Hallo ihr Feuermänner, inzwischen habe ich drei Antworten bekommen von Micha, Christian und Robert und schicke die angeforderten Status- oder Logabfragen netstat -lnp |grep 13 /var/log/samba/smbd.log /var/log/samba/nbmd.log /var/log/warn /etc/samba/smb.conf /etc/samba/SuSEConfig2. Bemerkung an Schöpp: Ich habe die SuSEFW2 mit ip*tables*, weiß das aber auch noch nicht lange. Scheint möglich, dass ich die /etc/sysconfig/SuSEConfig2 (andere habe ich nicht editiert) inzwischen so verhunzt habe, dass nix mehr geht. Wenn aber keine Bolzen vom Typ 'klar, kann doch nicht...' zu finden sind, werde ich sie wohl mit der /usr/share/doc/packages/SuSEfirewall2/SuSEfirewall2.conf überbügeln und dann nach dem Rezept von Robert mit YaST2 konfigurieren. Frage an Robert: Reicht bei der Einngabe ins "Expertenfenster" von YaST2| ...| Firewall |Zusätzliche Dienste die Eingabe der mit Leerzeichen getrennten Portnummern, oder müssen smbd, nmbd, tcp/udp dort noch ausführlich angegeben werden? Nach meiner Deutung werden alle für Samba notwendigen Ports für das interne Netz zugelassen. Vielen Dank für Eure Bemühungen!! - Gruß, Daniel netstat -lnp |grep 13 (zeigt TCP-Port 137, 138 und 139): ===================== congo:/tmp # cat netstat_lnpgrep13\* tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 687/smbd udp 0 0 192.168.1.1:137 0.0.0.0:* 680/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 680/nmbd udp 0 0 192.168.1.1:138 0.0.0.0:* 680/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 680/nmbd /var/log/samba/smbd.log (nur aktuelle): ======================== [2003/06/15 19:52:30, 0] smbd/server.c:main(698) smbd version 2.2.3a started. Copyright Andrew Tridgell and the Samba Team 1992-2002 /var/log/samba/nbmd.log: ======================= [2003/06/15 19:52:30, 0] nmbd/nmbd.c:main(783) Netbios nameserver version 2.2.3a started. Copyright Andrew Tridgell and the Samba Team 1994-2002 [2003/06/15 19:52:35, 0] nmbd/nmbd_responserecordsdb.c:find_response_record(237) find_response_record: response packet id 12427 received with no matching record. [2003/06/15 19:52:35, 0] nmbd/nmbd_responserecordsdb.c:find_response_record(237) find_response_record: response packet id 12428 received with no matching record. [2003/06/15 19:58:16, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(404) ***** Samba name server CONGO is now a local master browser for workgroup ARBEITSGRUPPE on subnet 192.168.1.1 ***** /var/log/warn: ============== un 15 19:52:30 congo kernel: eth0: Tx timeout - resetting Jun 15 19:52:34 congo modprobe: modprobe: Can't locate module char-major-10-134 Jun 15 19:52:34 congo kernel: eth0: Tx timeout - resetting Jun 15 19:52:35 congo nmbd[680]: [2003/06/15 19:52:35, 0] nmbd/nmbd_responserecordsdb.c:find_response_record(237) Jun 15 19:52:35 congo nmbd[680]: find_response_record: response packet id 12427 received with no matching record. Jun 15 19:52:35 congo nmbd[680]: [2003/06/15 19:52:35, 0] nmbd/nmbd_responserecordsdb.c:find_response_record(237) Jun 15 19:52:35 congo nmbd[680]: find_response_record: response packet id 12428 received with no matching record. Jun 15 19:52:38 congo kernel: eth0: Tx timeout - resetting Jun 15 19:53:47 congo kernel: eth0: Tx timeout - resetting Jun 15 19:54:01 congo fetchnews[1061]: can't stat /var/spool/news/leaf.node/groupinfo: No such file or directory Jun 15 19:54:01 congo fetchnews[1061]: Reading all newsgroups failed Jun 15 19:55:47 congo kernel: eth0: Tx timeout - resetting Jun 15 19:57:47 congo kernel: eth0: Tx timeout - resetting Jun 15 19:58:14 congo last message repeated 5 times Jun 15 19:58:16 congo nmbd[680]: [2003/06/15 19:58:16, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(404) Jun 15 19:58:16 congo nmbd[680]: ***** Jun 15 19:58:16 congo nmbd[680]: Jun 15 19:58:16 congo nmbd[680]: Samba name server CONGO is now a local master browser for workgroup ARBEITSGRUPPE on subnet 192.168.1.1 Jun 15 19:58:16 congo nmbd[680]: Jun 15 19:58:16 congo nmbd[680]: ***** smb.conf: ========= (snip) [global] workgroup = arbeitsgruppe os level = 2 security = user encrypt passwords = Yes guest account = Nobody map to guest = Bad User # This tells samba to use the file smbusers for user mapping. ; username map = /etc/samba/smbusers # This tells samba to write log files per machine. ; log file = /var/log/samba/%m # This sets an alternate log level. Default is 2. ; log level = 3 # Uncomment the following, if you want to use an existing NT-Server to # authenticate users, but don't forget that you also have to create them # locally! ; security = server ; password server = 192.168.1.10 printing = LPRNG printcap name = /etc/printcap