# samba to winbox OK but no linux - linux

## Gentree

Hi,

I'm sure this is one of those "mosted asked questions" , but that's just the trouble , there's so much about how ppl cant config samba it's damn near impossible to find anything related to my issue.

I've had samba working file between Gentoo and the occasional winbox that I need to connect but now I want to bring a Suse box into the picture.

Lin-to-lin seems to be a bit more tricky.

Forgetting the SuSE end of things for a minute , in diagnosing the issue I find that gentoo box cant even connect itself

 *Quote:*   

> bash-3.00#smbclient -L localhost -U%
> 
> WARNING: The "printer admin" option is deprecated
> 
> Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.20b]
> ...

 

Probably obvious to someone whose done this so I wont bulk this out with heaps of config data unless its needed.

TIA , Gentree.   :Cool: 

----------

## steveb

I have 3.0.20b runing here, without any porblem. It would help if you could post your smb.conf file. Would that be possible?

cheers

SteveB

----------

## Gentree

Sure

```
[global]

   workgroup = WORKGROUP

   server string = Samba Server %v

   printcap name = cups

   load printers = yes

   printing = cups

   log file = /var/log/samba3/log.%m

   max log size = 50

   hosts allow = 192.168.1. 192.168.2. 127.

    interfaces = eth0 lo

    bind interfaces only = yes

  map to guest = bad user

   security = user

  password level = 8

  username level = 8

  encrypt passwords = yes

  smb passwd file = /etc/samba/private/smbpasswd

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

  

   dns proxy = no 

  preserve case = yes

   dos charset = 850

   unix charset = ISO8859-1

[homes]

   comment = Home Directories

   browseable = no

   writable = yes

[printers]

   comment = All Printers

   path = /var/spool/samba

   browseable = no

   guest ok = yes

   writable = no

   printable = yes

   create mode = 0700

   print command = lpr-cups -P %p -o raw %s -r   # using client side printer drivers.

[print$]

   path = /var/lib/samba/printers

   browseable = yes

   read only = yes

   write list = @adm root

   guest ok = yes

[tmp]

   comment = Temporary file space

   path = /tmp/samba

   read only = no

   public = yes

[profsdir]

   comment = Prof Linbox space

   path = /home/prof

   valid users = prof

   public = no

   writable = yes

   printable = no

```

Thanks for taking a look.   :Cool: 

While I've got your ear can you see what's wrong with this line in my firewall?

All the howto stuff I can find seems to have this sort of line but it is causing an error when I run that in the startup script . I'm thinking it may be a recent kernel or iptables change but I cant find anything.

```
# allow packets that belong to established connections

   iptables -A INPUT -i $IFACE1 -m state --state ESTABLISHED,RELATED -j ACCEPT

```

----------

## steveb

I think the problem is that samba does not lissen on localhost. Could you verify by executing the following command and post the output to the forum:

```
netstat -tulpn
```

