DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th October 2013
virtuvoos virtuvoos is offline
Port Guard
 
Join Date: Oct 2013
Posts: 28
Default Samba connecting to an outside IP address

I'm trying to setup samba share on my OpenBSD5.4-current. Very simple setup, guest access to one folder as read only. Perhaps maybe only shared on the local network 192.168.0.

I can see my server popping up in windows hosts in the network but because I couldn't browse the shares, not even from localhost, I ran smbtree in maximum debugging level. Somehow, samba manages to resolve IO (hostname of the server) to 193.223.78.212 . Err how the heck does that happen?

The only mechanisms that i know of that can do that is DNS or /etc/hosts. DNS I don't run and /etc/hosts is standard.

If I copy paste the resolved IP address in the address bar I'm proposed to register a .io domain name :confused. I truly don't understand the mechanism why this is happening.

Code:
smbtree -d 10
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
cli_init_creds: user myusername domain mydomainname
num_setup=0, max_setup=0, param_total=32, this_param=32, max_param=8, data_total=0, this_data=0, max_data=65535, param_offset=92, param_pad=2, param_disp=0, data_offset=124, data_pad=0, data_disp=0
        \\IO                            OpenBSD Server
Connecting to host=IO
sitename_fetch: No stored sitename for 
internal_resolve_name: looking up IO#20 (sitename (null))
name IO#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Running timed event "tevent_req_timedout" 0x2ef046f3150
Connecting to 193.223.78.212 at port 445
Running timed event "tevent_req_timedout" 0x2ef046f3d50
Connecting to 193.223.78.212 at port 139
...
...
...
Running timed event "tevent_req_timedout" 0x2ef046f2b50
Running timed event "tevent_req_timedout" 0x2ef046f3b50
Running timed event "tevent_req_timedout" 0x2ef046f2d50
Error connecting to 193.223.78.212 (Undefined error: 0)
cli_start_connection: failed to connect to IO<20> (0.0.0.0). Error NT_STATUS_UNSUCCESSFUL

Last edited by virtuvoos; 28th October 2013 at 09:01 PM. Reason: syntax error in [/code]
Reply With Quote
  #2   (View Single Post)  
Old 28th October 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

Are you by chance maybe using the name 'nic.io' ?
Code:
$  dig -x 193.223.78.212

; <<>> DiG 9.4.2-P2 <<>> -x 193.223.78.212
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49795
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;212.78.223.193.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
212.78.223.193.in-addr.arpa. 86400 IN   PTR    www.nic.io.

;; Query time: 1493 msec
;; SERVER: 192.168.222.10#53(192.168.222.10)
;; WHEN: Mon Oct 28 23:31:49 2013
;; MSG SIZE  rcvd: 69
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 29th October 2013
virtuvoos virtuvoos is offline
Port Guard
 
Join Date: Oct 2013
Posts: 28
Default

No, not that I'm aware of.

Code:
$ hostname -s
io
$
Reply With Quote
  #4   (View Single Post)  
Old 29th October 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

And what does $ hostname return?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #5   (View Single Post)  
Old 29th October 2013
virtuvoos virtuvoos is offline
Port Guard
 
Join Date: Oct 2013
Posts: 28
Default

Code:
$ hostname    
io.home
$
Reply With Quote
  #6   (View Single Post)  
Old 29th October 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

At least a [ hostname should contain 3 parts, the name of the host, the domain and the Top Level Domain (TLD).

For example:
  • hostname: www
  • domain: daemonforums
  • TLD: org

So yours is missing a third ingredient

I don't know what exactly your Windows clients are doing, but somehow they are resolving home.io to www.nic.io which has the 193.223.78.212 IP address. Probably a failed, or wrongly interpreted double reverse name lookup.

If you have an OpenBSD firewall you could run tcpdump there and watch the DNS requests from those Windows clients to see what is happening:
Assuming you have a re0 NIC:
[# tcpdump -vvvv -ni re0 -s1500 port 53

It also would be informative if you could post the contents of /etc/resolv.conf and /etc/hosts.

An alternative to all this debugging is to simply configure a DNS server in your local LAN and making sure that each host has a proper local hostname of at least three elements.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #7   (View Single Post)  
Old 29th October 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Disclaimer: I'm fairly clueless when it comes to Samba, SMB/CIFS, and Windows Networking.

Is it possible that WINS resolution is making this error, rather than DNS? If so, this could be a WINS server or LMHOSTS file configuration issue. Samba can act as a WINS server, as can any Windows platform.