load printers = Yes # These settings are a suggestion for a local network. Cf. section # 'socket options' in the man page of smb.conf and socket(7). socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY # Uncomment this, if you want to integrate your server # into an existing net e.g. with NT-WS to prevent nettraffic ; local master = No # Please uncomment the following entry and replace the ip number and # netmask with the values of your network interface configuration. ; interfaces = 192.168.1.1/255.255.255.0 # If you want Samba to act as a wins server, please set # 'wins support' to yes. wins support = No # If you want Samba to use an existing wins server, please uncomment the # following line and replace the dummy with the wins server's ip number. ; wins server = 192.168.1.1 # Set these two parameters to your DOS code page and appropriate UNIX # character set. These values are for west European languages (Latin-9) # UNIX character and MS-DOS Latin 1 code page. character set = ISO8859-15 client code page = 850 # This is a simple measure against Nimba Worm. Cf. README.Win32-Viruses veto files = /*.eml/*.nws/riched20.dll/*.{*}/ # Do you wan't samba to act as a logon-server for your windows 95/98 # clients, so uncomment the following: ; domain logons = Yes ; domain master = Yes # For a specific logon script per user ; logon script = %U.bat # For a specific logon script per machine ; logon script = %m.bat # Where to store the logon scripts. ;[netlogon] ; comment = Network Logon Service ; path = /var/lib/samba/netlogon # Where profiles of Windows 9x systems are stored. # First example for a centralized place. ; logon home = \\%L\profiles\%U # Second example for a subdirectory of the users home. ; logon home = \\%L\%U\profile # Where profiles of Windows NT systems are stored. ; logon path = \\%L\profiles\%U # Extra share for profiles. Default is the home of the user. ;[profiles] ; comment = Network Profiles Service ; path = /var/lib/samba/profiles ; browseable = No [homes] comment = Home Directories read only = No create mask = 0640 directory mask = 0750 browseable = No # The following share gives all users access to the Server's CD drive, # assuming it is mounted under /media/cdrom. To enable this share, # please remove the semicolons before the lines [cdrecorder] comment = Linux CD-ROM path = /media/cdrecorder locking = No browseable = Yes [dvd] comment = Linux DVD path = /media/dvd locking = No browseable = Yes [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = Yes /etc/sysconfig/SuSEConfig2: =========================== (...snip...) # # 1.) # Should the Firewall be started? # # This setting is done via the links in the /etc/init.d/rc?.d runlevel # directories, which can be tweaked with a runlevel editor (or manually) # # 2.) # Which is the interface that points to the internet/untrusted networks? # # Enter all the network devices here which are untrusted. # # Choice: any number of devices, seperated by a space # e.g. "eth0", "ippp0 ippp1 eth0:1" # FW_DEV_EXT="ippp0" # # 3.) # Which is the interface that points to the internal network? # # Enter all the network devices here which are trusted. # If you are not connected to a trusted network (e.g. you have just a # dialup) leave this empty. # # Choice: leave empty or any number of devices, seperated by a space # e.g. "tr0", "eth0 eth1 eth1:1" or "" # FW_DEV_INT="eth0" # # 4.) # Which is the interface that points to the dmz or dialup network? # # Enter all the network devices here which point to the dmz/dialups. # A "dmz" is a special, seperated network, which is only connected to the # firewall, and should be reachable from the internet to provide services, # e.g. WWW, Mail, etc. and hence are at risk from attacks. # See /usr/share/doc/packages/SuSEfirewall2/EXAMPLES for an example. # # Special note: You have to configure FW_FORWARD to define the services # which should be available to the internet and set FW_ROUTE to yes. # # Choice: leave empty or any number of devices, seperated by a space # e.g. "tr0", "eth0 eth1 eth1:1" or "" # FW_DEV_DMZ="" # # 5.) # Should routing between the internet, dmz and internal network be activated? # REQUIRES: FW_DEV_INT or FW_DEV_DMZ # # You need only set this to yes, if you either want to masquerade internal # machines or allow access to the dmz (or internal machines, but this is not # a good idea). This option supersedes IP_FORWARD from # /etc/sysconfig/network/options # -- Veneno da Lata DAS GIFT AUS DER DOSE - oder: afrobrasilianische Taktschlemmereien mit Biss! http://www.patuscada.de Tim Sein Lada - Hinhören und Fieber kriegen. http://www.tim-sein-lada.de