If you want to use a more verbose smb.conf, then you could exchange you smb.conf with this modified one:

```
# Global parameters

[global]

   # 1. Server Naming Options:

   # workgroup = NT-Domain-Name or Workgroup-Name

   workgroup = WORKGROUP

   # netbios name is the name you will see in "Network Neighbourhood",

   # but defaults to your hostname

   netbios aliases = LINBOX

   # server string is the equivalent of the NT Description field

   server string = %h (Gentoo Linux/Samba V%v)

   # Message command is run by samba when a "popup" message is sent to it.

   # The example below is for use with LinPopUp:

   ;    message command = /usr/bin/linpopup "%f" "%m" %s; rm %s

   # 2. Printing Options:

   # CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK

   # if you want to automatically load your printer list rather

   # than setting them up individually then you'll need this

   printcap name = cups

   load printers = yes

   # It should not be necessary to spell out the print system type unless

   # yours is non-standard. Currently supported print systems include:

   # bsd, sysv, plp, lprng, aix, hpux, qnx, cups

   ;    printing = cups

   # Use CUPS for the printing wizzard

   ;    show add printer wizard = Yes

   # 3. Logging Options:

   # this tells Samba to use a separate log file for each machine

   # that connects

   log file = /var/log/samba3/log.%m

   # Put a capping on the size of the log files (in Kb).

   max log size = 50

   # Set the log (verbosity) level (0 <= log level <= 10)

   ;    log level = 3

   # Allow syslog

   syslog = 1

   # 4. Security and Domain Membership Options:

   # This option is important for security. It allows you to restrict

   # connections to machines which are on your local network. The

   # following example restricts access to two C class networks and

   # the "loopback" interface. For more examples of the syntax see

   # the smb.conf man page. Do not enable this if (tcp/ip) name resolution does

   # not work for all the hosts in your network.

   hosts allow = 192.168.1 192.168.2 127.

   # All other connections will be refused connections as soon as the client

   # sends its first packet. The refusal will be marked as a 'not listening

   # on called name' error.

   hosts deny = 0.0.0.0/0

   # Uncomment this if you want a guest account, you must add this to /etc/passwd

   # otherwise the user "nobody" is used

   ;    guest account = pcguest

   # Allow users to map to guest:

   map to guest = bad user

   # Security mode. Most people will want user level security. See

   # security_level.txt for details.

   security = user

   # Use password server option only with security = server or security = domain

   # When using security = domain, you should use password server = *

   ;    password server = <NT-Server-Name>

   ;    password server = *

   # Password Level allows matching of _n_ characters of the password for

   # all combinations of upper and lower case.

   password level = 8

   username level = 8

   # You may wish to use password encryption. Please read

   # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.

   # Do not enable this option unless you have read those documents

   # Encrypted passwords are required for any use of samba in a Windows NT domain

   # The smbpasswd file is only required by a server doing authentication, thus

   # members of a domain do not need one.

   encrypt passwords = yes

   smb passwd file = /etc/samba/private/smbpasswd

   # The following are needed to allow password changing from Windows to

   # also update the Linux system password.

   # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.

   # NOTE2: You do NOT need these to allow workstations to change only

   #        the encrypted SMB passwords. They allow the Unix password

   #        to be kept in sync with the SMB password.

   unix password sync = Yes

   # You either need to setup a passwd program and passwd chat, or

   # enable pam password change

   pam password change = yes

   passwd program = /usr/bin/passwd %u

   passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*

   # Unix users can map to different SMB User names

   username map = /etc/samba/smbusers

   # Using the following line enables you to customise your configuration

   # on a per machine basis. The %m gets replaced with the netbios name

   # of the machine that is connecting

   ;    include = /etc/samba/smb.conf.%m

   # Options for using winbind. Winbind allows you to do all account and

   # authentication from a Windows or samba domain controller, creating

   # accounts on the fly, and maintaining a mapping of Windows RIDs to unix uid's

   # and gid's. idmap uid and idmap gid are the only required parameters.

   #

   # winbind separator is the character a user must use between their domain

   # name and username, defaults to "\"

   ;    winbind separator = +

   #

   # winbind use default domain allows you to have winbind return usernames

   # in the form user instead of DOMAIN+user for the domain listed in the

   # workgroup parameter.

   winbind use default domain = yes

   #

   # template homedir determines the home directory for winbind users, with

   # %D expanding to their domain name and %U expanding to their username:

   template homedir = /home/%U

