diff options
Diffstat (limited to 'docs/faq')
-rw-r--r-- | docs/faq/Samba-Server-FAQ-1.html | 77 | ||||
-rw-r--r-- | docs/faq/Samba-Server-FAQ-2.html | 500 | ||||
-rw-r--r-- | docs/faq/Samba-Server-FAQ.html | 88 | ||||
-rw-r--r-- | docs/faq/Samba-Server-FAQ.sgml | 492 | ||||
-rw-r--r-- | docs/faq/Samba-meta-FAQ-1.html | 160 | ||||
-rw-r--r-- | docs/faq/Samba-meta-FAQ-2.html | 384 | ||||
-rw-r--r-- | docs/faq/Samba-meta-FAQ-3.html | 101 | ||||
-rw-r--r-- | docs/faq/Samba-meta-FAQ-4.html | 215 | ||||
-rw-r--r-- | docs/faq/Samba-meta-FAQ-5.html | 30 | ||||
-rw-r--r-- | docs/faq/Samba-meta-FAQ-6.html | 30 | ||||
-rw-r--r-- | docs/faq/Samba-meta-FAQ.html | 102 | ||||
-rw-r--r-- | docs/faq/Samba-meta-FAQ.sgml | 771 | ||||
-rw-r--r-- | docs/faq/Samba-meta-FAQ.txt | 924 | ||||
-rw-r--r-- | docs/faq/sambafaq-1.html | 392 | ||||
-rw-r--r-- | docs/faq/sambafaq-2.html | 236 | ||||
-rw-r--r-- | docs/faq/sambafaq-3.html | 322 | ||||
-rw-r--r-- | docs/faq/sambafaq-4.html | 37 | ||||
-rw-r--r-- | docs/faq/sambafaq-5.html | 30 | ||||
-rw-r--r-- | docs/faq/sambafaq.html | 115 | ||||
-rw-r--r-- | docs/faq/sambafaq.sgml | 792 | ||||
-rw-r--r-- | docs/faq/sambafaq.txt | 1122 |
21 files changed, 6920 insertions, 0 deletions
diff --git a/docs/faq/Samba-Server-FAQ-1.html b/docs/faq/Samba-Server-FAQ-1.html new file mode 100644 index 0000000000..0bf7f04610 --- /dev/null +++ b/docs/faq/Samba-Server-FAQ-1.html @@ -0,0 +1,77 @@ +<HTML> +<HEAD> +<TITLE> Samba Server FAQ: What is Samba?</TITLE> +</HEAD> +<BODY> +Previous +<A HREF="Samba-Server-FAQ-2.html">Next</A> +<A HREF="Samba-Server-FAQ.html#toc1">Table of Contents</A> +<HR> +<H2><A NAME="s1">1. What is Samba?</A></H2> + +<P> +<A NAME="WhatIsSamba"></A> +</P> +<P>See the +<A HREF="Samba-meta-FAQ.html#introduction">meta FAQ introduction</A> if you don't have any idea what Samba does.</P> +<P>Samba has many features that are not supported in other CIFS and SMB +implementations, all of which are commercial. It approaches some +problems from a different angle.</P> +<P>Some of its features include: +<UL> +<LI>extremely dynamic runtime configuration</LI> +<LI>host as well as username/password security</LI> +<LI>scriptable SMB client</LI> +<LI>automatic home directory exporting</LI> +<LI>automatic printer exporting</LI> +<LI>intelligent dead connection timeouts</LI> +<LI>guest connections</LI> +</UL> +</P> +<P>Look at the +<A HREF="samba-man-index.html">manual pages</A> included with the package for a full list of +features. The components of the suite are (in summary):</P> +<P> +<DL> + +<DT><B>smbd</B><DD><P>the SMB server. This handles actual connections from clients, +doing all the interfacing with the +<A HREF="Samba-meta-FAQ.html#DomainModeSecurity">authentication database</A> for file, permission and username work.</P> + +<DT><B>nmbd</B><DD><P>the NetBIOS name server, which helps clients locate servers, +maintaining the +<A HREF="Samba-meta-FAQ.html#BrowseAndDomainDefs">authentication database</A> doing the browsing work and managing +domains as this capability is being built into Samba.</P> + +<DT><B>smbclient</B><DD><P>the scriptable commandline SMB client program. +Useful for automated work, printer filters and testing purposes. It is +more CIFS-compliant than most commercial implementations. Note that this +is not a filesystem. The Samba team does not supply a network filesystem +driver, although the smbfs filesystem for Linux is derived from +smbclient code.</P> + +<DT><B>smbrun</B><DD><P>a little 'glue' program to help the server run +external programs.</P> + +<DT><B>testprns</B><DD><P>a program to test server access to printers</P> + +<DT><B>testparms</B><DD><P>a program to test the Samba configuration file +for correctness</P> + +<DT><B>smb.conf</B><DD><P>the Samba configuration file</P> + +<DT><B>examples</B><DD><P>many examples have been put together for the different +operating systems that Samba supports.</P> + +<DT><B>Documentation!</B><DD><P>DON'T neglect to read it - you will save a great +deal of time!</P> + +</DL> +</P> + +<HR> +Previous +<A HREF="Samba-Server-FAQ-2.html">Next</A> +<A HREF="Samba-Server-FAQ.html#toc1">Table of Contents</A> +</BODY> +</HTML> diff --git a/docs/faq/Samba-Server-FAQ-2.html b/docs/faq/Samba-Server-FAQ-2.html new file mode 100644 index 0000000000..37a3983399 --- /dev/null +++ b/docs/faq/Samba-Server-FAQ-2.html @@ -0,0 +1,500 @@ +<HTML> +<HEAD> +<TITLE> Samba Server FAQ: How do I get the CIFS, SMB and NetBIOS protocols?</TITLE> +</HEAD> +<BODY> +<A HREF="Samba-Server-FAQ-1.html">Previous</A> +Next +<A HREF="Samba-Server-FAQ.html#toc2">Table of Contents</A> +<HR> +<H2><A NAME="s2">2. How do I get the CIFS, SMB and NetBIOS protocols?</A></H2> + +<P> +<A NAME="ServerProtocols"></A> +</P> +<P>See the +<A HREF="Samba-meta-FAQ.html#CifsSmb">meta FAQ on CIFS and SMB</A> if you don't have any idea what these protocols are.</P> +<P>CIFS and SMB are implemented by the main Samba fileserving daemon, smbd. +<F>.....</F></P> +<P>nmbd speaks a limited amount of CIFS (...) but is mostly concerned with +NetBIOS. NetBIOS is <F>....</F></P> +<P>RFC1001, RFC1002 <F>...</F></P> +<P>So, provided you have got Samba correctly installed and running you have +all three of these protocols. Some operating systems already come with +stacks for all or some of these, such as SCO Unix, OS/2 and <F>...</F> In this +case you must <F>...</F></P> + +<H2><A NAME="ss2.1">2.1 What server operating systems are supported?</A></H2> + +<P> +<A NAME="PortInfo"></A> +</P> +<P>At the last count, Samba runs on about 40 operating systems! This +section looks at general questions about running Samba on the different +platforms. Issues specific to particular operating systems are dealt +with in elsewhere in this document.