Last edited by jggimi; 29th October 2013 at 07:54 PM. Reason: typo
Reply With Quote
  #8   (View Single Post)  
Old 29th October 2013
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

Quote:
Originally Posted by J65nko View Post
An alternative to all this debugging is to simply configure a DNS server in your local LAN and making sure that each host has a proper local hostname of at least three elements.
Two elements has always worked for me: hostname . bogus-top-level-domain
Reply With Quote
  #9   (View Single Post)  
Old 1st November 2013
virtuvoos virtuvoos is offline
Port Guard
 
Join Date: Oct 2013
Posts: 28
Default

A bit of a late reply.



I issued the command smbtree at 11:23:42, it stopped at 11:23:56 spending most of its time trying to find shares on 192.168.2.131 but not succeeding.
192.168.2.131 is the localhost as well as the host serving the samba share.

The contents of /etc/resolv.conf
Code:
$ cat /etc/resolv.conf                                                                                                                          
# Generated by re0 dhclient
search home
nameserver 195.130.131.4
nameserver 195.130.130.132
nameserver 192.168.2.1
lookup file bind
$
The output of tcpdump:

Code:
11:23:45.152604 192.168.2.131.3414 > 195.130.131.4.53: [bad udp cksum 6e1d!] 37829+ A? PC-BUREEL-.home. (33) (ttl 64, id 23373, len 61, [552/674]
 0! differs by 15b1)
11:23:45.162916 195.130.131.4.53 > 192.168.2.131.3414: [udp sum ok] 37829 NXDomain q: A? PC-BUREEL-.home. 0/1/0 ns: . [8m51s] SOA a.root-servers.
net. nstld.verisign-grs.com. 2013110100 1800 900 604800 86400 (108) (ttl 57, id 14551, len 136)
11:23:45.163127 192.168.2.131.38794 > 195.130.131.4.53: [bad udp cksum fff3!] 2789+ A? PC-BUREEL-. (28) (ttl 64, id 45911, len 56, bad cksum 0! d
iffers by bdab)
11:23:45.174856 195.130.131.4.53 > 192.168.2.131.38794: [udp sum ok] 2789 NXDomain q: A? PC-BUREEL-. 0/1/0 ns: . [8m51s] SOA a.root-servers.net. 
nstld.verisign-grs.com. 2013110100 1800 900 604800 86400 (103) (ttl 57, id 14552, len 131)
11:23:45.186837 192.168.2.131.2799 > 195.130.131.4.53: [bad udp cksum de82!] 22992+ A? CISCO42080.home. (33) (ttl 64, id 21207, len 61, bad cksum
 0! differs by 1e27)
11:23:45.198672 195.130.131.4.53 > 192.168.2.131.2799: [udp sum ok] 22992 NXDomain q: A? CISCO42080.home. 0/1/0 ns: . [8m51s] SOA a.root-servers.
net. nstld.verisign-grs.com. 2013110100 1800 900 604800 86400 (108) (ttl 57, id 14553, len 136)
11:23:45.198909 192.168.2.131.6294 > 195.130.131.4.53: [bad udp cksum 5f2c!] 31374+ A? CISCO42080. (28) (ttl 64, id 44294, len 56, bad cksum 0! d
iffers by c3fc)
11:23:45.210716 195.130.131.4.53 > 192.168.2.131.6294: [udp sum ok] 31374 NXDomain q: A? CISCO42080. 0/1/0 ns: . [8m51s] SOA a.root-servers.net. 
nstld.verisign-grs.com. 2013110100 1800 900 604800 86400 (103) (ttl 57, id 14554, len 131)
11:23:45.254804 192.168.2.131.9185 > 195.130.131.4.53: [bad udp cksum fc5d!] 26306+ A? CISCO14042.home. (33) (ttl 64, id 45079, len 61, bad cksum
 0! differs by c0e6)
11:23:45.266982 195.130.131.4.53 > 192.168.2.131.9185: [udp sum ok] 26306 NXDomain q: A? CISCO14042.home. 0/1/0 ns: . [8m51s] SOA a.root-servers.
net. nstld.verisign-grs.com. 2013110100 1800 900 604800 86400 (108) (ttl 57, id 14555, len 136)
11:23:45.267205 192.168.2.131.8694 > 195.130.131.4.53: [bad udp cksum 900e!] 36863+ A? CISCO14042. (28) (ttl 64, id 43978, len 56, bad cksum 0! d
iffers by c538)
11:23:45.278799 195.130.131.4.53 > 192.168.2.131.8694: [udp sum ok] 36863 NXDomain q: A? CISCO14042. 0/1/0 ns: . [8m51s] SOA a.root-servers.net. 
nstld.verisign-grs.com. 2013110100 1800 900 604800 86400 (103) (ttl 57, id 14556, len 131)
11:23:55.398183 192.168.2.131.43872 > 195.130.131.4.53: [bad udp cksum 4216!] 56010+ A? CINEMAROOM.home. (33) (ttl 64, id 45340, len 61, bad cksu
m 0! differs by bfe1)
11:23:55.408918 195130.131.4.53 > 192.168.2.131.43872: [udp sum ok] 56010 NXDomain q: A? CINEMAROOM.home. 0/1/0 ns: . [7m58s] SOA a.root-servers
.net. nstld.verisign-grs.com. 2013110100 1800 900 604800 86400 (108) (ttl 57, id 14557, len 136)
11:23:55.409046 192.168.2.131.19240 > 195.130.131.4.53: [bad udp cksum 7e32!] 63148+ A? CINEMAROOM. (28) (ttl 64, id 53749, len 56, bad cksum 0! 
differs by 9f0d)
11:23:55.420882 195.130.131.4.53 > 192.168.2.131.19240: [udp sum ok] 63148 NXDomain q: A? CINEMAROOM. 0/1/0 ns: . [7m58s] SOA a.root-servers.net.
 nstld.verisign-grs.com. 2013110100 1800 900 604800 86400 (103) (ttl 57, id 14558, len 131)
I'm also trying netflow at the moment. Here's the output of netflow. Only 192.168.2.131 (collector, and Samba Server that is being the "problem" here) and 192.168.2.113(netflow sensor) is behind a cisco switch that monitors its ports. All the windows boxes are connected "outside" this switch so I can't capture all traffic they generate.