   # When using winbind, you may want to have samba create home directories

   # on the fly for authenticated users. Ensure that /etc/pam.d/samba is

   # using 'service=system-auth-winbind' in pam_stack modules, and then

   # enable obedience of pam restrictions below:

   obey pam restrictions = yes

   #

   # template shell determines the shell users authenticated by winbind get

   template shell = /bin/false

   # 5. Browser Control and Networking Options:

   # Most people will find that this option gives better performance.

   # See speed.txt and the manual pages for details

   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=16384 SO_SNDBUF=16384

   # Configure Samba to use multiple interfaces

   # If you have multiple network interfaces then you must list them

   # here. See the man page for details.

   ;    interfaces = 192.168.12.2/24 192.168.13.2/24

   interfaces = lo eth0

   bind interfaces only = yes

   # Configure remote browse list synchronisation here

   #  request announcement to, or browse list sync from:

   #       a specific host or from / to a whole subnet (see below)

   ;    remote browse sync = 192.168.3.25 192.168.5.255

   # Cause this host to announce itself to local subnets here

   ;    remote announce = 192.168.1.255 192.168.2.44

   # set local master to no if you don't want Samba to become a master

   # browser on your network. Otherwise the normal election rules apply

   local master = yes

   # OS Level determines the precedence of this server in master browser

   # elections. The default value should be reasonable

   os level = 65

   # Domain Master specifies Samba to be the Domain Master Browser. This

   # allows Samba to collate browse lists between subnets. Don't use this

   # if you already have a Windows NT domain controller doing this job

   domain master = yes

   # Preferred Master causes Samba to force a local browser election on startup

   # and gives it a slightly higher chance of winning the election

   preferred master = yes

   # 6. Domain Control Options:

   # Enable this if you want Samba to be a domain logon server for

   # Windows95 workstations or Primary Domain Controller for WinNT and Win2k

   domain logons = yes

   # if you enable domain logons then you may want a per-machine or

   # per user logon script

   # run a specific logon batch file per workstation (machine)

   ;    logon script = %m.bat

   # run a specific logon batch file per username

   ;    logon script = %U.bat

   logon script = logon.bat

   # Where to store roaming profiles for WinNT and Win2k

   #        %L substitutes for this servers netbios name, %U is username

   #        You must uncomment the [Profiles] share below

   logon path = \\%L\Profiles\%U

   # Where to store roaming profiles for Win9x. Be careful with this as it also

   # impacts where Win2k finds it's /HOME share

   logon home = \\%L\%U\.profile

   # The logon drive

   logon drive = H:

   # Scripts for file (passwd, smbpasswd) backend:

   add user script = /usr/sbin/useradd -s /bin/false '%u'

   delete user script = /usr/sbin/userdel '%s'

   add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M '%u'

   add user to group script = /usr/bin/gpasswd -a '%u' '%g'

   delete user from group script = /usr/bin/gpasswd -d '%u' '%g'

   set primary group script = /usr/sbin/usermod -g '%g' '%u'

   add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}'

   delete group script = /usr/sbin/groupdel '%g'

   # Scripts for LDAP backend (assumes nss_ldap is in use on the domain controller.

   # Needs IDEALX scripts, and configuration in smbldap_conf.pm.

   # This assumes you've installed the IDEALX scripts into /usr/share/samba/scripts...

   ;    add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u'

   ;    delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u'

   ;    add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m '%u' '%g'

   ;    delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl -x '%u' '%g'

   ;    set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g '%g' '%u'

   ;    add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' && /usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print $2}'

   ;    delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g'

   # The add machine script is use by a samba server configured as a domain

   # controller to add local machine accounts when adding machines to the domain.

   # The script must work from the command line when replacing the macros,

   # or the operation will fail. Check that groups exist if forcing a group.

   # Script for domain controller for adding machines:

   add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M '%u'

   # Script for domain controller with LDAP backend for adding machines (You need

   # the IDEALX scripts, and to configure the smbldap_conf.pm first):

   ;    add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false '%u'

   # Domain groups:

   # Domain groups are now configured by using the 'net groupmap' tool

   # Samba Password Database configuration:

   # Samba now has runtime-configurable password database backends. Multiple

   # passdb backends may be used, but users will only be added to the first one

   # Default:

   ;    passdb backend = smbpasswd guest

   # TDB backen with fallback to smbpasswd and guest

   ;    passdb backend = tdbsam smbpasswd guest

   # LDAP with fallback to smbpasswd guest

   # Enable SSL by using an ldaps url, or enable tls with 'ldap ssl' below.

   ;    passdb backend = ldapsam:ldaps://ldap.mydomain.com smbpasswd guest

