Ubuntu
samba package

ufw blocks samba in karmic default installation

Bug #468197 reported by maihacke
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ufw
Invalid
Undecided
Unassigned
samba (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: samba

I started with a karmic beta install and setup a samba server.
This was working for a fews days. After several updates samba stopped working.
Samba starts but the server is not visible in the "networking" in nautilus.
This applies to the samba servers and to the clients.

I figured out that ufw seems to block at least some of the network traffic required for samba to work.
After
> sudo ufw disable
samba worked perfectly.

Retrying
> sudo ufw enable
samba isn't reachable at all.

ufw is recommended by the samba package and a ufw profile is installed.
The profile should be corrected to allow samba to work in the default installation.

ProblemType: Bug
Architecture: i386
Date: Sun Nov 1 10:54:07 2009
DistroRelease: Ubuntu 9.10
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release Candidate i386 (20091020.1)
NonfreeKernelModules: nvidia
Package: samba 2:3.4.0-3ubuntu5
ProcEnviron:
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-14.48-generic
SourcePackage: samba
Uname: Linux 2.6.31-14-generic i686

Revision history for this message
maihacke (simon-spielmann) wrote :
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. This is not a bug in samba or in ufw, but rather a local configuration issue. You had ufw enabled, which blocks packets. You therefore need to adjust your firewall to allow samba connections. See https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/345221.

Alternatively, you might take a look at bug #360975 and enable the nf_conntrack_netbios_ns module.

Changed in samba (Ubuntu):
status: New → Invalid
Changed in ufw:
status: New → Invalid
Revision history for this message
maihacke (simon-spielmann) wrote :

Hi,
thank you for your answer. I think it is atleast an documentation issue then.
If I install samba and samba suggests ufw, which in fact blocks samba the default configuration isn't working.
The samba ufw profile should be activated by default or the user should get an info that he has to do something.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

While samba suggests ufw, ufw is not enabled on installation and so default installations are not affected. That said, it has been brought up that perhaps ufw should open up ports on an enabled firewall when a package is installed in Ubuntu. There are pros and cons to this, and it is a contentious topic. The current position is that this does not happen because it punches holes in the firewall that an administrator may not want. For example, if apache2 was installed and ufw opened up the necessary ports, then ufw would have to open them up to the world (because it doesn't know otherwise). While apache2 would certainly work, ufw may not be following the site's firewall policy (consider the situation where this web server is an internal-only website).

There has been some work done to allow this behavior to be configurable, but this functionality is not complete or available in Ubuntu.

Revision history for this message
maihacke (simon-spielmann) wrote :

Okay, I thought ufw was enable during the samba installed. I did not install or activate it manual.
I think it would be to hard to figure out why it was enabled on my system.
I second, that a firewall should not open any ports automatically without user interaction.
If samba does not activate ufw by default. I agree - we don't have a bug here :-)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.