SrcP=source port, DstP=destination port, P=protocol, Fl=Decimal TCP-control bits, pkts: number of packets, Octets: nr of bytes in this case

Code:
$ flow-cat ft-v05.2013-11-01.112501+0100    | flow-print -f5 | sort | less 
Start             End               Sif   SrcIPaddress    SrcP  DIf   DstIPaddress    DstP    P Fl Pkts       Octets
1101.11:23:41.157 1101.11:28:16.307 0     192.168.2.1     1900  0     239.255.255.250 1900  17  0  113        38828     
1101.11:23:47.482 1101.11:23:47.482 0     192.168.2.131   37288 0     192.168.2.255   137   17  0  1          78        
1101.11:23:47.483 1101.11:23:47.483 0     192.168.2.142   137   0     192.168.2.131   37288 17  0  1          90        
1101.11:23:47.484 1101.11:23:58.106 0     192.168.2.131   18784 0     192.168.2.142   445   6   3  8          1262      
1101.11:23:47.484 1101.11:23:58.106 0     192.168.2.142   445   0     192.168.2.131   18784 6   6  7          1289      
1101.11:23:47.493 1101.11:23:47.493 0     192.168.2.131   38001 0     192.168.2.255   137   17  0  1          78        
1101.11:23:47.494 1101.11:23:47.494 0     192.168.2.142   137   0     192.168.2.131   38001 17  0  1          90        
1101.11:23:47.519 1101.11:23:47.519 0     192.168.2.116   137   0     192.168.2.131   38001 17  0  1          90        
1101.11:23:47.757 1101.11:23:47.758 0     192.168.2.131   6757  0     192.168.2.142   137   17  0  1          78        
1101.11:23:47.757 1101.11:23:47.758 0     192.168.2.142   137   0     192.168.2.131   6757  17  0  1          239       
1101.11:23:47.758 1101.11:23:47.758 0     192.168.2.131   40805 0     192.168.2.255   137   17  0  1          78        
1101.11:23:47.759 1101.11:23:47.759 0     192.168.2.142   137   0     192.168.2.131   40805 17  0  1          90        
1101.11:23:47.760 1101.11:23:58.106 0     192.168.2.131   46073 0     192.168.2.142   445   6   3  9          1442      
1101.11:23:47.760 1101.11:23:58.106 0     192.168.2.142   445   0     192.168.2.131   46073 6   6  8          1483      
1101.11:23:47.770 1101.11:23:47.770 0     192.168.2.131   30748 0     192.168.2.255   137   17  0  1          78        
1101.11:23:47.779 1101.11:23:47.779 0     192.168.2.116   137   0     192.168.2.131   30748 17  0  1          90        
1101.11:23:47.780 1101.11:23:58.110 0     192.168.2.116   445   0     192.168.2.131   24377 6   3  7          804       
1101.11:23:47.780 1101.11:23:58.110 0     192.168.2.131   24377 0     192.168.2.116   445   6   3  9          1030      
1101.11:23:47.787 1101.11:23:47.789 0     192.168.2.116   139   0     192.168.2.131   12116 6   2  1          60        
1101.11:23:47.787 1101.11:23:47.789 0     192.168.2.131   12116 0     192.168.2.116   139   6   6  2          110       
1101.11:23:47.823 1101.11:23:47.833 0     192.168.2.131   3414  0     195.130.131.4   53    17  0  1          61        
1101.11:23:47.823 1101.11:23:47.833 0     195.130.131.4   53    0     192.168.2.131   3414  17  0  1          136       
1101.11:23:47.834 1101.11:23:47.845 0     192.168.2.131   38794 0     195.130.131.4   53    17  0  1          56        
1101.11:23:47.834 1101.11:23:47.845 0     195.130.131.4   53    0     192.168.2.131   38794 17  0  1          131       
1101.11:23:47.846 1101.11:23:47.846 0     192.168.2.100   137   0     192.168.2.131   32449 17  0  1          90        