   # Use the samba2 LDAP schema:

   ;    passdb backend = ldapsam_compat:ldaps://ldap.mydomain.com smbpasswd guest

   # idmap uid account range:

   # This is a range of unix user-id's that samba will map non-unix RIDs to,

   # such as when using Winbind

   ;    idmap uid = 1000-2000

   ;    idmap gid = 3000-4000

   # LDAP configuration for Domain Controlling:

   # The account (dn) that samba uses to access the LDAP server

   # This account needs to have write access to the LDAP tree

   # You will need to give samba the password for this dn, by

   # running 'smbpasswd -w mypassword'

   ;    ldap admin dn = cn=root,dc=linbox,dc=local

   ;    ldap ssl = start_tls

   # start_tls should run on 389, but samba defaults incorrectly to 636

   ;    ldap port = 389

   ;    ldap suffix = dc=linbox,dc=local

   ;    ldap server = ldap.linbox.local

   # Seperate suffixes are available for machines, users, groups, and idmap, if

   # ldap suffix appears first, it is appended to the specific suffix.

   # Example for a unix-ish directory layout:

   ;    ldap machine suffix = ou=Hosts

   ;    ldap user suffix = ou=People

   ;    ldap group suffix = ou=Group

   ;    ldap idmap suffix = ou=Idmap

   # Example for AD-ish layout:

   ;    ldap machine suffix = cn=Computers

   ;    ldap user suffix = cn=Users

   ;    ldap group suffix = cn=Groups

   ;    ldap idmap suffix = cn=Idmap

   # 7. Name Resolution Options:

   # All NetBIOS names must be resolved to IP Addresses

   # 'Name Resolve Order' allows the named resolution mechanism to be specified

   # the default order is "host lmhosts wins bcast". "host" means use the unix

   # system gethostbyname() function call that will use either /etc/hosts OR

   # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf

   # and the /etc/resolv.conf file. "host" therefore is system configuration

   # dependant. This parameter is most often of use to prevent DNS lookups

   # in order to resolve NetBIOS names to IP Addresses. Use with care!

   # The example below excludes use of name resolution for machines that are NOT

   # on the local network segment

   # - OR - are not deliberately to be known via lmhosts or via WINS.

   name resolve order = wins lmhosts host bcast

   # Windows Internet Name Serving Support Section:

   # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server

   ;    wins support = Yes

   # WINS Server - Tells the NMBD components of Samba to be a WINS Client

   #       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both

   ;    wins server = w.x.y.z

   # WINS Proxy - Tells Samba to answer name resolution queries on

   # behalf of a non WINS capable client, for this to work there must be

   # at least one  WINS Server on the network. The default is NO.

   ;    wins proxy = Yes

   # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names

   # via DNS nslookups. The built-in default for versions 1.9.17 is yes,

   # this has been changed in version 1.9.18 to no.

   dns proxy = No

   # 8. File Naming Options:

   # Case Preservation can be handy - system default is _no_

   # NOTE: These can be set on a per share basis

   preserve case = Yes

   short preserve case = Yes

   # Default case is normally upper case for all DOS files

   ;    default case = lower

   # Be very careful with case sensitivity - it can break things!

   ;    case sensitive = No

   # Enabling internationalization:

   # you can match a Windows code page with a UNIX character set.

   # Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),

   # 852 (Czech), 861 (???), 932 (Japanese),

   # 936 (Simplified Chin.), 949 (Korean Hangul),

   # 950 (Trad. Chin.).

   # More detail about code page is in

   # "http://www.microsoft.com/globaldev/reference/oslocversion.mspx"

   # UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),

   # ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)

   # This is an example for french users:

   dos charset = 850

   unix charset = ISO8859-1

   # null passwords allows or disallows client access to accounts that

   # have null passwords.

   null passwords = No

   # hide unreadable prevents clients from seeing the existance of

   # files that cannot be read.

   hide unreadable = Yes

   # hide dot files controls whether files starting with a dot appear as

   # hidden files.

   hide dot files = Yes

   # Samba time server. If yes, NMBD announces itself as a SMB time

   # service to Windows clients. Defaults to no.

   ;    time server = Yes

   # The default behaviour in Samba is to provide UNIX-like

   # behaviour where only the owner of a file/directory is able to

   # change permissions on it. However, this is often confusing

   # to DOS/Windows users. Enabling this parameter allows a user

   # who has write access to the file (by whatever means) to

   # modify the permissions on it.

   dos filemode = Yes

   # Allows non-owners of a file to change its time if they can

   # write to it. Defauts to no. Set this to yes if you enable

   # time server.

   dos filetimes = Yes

   # Causes file times to be rounded to the next even second. Defaults

   # to no. Set this to yes if you enable time server.

   dos filetime resolution = Yes

   # Sets directory times to avoid a MS nmake bug. Defautls to no. Set

   # this to yes if you enable time server.

   fake directory create times = Yes

