Solved

samba, ports 139 and 445, windows and error log (write_data: write failure, connection reset by peer,Error writing 5 bytes to client)

Posted on 2007-11-20
7
9,770 Views
Last Modified: 2013-12-16
Hello,
I'm using a samba server (CentOS 5) with several windows clients (xp and older).
Samba logs a lot of errors, like these:
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/util_sock.c:get_peer_addr(1232)
Nov 20 16:04:06 shoebox smbd[28548]:   getpeername failed. Error was Transport endpoint is not connected
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/access.c:check_access(327)
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/util_sock.c:get_peer_addr(1232)
Nov 20 16:04:06 shoebox smbd[28548]:   Denied connection from  (0.0.0.0)
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/util_sock.c:write_data(562)
Nov 20 16:04:06 shoebox smbd[28548]:   write_data: write failure in writing to client 10.76.66.2. Error Connection reset by peer
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/util_sock.c:send_smb(769)
Nov 20 16:04:06 shoebox smbd[28548]:   Error writing 5 bytes to client. -1. (Connection reset by peer)

Now, from other sources, this seems quite normal. The problem seems to be that WinXP clients try to connect both to port 139 and 445 and then keep open only the session which is answered first and close the other (see e.g. http://ntsecurity.nu/papers/port445/).

There are several solutions, but none seem really good:
- add "ports 139" to smb.conf; problem: clients suppoting cifs (e.g. WinXP+) must revert to netbios over tcp which is less efficient
- add "ports 445" to smb.conf; problem: clients not supporting cifs but only netbios over tcp cannot access the server anymore
- disable netbios over tcp on winxp+ clients; problem: these clients would not be accessible by older clients anymore and furthermore you'd lose other netbios-over-tcp-only functionalities (e.g. netbios messages)

So do you know of any better solution to this?

Strangely the RedHat knowledge base doesn't say anything about this. Strange as any samba server with xp clients (with default config) is going to see these errors. Maybe the RH knowledge base is crippled to promote paying customers...

Anyway, in my opinion the correct solution would be for samba just  NOT to log these errors as it's not really an error but normal (even if arguably good/bad) behavior of WinXP. In fact I consider this a samba bug.

Is it possible to configure samba to consider this normal and not pollute the log file?

Another idea might be to use the firewall: if a client is connecting to port 139 and 445 at the same time, just block port 139. Can this be done with iptables? Has anyone already tried this?
0
Comment
Question by:lbertacco
7 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 20333098
Hi,

It could be that you have a firewall denying  / reseting the sessions.

0
 
LVL 11

Author Comment

by:lbertacco
ID: 20333139
No, there is no firewall blocking anything and anyway this is expected normal behavior from xp clients (to try and open two sessions, then drop one)
0
 

Expert Comment

by:ryran
ID: 21656117
I'd love to hear anyone else's thoughts on this topic as well...
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 11

Author Comment

by:lbertacco
ID: 21657856
I entered this as bug 5314 in samba's bugzilla. It still has to receive any activity
0
 

Expert Comment

by:csindia
ID: 22151225
I suddenly have this problem. Access via the IP address works fine though. Any ideas?
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22423203
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Preface There are many applications where some computing systems need have their system clocks running synchronized within a small margin and eventually need to be in sync with the global time. There are different solutions for this, i.e. the W3…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now