# Samba "allow hosts" no longer works with hostnames

## zutme

I believe this started when I upgraded to 3.4.6. It no longer works when I uses hostnames instead of IP addresses in smb.conf

This is my smb.conf

```
# Samba config file created using SWAT

# from UNKNOWN (10.10.10.115)

# Date: 2010/06/23 21:40:23

[global]

   interfaces = eth0

   security = SHARE

   ldap ssl = no

[samba-share]

   comment = All my files for Windows users

   path = /mnt/storage/PUBLIC

   guest ok = Yes

[xfer]

   comment = You can write to this

   path = /mnt/storage/xfer

   read only = No

   guest ok = Yes

[trusted$]

   comment = Michael only

   path = /mnt/storage

   read list = michael

   write list = michael

   read only = No

   guest ok = Yes

   hosts allow = 10.10.10.115

```

I would like to use the hostname instead of the IP address there on that last line, but if I do that I can no longer access the share.

I can ping the hostname on either end. The hostname is in the hosts file on the server.

Thanks in advance. Sorry if this is unclear.

EDIT: This is a much more verbose version of the conf file

```

# Samba config file created using SWAT

# from UNKNOWN (10.10.10.115)

# Date: 2010/06/23 21:44:37

[global]

   dos charset = CP850

   unix charset = UTF-8

   display charset = LOCALE

   workgroup = WORKGROUP

   netbios name = ROHLING1

   netbios aliases = 

   netbios scope = 

   server string = Samba 3.4.6

   interfaces = eth0

   bind interfaces only = No

   security = SHARE

   auth methods = 

   encrypt passwords = Yes

   update encrypted = No

   client schannel = Auto

   server schannel = Auto

   allow trusted domains = Yes

   map to guest = Never

   null passwords = No

   obey pam restrictions = No

   password server = *

   smb passwd file = /var/lib/samba/private/smbpasswd

   private dir = /var/lib/samba/private

   passdb backend = tdbsam

   algorithmic rid base = 1000

   root directory = 

   guest account = nobody

   enable privileges = Yes

   pam password change = No

   passwd program = 

   passwd chat = *new*password* %n\n *new*password* %n\n *changed*

   passwd chat debug = No

   passwd chat timeout = 2

   check password script = 

   username map = 

   password level = 0

   username level = 0

   unix password sync = No

   restrict anonymous = 0

   lanman auth = No

   ntlm auth = Yes

   client NTLMv2 auth = No

   client lanman auth = No

   client plaintext auth = No

   preload modules = 

   dedicated keytab file = 

   kerberos method = default

   map untrusted to domain = No

   log level = 0

   syslog = 1

   syslog only = No

   log file = 

   max log size = 5000

   debug timestamp = Yes

   debug prefix timestamp = No

   debug hires timestamp = No

   debug pid = No

   debug uid = No

   debug class = No

   enable core files = Yes

   smb ports = 445 139

   large readwrite = Yes

   max protocol = NT1

   min protocol = CORE

   min receivefile size = 0

   read raw = Yes

   write raw = Yes

   disable netbios = No

   reset on zero vc = No

   acl compatibility = auto

   defer sharing violations = Yes

   nt pipe support = Yes

   nt status support = Yes

   announce version = 4.9

   announce as = NT

   max mux = 50

   max xmit = 16644

   name resolve order = lmhosts wins host bcast

   max ttl = 259200

   max wins ttl = 518400

   min wins ttl = 21600

   time server = No

   unix extensions = Yes

   use spnego = Yes

   client signing = auto

   server signing = No

   client use spnego = Yes

   client ldap sasl wrapping = plain

   enable asu support = No

   svcctl list = 

   deadtime = 0

   getwd cache = Yes

   keepalive = 300

   lpq cache time = 30

   max smbd processes = 0

   paranoid server security = Yes

   max disk size = 0

   max open files = 16384

   socket options = TCP_NODELAY

   use mmap = Yes

   hostname lookups = No

   name cache timeout = 660

   ctdbd socket = 

   cluster addresses = 

   clustering = No

   load printers = Yes

   printcap cache time = 750

   printcap name = 

   cups server = 

   cups connection timeout = 30

   iprint server = 

   disable spoolss = No

   addport command = 

   enumports command = 

   addprinter command = 

   deleteprinter command = 

   show add printer wizard = Yes

   os2 driver map = 

   mangling method = hash2

   mangle prefix = 1

   max stat cache size = 256

   stat cache = Yes

   machine password timeout = 604800

   add user script = 

   rename user script = 

   delete user script = 

   add group script = 

   delete group script = 

   add user to group script = 

   delete user from group script = 

   set primary group script = 

   add machine script = 

   shutdown script = 

   abort shutdown script = 

   username map script = 

   logon script = 

   logon path = \\%N\%U\profile

   logon drive = 

   logon home = \\%N\%U

   domain logons = No

   init logon delayed hosts = 

   init logon delay = 100

   os level = 20

   lm announce = Auto

   lm interval = 60

   preferred master = No

   local master = Yes

   domain master = Auto

   browse list = Yes

   enhanced browsing = Yes

   dns proxy = Yes

   wins proxy = No

   wins server = 

   wins support = No

   wins hook = 

   kernel oplocks = Yes

   lock spin time = 200

   oplock break wait time = 0

   ldap admin dn = 

   ldap delete dn = No

   ldap group suffix = 

   ldap idmap suffix = 

   ldap machine suffix = 

   ldap passwd sync = no

   ldap replication sleep = 1000

