[Samba] Logging denied connections from outside LAN
Greetings - I have an interesting issue that I am trying to understand. This may not be a direct Samba related issue, but the results of the issue are showing up in the Samba log, so I thought I would start here. Please direct me elsewhere if there is a better forum for this question. I have spent some time Googling and have a small understanding of what is going on, but now my Google-fu is exhausted and I still don't have a complete understanding of the issue and whether I need to make some configuration changes in my network. Issue: I am seeing in my samba log file denied connections from IP addresses that are outside my network. Since I believe that I have my network firewalled and access adequately restricted from outside, I am trying to understand how the access attempts are only showing up in my Samba logs. /var/log/samba/samba.log [2013/01/22 21:24:34.477896, 0] lib/util_sock.c:1514(matchname) matchname: host name/address mismatch: :::14.132.17.44 != 14-132-17-44.aichiwest1.commufa.jp [2013/01/22 21:24:34.479447, 0] lib/util_sock.c:1635(get_peer_name) Matchname failed on 14-132-17-44.aichiwest1.commufa.jp :::14.132.17.44 [2013/01/22 21:24:34.479723, 0] lib/access.c:413(check_access) Denied connection from UNKNOWN (:::14.132.17.44) [2013/01/22 21:24:34.479961, 1] smbd/process.c:2299(smbd_process) Connection denied from :::14.132.17.44 Logwatch - samba Begin Connections Denied: smbd/process.c:2299(smbd_process) :::109.72.49.42 : 1 Time(s) smbd/process.c:2299(smbd_process) :::111.254.232.135 : 1 Time(s) smbd/process.c:2299(smbd_process) :::114.46.201.200 : 1 Time(s) smbd/process.c:2299(smbd_process) :::121.67.7.193 : 1 Time(s) smbd/process.c:2299(smbd_process) :::121.67.7.200 : 1 Time(s) smbd/process.c:2299(smbd_process) :::124.11.241.39 : 1 Time(s) smbd/process.c:2299(smbd_process) :::14.132.17.44 : 1 Time(s) -- samba End - Background & Network Information: 1. The server in which Samba is running (a KVM guest, CentOS 6) does have a public IP address. 2. The firewall rules on this server has ports open for SSH, OpenVPN, Webmin, and Samba. The bottom rule on the input chain deny's all. 3. On the Server: HostDeny = all, and HostAllow = 192.168.112 (internal lan), 10.9.8. (OpenVPN lan), and loopback 4. Samba config: hosts allow = 127. 192.168.112. 10.9.8. What I think I understand at this point: 1. Google research indicates that the Host Name/Address mismatch portion of the log file refers to IPV6 name resolution not working. There are some suggestions for fixing that, but it isn't really the issue I am trying to understand. 2. The firewall may not be denying access to Samba because the Samba ports are open to make Samba available over our remote access. What I don't understand: 1. If the Server OS configuration is restricting access to only the internal lan addresses and the OpenVPN lan addresses, then how are the access attempts from external addresses getting to Samba where they are being logged. If someone can give me some insight as to what is going on here I would appreciate it. Then I can figure out what I might need to change in my network or server. Thanks. Also, I am only receiving the Daily Digest of the mailing list, so would appreciate any responses CC'ing me directly also. Jeff Boyce Meridian Environmental www.meridianenv.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Dual boot Win98 Centos sharing files
jbaker_signatureSo, it sounds like using Samba is not the way to achieve my objective. And that I just need to learn about partitioning. So my new question would be can anyone point me to a good how-to for creating a FAT32 partition within the LVM on my 160 GB drive that I have Linux installed. I am new to LVM and don't have much of any experience with partitioning. Or, maybe someone should point me to a better mailing list to ask this question since I am probably diverging from the Samba topic. Thanks. Jeff - Original Message - From: Jason Baker To: Jeff Boyce Sent: Tuesday, January 16, 2007 1:52 PM Subject: Re: [Samba] Dual boot Win98 Centos sharing files Totally possible. Use a program like partition magic to create a FAT32 partition (or install a secondary drive just for data). This is where you will put all the files you want to share between the OSes. In windows you will obviously be able to browse to the drive via the drive letter (e: drive, etc). In your fstab in linux, create a mount point to the drive, so you can access it via linux. I use this setup between XP Pro and Ubuntu, works great. Jason Baker IT Coordinator Glastender Inc. 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com Jeff Boyce wrote: Greetings - I have searched the mailing list archives and my Samba 3 book and have not seen this issue addressed anywhere. My home desktop box has Win98 installed on a 20 GB drive and Centos 4.4 on a 160 GB drive with a Grub menu for selecting which OS to boot. I am wondering if it is theoretically possible to share (read and write) files on the Linux drive when booted to Window, and vice versa, is it possible to share files on the Windows drive when booted to Linux. My Linux drive is set up with LVM. I manage a Linux server with 8 Windows boxes at work using Samba, so am familiar with configuring Samba, but I am wondering if it is possible to do this type of file sharing within a single dual boot box? Thanks. Jeff Boyce www.meridianenv.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Dual boot Win98 Centos sharing files
