Host list: connection timed out

Quazz · May 3, 2017, 6:51 AM

@justeverything If the port isn’t open on the host then it can’t communicate, simple as that, to be honest. It’s like trying to call someone who put everyone on a blocklist.

Tom Elliott · May 3, 2017, 12:54 PM

Or more accurately, it’s like calling a number that’s been removed from use. You could re-apply it relatively easily, but if you’re shying away from keeping it available for whatever reason, NO ONE will be able to call it to begin with.

george1421 · May 3, 2017, 12:56 PM

@Tom-Elliott So to be clear here, this isn’t a traditional ICMP ping which is on the OSI layer 3 (IP) but instead a layer 4 port level connection test.

That is interesting idea. It would also be interesting to know how a linux or any other non-windows box would respond (assuming that samba was not loaded on a windows machine). To the connect request to port 445. I could see the device sending a nak back to the FOG server. Which I would guess is also a success response too.

Tom Elliott · May 3, 2017, 1:03 PM

@george1421 It’s a NetBIOS port (number 445) by default. As for if it’s usable or not on linux, well I don’t know. To be fair, I followed what was already in place, just neatened up the code base.

george1421 · May 3, 2017, 7:04 AM

@Tom-Elliott Not throwing shade as the young folks would say on this. Its just a different concept and something we should be aware of if we are expecting an icmp ping. I just did a quick check at my office and I have linux machines that have samba and no samba installed so I can confirm / test if they respond as a windows machine does to a port level ping.

I have a meeting in a few minutes and will test afterwards.

Tom Elliott · May 3, 2017, 7:50 AM

If you don’t want to enable the port, you don’t have to. Understand the “ping” status is just a nicety and has no bearing on actual availability of a machine or any functionality of how FOG will operate.

justeverything · May 3, 2017, 3:52 PM

@Tom-Elliott yes, I can confirm this - I don’t have to enable the ports, but I want to. I like this feature very much and it would be sad If I won’t be able to use it.

The problem with my setup is that it says “connection refused” although I enabled the port 445 both on the server and the host via ufw firewall.

Server OS is the latest debian 8 and Client OS is the latest Ubuntu 16.04 Maybe anyone has some ideas. Thanks in advance. :))

Tom Elliott · May 3, 2017, 3:53 PM

@justeverything You could try this:

https://unix.stackexchange.com/questions/183317/resolving-netbios-names-from-linux

george1421 · May 3, 2017, 4:03 PM

@justeverything I guess I would ask the question" If you open a command prompt on the linux server can you ping (icmp) the windows computer by is short name (or the name registered in fog)?

george1421 · May 3, 2017, 4:58 PM

@george1421

during testing I did find that the udp probe to hosts would aways return a success, even if the host didn’t exist (not a very successful test). This was using the netcat [nc] utility. The command used was nc -zuvv <ip_addr> 445

When I changed to use the tcp port then the answers were more in line with an icmp ping.
command use nc -zvv <ip_addr> 445

For a windows host answer was: Connection to <ip_addr> 445 port [tcp/microsoft-ds] succedded!
For a linux host with samba installed: Connection to <ip_addr> 445 port [tcp/microsoft-ds] succedded!
For a linux host without samba or anything listening on port 445: Connection to <ip_addr> 445 port (tcp) failed: No route to host.
For a host that doesn’t exist: Connection to <ip_addr> 445 port (tcp) failed: No route to host. (after about 5 sec timeout)

Does the selecting port ping work, yes as long as its a tcp connection attempt.

Why was that selected over an icmp ping, only the programmers of the past know.

justeverything · May 5, 2017, 2:56 AM

@george1421 I don’t have any windows computers in my network. but i can ping (normal ping, not icmp) the ubuntu clients over the terminal of the fog host by the short name “pool-05” or by the IP, both successfull.

if I ping a pool pc from the server using “nc -zvv <ip_addr> 445” I also get connection refused.

root@fog:/home/admin# nc -zvv IP 445
pool-14.domain [IP] 445 (microsoft-ds) : Connection refused
 sent 0, rcvd 0

Does your testing mean, that, if I install samba at my hosts, the ping would work?

I testet it installing samba and libnss-winbind and configured the file /etc/nsswitch.conf
from

hosts:      files mdns4_minimal [NOTFOUND=return] dns

to

hosts:      files wins mdns4_minimal [NOTFOUND=return] dns

now the output looks like this:

root@fog:/home/admin# nc -zvv IP 445
pool-14.domain [IP] 445 (microsoft-ds) open
 sent 0, rcvd 0

but the hosts list still returns an error “connection timed out”

Maybe, in a new version of fog, maybe the process of pinging using icmp can be changed to a normal ping to be more variable for linux hosts? that would be great.

I will also try the steps postet by @Tom-Elliott and write back if anything changes.

alh · Jun 22, 2017, 7:33 AM

We solved by doing the following:

On the FOG-Server install Winbind:

sudo apt-get install -y winbind libnss-winbind

Edit the Samba config:

# /etc/samba/smb.conf

[global]
    ...
    workgroup = <domain/workgroup>
    ...
    wins server = <ipofyourwinsserver>
    ...

Edit the nsswitch config:

# /etc/nsswitch.conf

hosts: files dns wins

Reboot your server.

On the Windows 7 clients we had to add the following firewall rule:

netsh advfirewall firewall add rule name="FOG Service" dir=in action=allow remoteip=<ipofyourFOGserver> protocol=tcp localport=445

That worked for us.

Host list: connection timed out

137

12.0k

17.3k

155.2k