I have two networks:
a) Windows XP and 98 machines behind a USB
ADSL net connection. The XP machine acts as
the ICS host.
b) Linux (with Samba installed) and Windows XP
machines behind a cable modem.
I want the machines on network 'a' to be able to
access the shares on the machines on network 'b',
as well as each machine appear in the XP/98
Network Places.
Each network is assigned a dynamic IP, but they're
mapped to static addresses thanks to no-ip.org, and
they're also (obviously) on different subnets. I think I
understand that if I configure Linux as a WINS server
then NetBIOS over TCP/IP should allow those
machines on network 'a' to see those machines on
network 'b' through Network Places.
So far, I've had no success. I can, however, see the
Linux shares from network 'a' via
Net View <IP address of Linux box>
but a call to smbclient -L <some machine on net 'a'>
fails with "Connection to <machine> failed".
Could anyone *please* help me resolve this problem?
I would greatly appreciate any feedback that *anyone*
could give.
> So far, I've had no success. I can, however, see the
> Linux shares from network 'a' via
>
> Net View <IP address of Linux box>
>
> but a call to smbclient -L <some machine on net 'a'>
> fails with "Connection to <machine> failed".
>
I was once before in a very similar situation. First you want to check
that all machines can ping each other. You should try running smbclient
with an increased debugging level.
smbclient --debug=3 -L <machine>
This may give you some clues as to whether it is a network, firewall, or
a configuration issue. Are you sure your username and password are
correct, too (looks like you didn't specify a username or password)?
Make sure the host you are trying to connect to is allowing SMB calls
from the host you are connecting from with the credentials you smbclient
is providing.
--
Amir Malik
http://www.unoc.net/a/ | $email =~ s/SPAMBLOCK/a/;
4296 EE70 8F7C 1D1A D3C9 D885 95A9 6F83 73E7 589E
Please list the output of ipconfig/all from ALL the windows pc's
and the output of ifconfig from the linux pc.
Also post your smb.conf
--
Regards,
Mark
Samba Setup Guide: www.samba.netfirms.com
Courier-imap Tutorial: www.samba.netfirms.com/courier/courier.html
> Please list the output of ipconfig/all from ALL the windows pc's
> and the output of ifconfig from the linux pc.
>
> Also post your smb.conf
I have no problems accessing the shares from
the Linux side of the network. And from the
other side, I'm only really concerned with
getting the XP connection sharing PC to see
the Linux shares. Anyhow, in lmhosts and hosts
on the all-XP side I've added the (dynamic, but
as it currently stands) IP on the Linux machines.
Likewise, I've added the remote XP's IP address
to lmhosts and hosts on the Linux side.
Here's the smb.conf. I haven't bothered
to show the shares.
--8X--
[global]
workgroup = Everywhen
netbios name = Sindy
encrypt passwords = yes
update encrypted = yes
interfaces = eth0 eth1
socket options = TCP_NODELAY
wins support = yes
domain master = no
local master = yes
preferred master = no
os level = 255
security = user
; I want to map XP users to their Linux equivalents.
username map = /etc/samba/users.map
unix password sync = yes
--8X--
Here's the output of ipconfig -all from the
XP side:
--8X--
Windows IP Configuration
Host Name . . . . . . . . . . . . : deepthought
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
Ethernet NIC
Physical Address. . . . . . . . . : 00-50-8D-4F-6F-D2
PPP adapter BT Voyager ADSL Modem Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : <my dynamic address>
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : <my ISP's DNS Servers>
Primary WINS Server . . . . . . . : <The Linux box>
--8X--
Everything seems okay.
What has confused me a little is the output from
nmblookup. It seems to only query the Windows
machines on the Linux side and the broadcast
address when performing a name query. Though
pinging any machine on either network works fine.
One of the things that concerns me, given that I
can get everything working in the first place, is
the issue of both networks' access to the internet
(and thus each other) being by way of DHCP. If I
have to rely on WINS, lmhosts or hosts then they
will need updating whenever the IP addresses change.