Greetings - I have searched the mailing list archives and my Samba 3 book and have not seen this issue addressed anywhere. My home desktop box has Win98 installed on a 20 GB drive and Centos 4.4 on a 160 GB drive with a Grub menu for selecting which OS to boot. I am wondering if it is theoretically possible to share (read and write) files on the Linux drive when booted to Window, and vice versa, is it possible to share files on the Windows drive when booted to Linux. My Linux drive is set up with LVM. I manage a Linux server with 8 Windows boxes at work using Samba, so am familiar with configuring Samba, but I am wondering if it is possible to do this type of file sharing within a single dual boot box? Thanks. Jeff Boyce www.meridianenv.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How can I prevent deleting of primary directory while allowing full privileges to subdirectories
Greetings - In general terms I would like to prevent users from deleting or moving a primary directory within a share, but allow users to create / delete / move subdirectories and files that reside under these directories. My reason for needing this type of setup is to prevent an accidental deletion of a common directory and to maintain a planned directory structure at the top level of the share. My system information is listed below. Linux RHES 3 Samba 3.0.9-1.3 File Server for 8 Windows boxes (2000 and XP) The share and directory structure that explains what I would like to do is listed below. We have a small open office where everyone works together on multiple projects and proposals. The permissions currently set for the ECOSYSTEM share are read/write/execute (0777) for the entire share, with all subdirectories inheriting permissions. I would like to be able to allow all users (or a specified group) to create/delete/move directories such as Project1, or any files under Project1, as they wish. I would like to prevent anyone but the administrator with root privileges from accidentally deleting or moving the Archive, Admin, Marketing, Projects, and Reference directories. The pertinent details of my smb.conf are also listed below. ECOSYSTEM |-Archive |-Admin |-Marketing |-Proposal1 |-Proposal2 |-Projects |-Project1 |-Project2 |-Reference smb.conf #== Global Settings [global] server string = Bison samba server printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max log size = 50 unix password sync = yes pam password change = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 33 preferred master = yes password server = None guest ok = yes security = SHARE dns proxy = no # Share Definitions [homes] comment = Home Directories browseable = no writeable = yes hide dot files = yes [printers] comment = All Printers path = /var/spool/samba browseable = no printable = yes [ecosystem] path = /ecosystem writeable = yes create mask = 0777 directory mask = 0777 inherit permissions = yes I have searched through the list archives and found discussion of a similar issue at http://marc.theaimsgroup.com/?l=samba&m=110746845920890&w=2 , but the solution of the issue is not clearly identified. I have read and re-read the 'Definitive Guide to Samba 3' without success at understanding if this is possible or not. If anyone has implemented this type of permissions setup, can you provide some guidance and details. Thanks for your assistance. Jeff Boyce Meridian Environmental www.meridianenv.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Prevent deleting/moving of primary directory, but allow deleting/moving of subdirectories by users
Greetings - In general terms I would like to prevent users from deleting or moving a primary directory within a share, but allow users to create / delete / move subdirectories and files that reside under these directories. My reason for needing this type of setup is to prevent an accidental deletion of a common directory and to maintain a planned directory structure at the top level of the share. My system information is listed below. Linux RHES 3 Samba 3.0.9-1.3 File Server for 8 Windows boxes (2000 and XP) The share and directory structure that explains what I would like to do is listed below. We have a small open office where everyone works together on multiple projects and proposals. The permissions currently set for the ECOSYSTEM share are read/write/execute (0777) for the entire share, with all subdirectories inheriting permissions. I would like to be able to allow all users (or a specified group) to create/delete/move directories such as Project1, or any files under Project1, as they wish. I would like to prevent anyone but the administrator with root privileges from accidentally deleting or moving the Archive, Admin, Marketing, Projects, and Reference directories. The pertinent details of my smb.conf are also listed below. ECOSYSTEM |-Archive |-Admin |-Marketing |-Proposal1 |-Proposal2 |-Projects |-Project1 |-Project2 |-Reference smb.conf #=== Global Settings = [global] server string = Bison samba server printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max log size = 50 unix password sync = yes pam password change = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 33 preferred master = yes password server = None guest ok = yes security = SHARE dns proxy = no # Share Definitions == [homes] comment = Home Directories browseable = no writeable = yes hide dot files = yes [printers] comment = All Printers path = /var/spool/samba browseable = no printable = yes [ecosystem] path = /ecosystem writeable = yes create mask = 0777 directory mask = 0777 inherit permissions = yes I have searched through the list archives and found discussion of a similar issue at http://marc.theaimsgroup.com/?l=samba&m=110746845920890&w=2 , but the solution of the issue is not clearly identified. I have read and re-read the 'Definitive Guide to Samba 3' without success at understanding if this is possible or not. If anyone has implemented this type of permissions setup, can you provide some guidance and details. Thanks for your assistance. Jeff Boyce Meridian Environmental www.meridianenv.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba