Hosting Provided By

Firehol Prevents Me From Joining Domain

From: Anthony M Simonelli <a.simonelli(at)sbcglobal.net>
Date: Sun Aug 19 2007 - 10:04:28 EDT

I'm running firehol on a Debian test server. I have the winbind service running to resolve NT domain user names. I have the following services defined for my LAN interface in the firehol.conf file.

lan_ips="192.168.0.0/24"

interface eth0 Lan src "${lan_ips}"

        policy reject
        server microsoft_ds accept
        server samba accept
        client all accept

Whenever I try to join the domain "net rpc join -W DOMAIN -U administrator" I get a message saying "Unable to find a suitable server" and I find the following in my logs:

Aug 19 08:55:51 server kernel: ''IN-Lan':'IN=eth0 OUT=

MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=192.168.0.9
DST=192.168.0.197 LEN=90 TOS=0x00 PREC=0x00 TTL=128 ID=53787 PROTO=UDP
SPT=137 DPT=1033 LEN=70

Clearly the response is being blocked by my firewall and when I shut the firewall down, I can easily join the domain. I know that this relates to a hack in the Samba service defined in Firehol (http://firehol.sourceforge.net/services.html?#samba). Is there a work around that I can use in my configuration file? Something that allows responses only from a certain host, like the PDC?

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Sun Aug 19 10:04:48 2007

This message: [ Message body ]
Next message: Douglas A. Tutty: "Re: change partitions"
Previous message: Douglas A. Tutty: "Re: /sys/power/state question with sudoers!"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 07 2007 - 02:26:48 EDT