T 3.95 Incorrect configuration of the operating system of a Samba server

An incorrect operating system configuration of a Samba server can disrupt the secure and error-free operation of the server or aggravate the effects of malfunctions. When specifying the configuration of the operating system, common errors include the following:

• Use of an incompatible file system or of incompatible file system options in connection with Samba.
  
  If the third extended file system (ext3) of a Samba file share is mounted without using the "acl" option, then information can get lost. For example, if file folders are moved from a Windows system to a Samba file share, then all access control list (ACL) entries that cannot be implemented using the standard file system authorisations available in Unix will be lost.
• Incorrect configuration of the local packet filter.
  
  The Samba service listens in on various TCP and UDP ports so it can establish network connections with the clients. If access to these ports from the outside is regulated by a packet filter, then it may be impossible to access the Samba service if the packet filter is configured incorrectly.

Examples:

In the configuration of the local packet filter of a Samba server, communication with Port 137/User Datagram Protocol (UDP) is disabled. This port is needed by the "nmbd" program to provide the Network Basic Input/Output System (NetBIOS) name service. Since the NetBIOS name service is no longer available, the functionality offered by Samba is very limited. For example, if Samba is used as a primary domain controller (PDC), then clients will no longer be able to find the Samba server.