Isn't there a way around this? For example, having
Samba query some external DNS server?
Thanks for your feedback Mark. Any insight you can
give will help make me sleep better at night. :-)
> I was once before in a very similar situation.
That makes me feel a little better. ;-)
> First you want to check that all machines can ping each other.
All machines, on all sides, are pinging each other just fine.
> You should try running smbclient with an increased debugging level.
>
> smbclient --debug=3 -L <machine>
Viewing log.nmbd it appears that the all-XP side is being added to
the Linux WINS server's list, with regards the relevant workgroup.
> This may give you some clues as to whether it is a network, firewall, or
> a configuration issue.
> Are you sure your username and password are correct, too (looks like
> you didn't specify a username or password)?
I'm pretty sure they're correct. Accessing \\<LINUX BOX from Start->
Run gives me access to the Linux box (I've mapped local XP users to
remove Linux users).
> Make sure the host you are trying to connect to is allowing SMB calls
> from the host you are connecting from with the credentials you smbclient
> is providing.
How can I determing this?
Thanks Amir. Your feedback is appreciated.
<snip>
When posting for help, please do NOT munge IP addresses, DNS settings
etc...How do you expect help otherwise? Its akin to having a sore
throat, going to a doctor and tell him that he can only look at your
baby toe so that he can you what is wrong with your throat....
BTW, your posting IP is 81.152.111.10
Where is the output of ifconfig on the linux pc?
Sorry. Force of habit. Paranoia runs in my family.
> BTW, your posting IP is 81.152.111.10
Oh. ;-)
> Where is the output of ifconfig on the linux pc?
eth0 Link encap:Ethernet HWaddr 00:06:4F:03:3C:68
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::206:4fff:fe03:3c68/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1304704 errors:0 dropped:0 overruns:0 frame:0
TX packets:312094 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:94048650 (89.6 Mb) TX bytes:143589595 (136.9 Mb)
Interrupt:5 Base address:0xec00
eth1 Link encap:Ethernet HWaddr 00:01:02:1E:08:8F
inet addr:82.38.213.80 Bcast:255.255.255.255 Mask:255.255.248.0
inet6 addr: fe80::201:2ff:fe1e:88f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2833636 errors:2 dropped:0 overruns:0 frame:4
TX packets:1331448 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:281824155 (268.7 Mb) TX bytes:102253026 (97.5 Mb)
Interrupt:12 Base address:0xe800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2113 errors:0 dropped:0 overruns:0 frame:0
TX packets:2113 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:214154 (209.1 Kb) TX bytes:214154 (209.1 Kb)
> I'm pretty sure they're correct. Accessing \\<LINUX BOX from Start->
> Run gives me access to the Linux box (I've mapped local XP users to
> remove Linux users).
Good. You have solved the hostname to ip resolution problem between the
two networks.
But this doesn't answer the "browse" question. To have all boxes on the
"network neighbour" you must have a filled local browser on each network.
By default, on Windows and/or samba network there is an automatic local
browser election (a master an many backup) on each network (using
broadcast message).
You (only) need to synchronize theses browse list.
Look the O'Reilly Samba book
http://ftp.easynet.be/samba/docs/using_samba/ch07.html, at the chapter
named "Samba as the Domain Master Browser" and section "Multiple
subnets".
Summary solution 1 :
--------------------
Propagate the browscast browsing message from one network to the other.
On the samba server :
[global]
remote announce = 172.16.2.255/METRAN
172.16.2.255=your Windows network broadcast address
Note : this only work if broadcast message are allowed to pass throw all
firewall (out from net2, on from net1). Not sure, because many firewall
or default linux iptables/ipchains rules block this.
