 1
    Did you make any changes to your firewall to allow SMB traffic ? – user9517 Aug 14 '14 at 17:53
  • No I didn't. I'll google what needs to be added to iptables. Thanks. – Satalink Aug 14 '14 at 17:55
  • Shouldn't your 'map to guest' line look like following: map to guest = Bad User – Jakov Sosic Aug 14 '14 at 19:34
  • I've added everything to iptables, still no activity when starting from Windows (mapping network drive). – Satalink Aug 14 '14 at 19:34
  • I changed the map to guest = Bad Password to map to guest = Bad User, no change. – Satalink Aug 14 '14 at 19:44
  • I think it's something to do with network / connectivity. I would expect to see **something** in the log files when I am attempting to map the drive from Windows. _especially with the debug mode set to 9_ – Satalink Aug 14 '14 at 19:52
  • 1
    Did you use `iptables -A` or `ipables -I` - it matters. If you run `service iptabes stop` can you connect afterwards? – user9517 Aug 14 '14 at 20:44
  • I used iptables -A. I also tried it with the FW down temporarily. Logs show no connection attempts from Windows. I read that the [global] must have allow from = .. and deny from = .. specified or it will not connect. But that didn't change anything either. FYI: I restart each process after conf changes. – Satalink Aug 14 '14 at 22:26
  • I think Iain was on the right track here. Try a `service iptables stop` and see if that gets you more log information, or even full functionality. Either of those means you have a firewall issue, which we can address after you've diagnosed it. – MadHatter Aug 20 '14 at 16:04

2 Answers2

1

You should have same WORKGROUP configured in Samba and in Windows machine.

If you have "workgroup = WORKGROUP"

then you should change this also on windows machine to WORKGROUP.

Double check firewall on windows machine and other settings, run tcpdump on samba server side to verify that traffic is actually coming to your server.

Navern
  • 1,619
  • 1
  • 10
  • 14
  • Workgroups are configured both to be WORKGROUP. the tcpdump|grep -v ssh command did shed some light on the issue. Thanks for that tip! From the output, I can see that my Windows machine is sending the auth request to the server. I'll have to dig through the tcpdump output more to find out what's going on. That's definitely a step in the right direction. – Satalink Aug 23 '14 at 12:42
0

I'm not sure exactly what's going on here, but then again there isn't really a lot of information. I'm not really sure to make of your network capture as there isn't any protocol dissection. So I"m shooting from the hip here so to speak. Here are a couple assertions (read guesses)

  1. since you're getting prompted for a user/pass basic connectivity is working. As there has been a name resolution (if needed) or you provided an IP to mount with. Furthermore windows tried the logged in credentials first IIRC

  2. This means we probably have passed the protocol negotiation phase of the SMB connection and and are failing in the session setup, or tree connect phases.

I'm not sure you've defined your users correctly based on your description either. here are a couple solution to add users appropriately (well maybe -- unless I'm rusty)

  1. smbpasswd -a <username> (you could use root if you want) and it will ask for passwords to enter
  2. when you log in via windows specify your samba netbios name \ username like NETBIOS\username with the password you defined

BTW is "." a legal character in netBIOS? maybe change your NB name to REXIALOCOM?

or map guest to a known account... for example to map everyone to root you could do 

map to guest = Bad User
guest account = root

This means that when samba doesn't recognise your user -- map it to root (DO NOT DO THIS FOR ANYTHING OTHER THAN TESTING UNLESS YOU KNOW WHAT YOU'RE DOING)

and then I think you need a guest okay in your share section....

techraf
  • 4,243
  • 8
  • 29
  • 44
sehafoc
  • 131
  • 1