   ldap suffix = 

   ldap ssl = no

   ldap ssl ads = No

   ldap timeout = 15

   ldap connection timeout = 2

   ldap page size = 1024

   ldap user suffix = 

   ldap debug level = 0

   ldap debug threshold = 10

   eventlog list = 

   add share command = 

   change share command = 

   delete share command = 

   preload = 

   lock directory = /var/cache/samba

   state directory = /var/lib/samba

   cache directory = /var/lib/samba

   pid directory = /var/run/samba

   default service = 

   message command = 

   get quota command = 

   set quota command = 

   remote announce = 

   remote browse sync = 

   socket address = 0.0.0.0

   homedir map = 

   afs username map = 

   afs token lifetime = 604800

   log nt token command = 

   time offset = 0

   NIS homedir = No

   registry shares = No

   usershare allow guests = No

   usershare max shares = 0

   usershare owner only = Yes

   usershare path = /var/lib/samba/usershares

   usershare prefix allow list = 

   usershare prefix deny list = 

   usershare template share = 

   panic action = 

   perfcount module = 

   host msdfs = Yes

   passdb expand explicit = No

   idmap backend = tdb

   idmap alloc backend = 

   idmap cache time = 604800

   idmap negative cache time = 120

   idmap uid = 

   idmap gid = 

   template homedir = /home/%D/%U

   template shell = /bin/false

   winbind separator = \

   winbind cache time = 300

   winbind reconnect delay = 30

   winbind enum users = No

   winbind enum groups = No

   winbind use default domain = No

   winbind trusted domains only = No

   winbind nested groups = Yes

   winbind expand groups = 1

   winbind nss info = template

   winbind refresh tickets = No

   winbind offline logon = No

   winbind normalize names = No

   winbind rpc only = No

   comment = 

   path = 

   username = 

   invalid users = 

   valid users = 

   admin users = 

   read list = 

   write list = 

   printer admin = 

   force user = 

   force group = 

   read only = Yes

   acl check permissions = Yes

   acl group control = No

   acl map full control = Yes

   create mask = 0744

   force create mode = 00

   security mask = 0777

   force security mode = 00

   directory mask = 0755

   force directory mode = 00

   directory security mask = 0777

   force directory security mode = 00

   force unknown acl user = No

   inherit permissions = No

   inherit acls = No

   inherit owner = No

   guest only = No

   administrative share = No

   guest ok = No

   only user = No

   hosts allow = 

   hosts deny = 

   allocation roundup size = 1048576

   aio read size = 0

   aio write size = 0

   aio write behind = 

   ea support = No

   nt acl support = Yes

   profile acls = No

   map acl inherit = No

   afs share = No

   smb encrypt = auto

   block size = 1024

   change notify = Yes

   directory name cache size = 100

   kernel change notify = Yes

   max connections = 0

   min print space = 0

   strict allocate = No

   strict sync = No

   sync always = No

   use sendfile = No

   write cache size = 0

   max reported print jobs = 0

   max print jobs = 1000

   printable = No

   printing = bsd

   cups options = 

   print command = lpr -r -P'%p' %s

   lpq command = lpq -P'%p'

   lprm command = lprm -P'%p' %j

   lppause command = 

   lpresume command = 

   queuepause command = 

   queueresume command = 

   printer name = 

   use client driver = No

   default devmode = Yes

   force printername = No

   printjob username = %U

   default case = lower

   case sensitive = Auto

   preserve case = Yes

   short preserve case = Yes

   mangling char = ~

   hide dot files = Yes

   hide special files = No

   hide unreadable = No

   hide unwriteable files = No

   delete veto files = No

   veto files = 

   hide files = 

   veto oplock files = 

   map archive = Yes

   map hidden = No

   map system = No

   map readonly = yes

   mangled names = Yes

   store dos attributes = No

   dmapi support = No

   browseable = Yes

   access based share enum = No

   browsable = Yes

   blocking locks = Yes

   csc policy = manual

   fake oplocks = No

   locking = Yes

   oplocks = Yes

   level2 oplocks = Yes

   oplock contention limit = 2

   posix locking = Yes

   strict locking = Auto

   share modes = Yes

   dfree cache time = 0

   dfree command = 

   copy = 

   preexec = 

   preexec close = No

   postexec = 

   root preexec = 

   root preexec close = No

   root postexec = 

   available = Yes

   volume = 

   fstype = NTFS

   set directory = No

   wide links = No

   follow symlinks = Yes

   dont descend = 

   magic script = 

   magic output = 

   delete readonly = No

   dos filemode = No

   dos filetimes = Yes

   dos filetime resolution = No

   fake directory create times = No

   vfs objects = 

   msdfs root = No

   msdfs proxy = 

[samba-share]

   comment = All my files for Windows users

   path = /mnt/storage/PUBLIC

   guest ok = Yes

[xfer]

   comment = You can write to this

   path = /mnt/storage/xfer

   read only = No

   guest ok = Yes

[trusted$]

   comment = Michael only

   path = /mnt/storage

   read list = michael

   write list = michael

   read only = No

   guest ok = Yes

   hosts allow = 10.10.10.115

```

----------

## kimmie

This is the problem IMHO:

```
hostname lookups = No
```

No is a no no, yes? Yes is what you want.   :Very Happy: 

----------

## zutme

Man I thought you had it, but it still doesn't work. 