Summary solution 2 :
--------------------
If you can fix the master browser (see Samba doc) on the Windows network,
you can synchronize the samba browse list with the Windows master browser
:
[global]
remote browse sync = 172.16.2.130
172.16.2.130=your Windows master browser address
Summary solution 3 :
--------------------
Use a domain browser and a WINS server.
A master browser is a browser that centralize browse list accross many
networks.
On Windows a domain browser is a primary controller (you can't seaparate
the two notion), on Linux any samba server can become a domain browser :
[global]
domain master = yes
The domain browser is automatically registered in the WINS database, and
so can't run without any WINS server.
Set only one domain browser (a Windows or a Linux box).
Hope it may help.
Regards
> > Viewing log.nmbd it appears that the all-XP side is being added to
> > the Linux WINS server's list, with regards the relevant workgroup.
>
> Good. You have solved the hostname to ip resolution problem between the
> two networks.
This is only done by way of a static entry within both /etc/hosts and
/etc/samba/lmhosts. There's no NetBIOS name resolution. I would
rather this could be handle dynamically, using the Linux machine as
a WINS server. But my attempts to get this working have failed.
> But this doesn't answer the "browse" question. To have all boxes on the
> "network neighbour" you must have a filled local browser on each network.
On the all-XP network, the master browser is also the internet connection
sharing machine (IP 192.168.0.1) that the ADSL modem is connected to.
(The dynamic address of the ADSL modem is mapped to a cononical name
thank's to the freebies www.no-ip.org.)
Ideally what would exists is a mechanism like thus:
Local XP machine at 192.168.0.1 acts as the master browser that the
Linux machine on the remote subnet (which sits behind a cable modem,
whose dynamic IP address is also mapped to a cononical name by way
of www.no-ip.org) syncronizes its browser list with. None of the
all-XP
machines are configured as WINS clients, so that it doesn't matter if
the
IP address of the remote Linux machine behind the cable modem changes.
(Windows XP only allows IP addresses and not cononical names to be
entered for a WINS server address.)
I believe means I'd have to configure the remote Linux machine as:
> Summary solution 2 :
> --------------------
>
> If you can fix the master browser (see Samba doc) on the Windows network,
> you can synchronize the samba browse list with the Windows master browser
> :
>
> [global]
> remote browse sync = <Window master browser address>
And only allow the remote Linux machine to act as a local browser for
it's subnet only? Something along the lines of:
wins support = no
domain master = no
preferred master = no
local master = yes
remote browse sync = 192.168.0.1
I think that's what needs doing. But between each subnet there's a
modem in the way with their own IP addresses that are dynamic.
This would mean that
remote browse sync = <IP address of remote ADSL modem>
But the IP address of the remote ADSL modem can never be
associated with the master browser on that *other* subnet can it?
After all, the master browser would be at 192.168.0.1 and not
at the IP address of the ADSL modem.
And to confuse issues further, "remote browse sync" expects an
IP address and not a cononical name. That causes problems because
it would need changing whenever the IP address of the remote ADSL
modem changed.
Even if you get it to work, I think it is an EXTREMELY bad idea to
expose an SMB share to the Internet, for security reasons.
--
The e-mail address in our reply-to line is reversed in an attempt to
minimize spam. Our true address is of the form che...@prodigy.net.
> This is only done by way of a static entry within both /etc/hosts and
> /etc/samba/lmhosts. There's no NetBIOS name resolution. I would
> rather this could be handle dynamically, using the Linux machine as
> a WINS server. But my attempts to get this working have failed.
The WINS server is not call for *nix regular hostname resolution.
But Windows stations or dhcp server can fill a DNS with hostname<->ip
association (using dynamic dns protocol). Be this is only valid if you
use a centralized DNS server for the both network. And it don't managed
the browse list question.
> preferred master = no
preferred master = yes to force the re-election
> I think that's what needs doing. But between each subnet there's a
> modem in the way with their own IP addresses that are dynamic.
Damned !
> But the IP address of the remote ADSL modem can never be
> associated with the master browser on that *other* subnet can it?