1101.11:23:47.846 1101.11:23:47.846 0     192.168.2.131   32449 0     192.168.2.255   137   17  0  1          78        
1101.11:23:47.847 1101.11:23:58.106 0     192.168.2.100   445   0     192.168.2.131   23842 6   6  10         1571      
1101.11:23:47.847 1101.11:23:58.106 0     192.168.2.131   23842 0     192.168.2.100   445   6   3  11         1728      
1101.11:23:47.857 1101.11:23:47.869 0     192.168.2.131   2799  0     195.130.131.4   53    17  0  1          61        
1101.11:23:47.857 1101.11:23:47.869 0     195.130.131.4   53    0     192.168.2.131   2799  17  0  1          136       
1101.11:23:47.869 1101.11:23:47.881 0     192.168.2.131   6294  0     195.130.131.4   53    17  0  1          56        
1101.11:23:47.869 1101.11:23:47.881 0     195.130.131.4   53    0     192.168.2.131   6294  17  0  1          131       
1101.11:23:47.882 1101.11:23:47.882 0     192.168.2.131   6596  0     192.168.2.255   137   17  0  1          78        
1101.11:23:47.883 1101.11:23:47.883 0     192.168.2.1     137   0     192.168.2.131   6596  17  0  1          90        
1101.11:23:47.883 1101.11:23:58.109 0     192.168.2.1     445   0     192.168.2.131   8813  6   3  10         1281      
1101.11:23:47.883 1101.11:23:58.109 0     192.168.2.131   8813  0     192.168.2.1     445   6   3  12         1543      
1101.11:23:47.925 1101.11:23:47.937 0     192.168.2.131   9185  0     195.130.131.4   53    17  0  1          61        
1101.11:23:47.925 1101.11:23:47.937 0     195.130.131.4   53    0     192.168.2.131   9185  17  0  1          136       
1101.11:23:47.938 1101.11:23:47.949 0     192.168.2.131   8694  0     195.130.131.4   53    17  0  1          56        
1101.11:23:47.938 1101.11:23:47.949 0     195.130.131.4   53    0     192.168.2.131   8694  17  0  1          131       
1101.11:23:47.950 1101.11:23:47.950 0     192.168.2.131   7872  0     192.168.2.255   137   17  0  1          78        
1101.11:23:47.960 1101.11:23:47.960 0     192.168.2.116   137   0     192.168.2.131   7872  17  0  1          90        
1101.11:23:47.960 1101.11:23:58.110 0     192.168.2.116   445   0     192.168.2.131   13453 6   3  11         1382      
1101.11:23:47.960 1101.11:23:58.110 0     192.168.2.131   13453 0     192.168.2.116   445   6   3  13         1595      
1101.11:23:47.970 1101.11:23:47.971 0     192.168.2.116   139   0     192.168.2.131   28508 6   2  1          60        
1101.11:23:47.970 1101.11:23:47.971 0     192.168.2.131   28508 0     192.168.2.116   139   6   6  2          110       
1101.11:23:48.019 1101.11:23:48.019 0     192.168.2.131   5769  0     192.168.2.255   137   17  0  1          78        
1101.11:23:48.019 1101.11:23:48.019 0     192.168.2.142   137   0     192.168.2.131   5769  17  0  1          90        
1101.11:23:48.020 1101.11:23:58.106 0     192.168.2.131   48594 0     192.168.2.142   445   6   3  9          1442      
1101.11:23:48.020 1101.11:23:58.106 0     192.168.2.142   445   0     192.168.2.131   48594 6   6  8          1509
Addition, this is what netflow captures when I try to connect over the network from a Windows host. I can only see my samba server being displayed as IO under "Network".When I double click on that I'm asked for a password but I can't see any shares (some of them are public, guest browseable)

