# SOLVED - Plain Vanilla SAMBA Conf not visible on a local net

## reckor

Need some expert guidance here...

My goal is very simple. Make a folder available on my local network so I can share it with my Android TV (VLC running there) and a laptop using Windows.

Samba version:

```
eix samba

[I] net-fs/samba

     Available versions:  4.14.10-r2^t (~)4.14.12^t (~)4.15.2-r2^t 4.15.3-r1^t (~)4.15.4^t (~)4.15.5^t **4.16.0_rc2^t {acl addc addns ads ceph client cluster cups debug dmapi fam glusterfs gpg iprint json ldap ntvfs pam profiling-data python quota +regedit selinux snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test winbind zeroconf ABI_MIPS="n32 n64 o32" ABI_S390="32 64" ABI_X86="32 64 x32" CPU_FLAGS_X86="aes" PYTHON_SINGLE_TARGET="python3_8 python3_9 python3_10"}

     Installed versions:  4.15.5^t(10:52:53 AM 02/05/2022)(acl ads client cups json ldap pam python regedit system-mitkrb5 systemd winbind -addc -ceph -cluster -debug -dmapi -fam -glusterfs -gpg -iprint -profiling-data -quota -selinux -snapper -spotlight -syslog -system-heimdal -test -zeroconf ABI_MIPS="-n32 -n64 -o32" ABI_S390="-32 -64" ABI_X86="32 64 -x32" CPU_FLAGS_X86="aes" PYTHON_SINGLE_TARGET="python3_9 -python3_8 -python3_10")

     Homepage:            https://samba.org/

     Description:         Samba Suite Version 4

```

smb.conf:

```

[share]

path = /home/reckor/share

browseable = yes

read only = yes

public = yes

guest ok = yes

guest only = yes

create mask = 0644

directory mask = 0755

```

testparm result:

```

testparm -s

Load smb config files from /etc/samba/smb.conf

Loaded services file OK.

Weak crypto is allowed

Server role: ROLE_STANDALONE

# Global parameters

[global]

   idmap config * : backend = tdb

[share]

   create mask = 0644

   guest ok = Yes

   guest only = Yes

   path = /home/reckor/share

```

Checked ports as well, seems ok.

```

netstat -tulpen | egrep "smb|nmb|samb"

tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      0          233740     70248/smbd          

tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      0          233741     70248/smbd          

tcp6       0      0 :::445                  :::*                    LISTEN      0          233738     70248/smbd          

tcp6       0      0 :::139                  :::*                    LISTEN      0          233739     70248/smbd          

udp        0      0 192.168.1.255:137       0.0.0.0:*                           0          227806     70257/nmbd          

udp        0      0 192.168.1.236:137       0.0.0.0:*                           0          227805     70257/nmbd          

udp        0      0 0.0.0.0:137             0.0.0.0:*                           0          227793     70257/nmbd          

udp        0      0 192.168.1.255:138       0.0.0.0:*                           0          227808     70257/nmbd          

udp        0      0 192.168.1.236:138       0.0.0.0:*                           0          227807     70257/nmbd          

udp        0      0 0.0.0.0:138             0.0.0.0:*                           0          227794     70257/nmbd  

```

Then I'm running:

1) touch /etc/samba/smb.conf

2) systemctl restart smbd

3) systemctl restart nmbd

No errors... but no visibility as well. Access in my Gentoo via Nautilus (CRTL + L then smb://localhost) is fine too.

Any suggestions, pls?

ThanksLast edited by reckor on Sun Feb 20, 2022 3:00 pm; edited 1 time in total

----------

## alamahant

 *Quote:*   

> 
> 
> No errors... but no visibility as well
> 
> 

 

What exactly happens?

If you go for example in your laptop->network locations->//<samba-ip>/share

What happens?

Do you have a firewall running maybe?

----------

## reckor

 *alamahant wrote:*   

>  *Quote:*   
> 
> No errors... but no visibility as well
> 
>  
> ...

 

Thanks, no firewall as you could see from the ports enabled (unless I'm missing something...).

Result is "ip cannot be reached"  (laptop->network locations->//<samba-ip>/share)

----------

## Hu

 *reckor wrote:*   

> Thanks, no firewall as you could see from the ports enabled (unless I'm missing something...).

 You're missing that a port can be listening, but blocked by a firewall.  :Wink:    You showed the port is listening, but that tells us nothing about whether the kernel will allow remote traffic to reach it.  For Internet-connected systems, it is relatively common to have sshd running (and thus listening), but have a firewall prohibiting traffic from all addresses not specifically authorized (and thus immune to many types of scattershot attacks).

Please check whether the laptop can establish a basic TCP connection to the server, on any port.  If that works, check that it can establish a TCP connection to the Samba port specifically.  Please do not use a Microsoft or Android GUI for this test, as both are quite bad about giving vague error reports.  We want to know exactly what happens, down to the errno returned when it fails.

If you want to rule out a firewall, post the output of iptables-save -c as run by root on the Samba server.  You could also try collecting a tcpdump on the server while the client tries to connect.  Start with tcpdump -p -n -w /tmp/samba.pcap 'tcp and (port 445 or port 139)'. Some expertise may be required for interpreting that.

----------

## reckor

 *Hu wrote:*   

>  *reckor wrote:*   Thanks, no firewall as you could see from the ports enabled (unless I'm missing something...). You're missing that a port can be listening, but blocked by a firewall.    You showed the port is listening, but that tells us nothing about whether the kernel will allow remote traffic to reach it.  For Internet-connected systems, it is relatively common to have sshd running (and thus listening), but have a firewall prohibiting traffic from all addresses not specifically authorized (and thus immune to many types of scattershot attacks).
> 
> Please check whether the laptop can establish a basic TCP connection to the server, on any port.  If that works, check that it can establish a TCP connection to the Samba port specifically.  Please do not use a Microsoft or Android GUI for this test, as both are quite bad about giving vague error reports.  We want to know exactly what happens, down to the errno returned when it fails.
> 
> If you want to rule out a firewall, post the output of iptables-save -c as run by root on the Samba server.  You could also try collecting a tcpdump on the server while the client tries to connect.  Start with tcpdump -p -n -w /tmp/samba.pcap 'tcp and (port 445 or port 139)'. Some expertise may be required for interpreting that.

 

Thanks Hu. Here are my findings.

```

root@migt /home/reckor # netstat -tulpen | egrep "smb|nmb|samb"

tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      0          236432     75077/smbd          

tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      0          236433     75077/smbd          

tcp6       0      0 :::445                  :::*                    LISTEN      0          236430     75077/smbd          

tcp6       0      0 :::139                  :::*                    LISTEN      0          236431     75077/smbd          

udp        0      0 192.168.1.255:137       0.0.0.0:*                           0          561503     75110/nmbd          

udp        0      0 192.168.1.236:137       0.0.0.0:*                           0          561502     75110/nmbd          

udp        0      0 0.0.0.0:137             0.0.0.0:*                           0          238339     75110/nmbd          

udp        0      0 192.168.1.255:138       0.0.0.0:*                           0          561505     75110/nmbd          

udp        0      0 192.168.1.236:138       0.0.0.0:*                           0          561504     75110/nmbd          

udp        0      0 0.0.0.0:138             0.0.0.0:*                           0          238340     75110/nmbd          

root@migt /home/reckor # touch /etc/samba/smb.conf

root@migt /home/reckor # systemctl restart smbd

root@migt /home/reckor # systemctl restart nmbd

root@migt /home/reckor # iptables-save -c

# Generated by iptables-save v1.8.7 on Mon Feb  7 09:00:02 2022

*filter

:INPUT ACCEPT [16569:26218899]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [15950:3093883]

COMMIT

# Completed on Mon Feb  7 09:00:02 2022

root@migt /home/reckor # tcpdump -p -n -w /tmp/samba.pcap 'tcp and (port 445 or port 139)'

dropped privs to pcap

tcpdump: listening on wlp2s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

^C0 packets captured

0 packets received by filter

0 packets dropped by kernel

```

On Windows I tested the TCP connection via telnet (telnet 192.168.1.236 445) or with 139 port. Response was: "Connect failed".

Any other suggestion pls? (and thanks for the explanation on firewall).

----------

## alamahant

Can you ping

```

192.168.1.236

```

In samba machine plz doublecheck your ip.

```

ip a

```

and preferably set a static ip.

----------

## reckor

 *alamahant wrote:*   

> Can you ping
> 
> ```
> 
> 192.168.1.236
> ...

 

Good point...Windows had Microsoft Defender enabled... sorry for missing this one. 

Now Gentoo and Windows can ping each other, telnet could also connect via 139 (but not 446). 

However, shared folder is still not visible in Windows (I'm not trying the Android TV for now).

----------

## alamahant

In smb.conf add

```

hosts allow = 127. 192.168.1.

interfaces = 192.168.1.236/24 127.0.0.1/24

```

----------

## reckor

 *alamahant wrote:*   

> In smb.conf add
> 
> ```
> 
> hosts allow = 127. 192.168.1.
> ...

 

Added as per below.

```
  GNU nano 6.0   /etc/samba/smb.conf                                                                                                                                  

hosts allow = 127. 192.168.1.

interfaces = 192.168.1.236/24 127.0.0.1/24

[share]

path = /home/reckor/share

browseable = yes

read only = yes

public = yes

guest ok = yes

guest only = yes

create mask = 0644

directory mask = 0755

```

```

root@migt /home/reckor # ping 192.168.1.29 [b] (<--- this is the windows IP)[/b]

PING 192.168.1.29 (192.168.1.29) 56(84) bytes of data.

64 bytes from 192.168.1.29: icmp_seq=1 ttl=128 time=4.07 ms

64 bytes from 192.168.1.29: icmp_seq=2 ttl=128 time=5.03 ms

64 bytes from 192.168.1.29: icmp_seq=3 ttl=128 time=6.57 ms

64 bytes from 192.168.1.29: icmp_seq=4 ttl=128 time=4.88 ms

64 bytes from 192.168.1.29: icmp_seq=5 ttl=128 time=4.98 ms

^C

--- 192.168.1.29 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4004ms

rtt min/avg/max/mdev = 4.070/5.104/6.567/0.810 ms

root@migt /home/reckor # iptables-save -c

# Generated by iptables-save v1.8.7 on Mon Feb  7 15:48:23 2022

*filter

:INPUT ACCEPT [1113394:634748222]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [1213533:394769396]

COMMIT

# Completed on Mon Feb  7 15:48:23 2022

root@migt /home/reckor # tcpdump -p -n -w /tmp/samba.pcap 'tcp and (port 445 or port 139)'   [b]<--- Even connected via Telnet it does not show any packet captured, not sure if this is an issue too.[/b]

dropped privs to pcap

tcpdump: listening on wlp2s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

0 packets captured

0 packets received by filter

0 packets dropped by kernel

```

Not working yet. 

Thanks

----------

## APolozov

My current smb.conf (all shares read only by default)

```

[global]

 netbios name = panic

 workgroup = WORKGROUP

 realm = WORKGROUP

 server string = Samba Server by PANic

 domain master = yes

 local master = yes

 preferred master = yes

 os level = 250

 log file = /var/log/samba/log.%m

 log level = 3

 max log size = 256

 security = user

 map to guest = bad password

 guest account = nobody

 null passwords = yes

 server max protocol = SMB2

 server min protocol = NT1

 guest ok = Yes

 passdb backend = tdbsam

 

 case sensitive = yes

 unix charset = UTF-8

 dos charset = 866

 preserve case = yes

 short preserve case = yes

 wins support = no

 unix extensions = no

 wide links = yes

 follow symlinks = yes

[NEW]

   path = /media/NEW

   guest ok = yes

[1]

   path = /media/1

   guest ok = yes

[Home]

   path = /home

   guest ok = yes

```

----------

## Hu

 *reckor wrote:*   

> 
> 
> ```
> root@migt /home/reckor # iptables-save -c
> 
> ...

 Your firewall is maximally permissive.  For this test, that is a good thing.  We can ignore concerns it might be dropping traffic. *reckor wrote:*   

> 
> 
> ```
> root@migt /home/reckor # tcpdump -p -n -w /tmp/samba.pcap 'tcp and (port 445 or port 139)'
> 
> ...