> After all, the master browser would be at 192.168.0.1 and not
> at the IP address of the ADSL modem.
>
> And to confuse issues further, "remote browse sync" expects an
> IP address and not a cononical name. That causes problems because
> it would need changing whenever the IP address of the remote ADSL
> modem changed.
That's the problem, it can't use dynamic address :-(
You can't do it :-( ! Except ... if you set a VPN, and so you may
synchronized with static private address. This would improved your
security too.
Set a VPN that automatic reconnect your two networks when any dynamic
address changes (wich mean that one of the two connection fall down), and
use the private ip of your local browser to sync it.
Regards
>+ Even if you get it to work, I think it is an EXTREMELY bad idea to
>+ expose an SMB share to the Internet, for security reasons.
That's one problem, sure. Actually, that's a pretty big one. You may
also want to filter port 135 on the windows boxes.
Did anyone mention that the probability rapidly approaches 1 that one
or both of the ISP's are also blocking the Microsoft file sharing
ports (137, 139, and 445)?
And depending on the distribution of linux, there may well be firewall
in play.
As a test, one may run an nmap portscan on the remote host that you're
interested in connecting with. If the relevant ports are reported as
"filter"ed, then they're being blocked.
If you must do this, you should think of implementing a VPN (like
OpenVPN).
James
--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.
>On Sun, 11 Apr 2004 05:41:27 GMT,
>CJT <abuj...@prodigy.net>, in
><4078DC85...@prodigy.net> wrote:
>
>>+ Even if you get it to work, I think it is an EXTREMELY bad idea to
>>+ expose an SMB share to the Internet, for security reasons.
>
>That's one problem, sure. Actually, that's a pretty big one. You may
>also want to filter port 135 on the windows boxes.
>
>Did anyone mention that the probability rapidly approaches 1 that one
>or both of the ISP's are also blocking the Microsoft file sharing
>ports (137, 139, and 445)?
>
I don't know of any that don't, since Mickysoft leaves everything open
by default and most windows users don't know enough to close them.
Mike-
--
If you're not confused, you're not trying hard enough.
--
Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If
email from you bounces, try non-HTML, non-encoded, non-attachments,
> > preferred master = no
> preferred master = yes to force the re-election
>
> > I think that's what needs doing. But between each subnet there's a
> > modem in the way with their own IP addresses that are dynamic.
>
> Damned !
Silly me - this is actually working now. The remote machine's IP address
changed, and I neglected to change the IP of the WINS under Windows.
I've just ran nbtstat -c on the local Windows box and in the Remote Cache
Name Table for the NIC I see the (presumably) remote workgroup name.
There are two entries, one <GROUP> and the other <UNIQUE>. I
would have expected the IP Host Address associated with each to be the
address of the Samba server, but they aren't. They're coming up as
192.168.1.1 instead. Likewise, there's also an entry for the other machine
on the all-XP network with a type <UNIQUE>, and it's IP address
192.168.0.1.
> That's the problem, it can't use dynamic address :-(
>
> You can't do it :-( ! Except ... if you set a VPN, and so you may
> synchronized with static private address. This would improved your
> security too.
>
> Set a VPN that automatic reconnect your two networks when any dynamic
> address changes (wich mean that one of the two connection fall down), and
> use the private ip of your local browser to sync it.
Would I be looking at installing OpenSSH here?
>+ >Did anyone mention that the probability rapidly approaches 1 that one
>+ >or both of the ISP's are also blocking the Microsoft file sharing
>+ >ports (137, 139, and 445)?
>+ I don't know of any that don't,
I don't, either. Doesn't mean there isn't some ISP out there that lets
their users fend for themselves. Apparently the OP managed to get it
working without using a VPN solution, so there must be two!
>+ since Mickysoft leaves everything open
>+ by default and most windows users don't know enough to close them.
And even if you do "close" them, that's no guarantee that they're
actually closed...