</P> +<P>Many of the ports have been done by people outside the Samba team keen +to get the advantages of Samba. The Samba team is currently trying to +bring as many of these ports as possible into the main source tree and +integrate the documentation. Samba is an integration tool, and so it has +been made as easy as possible to port. The platforms most widely used +and thus best tested are Linux and SunOS.</P> +<P>This migration has not been completed yet. This means that some +documentation is on web sites <F>...</F></P> +<P>There are two main families of Samba ports, Unix and other. The Unix +ports cover anything that remotely resembles Unix and includes some +extremely old products as well as best-sellers, tiny PCs to massive +multiprocessor machines supporting hundreds of thousands of users. Samba +has been run on more than 30 Unix and Unix-like operating systems.</P> + +<H3>Running Samba on a Unix or Unix-like system</H3> + +<P> +<A NAME="OnUnix"></A> +</P> +<P> +<A HREF="../UNIX-SMB.txt">../UNIX-SMB.txt</A> describes some of the issues that confront a +SMB implementation on unix, and how Samba copes with them. They may help +people who are looking at unix<->PC interoperability.</P> +<P>There is great variation between Unix implementations, especially those +not adhering to the Common Unix Specification agreed to in 1996. Things +that can be quite tricky are <F>.....</F></P> +<P>There are also some considerable advantages conferred on Samba running +under Unix compared to, say, Windows NT or LAN Server. Unix has <F>...</F></P> +<P>At time of writing, the Makefile claimed support for: +<UL> +<LI> A/UX 3.0</LI> +<LI> AIX</LI> +<LI> Altos Series 386/1000</LI> +<LI> Amiga</LI> +<LI> Apollo Domain/OS sr10.3</LI> +<LI> BSDI </LI> +<LI> B.O.S. (Bull Operating System)</LI> +<LI> Cray, Unicos 8.0</LI> +<LI> Convex</LI> +<LI> DGUX. </LI> +<LI> DNIX.</LI> +<LI> FreeBSD</LI> +<LI> HP-UX</LI> +<LI> Intergraph. </LI> +<LI> Linux with/without shadow passwords and quota</LI> +<LI> LYNX 2.3.0</LI> +<LI> MachTen (a unix like system for Macintoshes)</LI> +<LI> Motorola 88xxx/9xx range of machines</LI> +<LI> NetBSD</LI> +<LI> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).</LI> +<LI> OS/2 using EMX 0.9b</LI> +<LI> OSF1</LI> +<LI> QNX 4.22</LI> +<LI> RiscIX. </LI> +<LI> RISCOs 5.0B</LI> +<LI> SEQUENT. </LI> +<LI> SCO (including: 3.2v2, European dist., OpenServer 5)</LI> +<LI> SGI.</LI> +<LI> SMP_DC.OSx v1.1-94c079 on Pyramid S series</LI> +<LI> SONY NEWS, NEWS-OS (4.2.x and 6.1.x)</LI> +<LI> SUNOS 4</LI> +<LI> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')</LI> +<LI> Sunsoft ISC SVR3V4</LI> +<LI> SVR4</LI> +<LI> System V with some berkely extensions (Motorola 88k R32V3.2).</LI> +<LI> ULTRIX.</LI> +<LI> UNIXWARE</LI> +<LI> UXP/DS</LI> +</UL> +</P> + + +<H3>Running Samba on systems unlike Unix</H3> + +<P> +<A NAME="OnUnlikeUnix"></A> +</P> +<P>More recently Samba has been ported to a number of operating systems +which can provide a BSD Unix-like implementation of TCP/IP sockets. +These include OS/2, Netware, VMS, StratOS, Amiga and MVS. BeOS, +Windows NT and several others are being worked on but not yet available +for use.</P> +<P>Home pages for these ports are:</P> +<P><F>... </F></P> + + +<H2><A NAME="ss2.2">2.2 Exporting server resources with Samba</A></H2> + +<P> +<A NAME="Exporting"></A> +</P> +<P>Files, printers, CD ROMs and other local devices. Network devices, +including networked filesystems and remote printer queues. Other devices +such as <F>....</F></P> +<P>1.4) Configuring SHARES +1.4.1) Homes service +1.4.2) Public services +1.4.3) Application serving +1.4.4) Team sharing a Samba resource</P> +<P>1.5) Printer configuration +1.5.1) Berkeley LPR/LPD systems +1.5.2) ATT SysV lp systems +1.5.3) Using a private printcap file +1.5.4) Use of the smbprint utility +1.5.5) Printing from Windows to Unix +1.5.6) Printing from Unix to Windows</P> + + +<H2><A NAME="ss2.3">2.3 Name Resolution and Browsing</A></H2> + +<P> +<A NAME="NameBrowsing"></A> +</P> +<P>See also +<A HREF="../BROWSING.txt">../BROWSING.txt</A></P> +<P>1.6) Name resolution issues +1.6.1) LMHOSTS file and when to use it +1.6.2) configuring WINS (support, server, proxy) +1.6.3) configuring DNS proxy</P> +<P>1.7) Problem Diagnosis +1.8) What NOT to do!!!!</P> +<P>3.2) Browse list managment +3.3) Name resolution mangement</P> + + + +<H2><A NAME="ss2.4">2.4 Handling SMB Encryption</A></H2> + +<P> +<A NAME="SMBEncryptionSteps"></A> +</P> +<P>SMB encryption is ...</P> +<P>...in +<A HREF="../ENCRYPTION.txt">../ENCRYPTION.txt</A> there is...</P> +<P>Samba compiled with libdes - enabling encrypted passwords</P> + + +<H3>Laws in different countries affecting Samba</H3> + +<P> +<A NAME="CryptoLaws"></A> +</P> + +<H3>Relationship between encryption and Domain Authentication</H3> + + + + +<H2><A NAME="ss2.5">2.5 Files and record locking</A> 3.1.1) Old DOS clients 3.1.2) Opportunistic locking and the consequences 3.1.3) Files caching under Windows for Workgroups, Win95 and NT Some of the foregoing links into Client-FAQ</H2> + + +<H2><A NAME="ss2.6">2.6 Managing Samba Log files</A></H2> + +<P> +<A NAME="LogFiles"></A> +</P> + + +<H2><A NAME="ss2.7">2.7 I can't see the Samba server in any browse lists!</A></H2> + +<P> +<A NAME="no_browse"></A> + +See +<A HREF="ftp://samba.org/pub/samba/BROWSING.txt">BROWSING.txt</A> +for more information on browsing. Browsing.txt can also be found +in the docs directory of the Samba source.