[Bug 943691] New: It is not possible to browse Samba shares by default in KDE
http://bugzilla.opensuse.org/show_bug.cgi?id=943691 Bug ID: 943691 Summary: It is not possible to browse Samba shares by default in KDE Classification: openSUSE Product: openSUSE Distribution Version: 42.1 Milestone 1 Hardware: x86-64 OS: openSUSE 42.1 Status: NEW Severity: Normal Priority: P5 - None Component: Samba Assignee: samba-maintainers@SuSE.de Reporter: cruftremover@picodata.net QA Contact: samba-maintainers@SuSE.de Found By: --- Blocker: --- At the present time, KDE users have the option to click on Network -> Samba Shares from within Dolphin. However by default this will simply inform the user that no Samba shares were found. This is due to Samba ports being disabled by the default in the default firewall configuration. Either Samba ports should be open by default to allow browsing local Windows shares, or the option to browse Samba shares should not be presented to the user unless they have specifically opened the necessary ports. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=943691
http://bugzilla.opensuse.org/show_bug.cgi?id=943691#c3
Lars Müller
http://bugzilla.opensuse.org/show_bug.cgi?id=943691
http://bugzilla.opensuse.org/show_bug.cgi?id=943691#c4
Michael Andres
Then the question is if it is possible to cause FW_LOAD_MODULES="nf_conntrack_netbios_ns" being set as soon as dolphin or a KDE pattern gets installed.
Therefore requesting information from Michael as he's defined as the libzypp/ zypper bug owner.
This is no issue for zypp. If dolphin and/or one of the kde pattern-packages need to adjust firewall settings, they have to arrange this in their post-install or post-trans script. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=943691
http://bugzilla.opensuse.org/show_bug.cgi?id=943691#c5
--- Comment #5 from Malvern Star
http://bugzilla.opensuse.org/show_bug.cgi?id=943691
http://bugzilla.opensuse.org/show_bug.cgi?id=943691#c6
Dominique Leuenberger
Forgive my likely ignorance, but should the Firewall simply be set during install to allow outgoing connections on the relevant ports? This would not only allow KDE to browse shares by default but other desktop environments too.
I actually agree: the FW change is something that samba-client should take care off... I could be using any DE (GNOME, KDE, XFCE) and even CLI tools to browse shares. the only common denominator would be samba libraries / client to actually handle that. @Lars? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=943691
http://bugzilla.opensuse.org/show_bug.cgi?id=943691#c7
Lars Müller
(In reply to Malvern Star from comment #5)
Forgive my likely ignorance, but should the Firewall simply be set during install to allow outgoing connections on the relevant ports? This would not only allow KDE to browse shares by default but other desktop environments too.
I actually agree: the FW change is something that samba-client should take care off... I could be using any DE (GNOME, KDE, XFCE) and even CLI tools to browse shares.
the only common denominator would be samba libraries / client to actually handle that.
This might open the ports in too many cases. The goal is to modify the firewall setting if one of the desktop patterns gets selected. But not in general if one of libsmbclient or samba-clients gets installed. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=943691
http://bugzilla.opensuse.org/show_bug.cgi?id=943691#c8
--- Comment #8 from Dominique Leuenberger
(In reply to Dominique Leuenberger from comment #6)
(In reply to Malvern Star from comment #5)
Forgive my likely ignorance, but should the Firewall simply be set during install to allow outgoing connections on the relevant ports? This would not only allow KDE to browse shares by default but other desktop environments too.
I actually agree: the FW change is something that samba-client should take care off... I could be using any DE (GNOME, KDE, XFCE) and even CLI tools to browse shares.
the only common denominator would be samba libraries / client to actually handle that.
This might open the ports in too many cases. The goal is to modify the firewall setting if one of the desktop patterns gets selected. But not in general if one of libsmbclient or samba-clients gets installed.
We're talking about poutgoing connections that need a crazy connection tracking handler to be able to receive a reply (which is the purpose of the FW_LOAD_MODULES="nf_conntrack_netbios_ns" statement).. incoming connections (not initiated from the client) are of course a different ballgame -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=943691
http://bugzilla.opensuse.org/show_bug.cgi?id=943691#c9
--- Comment #9 from Dominique Leuenberger
http://bugzilla.opensuse.org/show_bug.cgi?id=943691
http://bugzilla.opensuse.org/show_bug.cgi?id=943691#c11
Dominique Leuenberger
Yes, the connection tracking module is needed because the netbios sends out broadcasts, but replies arrive back from specific machines.
The question is if this module in the firewall configuration helps already?
Also, if you are browsing network shares you are probably in a "safe" network already and do not need the strict firewall?
Malvern, can you verify and confirm the above? Does it actually work if this is set? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=943691
http://bugzilla.opensuse.org/show_bug.cgi?id=943691#c12
Malvern Star
http://bugzilla.opensuse.org/show_bug.cgi?id=943691
Michael Andres
http://bugzilla.opensuse.org/show_bug.cgi?id=943691
Ludwig Nussel
participants (1)
-
bugzilla_noreply@novell.com