# Samba gentoo-->Winxp

## ats2

Hi,

I cannot connect my gentoo box with a newly installed WinXP machine.Here's my smb.conf :

```

[global]

# 1. Server Naming Options:

# workgroup = NT-Domain-Name or Workgroup-Name

  workgroup= HOME

# server string is the equivalent of the NT Description field

   server string = Samba Server %v

# 2. Printing Options:

# CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK

# if you want to automatically load your printer list rather

# than setting them up individually then you'll need this

   printcap name = cups

   load printers = yes

# It should not be necessary to spell out the print system type unless

# yours is non-standard. Currently supported prin

t systems include:

# bsd, sysv, plp, lprng, aix, hpux, qnx, cups

   printing = cups

# Samba 3.x supports the Windows NT-style point-and-print feature. To

# use this, you need to be able to upload print drivers to the samba

# server. The printer admins (or root) may install drivers onto samba.

# Note that this feature uses the print$ share, so you will need to 

# enable it below.

# printer admin = @<group> <user>

   printer admin = @adm

# 3. Logging Options:

# this tells Samba to use a separate log file for each machine

# that connects

   log file = /var/log/samba3/log.%m

# Put a capping on the size of the log files (in Kb).

   max log size = 50

# Allow users to map to guest:

  map to guest = bad user

# Security mode. Most people will want user level security. See

# security_level.txt for details.

   security = user

# You may wish to use password encryption. Please read

# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.

# Do not enable this option unless you have read those documents

# Encrypted passwords are required for any use of samba in a Windows NT domain

# The smbpasswd file is only required by a server doing authentication, thus

# members of a domain do not need one.

  encrypt passwords = yes

  smb passwd file = /etc/samba/private/smbpasswd

# 5. Browser Control and Networking Options:

# Most people will find that this option gives better performance.

# See speed.txt and the manual pages for details

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces

# If you have multiple network interfaces then you must list them

# here. See the man page for details.

interfaces = 192.168.10.99/29 192.168.10.100/29

# Windows Internet Name Serving Support Section:

# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server

   wins support = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names

# via DNS nslookups. The built-in default for versions 1.9.17 is yes,

# this has been changed in version 1.9.18 to no.

   dns proxy = no 

#============================ Share Definitions ==============================

[homes]

   comment = Home Directories

   browseable = no

   writable = yes

[printers]

   comment = All Printers

   path = /var/spool/samba

   browseable = no

# to allow user 'guest account' to print.

   guest ok = yes

   writable = no

   printable = yes

   create mode = 0700

# =====================================

# print command: see above for details.

# =====================================

   print command = lpr-cups -P %p -o raw %s -r   # using client side printer drivers.

;   print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).

# The following two commands are the samba defaults for printing=cups

# change them only if you need different options:

;   lpq command = lpq -P %p

;   lprm command = cancel %p-%j

# This share is used for Windows NT-style point-and-print support.

# To be able to install drivers, you need to be either root, or listed

# in the printer admin parameter above. Note that you also need write access

# to the directory and share definition to be able to upload the drivers.

# For more information on this, please see the Printing Support Section of

# /usr/share/doc/samba-<version>/Samba-HOWTO-Collection.pdf 

[print$]

   path = /var/lib/samba/printers

   browseable = yes

   read only = yes

   write list = @adm root

   guest ok = yes

```

Here's ifconfig output :

```

dummy0    Lien encap:Ethernet  HWaddr C2:72:4C:52:AD:91

          inet adr:192.168.10.100  Bcast:192.168.10.107  Masque:255.255.255.248

          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 lg file transmission:0

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

eth0      Lien encap:Ethernet  HWaddr 00:50:BA:58:76:4A

          inet adr:192.168.10.99  Bcast:192.168.10.107  Masque:255.255.255.248

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:124 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 lg file transmission:1000

          RX bytes:16908 (16.5 Kb)  TX bytes:0 (0.0 b)

          Interruption:21 Adresse de base:0xbc00

eth1      Lien encap:Ethernet  HWaddr 00:20:ED:40:4D:D5

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:365 errors:0 dropped:0 overruns:0 frame:0

          TX packets:328 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 lg file transmission:1000

          RX bytes:350491 (342.2 Kb)  TX bytes:47792 (46.6 Kb)

          Interruption:21 Adresse de base:0xb800

lo        Lien encap:Boucle locale

          inet adr:127.0.0.1  Masque:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:3424 errors:0 dropped:0 overruns:0 frame:0

          TX packets:3424 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 lg file transmission:0

          RX bytes:371891 (363.1 Kb)  TX bytes:371891 (363.1 Kb)

ppp0      Lien encap:Protocole Point-à-Point

          inet adr:xxxx.xxxx.xxxx.xxxx  P-t-P:193.253.160.3  Masque:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1

          RX packets:325 errors:0 dropped:0 overruns:0 frame:0

          TX packets:290 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 lg file transmission:3

          RX bytes:340873 (332.8 Kb)  TX bytes:39072 (38.1 Kb)

```

And ip route show:

```

xxxx.xxxx.xxxx.xxxx dev ppp0  proto kernel  scope link  src xxxx.xxxx.xxxx.xxxx

192.168.10.96/29 dev dummy0  proto kernel  scope link  src 192.168.10.100

192.168.10.96/29 dev eth0  proto kernel  scope link  src 192.168.10.99

127.0.0.0/8 dev lo  scope link

default via xxxx.xxxx.xxxx.xxxx dev ppp0