</P> +<P>If your GUI client does not permit you to select non-browsable +servers, you may need to do so on the command line. For example, under +Lan Manager you might connect to the above service as disk drive M: +thusly: +<BLOCKQUOTE><CODE> +<PRE> + net use M: \\mary\fred +</PRE> +</CODE></BLOCKQUOTE> + +The details of how to do this and the specific syntax varies from +client to client - check your client's documentation.</P> + + +<H2><A NAME="ss2.8">2.8 Some files that I KNOW are on the server doesn't show up when I view the files from my client! </A></H2> + +<P> +<A NAME="missing_files"></A> + +See the next question.</P> + + +<H2><A NAME="ss2.9">2.9 Some files on the server show up with really wierd filenames when I view the files from my client! </A></H2> + +<P> +<A NAME="strange_filenames"></A> + +If you check what files are not showing up, you will note that they +are files which contain upper case letters or which are otherwise not +DOS-compatible (ie, they are not legal DOS filenames for some reason).</P> +<P>The Samba server can be configured either to ignore such files +completely, or to present them to the client in "mangled" form. If you +are not seeing the files at all, the Samba server has most likely been +configured to ignore them. Consult the man page smb.conf(5) for +details of how to change this - the parameter you need to set is +"mangled names = yes".</P> + + +<H2><A NAME="ss2.10">2.10 My client reports "cannot locate specified computer" or similar</A></H2> + +<P> +<A NAME="cant_see_server"></A> + +This indicates one of three things: You supplied an incorrect server +name, the underlying TCP/IP layer is not working correctly, or the +name you specified cannot be resolved.</P> +<P>After carefully checking that the name you typed is the name you +should have typed, try doing things like pinging a host or telnetting +to somewhere on your network to see if TCP/IP is functioning OK. If it +is, the problem is most likely name resolution.</P> +<P>If your client has a facility to do so, hardcode a mapping between the +hosts IP and the name you want to use. For example, with Man Manager +or Windows for Workgroups you would put a suitable entry in the file +LMHOSTS. If this works, the problem is in the communication between +your client and the netbios name server. If it does not work, then +there is something fundamental wrong with your naming and the solution +is beyond the scope of this document.</P> +<P>If you do not have any server on your subnet supplying netbios name +resolution, hardcoded mappings are your only option. If you DO have a +netbios name server running (such as the Samba suite's nmbd program), +the problem probably lies in the way it is set up. Refer to Section +Two of this FAQ for more ideas.</P> +<P>By the way, remember to REMOVE the hardcoded mapping before further +tests :-) </P> + + +<H2><A NAME="ss2.11">2.11 My client reports "cannot locate specified share name" or similar</A></H2> + +<P> +<A NAME="cant_see_share"></A> + +This message indicates that your client CAN locate the specified +server, which is a good start, but that it cannot find a service of +the name you gave.</P> +<P>The first step is to check the exact name of the service you are +trying to connect to (consult your system administrator). Assuming it +exists and you specified it correctly (read your client's doco on how +to specify a service name correctly), read on:</P> +<P> +<UL> +<LI> Many clients cannot accept or use service names longer than eight characters.</LI> +<LI> Many clients cannot accept or use service names containing spaces.</LI> +<LI> Some servers (not Samba though) are case sensitive with service names.</LI> +<LI> Some clients force service names into upper case.</LI> +</UL> +</P> + + +<H2><A NAME="ss2.12">2.12 My client reports "cannot find domain controller", "cannot log on to the network" or similar </A></H2> + +<P> +<A NAME="cant_see_net"></A> + +Nothing is wrong - Samba does not implement the primary domain name +controller stuff for several reasons, including the fact that the +whole concept of a primary domain controller and "logging in to a +network" doesn't fit well with clients possibly running on multiuser +machines (such as users of smbclient under Unix). Having said that, +several developers are working hard on building it in to the next +major version of Samba. If you can contribute, send a message to +<A HREF="mailto:samba@samba.org">samba@samba.org</A> !</P> +<P>Seeing this message should not affect your ability to mount redirected +disks and printers, which is really what all this is about.</P> +<P>For many clients (including Windows for Workgroups and Lan Manager), +setting the domain to STANDALONE at least gets rid of the message.</P> + + +<H2><A NAME="ss2.13">2.13 Printing doesn't work :-(</A></H2> + +<P> +<A NAME="no_printing"></A> + </P> +<P>Make sure that the specified print command for the service you are +connecting to is correct and that it has a fully-qualified path (eg., +use "/usr/bin/lpr" rather than just "lpr", if you happen to be using +Unix).</P> +<P>Make sure that the spool directory specified for the service is +writable by the user connected to the service. </P> +<P>Make sure that the user specified in the service is permitted to use +the printer.</P> +<P>Check the debug log produced by smbd. Search for the printer name and +see if the log turns up any clues. Note that error messages to do with +a service ipc$ are meaningless - they relate to the way the client +attempts to retrieve status information when using the LANMAN1 +protocol.</P> +<P>If using WfWg then you need to set the default protocol to TCP/IP, not +Netbeui. This is a WfWg bug.</P> +<P>If using the Lanman1 protocol (the default) then try switching to +coreplus. Also not that print status error messages don't mean +printing won't work. The print status is received by a different +mechanism.</P> + + +<H2><A NAME="ss2.14">2.14 My programs install on the server OK, but refuse to work properly</A></H2> + +<P> +<A NAME="programs_wont_run"></A> + +There are numerous possible reasons for this, but one MAJOR +possibility is that your software uses locking. Make sure you are +using Samba 1.6.11 or later. It may also be possible to work around +the problem by setting "locking=no" in the Samba configuration file +for the service the software is installed on. This should be regarded +as a strictly temporary solution.</P> +<P>In earlier Samba versions there were some difficulties with the very +latest Microsoft products, particularly Excel 5 and Word for Windows +6. These should have all been solved. If not then please let Andrew +Tridgell know via email at +<A HREF="mailto:sambas@samba.org">samba@samba.org</A>.</P> + + +<H2><A NAME="ss2.15">2.15 My "server string" doesn't seem to be recognised</A></H2> + +<P> +<A NAME="bad_server_string"></A> + +OR My client reports the default setting, eg. "Samba 1.9.15p4", instead +of what I have changed it to in the smb.conf file.</P> +<P>You need to use the -C option in nmbd. The "server string" affects +what smbd puts out and -C affects what nmbd puts out.</P> +<P>Current versions of Samba (1.9.16 +) have combined these options into +the "server string" field of smb.conf, -C for nmbd is now obsolete.</P> + + +<H2><A NAME="ss2.16">2.16 My client reports "This server is not configured to list shared resources" </A></H2> + +<P> +<A NAME="cant_list_shares"></A> + +Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid.</P> +<P>See also 'guest account' in smb.conf man page.</P> + + +<H2><A NAME="ss2.17">2.17 Issues specific to Unix and Unix-like systems</A></H2> + +<P> +<A NAME="UnixIssues"></A> +</P> + +<H3>Printing doesn't work with my Unix Samba server</H3> + +<P> +<A NAME="no_printing"></A> + </P> +<P>The user "nobody" often has problems with printing, even if it worked +with an earlier version of Samba. Try creating another guest user other +than "nobody".</P> + +<H3>Log message "you appear to have a trapdoor uid system" </H3> + +<P> +<A NAME="trapdoor_uid"></A> + +This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535.</P> +<P>It might also mean that your OS has a trapdoor uid/gid system :-)</P> +<P>This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems.</P> +<P>The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user.</P> +<P>Complain to your OS vendor and ask them to fix their system.</P> +<P>Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good!</P> + + +<H2><A NAME="ss2.18">2.18 Issues specific to IBM OS/2 systems</A></H2> + +<P> +<A NAME="OS2Issues"></A> +</P> +<P> +<A HREF="http://carol.wins.uva.nl/~leeuw/samba/samba2.html">Samba for OS/2</A></P> + + +<H2><A NAME="ss2.19">2.19 Issues specific to IBM MVS systems</A></H2> + +<P> +<A NAME="MVSIssues"></A> +</P> +<P> +<A HREF="ftp://ftp.mks.com/pub/samba/">Samba for OS/390 MVS</A></P> + + +<H2><A NAME="ss2.20">2.20 Issues specific to Digital VMS systems</A></H2> + +<P> +<A NAME="VMSIssues"></A> +</P> + + +<H2><A NAME="ss2.21">2.21 Issues specific to Amiga systems</A></H2> + +<P> +<A NAME="AmigaIssues"></A> +</P> +<P> +<A HREF="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/">Samba for Amiga</A></P> +<P>There is a mailing list for Samba on the Amiga.</P> +<P>Subscribing.</P> +<P>Send an email to rask-samba-request@kampsax.dtu.dk with the word subscribe +in the message. The list server will use the address in the Reply-To: or +From: header field, in that order.</P> +<P>Unsubscribing.</P> +<P>Send an email to rask-samba-request@kampsax.dtu.dk with the word +unsubscribe in the message. The list server will use the address in the +Reply-To: or From: header field, in that order. If you are unsure which +address you are subscribed with, look at the headers. You should see a +"From " (no colon) or Return-Path: header looking something like</P> +<P>rask-samba-owner-myname=my.domain@kampsax.dtu.dk</P> +<P>where myname=my.domain gives you the address myname@my.domain. This also +means that I will always be able to find out which address is causing +bounces, for example. +List archive.</P> +<P>Messages sent to the list are archived in HTML. See the mailing list home +page at +<A HREF="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/">http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/</A></P> + + +<H2><A NAME="ss2.22">2.22 Issues specific to Novell IntraNetware systems</A></H2> + +<P> +<A NAME="NetwareIssues"></A> +</P> + + +<H2><A NAME="ss2.23">2.23 Issues specific to Stratus VOS systems</A></H2> + +<P> +<A NAME="NetwareIssues"></A> +</P> +<P> +<A HREF="ftp://ftp.stratus.com/pub/vos/tools/">Samba for Stratus VOS</A></P> + + +<HR> +<A HREF="Samba-Server-FAQ-1.html">Previous</A> +Next +<A HREF="Samba-Server-FAQ.html#toc2">Table of Contents</A> +</BODY> +</HTML> diff --git a/docs/faq/Samba-Server-FAQ.html b/docs/faq/Samba-Server-FAQ.html new file mode 100644 index 0000000000..2abfe50db6 --- /dev/null +++ b/docs/faq/Samba-Server-FAQ.html @@ -0,0 +1,88 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<HTML> +<HEAD> +<TITLE> Samba Server FAQ</TITLE> +</HEAD> +<BODY> +Previous +<A HREF="Samba-Server-FAQ-1.html">Next</A> +Table of Contents +<HR> +<H1> Samba Server FAQ</H1> + +<H2>Dan Shearer & Paul Blackman, <CODE>ictinus@samba.org</CODE></H2>v 0.3, 7 Oct '97 +<P><HR><EM> This is the <EM>Server</EM> Frequently Asked Questions (FAQ) +document for Samba, the free and very popular SMB and CIFS server +product. A general +<A HREF="Samba-meta-FAQ.html">meta FAQ</A> +exists and also a companion +<A HREF="Samba-Client-FAQ.html">Client FAQ</A>, together with more detailed HOWTO documents on +topics to do with Samba software. This is current to Samba version +1.9.17. Please send any corrections to the author. </EM><HR></P> +<P> +<H2><A NAME="toc1">1.</A> <A HREF="Samba-Server-FAQ-1.html">What is Samba?</A></H2> + +<P> +<H2><A NAME="toc2">2.</A> <A HREF="Samba-Server-FAQ-2.html">How do I get the CIFS, SMB and NetBIOS protocols?</A></H2> +<UL> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.1">2.1 What server operating systems are supported?</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.2">2.2 Exporting server resources with Samba</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.3">2.3 Name Resolution and Browsing</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.4">2.4 Handling SMB Encryption</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.5">2.5 Files and record locking</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.6">2.6 Managing Samba Log files</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.7">2.7 I can't see the Samba server in any browse lists!</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.8">2.8 Some files that I KNOW are on the server doesn't show up when I view the files from my client! </A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.9">2.9 Some files on the server show up with really wierd filenames when I view the files from my client! </A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.10">2.10 My client reports "cannot locate specified computer" or similar</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.11">2.11 My client reports "cannot locate specified share name" or similar</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.12">2.12 My client reports "cannot find domain controller", "cannot log on to the network" or similar </A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.13">2.13 Printing doesn't work :-(</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.14">2.14 My programs install on the server OK, but refuse to work properly</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.15">2.15 My "server string" doesn't seem to be recognised</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.16">2.16 My client reports "This server is not configured to list shared resources" </A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.17">2.17 Issues specific to Unix and Unix-like systems</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.18">2.18 Issues specific to IBM OS/2 systems</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.19">2.19 Issues specific to IBM MVS systems</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.20">2.20 Issues specific to Digital VMS systems</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.21">2.21 Issues specific to Amiga systems</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.22">2.22 Issues specific to Novell IntraNetware systems</A> +<LI><A HREF="Samba-Server-FAQ-2.html#ss2.23">2.23 Issues specific to Stratus VOS systems</A> +</UL> + + +<HR> +Previous +<A HREF="Samba-Server-FAQ-1.html">Next</A> +Table of Contents +</BODY> +</HTML> diff --git a/docs/faq/Samba-Server-FAQ.sgml b/docs/faq/Samba-Server-FAQ.sgml new file mode 100644 index 0000000000..da6b50f99e --- /dev/null +++ b/docs/faq/Samba-Server-FAQ.sgml @@ -0,0 +1,492 @@ +<!doctype linuxdoc system> <!-- -*- SGML -*- --> +<!-- + v 0.1 23 Aug 1997 Dan Shearer + Original Samba-Client-FAQ.sgml from Paul's sambafaq.sgml + v 0.2 25 Aug 1997 Dan + v 0.3 7 Oct 1997 Paul, changed email address from ictinus@lake... to ictinus@samba.anu +--> + + +<article> + +<title> Samba Server FAQ + +<author>Dan Shearer & Paul Blackman, <tt>ictinus@samba.org</tt> + +<date>v 0.3, 7 Oct '97 + +<abstract> This is the <em>Server</em> Frequently Asked Questions (FAQ) +document for Samba, the free and very popular SMB and CIFS server +product. A general <url url="Samba-meta-FAQ.html" name="meta FAQ"> +exists and also a companion <url url="Samba-Client-FAQ.html" +name="Client FAQ">, together with more detailed HOWTO documents on +topics to do with Samba software. This is current to Samba version +1.9.17. Please send any corrections to the author. + +</abstract> + +<toc> + +<sect>What is Samba?<p><label id="WhatIsSamba"> + +See the <url url="Samba-meta-FAQ.html#introduction" name="meta FAQ +introduction"> if you don't have any idea what Samba does. + +Samba has many features that are not supported in other CIFS and SMB +implementations, all of which are commercial. It approaches some +problems from a different angle. + +Some of its features include: +<itemize> +<item>extremely dynamic runtime configuration +<item>host as well as username/password security +<item>scriptable SMB client +<item>automatic home directory exporting +<item>automatic printer exporting +<item>intelligent dead connection timeouts +<item>guest connections +</itemize> + +Look at the <url url="samba-man-index.html" name="manual pages"> included with the package for a full list of +features. The components of the suite are (in summary): + +<descrip> + +<tag/smbd/ the SMB server. This handles actual connections from clients, +doing all the interfacing with the <url +url="Samba-meta-FAQ.html#DomainModeSecurity" name="authentication +database"> for file, permission