Solved

samba, ports 139 and 445, windows and error log (write_data: write failure, connection reset by peer,Error writing 5 bytes to client)

Posted on 2007-11-20
7
9,819 Views
Last Modified: 2013-12-16
Hello,
I'm using a samba server (CentOS 5) with several windows clients (xp and older).
Samba logs a lot of errors, like these:
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/util_sock.c:get_peer_addr(1232)
Nov 20 16:04:06 shoebox smbd[28548]:   getpeername failed. Error was Transport endpoint is not connected
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/access.c:check_access(327)
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/util_sock.c:get_peer_addr(1232)
Nov 20 16:04:06 shoebox smbd[28548]:   Denied connection from  (0.0.0.0)
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/util_sock.c:write_data(562)
Nov 20 16:04:06 shoebox smbd[28548]:   write_data: write failure in writing to client 10.76.66.2. Error Connection reset by peer
Nov 20 16:04:06 shoebox smbd[28548]: [2007/11/20 16:04:06, 0] lib/util_sock.c:send_smb(769)
Nov 20 16:04:06 shoebox smbd[28548]:   Error writing 5 bytes to client. -1. (Connection reset by peer)

Now, from other sources, this seems quite normal. The problem seems to be that WinXP clients try to connect both to port 139 and 445 and then keep open only the session which is answered first and close the other (see e.g. http://ntsecurity.nu/papers/port445/).

There are several solutions, but none seem really good:
- add "ports 139" to smb.conf; problem: clients suppoting cifs (e.g. WinXP+) must revert to netbios over tcp which is less efficient
- add "ports 445" to smb.conf; problem: clients not supporting cifs but only netbios over tcp cannot access the server anymore
- disable netbios over tcp on winxp+ clients; problem: these clients would not be accessible by older clients anymore and furthermore you'd lose other netbios-over-tcp-only functionalities (e.g. netbios messages)

So do you know of any better solution to this?

Strangely the RedHat knowledge base doesn't say anything about this. Strange as any samba server with xp clients (with default config) is going to see these errors. Maybe the RH knowledge base is crippled to promote paying customers...

Anyway, in my opinion the correct solution would be for samba just  NOT to log these errors as it's not really an error but normal (even if arguably good/bad) behavior of WinXP. In fact I consider this a samba bug.

Is it possible to configure samba to consider this normal and not pollute the log file?

Another idea might be to use the firewall: if a client is connecting to port 139 and 445 at the same time, just block port 139. Can this be done with iptables? Has anyone already tried this?
0
Comment
Question by:lbertacco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 20333098
Hi,

It could be that you have a firewall denying  / reseting the sessions.

0
 
LVL 11

Author Comment

by:lbertacco
ID: 20333139
No, there is no firewall blocking anything and anyway this is expected normal behavior from xp clients (to try and open two sessions, then drop one)
0
 

Expert Comment

by:ryran
ID: 21656117
I'd love to hear anyone else's thoughts on this topic as well...
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 11

Author Comment

by:lbertacco
ID: 21657856
I entered this as bug 5314 in samba's bugzilla. It still has to receive any activity
0
 

Expert Comment

by:csindia
ID: 22151225
I suddenly have this problem. Access via the IP address works fine though. Any ideas?
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22423203
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question