samba: unreachable - admin prohibited

linux-admin.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Dermot Paikkos" <dermot@sciencephoto.com>
To: linux-admin@vger.kernel.org
Subject: samba: unreachable - admin prohibited
Date: Fri, 29 Jul 2005 19:10:45 +0100	[thread overview]
Message-ID: <42EA7F35.13938.60D840@localhost> (raw)

Hi 

SYS: redhat fedora 4, samba 3.0.14a-2

This is the first time I have had trouble configuring samba but I am 
completely stuck.

I have a basic smb.conf (see below) and testparm says it's fine. The 
path to the one share exists and the permissions a 0777. However no 
clients can reach it. Unix smbclient can not access it:

[root]# smbclient -L polaris
Error connecting to 194.200.237.132 (No route to host)
Connection to polaris failed

Windows clients says permission denied and the network path was not 
found. NT4 server-manager sees the server but can't reach it. net rpc 
join fails with "Unable to find a suitable server"

tcpdump reports: 
"unreachable - admin prohibited" when I listen on the interface for 
incoming traffic from a client.

I can ping the server from other hosts (by hostname if the host has 
the server in its hosts file or by IP otherwise) but I am pretty sure 
this is a network/access problem.

The one area I am not sure about is the firewall. I left this enabled 
during the install of redhat. The iptables are listed at the end of 
this mail. portscan shows 139 running with netbios-ssn so I am not 
sure if this means traffic is allowed through or not.

Does anyone have any ideas?
Thanx.
Dp.



============== iptables ================
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp 
dpt:5353
ACCEPT     udp  --  anywhere             anywhere            udp 
dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state 
NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state 
NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state 
NEW tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state 
NEW tcp dpt:smtp
REJECT     all  --  anywhere             anywhere            reject-
with icmp-host-prohibited

=============== End iptables ============

=======smb.conf ==========
[global]
workgroup = mygroup
server string =  132
netbios name = polaris
#hosts allow = 196.218.237.128/255.255.255.128
printcap name = /etc/printcap
#load printers = yes
cups options = raw
guest account = samba
log file = /var/log/samba/%m.log
max log size = 50
security = domain
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
default case = lower
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = yes
[share]
   comment = scanning drive
   path = /data/share
   public = yes
   writable = yes
   create mask = 0777
   browseable = yes
=============== end of smb.conf ==========

next             reply	other threads:[~2005-07-29 18:10 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-07-29 18:10 Dermot Paikkos [this message]
2005-07-29 18:28 ` samba: unreachable - admin prohibited Jens Knoell
     [not found] ` <4848.192.168.99.70.1122661523.squirrel@192.168.99.70>
2005-07-29 18:33   ` Dermot Paikkos
2005-07-29 18:55     ` Jens Knoell
2005-07-29 19:27       ` Dermot Paikkos
     [not found]     ` <42EA9A54.3516.CAC929@localhost>
2005-07-29 20:14       ` Scott Taylor
  -- strict thread matches above, loose matches on Subject: below --
2005-07-29 20:04 Scott Taylor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42EA7F35.13938.60D840@localhost \
    --to=dermot@sciencephoto.com \
    --cc=linux-admin@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).