Bug 14574 - vfs_fruit documentation must note requirement that firewall allow mdns
Summary: vfs_fruit documentation must note requirement that firewall allow mdns
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Documentation (show other bugs)
Version: 4.11.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba Documentation QA Contact~
QA Contact: Samba Documentation QA Contact~
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-12 20:14 UTC by burgess
Modified: 2020-11-12 20:14 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description burgess 2020-11-12 20:14:33 UTC
The vfs_fruit module supports Apple extensions for Samba shares.  Aspects of vfs_fruit require mdns functionality (provided by avahi-daemon).  However, vanilla firewall implementations may block mdns traffic, causing vfs_fruit to fail in non-obvious ways.  

The vfs_fruit documentation must note the requirement that any firewall be configured to allow mdns.

If appropriate, an example command line could be shown, such as "firewall-cmd --permanent --zone=public --add-service=mdns"; but I recognize this may be problematic given the variety of firewalld implementations that may use different command lines.

In my case, with the firewall blocking mdns without my realizing it, vfs_fruit would work for a minute or two and then fail. Restarting smbd or avahi (doing either would work) would restore functionality for another minute or two.  No errors were logged by either smbd or avahi-daemon that gave a clue to the problem.  It would have been a godsend to see some discussion of the mdns firewall requirement in the vfs_fruit documentation.