samba, ports 139 and 445, windows and error log (write_data: write failure, connection reset by peer,Error writing 5 bytes to client)

Hello,
I'm using a samba server (CentOS 5) with several windows clients (xp and older).
Samba logs a lot of errors, like these:
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/util_sock.c:get_peer_addr(1232)
Nov 20 16:04:06 shoebox smbd[28548]:   getpeername failed. Error was Transport endpoint is not connected
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/access.c:check_access(327)
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/util_sock.c:get_peer_addr(1232)
Nov 20 16:04:06 shoebox smbd[28548]:   Denied connection from  (0.0.0.0)
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/util_sock.c:write_data(562)
Nov 20 16:04:06 shoebox smbd[28548]:   write_data: write failure in writing to client 10.76.66.2. Error Connection reset by peer
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/util_sock.c:send_smb(769)
Nov 20 16:04:06 shoebox smbd[28548]:   Error writing 5 bytes to client. -1. (Connection reset by peer)

Now, from other sources, this seems quite normal. The problem seems to be that WinXP clients try to connect both to port 139 and 445 and then keep open only the session which is answered first and close the other (see e.g. http://ntsecurity.nu/papers/port445/).

There are several solutions, but none seem really good:
- add "ports 139" to smb.conf; problem: clients suppoting cifs (e.g. WinXP+) must revert to netbios over tcp which is less efficient
- add "ports 445" to smb.conf; problem: clients not supporting cifs but only netbios over tcp cannot access the server anymore
- disable netbios over tcp on winxp+ clients; problem: these clients would not be accessible by older clients anymore and furthermore you'd lose other netbios-over-tcp-only functionalities (e.g. netbios messages)

So do you know of any better solution to this?

Strangely the RedHat knowledge base doesn't say anything about this. Strange as any samba server with xp clients (with default config) is going to see these errors. Maybe the RH knowledge base is crippled to promote paying customers...

Anyway, in my opinion the correct solution would be for samba just  NOT to log these errors as it's not really an error but normal (even if arguably good/bad) behavior of WinXP. In fact I consider this a samba bug.

Is it possible to configure samba to consider this normal and not pollute the log file?

Another idea might be to use the firewall: if a client is connecting to port 139 and 445 at the same time, just block port 139. Can this be done with iptables? Has anyone already tried this?
LVL 11
lbertaccoAsked:
Who is Participating?
 
Computer101Commented:
PAQed with points refunded (500)

Computer101
EE Admin
0
 
omarfaridCommented:
Hi,

It could be that you have a firewall denying  / reseting the sessions.

0
 
lbertaccoAuthor Commented:
No, there is no firewall blocking anything and anyway this is expected normal behavior from xp clients (to try and open two sessions, then drop one)
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
ryranCommented:
I'd love to hear anyone else's thoughts on this topic as well...
0
 
lbertaccoAuthor Commented:
I entered this as bug 5314 in samba's bugzilla. It still has to receive any activity
0
 
csindiaCommented:
I suddenly have this problem. Access via the IP address works fine though. Any ideas?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.