New (verbose) smb.conf

```

# Samba config file created using SWAT

# from UNKNOWN (10.10.10.115)

# Date: 2010/06/24 08:24:17

[global]

   dos charset = CP850

   unix charset = UTF-8

   display charset = LOCALE

   workgroup = WORKGROUP

   netbios name = ROHLING1

   netbios aliases = 

   netbios scope = 

   server string = Samba 3.4.6

   interfaces = eth0

   bind interfaces only = No

   security = SHARE

   auth methods = 

   encrypt passwords = Yes

   update encrypted = No

   client schannel = Auto

   server schannel = Auto

   allow trusted domains = Yes

   map to guest = Never

   null passwords = No

   obey pam restrictions = No

   password server = *

   smb passwd file = /var/lib/samba/private/smbpasswd

   private dir = /var/lib/samba/private

   passdb backend = tdbsam

   algorithmic rid base = 1000

   root directory = 

   guest account = nobody

   enable privileges = Yes

   pam password change = No

   passwd program = 

   passwd chat = *new*password* %n\n *new*password* %n\n *changed*

   passwd chat debug = No

   passwd chat timeout = 2

   check password script = 

   username map = 

   password level = 0

   username level = 0

   unix password sync = No

   restrict anonymous = 0

   lanman auth = No

   ntlm auth = Yes

   client NTLMv2 auth = No

   client lanman auth = No

   client plaintext auth = No

   preload modules = 

   dedicated keytab file = 

   kerberos method = default

   map untrusted to domain = No

   log level = 0

   syslog = 1

   syslog only = No

   log file = 

   max log size = 5000

   debug timestamp = Yes

   debug prefix timestamp = No

   debug hires timestamp = No

   debug pid = No

   debug uid = No

   debug class = No

   enable core files = Yes

   smb ports = 445 139

   large readwrite = Yes

   max protocol = NT1

   min protocol = CORE

   min receivefile size = 0

   read raw = Yes

   write raw = Yes

   disable netbios = No

   reset on zero vc = No

   acl compatibility = auto

   defer sharing violations = Yes

   nt pipe support = Yes

   nt status support = Yes

   announce version = 4.9

   announce as = NT

   max mux = 50

   max xmit = 16644

   name resolve order = lmhosts wins host bcast

   max ttl = 259200

   max wins ttl = 518400

   min wins ttl = 21600

   time server = No

   unix extensions = Yes

   use spnego = Yes

   client signing = auto

   server signing = No

   client use spnego = Yes

   client ldap sasl wrapping = plain

   enable asu support = No

   svcctl list = 

   deadtime = 0

   getwd cache = Yes

   keepalive = 300

   lpq cache time = 30

   max smbd processes = 0

   paranoid server security = Yes

   max disk size = 0

   max open files = 16384

   socket options = TCP_NODELAY

   use mmap = Yes

   hostname lookups = Yes

   name cache timeout = 660

   ctdbd socket = 

   cluster addresses = 

   clustering = No

   load printers = Yes

   printcap cache time = 750

   printcap name = 

   cups server = 

   cups connection timeout = 30

   iprint server = 

   disable spoolss = No

   addport command = 

   enumports command = 

   addprinter command = 

   deleteprinter command = 

   show add printer wizard = Yes

   os2 driver map = 

   mangling method = hash2

   mangle prefix = 1

   max stat cache size = 256

   stat cache = Yes

   machine password timeout = 604800

   add user script = 

   rename user script = 

   delete user script = 

   add group script = 

   delete group script = 

   add user to group script = 

   delete user from group script = 

   set primary group script = 

   add machine script = 

   shutdown script = 

   abort shutdown script = 

   username map script = 

   logon script = 

   logon path = \\%N\%U\profile

   logon drive = 

   logon home = \\%N\%U

   domain logons = No

   init logon delayed hosts = 

   init logon delay = 100

   os level = 20

   lm announce = Auto

   lm interval = 60

   preferred master = No

   local master = Yes

   domain master = Auto

   browse list = Yes

   enhanced browsing = Yes

   dns proxy = Yes

   wins proxy = No

   wins server = 

   wins support = No

   wins hook = 

   kernel oplocks = Yes

   lock spin time = 200

   oplock break wait time = 0

   ldap admin dn = 

   ldap delete dn = No

   ldap group suffix = 

   ldap idmap suffix = 

   ldap machine suffix = 

   ldap passwd sync = no

   ldap replication sleep = 1000

   ldap suffix = 

   ldap ssl = no

   ldap ssl ads = No

   ldap timeout = 15

   ldap connection timeout = 2

   ldap page size = 1024

   ldap user suffix = 

   ldap debug level = 0

   ldap debug threshold = 10

   eventlog list = 

   add share command = 

   change share command = 

   delete share command = 

   preload = 

   lock directory = /var/cache/samba

   state directory = /var/lib/samba

   cache directory = /var/lib/samba