   # The value of the parameter (a decimal integer) represents the

   # number of minutes of inactivity before a connection is

   # considered dead, and it is disconnected. The deadtime only takes

   # effect if the number of open files is zero.

   deadtime = 15

   # do not allow guest access, use only local system accounts

   ;    guest ok = No

   invalid users = bin deamon sys man postfix mail ftp

   ;    admin users = @adm root

   # Allows DOS and Windows clients to use files that do not conform to

   # the "8.3 Windows" naming convention.

   mangling method = hash2

   # Specifies directories in the share that Samba should not enter.

   dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd,/sys

   # For Samba 3.x. This enables ClamAV on access scanning.

   ;    vfs object = vscan-clamav

   ;    vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

#============================ Share Definitions ==============================

[homes]

   comment = Homedirectory of %U, %u

   path = /home/%u

   valid users = %u @adm root

   force user = %u

   read only = No

   create mask = 0644

   directory mask = 0775

   browseable = No

   follow symlinks = No

   # You can enable VFS recycle bin on a per share basis:

   # Uncomment the next 2 lines (make sure you create a

   # .recycle folder in the base of the share and ensure

   # all users will have write access to it. See

   # examples/VFS/recycle/REAME in the samba docs for details

   ;    vfs object = /usr/lib/samba/vfs/recycle.so

   # For Samba 3.x. This enables ClamAV on access scanning.

   ;    vfs object = vscan-clamav

   ;    vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

# Un-comment the following and create the netlogon directory for Domain Logons

[netlogon]

   comment = Network Logon Service

   path = /var/lib/samba/netlogon

   browseable = no

   read only = yes

# Un-comment the following to provide a specific roving profile share

# the default is to use the user's home directory

[profiles]

   comment = Profiles

   path = /var/lib/samba/profiles

   read only = No

   create mask = 0600

   directory mask = 0700

   browseable = No

   guest ok = Yes

   profile acls = Yes

   csc policy = disable

   browseable = no

   writeable = yes

   default case = lower

   preserve case = no

   short preserve case = no

   case sensitive = no

   hide files = /desktop.ini/ntuser.ini/NTUSER.*/

   ;    write list = @users @adm root

   # next line is a great way to secure the profiles

   force user = %U

   # next line allows administrator to access all profiles

   valid users = %U @adm root

   # This script can be enabled to create profile directories on the fly

   # You may want to turn off guest acces if you enable this, as it

   # hasn't been thoroughly tested.

   root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi

   # For Samba 3.x. This enables ClamAV on access scanning.

   ;    vfs object = vscan-clamav

   ;    vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

[printers]

   # NOTE: If you have a CUPS print system there is no need to

   # specifically define each individual printer.

   # You must configure the samba printers with the appropriate Windows

   # drivers on your Windows clients. On the Samba server no filtering is

   # done. If you wish that the server provides the driver and the clients

   # send PostScript ("Generic PostScript Printer" under Windows), you have

   # to swap the 'print command' line below with the commented one.

   guest ok = Yes

   printable = Yes

   path = /var/spool/samba

   browseable = No

   read only  = Yes

   printable = Yes

   writable = No

   create mode = 0700

   # =====================================

   # print command: see above for details.

   # =====================================

   ;    print command = lpr-cups -P %p -o raw %s -r   # using client side printer drivers.

   ;    print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).

   print command = lpr-cups -P %p -o raw %s -r

   # The following two commands are the samba defaults for printing=cups

   # change them only if you need different options:

   ;    lpq command = lpq -P %p

   ;    lprm command = cancel %p-%j

   ;    lprm command = /usr/bin/lprm -P%p %j

[print$]

   # This share is used for Windows NT-style point-and-print support.

   # To be able to install drivers, you need to be either root, or listed

   # in the printer admin parameter above. Note that you also need write access

   # to the directory and share definition to be able to upload the drivers.

   # For more information on this, please see the Printing Support Section of

   # /usr/share/doc/samba-<version>/Samba-HOWTO-Collection.pdf

   comment = All Network Printers

   path = /var/lib/samba/printers

   guest ok = Yes

   browseable = Yes

   read only = Yes

   valid users = @adm root

   write list = @adm root

   create mask = 0664

   directory mask = 0775

[tmp] 

   comment = Temporary file space

   path = /tmp/samba

   read only = No

   public = Yes

   # For Samba 3.x. This enables ClamAV on access scanning.

   ;    vfs object = vscan-clamav

   ;    vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

[profsdir]

   comment = Prof Linbox space

   path = /home/prof

   valid users = prof

   public = No

   writable = Yes

   printable = No

   # For Samba 3.x. This enables ClamAV on access scanning.

   ;    vfs object = vscan-clamav

   ;    vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
```

