I was just as frustrated as you are now back when I first set up Samba. I didn't try to do any firewalling at that time, which greatly simplified things. I was smugly congratulating myself for networking 2 computers! My own networking mistakes made it much harder for me to get Samba working, so I do understand what you mean by making a tremendous effort. I highly reccomend reading the Samba book by the publishing house O'Reilly and Associates. Reading the first 50 or so pages of this book fleshes out the whys and wherefores of Samba setup. It includes a really excellent fault tree for networking issues that you can work with. However my copy of the book is pretty old now and I don't know if the authors did a new edition. As to your question: netbios ports 137 and 139 are UDP as well as TCP. I don't know what port 135 is used for -- excuse me for being rusty. I did check /etc/services and consult the book Linux Firewalls by Robert Ziegler. You'll probably be okay if you allow both TCP and UDP traffic on these ports, but only on the internal interfaces. That means don't allow them inbound from or outbound to internet. Good luck and keep trying. As the installer used for the 'null' beta was telling us, "success will be yours". Bob Cochran Greenbelt, Maryland, USA * wrote: >Bob; > >Understood. I was making what I thought was a tremendous effort, but if >I had just done what it says in section 16.2.1 of the RH8 Customization >Guide, I could have saved myself hours of time. Of course, I wouldn't >know half as much about Samba as I do now... > >Here's another somewhat related question for you then; I have my little >net behind a hardware firewall (Linsys BEFSR41), but I still want the >software firewall running on my linux box. So I choose High Security in >the Security Level GUI app, and in the text entry box at the bottom I >put "135:tcp, 137:tcp, 139:tcp" (no quotes in the box) to open the >netbios ports. Is this correct and complete? > >On Thu, 2002-10-10 at 20:17, Robert L. Cochran wrote: > > >>Thank you. Do remember that unencrypted passwords, even when you can >>send them, are undesirable. It is worth the effort to secure them. >> >>Bob >> >> >>On Thu, 2002-10-10 at 19:43, * wrote: >> >> >>>On Wed, 2002-10-09 at 21:19, Robert L. Cochran wrote: >>> >>> >>>>Windows 98 will send encrypted no matter what you do. >>>> >>>> >>>I draw your attention to this item: >>> >>>================================== >>>Microsoft KnowledgeBase Document: >>>================================== >>> >>>Unable to Connect to a Samba Server with Windows 98 >>> >>> The information in this article applies to: >>> >>> Microsoft Windows 98 >>> >>> SYMPTOMS >>> >>> When you attempt to connect to a Samba server or a LanManager server >>>from >>> your Windows 98-based client computer, the following error message may >>>be >>> displayed: >>> >>> Incorrect Password. >>> >>> >>> This error message may occur even though you provide the correct user >>> account and password. >>> >>> CAUSE >>> >>> This behavior occurs because Windows 98 does not send plain text >>> passwords to Server Message Block (SMB) servers by default. >>> >>> RESOLUTION >>> To resolve this issue, use either of the following methods: >>> >>> Method 1 >>> >>> Configure the Samba server to support Challenge-Handshake >>> Authentication Protocol (CHAP) password encryption. Please refer to >>> your Samba documentation for information on how to configure a Samba >>>SMB >>> server. >>> >>> NOTE: This is the preferred method to resolve this issue because it is >>> more secure than sending unencrypted passwords over the network. >>> >>> Method 2 >>> >>> You can enable Password Authentication Protocol (PAP) plain text >>> password use in Windows 98. To do so, use the following steps. >>> >>> WARNING: If you enable plain text password use in Windows 98, all >>> passwords are sent on the network in an unencrypted format. These >>>passwords >>> may be viewed by anyone using a network monitoring program. If >>>security is >>> a concern for your network environment, do not enable plain text >>>passwords. >>> >>> 1. Insert your Windows 98 CD-ROM into the CD-ROM drive. >>> >>> 2. Click Start, and then click Run. >>> >>> 3. In the Open box, type "<drive>:\tools\mtsutil" (without the >>>quotation >>> marks), where <drive> is the letter of the CD-ROM drive that >>>contains >>> the Windows 98 CD-ROM, and then click OK. >>> >>> >>> 4. Right-click the Ptxt_on.inf file, and then click Install. >>> >>> 5. Restart your computer. >>> >>> Method 3 >>> >>> You should use the following method only if you do not have access to >>> the Windows 98 CD-ROM. These steps enable PAP password use without the >>> CD-ROM as mentioned in method 2. >>> >>> 1. Start Regedit.exe. >>> >>> 2. Locate the following key in the registry: >>> >>> HKLM\System\CurrentControlSet\Services\VxD\VNETSUP >>> >>> 3. Change the data value for the EnablePlainTextPassword value to "1" >>> (without the quotation marks). >>> >>> >>> 4. Restart your computer. >>> >>> MORE INFORMATION >>> >>> Note that this issue may also occur with other non-Microsoft SMB >>> servers, such as VAX or Pathworks NOS. >>> >>> Keywords : 3rdpartynet win98 >>> Version : WINDOWS: >>> Platform : WINDOWS >>> Issue type : kbprb >>> >>> >>> >>>>First off -- you must configure Windows 98 to login individual users. >>>>See the Samba web site for more information about this. >>>> >>>>In your smb.conf file, you must have 'encrypted = yes' uncommented. >>>> >>>>Also, you must initialize the smbpasswd file with the passwords of the >>>>user on the Windows 98 box. That username and password must match the >>>>username password of the user account on the Linux box, too. Remember >>>>that usernames are case sensitive. user 'jsmith' is different from 'Jsmith'. >>>> >>>>If your networking is all set up correctly and working flawlessly, you >>>>should be able to connect from the Windows box to the Samba share on the >>>>Linux box for that same user. >>>> >>>>I strongly reccomend you either read the documentation on the Samba site >>>>or read the Samba book published by O'Reilly and Associates. Also do >>>>carefully read your smb.conf file. >>>> >>>>Bob Cochran >>>>Greenbelt, Maryland, USA >>>> >>>> >>>>* wrote: >>>> >>>> >>>> >>>>>Anyone have any idea why I can't get my Win98SE box to connect to my RH8 >>>>>homes shares without sending the passwords as clear text (instead of the >>>>>default encrypted)? >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>>-- >>>>Psyche-list mailing list >>>>Psyche-list@redhat.com >>>>https://listman.redhat.com/mailman/listinfo/psyche-list >>>> >>>> >>>> >>>> >>>> >>> >>> >>>-- >>>Psyche-list mailing list >>>Psyche-list@redhat.com >>>https://listman.redhat.com/mailman/listinfo/psyche-list >>> >>> >>> >> >> >>-- >>Psyche-list mailing list >>Psyche-list@redhat.com >>https://listman.redhat.com/mailman/listinfo/psyche-list >> >> >> >> >> > > > > > >