 Your capture ran on a wireless interface, and observed no incoming traffic.  This means either:Your server has both wired and wireless.  You monitored wireless, but the client connected from wired.  We would see nothing even if the client worked properly, so seeing all zeroes here does not provide information.You monitored wireless, and the client should have connected to you over wireless, but did not.  Seeing all zeroes means that wherever the client went, it was not here.  If so, then whatever is wrong is a client problem and nothing you change on the server will help.If you need to set the interface to monitor, add -i eth0 (or another appropriate name, such as enpXsY) to your tcpdump options.  Since you use predictable network interface names, I cannot predict what network interface name to give you.  (If you were not using predictable names, a prediction of eth0 would be almost certain to be right.  :Wink: )

----------

## reckor

Spasibo, but didn't work either. 

 *APolozov wrote:*   

> My current smb.conf (all shares read only by default)
> 
> ```
> 
> [global]
> ...

 

----------

## reckor

 *Hu wrote:*   

>  *reckor wrote:*   
> 
> ```
> root@migt /home/reckor # iptables-save -c
> 
> ...

 

Thanks for the explanation, Hu.

Unfortunately, I'm still stuck.

I thought it was easy to set up samba with no complicated set of urser/groups, etc. 

I am out of ideas. Both computers can ping each other, firewalls are not there, smb.conf seems to be ok but I cannot see the shared folder in the client. 

Moreover, I cannot ping the TV, so wondering if there is a firewall there but couldn't find any.

----------

## Hu

Do you have a general purpose Linux system you can use as the client here?  I don't like trusting that the Windows CIFS stack or the Android television will provide good test results.  Your last tcpdump output suggests to me that your clients aren't doing the right thing.  If so, you cannot fix this with server changes.  Therefore, we need to confirm that the clients are behaving properly before examining the Linux server further.

If you don't have a Linux client you can use, then please state whether the clients are supposed to be contacting the server over wired or wireless.  If wireless, then your tcpdump tells us that the clients are not contacting the server.  The clients need to be examined in more detail.  If wired, then you need to repeat the tcpdump test and focus it on the wired interface.  The output from a wired tcpdump will tell us whether to examine the clients or the server.

----------

## reckor

 *Hu wrote:*   

> Do you have a general purpose Linux system you can use as the client here?  I don't like trusting that the Windows CIFS stack or the Android television will provide good test results.  Your last tcpdump output suggests to me that your clients aren't doing the right thing.  If so, you cannot fix this with server changes.  Therefore, we need to confirm that the clients are behaving properly before examining the Linux server further.
> 
> If you don't have a Linux client you can use, then please state whether the clients are supposed to be contacting the server over wired or wireless.  If wireless, then your tcpdump tells us that the clients are not contacting the server.  The clients need to be examined in more detail.  If wired, then you need to repeat the tcpdump test and focus it on the wired interface.  The output from a wired tcpdump will tell us whether to examine the clients or the server.

 

Ok, installed Ubuntu in my other laptop for the sake of the testing and it's working...

The clients are connecting to the samba server over wireless connection, so the tcpdump is working 

```

root@migt /home/reckor # tcpdump -p -n -w /tmp/samba.pcap 'tcp and (port 445 or port 139)'

dropped privs to pcap

tcpdump: listening on wlp2s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

53 packets captured

53 packets received by filter

0 packets dropped by kernel

```

Now pls help me making this work in my Android TV and Windows  :Smile:  The former is more important, I don't care about the Windows...

Just to add, one thing that I noticed while connecting is that the samba server is requesting how I would like to connect as (a) Anonymous or (b) Registered User. How can I set the smb.conf to not even ask but allow all connections?

Perhaps this is the issue?

----------

## reckor

Solved by using below smb.conf and by rebooting the rooter.

Thanks all for the support.

```

[global]

    workgroup = home.local

    server string = Reckors Samba Trashcan

    server min protocol = NT1

    client min protocol = NT1

    server role = standalone

    wins support = yes

    local master = yes

    preferred master = yes

    guest account = nobody

    map to guest = bad user

[share]

    path = /home/reckor/share

    browseable = yes

    read only = yes

    public = yes

    guest ok = yes

    guest only = yes

```

----------