```

I have Shorewall installed, so I added these iptables rules :

```

ACCEPT   fw             net             tcp     80  #http

ACCEPT   fw             net             udp     80  #http

ACCEPT   fw             net             tcp     443 #https

ACCEPT   fw             net             udp     443 #https

ACCEPT   fw             net             tcp     21  #ftp

ACCEPT   fw             net             tcp     53  #DNS

ACCEPT   fw             net             udp     53  #DNS

ACCEPT   fw             net             tcp     110 #unsecure Pop3

ACCEPT   fw             net             tcp     995 #Secure Pop3

ACCEPT   fw             net             tcp     873 #rsync

ACCEPT   fw             net             tcp     25  #unsecure SMTP

ACCEPT   fw             net             tcp     465 #SMTP over SSL

ACCEPT   fw             net             tcp     5190 #AIM/ICQ

ACCEPT  $FW:192.168.10.99     all     tcp     901 #swat

ACCEPT   fw             loc              udp     137:139 #begins samba rules

ACCEPT   fw             loc              tcp      137,139,445

ACCEPT   fw             loc              udp     1024:   137

ACCEPT   loc             fw              udp     137:139

ACCEPT   loc             fw              tcp      137,139,445

ACCEPT   loc             fw              udp     1204:   137 # ends samba rules

#DROP     net               fw              tcp      113 #AUTH/IDENT, I added this to show how to block a port

DROP     net               fw              icmp    8   #echo-request

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

```

WinXP machine etho (only nic) is 192.168.10.101. Firewall is disabled.

Winxp doesn't see linux machine at all (nothing in Network Neighbourhood). Can't ping 12.168.10.99 either.

No connectivity from Linux machine: no ping ("operation not permitted"), smbclient -L winxp doesn't find the machine either...

What can I do ?

----------

## danpixley

If you aren't getting a ping, then the problem isn't your Samba.  Try narrowing down the problem; maybe it has something to do with your routing/iptables.  Can your gentoo box ping the XP box?  Can it ping the gateway?  Maybe do a traceroute from the Windows box.  This is assuming that both links are connected and working normally otherwise.  

I'm no expert on the routing stuff, so you'll have to wait for another response.  :Smile: 

Dan

----------

## ats2

Well thanks.

I can't ping from Wincp, neither from Linux. Tracert doesn't give anything:

tracert -j <host> gives me 'can't resolve destination'

tracert -j <ip> gives 'Invalid IP option' (must do something wrong with tracert here)

BUT both machine share the same workgroup, the same subnet... They SHOULD see each other, I think   :Sad: 

----------

## ats2

up

----------

## abaelinor

aaLast edited by abaelinor on Tue Oct 21, 2008 3:44 am; edited 1 time in total

----------

## user317

i used kde's samba server config gui.  its a kcontrol config module, kdenetwork-filesharing i believe is the package name.  surprisingly it worked  :Smile: .  But it looks like your issue depends on your firewall settings, so I don't think this tool will be much help.  i am sharing and browsing files between smb and winxp without a problem.  i still had to add users to samba by hand.  does anyone know how to let samba use my normal user passwd file for users?

----------

## ats2

Well, not sure about firewall setttings because I can't see or even ping machines even with both firewall disabled...

----------

## danpixley

Can you ping www.yahoo.com from your Linux machine?  Can you ping your gateway from the Linux machine?  Rule out that it is not a physical connectivity problem if you can.  If you are having trouble determining if it is a physical connection problem, try booting the Linux machine into the Gentoo boot CD and see if your network works.

----------

## ats2

Thanks for your reply.

Yes, I can ping yahoo and any outside address.

I have a vserver and I can even ping the host from the vserver.

BUT, I cannot ping the other machine in the workgroup, and the other machine doesn't see the linux box either.

 I cannot even ping the winxp with both winxp and linux firewalls disabled... So I gues it isn't really a firewall problem; Maybe there are rights I should give to my users.

For eample, the winxp users have different names than linux users. Is it important at all ?

guest accounts are disabled in both machines. Is it important ?

----------

## Soda Ant

Why do you have 192.168.10.99/29 and 192.168.10.100/29? These are two overlapping /29 subnet blocks.

Perhaps you meant 192.168.10.96/29 and 192.168.10.104/29?

----------

## ats2

192.168.10.99 and 192.168.10.100 belong to the same subnetwork 192.168.10.96 netmask 255.255.255.248 broadcast 192.168.10.103.

No ?

http://jodies.de/ipcalc?host=192.168.10.96&mask1=29&mask2=

----------

## _Master_

 *djlosch wrote:*   

> i had the same problem... my thread is now a few pages in 
> 
> only way i could get into the box was physically pull the cable from eth1 and plug eth0 into my switch (so it could be my eth1 card).  then i ran net-setup and i could ping and connect and everything.  however for some retarded reason winxp would only let me login as guest (stupid)

 

Well. I think xp got some kind of auto-login stuff when trying to connect through the windows network. What I did was to use the same login and password for my share as I use to log into my windows box. So when I try to connect to my gentoo server it will use my username and password automaticly and then I had no problem connecting to my box.  :Smile: 

I haven't checked but I think you can disable that guest thingy somehow.. Don't know where though.

----------