cheers

SteveB

----------

## Gentree

LOL. I grepped mine down to size to keep a bit more readable.

Anyway thanks for your effort , I'll give that one a try.

```

#netstat -tulpn

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   

tcp        0      0 192.168.0.3:139         0.0.0.0:*               LISTEN      9912/smbd           

tcp        0      0 127.0.0.1:139           0.0.0.0:*               LISTEN      9912/smbd           

tcp        0      0 0.0.0.0:6000            0.0.0.0:*               LISTEN      10039/X             

tcp        0      0 192.168.0.3:445         0.0.0.0:*               LISTEN      9912/smbd           

tcp        0      0 127.0.0.1:445           0.0.0.0:*               LISTEN      9912/smbd           

udp        0      0 192.168.0.3:137         0.0.0.0:*                           9914/nmbd           

udp        0      0 0.0.0.0:137             0.0.0.0:*                           9914/nmbd           

udp        0      0 192.168.0.3:138         0.0.0.0:*                           9914/nmbd           

udp        0      0 0.0.0.0:138             0.0.0.0:*                           9914/nmbd           

```

seems OK,

BTW , I found I was missing the 'support for state" module in the kernel iptables, that was the other bug but did not affect this issue, I'm just running a basic masquerade form rp-pppoe till I get my own firewall setup corrected.

Thz again.   :Cool: 

[EDIT]

```
#smbclient -L localhost -U%

Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.20b]

        Sharename       Type      Comment

        ---------       ----      -------

        print$          Disk      

        tmp             Disk      Temporary file space

        profsdir        Disk      Prof Linbox space

        IPC$            IPC       IPC Service (Samba Server 3.0.20b)

        ADMIN$          IPC       IPC Service (Samba Server 3.0.20b)

Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.20b]

        Server               Comment

        ---------            -------

        LINBOX               Samba Server 3.0.20b

        WINBOX               K6-200

        Workgroup            Master

        ---------            -------

        WORKGROUP            LINBOX

bash-3.00#smbclient -L linbox -U%

read_socket_with_timeout: timeout read. read error = Connection reset by peer.

tree connect failed: Read error: Connection reset by peer

```

still not getting through to itself.   :Rolling Eyes:  The joke is I've pulled the cable on winbox and plugged it into the suse machinge and its still showing the shares.

----------

## steveb

Could you try to do a portscan from the system which can not connect to linbox and post the open/closed ports on linbox?

cheers

SteveB

----------

## Gentree

Sussed it.  Mostly it was a dumb error on my hosts deny line. I was helped by a very minimalist smb.conf posted on another thread but your's helped me fill it out to something more useful afterwards.

Thanks for the help.   :Cool: 

----------

## steveb

 :Smile: 

----------