Code:
Start             End               Sif   SrcIPaddress    SrcP  DIf   DstIPaddress    DstP    P Fl Pkts       Octets
1101.12:34:28.015 1101.12:38:11.586 0     192.168.2.142   138   0     192.168.2.255   138   17  0  6          1301      
1101.12:34:49.337 1101.12:34:49.745 0     192.168.2.142   51147 0     224.0.0.252     5355  17  0  2          100       
1101.12:34:49.337 1101.12:34:49.745 0     192.168.2.142   64539 0     224.0.0.252     5355  17  0  2          100       
1101.12:34:49.337 1101.12:37:14.378 0     192.168.2.142   137   0     192.168.2.255   137   17  0  23         1794      
1101.12:35:41.718 1101.12:35:52.483 0     192.168.2.131   445   0     192.168.2.142   63560 6   2  10         1539      
1101.12:35:41.718 1101.12:35:52.483 0     192.168.2.142   63560 0     192.168.2.131   445   6   6  13         3021      
1101.12:35:59.734 1101.12:36:21.188 0     192.168.2.131   445   0     192.168.2.142   63562 6   2  44         7132      
1101.12:35:59.734 1101.12:36:21.188 0     192.168.2.142   63562 0     192.168.2.131   445   6   6  67         15001     
1101.12:36:26.688 1101.12:36:42.814 0     192.168.2.131   445   0     192.168.2.142   63564 6   2  20         3184      
1101.12:36:26.688 1101.12:36:42.814 0     192.168.2.142   63564 0     192.168.2.131   445   6   6  24         6357      
1101.12:36:43.893 1101.12:36:54.596 0     192.168.2.131   445   0     192.168.2.142   63565 6   2  8          1210      
1101.12:36:43.893 1101.12:36:54.596 0     192.168.2.142   63565 0     192.168.2.131   445   6   6  11         2363      
1101.12:37:13.457 1101.12:37:40.286 0     192.168.2.131   445   0     192.168.2.142   63587 6   2  62         10093     
1101.12:37:13.457 1101.12:37:40.286 0     192.168.2.142   63587 0     192.168.2.131   445   6   6  74         20543

Last edited by virtuvoos; 1st November 2013 at 11:50 AM.
Reply With Quote
Old 1st November 2013
virtuvoos virtuvoos is offline
Port Guard
 
Join Date: Oct 2013
Posts: 28
Default

Forgot to posts the contents of /etc/hosts:

Code:
$ cat /etc/hosts
#       $OpenBSD: hosts,v 1.12 2009/03/10 00:42:13 deraadt Exp $
#
# Host Database
#
# RFC 1918 specifies that these networks are "internal".
# 10.0.0.0      10.255.255.255
# 172.16.0.0    172.31.255.255
# 192.168.0.0   192.168.255.255
#
127.0.0.1       localhost
::1             localhost
$
Reply With Quote
Old 1st November 2013
virtuvoos virtuvoos is offline
Port Guard
 
Join Date: Oct 2013
Posts: 28
Default

Quote:
Originally Posted by J65nko View Post
An alternative to all this debugging is to simply configure a DNS server in your local LAN and making sure that each host has a proper local hostname of at least three elements.
Yes makes sense. I'm a bit reluctant to do that though. I'm struggling to get basic stuff to work (*BSD newbie). Throwing in yet another unexplored system (DNS-server) will only complicate things for me at the moment.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH failure when connecting to another machine via X daemonfowl OpenBSD Security 4 27th July 2012 03:50 AM
Problems with sound when connecting to TV sepuku OpenBSD General 9 9th August 2011 07:30 PM
pkg_add problems with connecting Mr-Biscuit NetBSD Package System (pkgsrc) 2 26th May 2009 11:44 AM
Connecting to router wirelessly guitarscn OpenBSD General 16 21st January 2009 03:47 AM
Connecting to wireless router TomAmundsen FreeBSD General 19 25th August 2008 10:14 PM


All times are GMT. The time now is 11:46 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick