<html><head></head><body>To translate into non-geek speak, the system needed a total overhaul 8 years ago and currently should not be used outside of a museum. <br>
-- <br>
Sent from my Android phone with K-9 Mail. Please excuse my brevity.<br><br><div class="gmail_quote">"Michael H. Warfield" <mhw@wittsend.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre style="white-space: pre-wrap; word-wrap:break-word; font-family: sans-serif">On Fri, 2012-06-01 at 17:53 -0400, Aaron Ruscetta wrote:<br />> Received a request from help from the wider community from a<br />> Michael Pelaia.<br /><br />> If you can assist, please reply directly to Michael or CC him on<br />> replies to the list.<br /><br /><br />> ---------- Forwarded message ----------<br />> From: Michael Pelaia <michael@hooks.com><br />> Date: Fri, Jun 1, 2012 at 5:27 PM<br />> Subject: RE: Linux support contacts<br />> To: Aaron Ruscetta <arxaaron@gmail.com><br /><br /><br />> Aaron - OK. Here is some more related to the specific problem we are having:<br /><br />> I have some Linux servers mixed with some Windows servers and my IT person<br />> (he's a windows guy) is having trouble with a permissions/security issue. []<br />> Every once in a while we get stuck because of the depth of our knowledge.<br /><br />>
PROBLEM: We have a setting on the Linux server at Hooks that we'd like<br />> changed. I think PIN (our internal Virtual Linux) (xx.xxx.xxx.xx) has a setting<br />> that blocks anything but the local network from accessing its samba shares.<br />> I have a hosted server that wants to access those shares and can't.<br /><br />> <a href="http://www.linuxquestions.org/questions/red-hat-31/restrict-samba-access-to-only-certain-lan-ip-addresses-575345">http://www.linuxquestions.org/questions/red-hat-31/restrict-samba-access-to-only-certain-lan-ip-addresses-575345</a>/<br /><br />> I found the above link while trying to check if such a thing exists. I'm not<br />> sure it's how it was done on this server. Can you look to see if that is set<br />> on the server? Or do you know of somewhere else an IP based restriction<br />> could be set in Linux? I don't want it limited by Linux at all (based on IP),<br />> I want the external firewall to deal with that.<br
/><br />> Hooks Unlimited does music production for radio stations worldwide and<br />> have a virtual Linux server running Red Hat 7.3<br /><br />Seriously? Red Hat 7.3? That thing is at least a decade old, from<br />before RedHat split Fedora and RHEL (RedHat Enterprise Linux). IIRC,<br />RedHat Linux made it up to 9 before that split and they reset the<br />version counters. I'm not even sure I want to think about the kernel<br />rev or Samba version you are dealing with. Even RHEL 5 is sporting a<br />version of Samba that is no longer maintained by the team. That thing<br />is beyond ancient at this point.<br /><br />A couple of questions I am afraid to ask, but... What, on that 7.3<br />server, do you get for...<br /><br />rpm -qa | grep samba<br /><br />... and ...<br /><br />rpm -qa | grep kernel<br /><br />I suspect the versions that you get back are going to be so old you're<br />going to be severely limited.<br /><br />Next... Locate your smb.conf file.
Should be in /etc/samba but that<br />klunker is so old all bets are off. I think it was there even back<br />then. Find it and then edit and and look for hosts allow. If it has<br />one, comment it out and restart nmbd and smbd using the service command.<br />If it's a custom build of Samba running on that box and not installed<br />from rpm, you can probably just hang it up right now.<br /><br />What are you using on the remote end (I'm presuming it's NOT on the same<br />subnet as this server)?<br /><br />If it's Linux, what happens if you run the following commands from it:<br /><br />telnet {PIN IP} 139<br /><br />... and ...<br /><br />telnet {PIN IP} 445<br /><br />I strongly suspect that, if that version of Samba is NEARLY as old as I<br />suspect it is (2.x or even 1.x) the telnet to port 445 will most<br />certainly fail. If 139 fails, you're going to have to find out where,<br />in the network path, it's failing.<br /><br />I can almost guarantee you are not going to
get it to work through<br />netbios name resolution, like you would on the local net. That old<br />netbios nameserver, nmbd, operated purely in "B" (Broadcast) mode which<br />would not propagate beyond the local subnet. That old version of Samba<br />did not support WINS, AFAICR.<br /><br />How is your remote server trying to access that server (assuming it's<br />Linux)?<br /><br />If it's smbclient, have you tried the -I option to specify the internet<br />address, bypassing the name resolution procotol?<br /><br />If you are attempting to use smbmount / smbfs, all I can suggest is<br />DON'T. I was one of the maintainers of smbmount, smbmnt, and smbfs on<br />the Samba team. It was deprecated years and years ago for good reason<br />and supplanted by cifsmount and cifs. Good riddance.<br /><br />If you are attempting to use cifs, I'm not totally sure how well it's<br />going to work with that ancient version of Samba, considering that you<br />probably have no port 445
(SMB over TCP on 445/tcp as opposed to SMB<br />over Netbios over TCP on 139/tcp) support. I've had to bump some CentOS<br />5.x systems (RHEL 5.x clone) to Samba3 to get to a supported version<br />that could even begin to support Windows 7.<br /><br />If you're trying to connect to it from a Windows system, you're probably<br />going to be in the same boat as a CIFS mount, only worse. You'll have<br />to be running at least Samba 3.1 or higher...<br /><br />Last problem... What's your service provider and do you know you can<br />propagate the MS protocols over them? Best common practice now days is<br />the block 135-139 plus 445 on tcp and udp. That comes down from MS<br />itself. If your ISP is blocking it, you may need to set up a VPN. If<br />you do that, you may need to set up OpenVPN in TAP (bridge) mode to work<br />around the local subnet only limitations on the netbios name server<br />cruft with that old version. <br /><br />> Contact Michael Pelaia<br />>
michael@hooks.com<br />> 404-835-0205<br /><br />> Michael Pelaia<br />> President<br />> Hooks Unlimited<br />> clear. consistent. quality.<br /><br />Regards,<br />Mike<br />-- <br />Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com<br /> /\/\|=mhw=|\/\/ | (678) 463-0932 | <a href="http://www.wittsend.com/mhw">http://www.wittsend.com/mhw</a>/<br /> NIC whois: MHW9 | An optimist believes we live in the best of all<br /> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!<br /><hr /><br />Ale mailing list<br />Ale@ale.org<br /><a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><br />See JOBS, ANNOUNCE and SCHOOLS lists at<br /><a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br /></pre></blockquote></div></body></html>