   pid directory = /var/run/samba

   default service = 

   message command = 

   get quota command = 

   set quota command = 

   remote announce = 

   remote browse sync = 

   socket address = 0.0.0.0

   homedir map = 

   afs username map = 

   afs token lifetime = 604800

   log nt token command = 

   time offset = 0

   NIS homedir = No

   registry shares = No

   usershare allow guests = No

   usershare max shares = 0

   usershare owner only = Yes

   usershare path = /var/lib/samba/usershares

   usershare prefix allow list = 

   usershare prefix deny list = 

   usershare template share = 

   panic action = 

   perfcount module = 

   host msdfs = Yes

   passdb expand explicit = No

   idmap backend = tdb

   idmap alloc backend = 

   idmap cache time = 604800

   idmap negative cache time = 120

   idmap uid = 

   idmap gid = 

   template homedir = /home/%D/%U

   template shell = /bin/false

   winbind separator = \

   winbind cache time = 300

   winbind reconnect delay = 30

   winbind enum users = No

   winbind enum groups = No

   winbind use default domain = No

   winbind trusted domains only = No

   winbind nested groups = Yes

   winbind expand groups = 1

   winbind nss info = template

   winbind refresh tickets = No

   winbind offline logon = No

   winbind normalize names = No

   winbind rpc only = No

   comment = 

   path = 

   username = 

   invalid users = 

   valid users = 

   admin users = 

   read list = 

   write list = 

   printer admin = 

   force user = 

   force group = 

   read only = Yes

   acl check permissions = Yes

   acl group control = No

   acl map full control = Yes

   create mask = 0744

   force create mode = 00

   security mask = 0777

   force security mode = 00

   directory mask = 0755

   force directory mode = 00

   directory security mask = 0777

   force directory security mode = 00

   force unknown acl user = No

   inherit permissions = No

   inherit acls = No

   inherit owner = No

   guest only = No

   administrative share = No

   guest ok = No

   only user = No

   hosts allow = 

   hosts deny = 

   allocation roundup size = 1048576

   aio read size = 0

   aio write size = 0

   aio write behind = 

   ea support = No

   nt acl support = Yes

   profile acls = No

   map acl inherit = No

   afs share = No

   smb encrypt = auto

   block size = 1024

   change notify = Yes

   directory name cache size = 100

   kernel change notify = Yes

   max connections = 0

   min print space = 0

   strict allocate = No

   strict sync = No

   sync always = No

   use sendfile = No

   write cache size = 0

   max reported print jobs = 0

   max print jobs = 1000

   printable = No

   printing = bsd

   cups options = 

   print command = lpr -r -P'%p' %s

   lpq command = lpq -P'%p'

   lprm command = lprm -P'%p' %j

   lppause command = 

   lpresume command = 

   queuepause command = 

   queueresume command = 

   printer name = 

   use client driver = No

   default devmode = Yes

   force printername = No

   printjob username = %U

   default case = lower

   case sensitive = Auto

   preserve case = Yes

   short preserve case = Yes

   mangling char = ~

   hide dot files = Yes

   hide special files = No

   hide unreadable = No

   hide unwriteable files = No

   delete veto files = No

   veto files = 

   hide files = 

   veto oplock files = 

   map archive = Yes

   map hidden = No

   map system = No

   map readonly = yes

   mangled names = Yes

   store dos attributes = No

   dmapi support = No

   browseable = Yes

   access based share enum = No

   browsable = Yes

   blocking locks = Yes

   csc policy = manual

   fake oplocks = No

   locking = Yes

   oplocks = Yes

   level2 oplocks = Yes

   oplock contention limit = 2

   posix locking = Yes

   strict locking = Auto

   share modes = Yes

   dfree cache time = 0

   dfree command = 

   copy = 

   preexec = 

   preexec close = No

   postexec = 

   root preexec = 

   root preexec close = No

   root postexec = 

   available = Yes

   volume = 

   fstype = NTFS

   set directory = No

   wide links = No

   follow symlinks = Yes

   dont descend = 

   magic script = 

   magic output = 

   delete readonly = No

   dos filemode = No

   dos filetimes = Yes

   dos filetime resolution = No

   fake directory create times = No

   vfs objects = 

   msdfs root = No

   msdfs proxy = 

[samba-share]

   comment = All my files for Windows users

   path = /mnt/storage/PUBLIC

   guest ok = Yes

[xfer]

   comment = You can write to this

   path = /mnt/storage/xfer

   read only = No

   guest ok = Yes

[trusted$]

   comment = Michael only

   path = /mnt/storage

   read list = michael

   write list = michael

   read only = No

   guest ok = Yes

   hosts allow = rohling5

```

----------

## kimmie

Ah crap, me too. Did you try using the fqdn instead? Grrrr.

----------

## zutme

The Windows computer is not a member of any domain, so I don't know what I would enter for a FQDN. This used to work with no problem for at least a year. I have no idea what the problem is.

----------

## krinn

check that, maybe you upgrade glibc with samba ?

https://forums.gentoo.org/viewtopic-t-833342-highlight-.html

----------

## Anon-E-moose

 *zutme wrote:*   

> The Windows computer is not a member of any domain, so I don't know what I would enter for a FQDN. This used to work with no problem for at least a year. I have no idea what the problem is.

 

What do you get when you do "ping rohling5" from the command line?

----------

## zutme

 *Anon-E-moose wrote:*   

>  *zutme wrote:*   The Windows computer is not a member of any domain, so I don't know what I would enter for a FQDN. This used to work with no problem for at least a year. I have no idea what the problem is. 
> 
> What do you get when you do "ping rohling5" from the command line?

 

```

PING rohling5 (10.10.10.115) 56(84) bytes of data.

64 bytes from rohling5 (10.10.10.115): icmp_seq=1 ttl=128 time=0.205 ms

64 bytes from rohling5 (10.10.10.115): icmp_seq=2 ttl=128 time=0.117 ms

64 bytes from rohling5 (10.10.10.115): icmp_seq=3 ttl=128 time=0.121 ms

64 bytes from rohling5 (10.10.10.115): icmp_seq=4 ttl=128 time=0.170 ms

64 bytes from rohling5 (10.10.10.115): icmp_seq=5 ttl=128 time=0.127 ms

64 bytes from rohling5 (10.10.10.115): icmp_seq=6 ttl=128 time=0.121 ms

^C

--- rohling5 ping statistics ---

6 packets transmitted, 6 received, 0% packet loss, time 4996ms

rtt min/avg/max/mdev = 0.117/0.143/0.205/0.034 ms

```

----------

## zutme

 *krinn wrote:*   

> check that, maybe you upgrade glibc with samba ?
> 
> https://forums.gentoo.org/viewtopic-t-833342-highlight-.html

 

I updated to the latest stable glibc. No luck. Are you saying I should try unstable? I was thinking this probably was a samba thing not a dns thing cause I can ping the windows computer by hostname and it is in the hosts file on the gentoo server.

Edit:

I'm recompiling samba now. I don't know if that was necessary.

Edit:

recompiled, restarted still doesn't workLast edited by zutme on Thu Jun 24, 2010 5:30 pm; edited 2 times in total

----------

## Anon-E-moose

 *zutme wrote:*   

>  I was thinking this probably was a samba thing not a dns thing cause I can ping the windows computer by hostname and it is in the hosts file on the gentoo server.

 

It has something to do with either samba, or the way samba does hostname resolution.

Ping works, so the networking/dns resolution works.

If you change the hosts allow line to "hosts allow = # rohling5" does it work?

----------

## zutme

 *Anon-E-moose wrote:*   

>  *zutme wrote:*    I was thinking this probably was a samba thing not a dns thing cause I can ping the windows computer by hostname and it is in the hosts file on the gentoo server. 
> 
> It has something to do with either samba, or the way samba does hostname resolution.
> 
> Ping works, so the networking/dns resolution works.
> ...

 

No luck here

----------

## Anon-E-moose

 *zutme wrote:*   

>  *Anon-E-moose wrote:*    *zutme wrote:*    I was thinking this probably was a samba thing not a dns thing cause I can ping the windows computer by hostname and it is in the hosts file on the gentoo server. 
> 
> It has something to do with either samba, or the way samba does hostname resolution.
> 
> Ping works, so the networking/dns resolution works.
> ...

 

What I recommended does is open it completely to any host. 

You have a problem but it's not connected to hostnames.

What type windows machine (98/XP/Vista/7) is it?

----------

## zutme

 *Anon-E-moose wrote:*   

>  *zutme wrote:*    *Anon-E-moose wrote:*    *zutme wrote:*    I was thinking this probably was a samba thing not a dns thing cause I can ping the windows computer by hostname and it is in the hosts file on the gentoo server. 
> 
> It has something to do with either samba, or the way samba does hostname resolution.
> 
> Ping works, so the networking/dns resolution works.
> ...

 

It is a Windows 7 machine, but it works if I use the machines IP address just fine so it must have something to do with the hostname right?

----------

## Anon-E-moose

If you do "dig -x 10.10.10.115 " what do you get?

----------

## zutme

 *Anon-E-moose wrote:*   

> If you do "dig -x 10.10.10.115 " what do you get?

 

```

dig -x 10.10.10.115

; <<>> DiG 9.4.3-P5 <<>> -x 10.10.10.115

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16477

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;115.10.10.10.in-addr.arpa.     IN      PTR

;; Query time: 54 msec

;; SERVER: 10.10.10.1#53(10.10.10.1)

;; WHEN: Thu Jun 24 13:15:01 2010

;; MSG SIZE  rcvd: 43

```

----------

## Anon-E-moose

So you're not getting a reverse dns lookup with dig

if you have nslookup what does "nslookup rohling5" return

----------

## zutme

 *Anon-E-moose wrote:*   

> So you're not getting a reverse dns lookup
> 
> if you have nslookup what does "nslookup rohling5" return

 

```

 nslookup rohling5

Server:         10.10.10.1

Address:        10.10.10.1#53

Name:   rohling5

Address: 10.10.10.115

```

----------

## Anon-E-moose

it looks like the fqdn is "rohling5" otherwise it would have given something more with nslookup.

