Samba server NETBIOS name not resolving, WINS support not working
Solution 1
Turns out I chose to ditch NETBIOS name resolution and use DNS instead (which works better). Thus I only need port 445 to function which results in a smaller firewall config.
Solution 2
Your symptoms are consistent with NMB not being reachable. Your IPTables config looks good to me. It could be as simple as the nmbd service is not started. I've had that very problem when trying to figure out why a brand new Samba service isn't reachable by name.
Related videos on Youtube
07 : 45
07 : 16
20 : 18
06 : 11
02 : 34
Comments
-
Eric almost 2 years
When I try to connect to my CentOS 6.2 x86_64 server's samba shares using address \\REPO (NETBIOS name of REPO), it times out and shows an error; if I do so directly via IP, it works fine. Furthermore, my server does not work correctly as a WINS server despite my samba settings being correct for it (see below for details).
If I stop the iptables service, things work properly.
I'm using this page as a reference for which ports to use: http://www.samba.org/samba/docs/server_security.html
Specifically:
UDP/137 - used by nmbd UDP/138 - used by nmbd TCP/139 - used by smbd TCP/445 - used by smbd
I really really really want to keep the secure iptables design I have below but just fix this particular problem.
SMB.CONF
[global] netbios name = REPO workgroup = AWESOME security = user encrypt passwords = yes # Use the native linux password database #passdb backend = tdbsam # Be a WINS server wins support = yes # Make this server a master browser local master = yes preferred master = yes os level = 65 # Disable print support load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes # Restrict who can access the shares hosts allow = 127.0.0. 10.1.1. [public] path = /mnt/repo/public create mode = 0640 directory mode = 0750 writable = yes valid users = mangs repomanIPTABLES CONFIGURE SCRIPT
# Remove all existing rules iptables -F # Set default chain policies iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # Allow incoming SSH iptables -A INPUT -i eth0 -p tcp --dport 22222 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22222 -m state --state ESTABLISHED -j ACCEPT # Allow incoming HTTP #iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT #iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT # Allow incoming Samba iptables -A INPUT -i eth0 -p udp --dport 137 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --sport 137 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 138 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --sport 138 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 139 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 139 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 445 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 445 -m state --state ESTABLISHED -j ACCEPT # Make these rules permanent service iptables save service iptables restart**strong text** -
Eric about 12 yearsI've restarted both the smb and nmb services a million times. The server runs CentOS 6.2 x86_64 if that helps. Here's the service output: eric # service --status-all | grep 'smb|nmb' 51:nmbd (pid 9736) is running... 59:smbd (pid 9752) is running...