Not sure what your problem is, other than I would cut the smb.conf file down to only a few options, 

until it starts working then add back whatever you need. 

for me, it's a pretty short smb.conf

```
[global]

   workgroup = WORKGROUP

   server string = Samba Server

   security = share

   hosts allow = 192.168.1. 127.

   max log size = 50

   local master = yes

   domain master = yes 

   preferred master = yes

   wins support = yes

   dns proxy = no 

[n]

    comment = n filesystem

    path = /n

    read only = No

    guest ok = Yes

[mnt]

    comment = cd filesystem

    path = /mnt

    read only = Yes

    guest ok = Yes

```

----------

## zutme

 *Anon-E-moose wrote:*   

> it looks like the fqdn is "rohling5" otherwise it would have given something more with nslookup.
> 
> Not sure what your problem is, other than I would cut the smb.conf file down to only a few options, 
> 
> until it starts working then add back whatever you need. 
> ...

 

Mine's actually pretty short too. The big long one I pasted above is something that swat produces when you ask it to display all options.

Here is what the smb.conf file actually looks like:

```

[samba-share]

        comment = All my files for Windows users

        path = /mnt/storage/PUBLIC

        guest ok = Yes

[xfer]

        comment = You can write to this

        path = /mnt/storage/xfer

        read only = No

        guest ok = Yes

[trusted$]

        comment = Michael only

        path = /mnt/storage

        read list = michael

        write list = michael

        read only = No

        guest ok = Yes

        hosts allow = 10.10.10.115

```

Maybe swat is doing something weird. I guess I'll just stick with using the IP address unless anyone else has any ideas.

----------

## krinn

 *Anon-E-moose wrote:*   

> 
> 
> It has something to do with either samba, or the way samba does hostname resolution.
> 
> Ping works, so the networking/dns resolution works.
> ...

 

not necessary, there's a function in libc to resolve dns (i think specially fqdn) that is know (for me, google for glibc+dns to get a point) to get in trouble, and if an application use it, application is in trouble, if the application doesn't use glibc then, problem doesn't appears.

You should check the link i gave and you will see the user is able to ping but was unable to resolve dns from some programs. And this was a glibc issue.

zutme:

You should try upgrading glibc, specially if you own a 2.9* version (maybe some others version as well, i know glibc trouble with dns from many glibc versions), well, at least, it won't kill you, building glibc should take 20 minutes, an easy test so.

And like grOsshirn (the user from the other thread) does, you also didn't mention your glibc version, even if it fail you should provide it, it might help (at least me !) to know one that fail and what version is working (i understand, we can't think about everything), so if it work, please provide working glibc version and also failing one for others users (and again for me)

----------

## cach0rr0

 *krinn wrote:*   

> 
> 
> not necessary, there's a function in libc to resolve dns (i think specially fqdn) that is know (for me, google for glibc+dns to get a point) to get in trouble, and if an application use it, application is in trouble, if the application doesn't use glibc then, problem doesn't appears.
> 
> 

 

++

They are numerous, and well documented - for example: http://sourceware.org/bugzilla/show_bug.cgi?id=4980

It's among the reasons for this - http://blog.aurel32.net/?p=47

----------

## darkphader

Samba uses NetBIOS, FQDN is meaningless here. FYI, "security = share" is deprecated and I highly recommend against using it - use "security = user" instead.

Is the client computer providing its hostname? Check the samba logs (usually /var/log/samba) for entries with that hostname. If you don't see any it could be on the client end.

Chris

----------

## zutme

 *darkphader wrote:*   

> Samba uses NetBIOS, FQDN is meaningless here. FYI, "security = share" is deprecated and I highly recommend against using it - use "security = user" instead.
> 
> Is the client computer providing its hostname? Check the samba logs (usually /var/log/samba) for entries with that hostname. If you don't see any it could be on the client end.
> 
> Chris

 

Looks like you are right. What do you make of this?

```

[2010/06/25 07:55:29,  0] printing/pcap.c:178(pcap_cache_reload)

  Unable to open printcap file /etc/printcap for read!

[2010/06/25 07:55:29,  0] printing/pcap.c:178(pcap_cache_reload)

  Unable to open printcap file /etc/printcap for read!

[2010/06/25 07:59:50,  0] printing/pcap.c:178(pcap_cache_reload)

  Unable to open printcap file /etc/printcap for read!

[2010/06/25 07:59:50,  0] printing/pcap.c:178(pcap_cache_reload)

  Unable to open printcap file /etc/printcap for read!

[2010/06/25 07:59:50,  0] printing/pcap.c:178(pcap_cache_reload)

  Unable to open printcap file /etc/printcap for read!

[2010/06/25 07:59:50,  0] printing/pcap.c:178(pcap_cache_reload)

  Unable to open printcap file /etc/printcap for read!

[2010/06/25 07:59:53,  1] smbd/service.c:1240(close_cnum)

  __ffff_10.10.10.115 (::ffff:10.10.10.115) closed connection to service trusted$

[2010/06/25 07:59:54,  0] smbd/server.c:1073(main)

  smbd version 3.4.6 started.

  Copyright Andrew Tridgell and the Samba Team 1992-2009

[2010/06/25 07:59:54,  0] printing/pcap.c:178(pcap_cache_reload)

  Unable to open printcap file /etc/printcap for read!

[2010/06/25 07:59:54,  0] printing/pcap.c:178(pcap_cache_reload)

  Unable to open printcap file /etc/printcap for read!

[2010/06/25 07:59:54,  0] smbd/server.c:457(smbd_open_one_socket)

  smbd_open_once_socket: open_socket_in: Address already in use

[2010/06/25 07:59:54,  0] smbd/server.c:457(smbd_open_one_socket)

  smbd_open_once_socket: open_socket_in: Address already in use

[2010/06/25 08:00:11,  1] smbd/service.c:1063(make_connection_snum)

  __ffff_10.10.10.115 (::ffff:10.10.10.115) connect to service samba-share initially as user michael (uid=1001, gid=100) (pid 16391)

[2010/06/25 08:00:11,  1] smbd/service.c:1063(make_connection_snum)

  __ffff_10.10.10.115 (::ffff:10.10.10.115) connect to service xfer initially as user michael (uid=1001, gid=100) (pid 16391)

[2010/06/25 08:00:11,  0] lib/util_sock.c:1564(matchname)

  matchname: host name/address mismatch: ::ffff:10.10.10.115 != rohling5

[2010/06/25 08:00:11,  0] lib/util_sock.c:1685(get_peer_name)

  Matchname failed on rohling5 ::ffff:10.10.10.115

[2010/06/25 08:00:11,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:11,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:11,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:11,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:26,  1] smbd/service.c:1240(close_cnum)

  __ffff_10.10.10.115 (::ffff:10.10.10.115) closed connection to service samba-share

[2010/06/25 08:00:26,  1] smbd/service.c:1240(close_cnum)

  __ffff_10.10.10.115 (::ffff:10.10.10.115) closed connection to service xfer

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

[2010/06/25 08:00:31,  0] lib/access.c:410(check_access)

  Denied connection from UNKNOWN (::ffff:10.10.10.115)

```

----------

## zutme

 *krinn wrote:*   

>  *Anon-E-moose wrote:*   
> 
> It has something to do with either samba, or the way samba does hostname resolution.
> 
> Ping works, so the networking/dns resolution works.
> ...

 

Currently running sys-libs/glibc-2.11.1

Should I upgrade to the unstable? If I do should I recompile samba for the changes to go into effect?

----------

## krinn

i don't think so, i'm using 2.10 and it works, even it's not a proof 2.11 (branching tree can affect a version when a version in the middle might use a non affect branch...) cannot be affect, well, it shouldn't  :Smile: 

but i will keep in mind 2.11.1 might be affect.

----------

## darkphader

 *zutme wrote:*   

> What do you make of this?

 

Looks like the NetBIOS name is not being sent, or is being blocked. Make sure the client computer has NetBIOS enabled and that any firewall is not blocking the respective ports 137-139 & 145 (usually best to disable firewalls when troubleshooting).

----------

## kimmie

 :Shocked:  Hmm. First I typed out the stuff below. Then I decided to try out hosts allow for myself. I'm seeing the same problem as you. DOH! BTW I'm using glibc-2.10.1-r1 and samba-3.4.6. Seeing as I'd already typed the following I might as well post it, you might find it interesting. But I don't think it will solve your problem! Like I said, hmmmm.

If the problem is in name resolution, here's a couple more things to try. (I'm presuming you aren't using a wins server to resolve windows names, if you are, you should be fixing that somehow, but I can't really advise you there, I've never done that myself.)

Your logs show ipv6 addresses. Do you have the machine named in hosts or LMHOSTS with the ipv6 address as well as ipv4?

Use "smb ports = 139" instead of "445 139". The LANMAN protocol differs depending what port is used. This is usually used so that the server gets the name the client used to refer to it, so it can have multiple names, and multiple "personalities" using "include = ... %L ..."; I know this isn't your situation, but it's worth a shot.

Make sure your samba is merged with USE=winbindd. Change the hosts line in /etc/nssswitch.conf to read "hosts:  files dns wins" (actually, just add wins to the end, not sure what yours is now).  This makes normal name lookups on your host go to nmbd if they can't be otherwise resolved. It has the handy side effect that you can now do things like "ping winbox" if WINBOX is a windows machine on your lan and it's not in dns or a hosts file. UNIX purists will probably hate this, but that fact is that often a home LAN doesn't have a dns server; maybe the router's too dumb and there's no other machine that's on all the time and suitable for a dns server. That's why LANMAN networking is peer-to-peer. This change allows you to take advantage of that. You can even do this on all your unix boxes by running nmbd on them too, no need for smbd. I use this myself, it's very practical. Also, don't get confused, there's no need to actually run a wins server (wnbindd), despite the USE flag.

----------

## zutme

 *darkphader wrote:*   

>  *zutme wrote:*   What do you make of this? 
> 
> Looks like the NetBIOS name is not being sent, or is being blocked. Make sure the client computer has NetBIOS enabled and that any firewall is not blocking the respective ports 137-139 & 145 (usually best to disable firewalls when troubleshooting).

 

Disabled the firewall and enabled netbios, still no luck.

Also, I tried the unstable (~x86) samba 3.5.4, but that didn't do anything either

----------

## krinn

try (if you can) 

wget -4 rohling5://afile

then wget -6 rohling5://afile

----------

## Anon-E-moose

IPV6 is what is causing problems

 *Quote:*   

> [2010/06/25 08:00:11,  1] smbd/service.c:1063(make_connection_snum)
> 
>   __ffff_10.10.10.115 (::ffff:10.10.10.115) connect to service xfer initially as user michael (uid=1001, gid=100) (pid 16391)
> 
> [2010/06/25 08:00:11,  0] lib/util_sock.c:1564(matchname)
> ...

 

Either turn off IPV6 on the windows machine, or shut it off on the linux side

(I see no real need to use it on an internal lan)

Netbios doesn't like IPV6, at least AFAIK.

----------

## zutme

 *krinn wrote:*   

> try (if you can) 
> 
> wget -4 rohling5://afile
> 
> then wget -6 rohling5://afile

 

Neither of these computers are running a web server, and one of them is running Windows 7.

----------

## zutme

 *Anon-E-moose wrote:*   

> IPV6 is what is causing problems
> 
>  *Quote:*   [2010/06/25 08:00:11,  1] smbd/service.c:1063(make_connection_snum)
> 
>   __ffff_10.10.10.115 (::ffff:10.10.10.115) connect to service xfer initially as user michael (uid=1001, gid=100) (pid 16391)
> ...

 

This seems pretty likely, I'll check it out when I get home tonight.

----------

## zutme

I tried switching off IPv6 in Windows 7 and it didn't work. I also dual-boot this machine with Ubuntu. It didn't work trying to connect to it on Ubuntu either. Same hostname / IP in both Windows and Ubuntu.

----------

## kimmie

Well, I managed to get this working in my setup  :Smile:  . Hopefully that means you can too!

I'm using /etc/hosts because reverse dns lookup doesn't work for my samba clients; from the "dig -x" results earlier in this thread it looks like it's the same for you.

To get "hosts allow" working, I needed to have "hostname lookups = Yes" and "hosts allow = clientname" in smb.conf. Also the clientname has to appear as the _canonical_ name (ie. the first one listed, not an alias) in /etc/hosts. If your hosts file entry looks like "10.0.1.1 clientname.mydomain clientname" it won't work. In this case, you'd need to put "hosts allow = clientname.mydomain" in your smb.conf to match the canonical name.

I'm using IPv4 addresses and it looks like you're using IPv6, so your /etc/hosts line should probably contain  "::ffff:10.10.10.115 clientname" if it doesn't already. You can have both ipv4 and v6 lines in /etc/hosts for the same host.

Also, I've found I need to restart samba after changes to the hosts file, because it caches results.

FYI, as I said earlier, I'm using stable: samba-3.4.6 glibc-2.10.1-r1. You shouldn't need to move to unstable. Samba was built with USE="acl aio caps client cups doc examples netapi pam readline server smbclient swat syslog winbind -addns -ads -avahi -cluster -debug -fam -ldap -ldb -quota -smbsharemodes"

If it still doesn't work, a longshot: I'm using "name resolve order = host bcast" in /etc/smb.conf; that's not the default, which is "lmhosts host wins bcast". I don't believe that this setting controls reverse lookups, so it shouldn't make any difference; but if your setting doesn't contain "host" or if you're using LMHOSTS and there's a wrong entry in there then maybe that's causing the problem. But probably not, as I said it's a longshot.

Also, a word of caution (in opposition to some of the comments in this thread): Samba _can_ use netbios without fqdns, buts that's not the only way it resolves names, even in the default setup. In any case, it still does reverse name lookups using the resolver library (NOT netbios), which is configured by /etc/nsswitch.conf and /etc/host.conf AND /etc/resolv.conf, and which handles fqdns in different ways depending on configuration. Also, nslookup and dig will _never_ find names from /etc/hosts, forward or reverse because they only do dns queries. It's not simple, and it's confusing for everyone. If you want to get down and dirty with this stuff, a good place to look is http://pm.97things.oreilly.com/wiki/index.php/Linux_in_a_Windows_World/Sharing_Files_and_Printers/Linux_as_an_SMB/CIFS_Client

----------

## Anon-E-moose

Kimie, I agree that samba should be bounced when making config changes, I just took it for granted that others realized that.

Here are some links to getting samba and ipv6 working together (I time delimited the searches to the last 6 months or so)

http://www.google.com/search?q=samba+and+ipv6&hl=en&lr=lang_en&safe=off&sa=X&ei=I84lTJHzO4L48AbJutjWDw&ved=0CBUQpwU&tbs=cdr%3A1%2Ccd_min%3A1%2F1%2F2010%2Ccd_max%3A&tbo=s

Good luck

----------

## zutme

 *kimmie wrote:*   

> Well, I managed to get this working in my setup  . Hopefully that means you can too!
> 
> I'm using /etc/hosts because reverse dns lookup doesn't work for my samba clients; from the "dig -x" results earlier in this thread it looks like it's the same for you.
> 
> To get "hosts allow" working, I needed to have "hostname lookups = Yes" and "hosts allow = clientname" in smb.conf. Also the clientname has to appear as the _canonical_ name (ie. the first one listed, not an alias) in /etc/hosts. If your hosts file entry looks like "10.0.1.1 clientname.mydomain clientname" it won't work. In this case, you'd need to put "hosts allow = clientname.mydomain" in your smb.conf to match the canonical name.
> ...

 

First, thank you so much for figuring this out. Even though I am using IPv4 only on both server and host, adding :ffff:10.10.10.115 rohling5 to my hosts file got this working for me. I'm not sure why this has to be here, but I'm glad it's working now.

----------

## kimmie

 :Surprised:  Terrific! Now I have an excuse to to go have a beer!!!

----------