and username work. + +<tag/nmbd/ the NetBIOS name server, which helps clients locate servers, +maintaining the <url url="Samba-meta-FAQ.html#BrowseAndDomainDefs" +name="authentication database"> doing the browsing work and managing +domains as this capability is being built into Samba. + +<tag/smbclient/ the scriptable commandline SMB client program. +Useful for automated work, printer filters and testing purposes. It is +more CIFS-compliant than most commercial implementations. Note that this +is not a filesystem. The Samba team does not supply a network filesystem +driver, although the smbfs filesystem for Linux is derived from +smbclient code. + +<tag/smbrun/ a little 'glue' program to help the server run +external programs. + +<tag/testprns/ a program to test server access to printers + +<tag/testparms/ a program to test the Samba configuration file +for correctness + +<tag/smb.conf/ the Samba configuration file + +<tag/examples/ many examples have been put together for the different +operating systems that Samba supports. + +<tag/Documentation!/ DON'T neglect to read it - you will save a great +deal of time! + +</descrip> + +<sect>How do I get the CIFS, SMB and NetBIOS protocols?<p><label id="ServerProtocols"> + +See the <url url="Samba-meta-FAQ.html#CifsSmb" name="meta FAQ +on CIFS and SMB"> if you don't have any idea what these protocols are. + +CIFS and SMB are implemented by the main Samba fileserving daemon, smbd. +[.....] + +nmbd speaks a limited amount of CIFS (...) but is mostly concerned with +NetBIOS. NetBIOS is [....] + +RFC1001, RFC1002 [...] + +So, provided you have got Samba correctly installed and running you have +all three of these protocols. Some operating systems already come with +stacks for all or some of these, such as SCO Unix, OS/2 and [...] In this +case you must [...] + +<sect1>What server operating systems are supported?<p><label id="PortInfo"> + +At the last count, Samba runs on about 40 operating systems! This +section looks at general questions about running Samba on the different +platforms. Issues specific to particular operating systems are dealt +with in elsewhere in this document. + +Many of the ports have been done by people outside the Samba team keen +to get the advantages of Samba. The Samba team is currently trying to +bring as many of these ports as possible into the main source tree and +integrate the documentation. Samba is an integration tool, and so it has +been made as easy as possible to port. The platforms most widely used +and thus best tested are Linux and SunOS. + +This migration has not been completed yet. This means that some +documentation is on web sites [...] + +There are two main families of Samba ports, Unix and other. The Unix +ports cover anything that remotely resembles Unix and includes some +extremely old products as well as best-sellers, tiny PCs to massive +multiprocessor machines supporting hundreds of thousands of users. Samba +has been run on more than 30 Unix and Unix-like operating systems. + +<sect2>Running Samba on a Unix or Unix-like system<p><label id="OnUnix"> + +<url url="../UNIX-SMB.txt"> describes some of the issues that confront a +SMB implementation on unix, and how Samba copes with them. They may help +people who are looking at unix<->PC interoperability. + +There is great variation between Unix implementations, especially those +not adhering to the Common Unix Specification agreed to in 1996. Things +that can be quite tricky are [.....] + +There are also some considerable advantages conferred on Samba running +under Unix compared to, say, Windows NT or LAN Server. Unix has [...] + +At time of writing, the Makefile claimed support for: +<itemize> +<item> A/UX 3.0 +<item> AIX +<item> Altos Series 386/1000 +<item> Amiga +<item> Apollo Domain/OS sr10.3 +<item> BSDI +<item> B.O.S. (Bull Operating System) +<item> Cray, Unicos 8.0 +<item> Convex +<item> DGUX. +<item> DNIX. +<item> FreeBSD +<item> HP-UX +<item> Intergraph. +<item> Linux with/without shadow passwords and quota +<item> LYNX 2.3.0 +<item> MachTen (a unix like system for Macintoshes) +<item> Motorola 88xxx/9xx range of machines +<item> NetBSD +<item> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach). +<item> OS/2 using EMX 0.9b +<item> OSF1 +<item> QNX 4.22 +<item> RiscIX. +<item> RISCOs 5.0B +<item> SEQUENT. +<item> SCO (including: 3.2v2, European dist., OpenServer 5) +<item> SGI. +<item> SMP_DC.OSx v1.1-94c079 on Pyramid S series +<item> SONY NEWS, NEWS-OS (4.2.x and 6.1.x) +<item> SUNOS 4 +<item> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later') +<item> Sunsoft ISC SVR3V4 +<item> SVR4 +<item> System V with some berkely extensions (Motorola 88k R32V3.2). +<item> ULTRIX. +<item> UNIXWARE +<item> UXP/DS +</itemize> + + +<sect2>Running Samba on systems unlike Unix<p><label id="OnUnlikeUnix"> + +More recently Samba has been ported to a number of operating systems +which can provide a BSD Unix-like implementation of TCP/IP sockets. +These include OS/2, Netware, VMS, StratOS, Amiga and MVS. BeOS, +Windows NT and several others are being worked on but not yet available +for use. + +Home pages for these ports are: + +[... ] + +<sect1>Exporting server resources with Samba<p><label id="Exporting"> + +Files, printers, CD ROMs and other local devices. Network devices, +including networked filesystems and remote printer queues. Other devices +such as [....] + + 1.4) Configuring SHARES + 1.4.1) Homes service + 1.4.2) Public services + 1.4.3) Application serving + 1.4.4) Team sharing a Samba resource + + 1.5) Printer configuration + 1.5.1) Berkeley LPR/LPD systems + 1.5.2) ATT SysV lp systems + 1.5.3) Using a private printcap file + 1.5.4) Use of the smbprint utility + 1.5.5) Printing from Windows to Unix + 1.5.6) Printing from Unix to Windows + +<sect1>Name Resolution and Browsing<p><label id="NameBrowsing"> + +See also <url url="../BROWSING.txt"> + + 1.6) Name resolution issues + 1.6.1) LMHOSTS file and when to use it + 1.6.2) configuring WINS (support, server, proxy) + 1.6.3) configuring DNS proxy + + 1.7) Problem Diagnosis + 1.8) What NOT to do!!!! + + 3.2) Browse list managment + 3.3) Name resolution mangement + + +<sect1>Handling SMB Encryption<p><label id="SMBEncryptionSteps"> + +SMB encryption is ... + +...in <url url="../ENCRYPTION.txt"> there is... + +Samba compiled with libdes - enabling encrypted passwords + + +<sect2>Laws in different countries affecting Samba<p><label id="CryptoLaws"> + +<sect2>Relationship between encryption and Domain Authentication<p> + +<sect1> Files and record locking + + 3.1.1) Old DOS clients + 3.1.2) Opportunistic locking and the consequences + 3.1.3) Files caching under Windows for Workgroups, Win95 and NT + + Some of the foregoing links into Client-FAQ + +<sect1>Managing Samba Log files<p><label id="LogFiles"> + +<sect1>I can't see the Samba server in any browse lists!<p><label id="no_browse"> + See <url url="ftp://samba.org/pub/samba/BROWSING.txt" name="BROWSING.txt"> + for more information on browsing. Browsing.txt can also be found + in the docs directory of the Samba source. + +If your GUI client does not permit you to select non-browsable +servers, you may need to do so on the command line. For example, under +Lan Manager you might connect to the above service as disk drive M: +thusly: +<tscreen><verb> + net use M: \\mary\fred +</verb></tscreen> +The details of how to do this and the specific syntax varies from +client to client - check your client's documentation. + +<sect1>Some files that I KNOW are on the server doesn't show up when I view the files from my client! <p> <label id="missing_files"> +See the next question. + +<sect1>Some files on the server show up with really wierd filenames when I view the files from my client! <p> <label id="strange_filenames"> +If you check what files are not showing up, you will note that they +are files which contain upper case letters or which are otherwise not +DOS-compatible (ie, they are not legal DOS filenames for some reason). + +The Samba server can be configured either to ignore such files +completely, or to present them to the client in "mangled" form. If you +are not seeing the files at all, the Samba server has most likely been +configured to ignore them. Consult the man page smb.conf(5) for +details of how to change this - the parameter you need to set is +"mangled names = yes". + +<sect1>My client reports "cannot locate specified computer" or similar<p><label id="cant_see_server"> +This indicates one of three things: You supplied an incorrect server +name, the underlying TCP/IP layer is not working correctly, or the +name you specified cannot be resolved. + +After carefully checking that the name you typed is the name you +should have typed, try doing things like pinging a host or telnetting +to somewhere on your network to see if TCP/IP is functioning OK. If it +is, the problem is most likely name resolution. + +If your client has a facility to do so, hardcode a mapping between the +hosts IP and the name you want to use. For example, with Man Manager +or Windows for Workgroups you would put a suitable entry in the file +LMHOSTS. If this works, the problem is in the communication between +your client and the netbios name server. If it does not work, then +there is something fundamental wrong with your naming and the solution +is beyond the scope of this document. + +If you do not have any server on your subnet supplying netbios name +resolution, hardcoded mappings are your only option. If you DO have a +netbios name server running (such as the Samba suite's nmbd program), +the problem probably lies in the way it is set up. Refer to Section +Two of this FAQ for more ideas. + +By the way, remember to REMOVE the hardcoded mapping before further +tests :-) + +<sect1>My client reports "cannot locate specified share name" or similar<p> <label id="cant_see_share"> +This message indicates that your client CAN locate the specified +server, which is a good start, but that it cannot find a service of +the name you gave. + +The first step is to check the exact name of the service you are +trying to connect to (consult your system administrator). Assuming it +exists and you specified it correctly (read your client's doco on how +to specify a service name correctly), read on: + +<itemize> +<item> Many clients cannot accept or use service names longer than eight characters. +<item> Many clients cannot accept or use service names containing spaces. +<item> Some servers (not Samba though) are case sensitive with service names. +<item> Some clients force service names into upper case. +</itemize> + +<sect1>My client reports "cannot find domain controller", "cannot log on to the network" or similar <p> <label id="cant_see_net"> +Nothing is wrong - Samba does not implement the primary domain name +controller stuff for several reasons, including the fact that the +whole concept of a primary domain controller and "logging in to a +network" doesn't fit well with clients possibly running on multiuser +machines (such as users of smbclient under Unix). Having said that, +several developers are working hard on building it in to the next +major version of Samba. If you can contribute, send a message to +<htmlurl url="mailto:samba@samba.org" name="samba@samba.org"> ! + +Seeing this message should not affect your ability to mount redirected +disks and printers, which is really what all this is about. + +For many clients (including Windows for Workgroups and Lan Manager), +setting the domain to STANDALONE at least gets rid of the message. + +<sect1>Printing doesn't work :-(<p> <label id="no_printing"> + +Make sure that the specified print command for the service you are +connecting to is correct and that it has a fully-qualified path (eg., +use "/usr/bin/lpr" rather than just "lpr", if you happen to be using +Unix). + +Make sure that the spool directory specified for the service is +writable by the user connected to the service. + +Make sure that the user specified in the service is permitted to use +the printer. + +Check the debug log produced by smbd. Search for the printer name and +see if the log turns up any clues. Note that error messages to do with +a service ipc$ are meaningless - they relate to the way the client +attempts to retrieve status information when using the LANMAN1 +protocol. + +If using WfWg then you need to set the default protocol to TCP/IP, not +Netbeui. This is a WfWg bug. + +If using the Lanman1 protocol (the default) then try switching to +coreplus. Also not that print status error messages don't mean +printing won't work. The print status is received by a different +mechanism. + +<sect1>My programs install on the server OK, but refuse to work properly<p><label id="programs_wont_run"> +There are numerous possible reasons for this, but one MAJOR +possibility is that your software uses locking. Make sure you are +using Samba 1.6.11 or later. It may also be possible to work around +the problem by setting "locking=no" in the Samba configuration file +for the service the software is installed on. This should be regarded +as a strictly temporary solution. + +In earlier Samba versions there were some difficulties with the very +latest Microsoft products, particularly Excel 5 and Word for Windows +6. These should have all been solved. If not then please let Andrew +Tridgell know via email at <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">. + +<sect1>My "server string" doesn't seem to be recognised<p><label id="bad_server_string"> +OR My client reports the default setting, eg. "Samba 1.9.15p4", instead +of what I have changed it to in the smb.conf file. + +You need to use the -C option in nmbd. The "server string" affects +what smbd puts out and -C affects what nmbd puts out. + +Current versions of Samba (1.9.16 +) have combined these options into +the "server string" field of smb.conf, -C for nmbd is now obsolete. + +<sect1>My client reports "This server is not configured to list shared resources" <p> <label id="cant_list_shares"> +Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid. + +See also 'guest account' in smb.conf man page. + +<sect1>Issues specific to Unix and Unix-like systems<p><label id="UnixIssues"> + +<sect2>Printing doesn't work with my Unix Samba server<p> <label id="no_printing"> + +The user "nobody" often has problems with printing, even if it worked +with an earlier version of Samba. Try creating another guest user other +than "nobody". + +<sect2>Log message "you appear to have a trapdoor uid system" <p><label id="trapdoor_uid"> +This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535. + +It might also mean that your OS has a trapdoor uid/gid system :-) + +This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems. + +The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user. + +Complain to your OS vendor and ask them to fix their system. + +Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good! + +<sect1>Issues specific to IBM OS/2 systems<p><label id="OS2Issues"> + +<url url="http://carol.wins.uva.nl/~leeuw/samba/samba2.html" name="Samba for OS/2"> + +<sect1>Issues specific to IBM MVS systems<p><label id="MVSIssues"> + +<url url="ftp://ftp.mks.com/pub/samba/" name="Samba for OS/390 MVS"> + +<sect1>Issues specific to Digital VMS systems<p><label id="VMSIssues"> + +<sect1>Issues specific to Amiga systems<p><label id="AmigaIssues"> + +<url url="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/" name="Samba for Amiga"> + +There is a mailing list for Samba on the Amiga. + + Subscribing. + + Send an email to rask-samba-request@kampsax.dtu.dk with the word subscribe +in the message. The list server will use the address in the Reply-To: or +From: header field, in that order. + + Unsubscribing. + + Send an email to rask-samba-request@kampsax.dtu.dk with the word +unsubscribe in the message. The list server will use the address in the +Reply-To: or From: header field, in that order. If you are unsure which +address you are subscribed with, look at the headers. You should see a +"From " (no colon) or Return-Path: header looking something like + + rask-samba-owner-myname=my.domain@kampsax.dtu.dk + +where myname=my.domain gives you the address myname@my.domain. This also +means that I will always be able to find out which address is causing +bounces, for example. + List archive. + + Messages sent to the list are archived in HTML. See the mailing list home +page at <URL url="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/"> + +<sect1>Issues specific to Novell IntraNetware systems<p><label id="NetwareIssues"> + +<sect1>Issues specific to Stratos VOS systems<p><label id="NetwareIssues"> + +<url url="ftp://ftp.stratus.com/pub/vos/tools/" name="Samba for Stratus VOS"> + +</article> diff --git a/docs/faq/Samba-meta-FAQ-1.html b/docs/faq/Samba-meta-FAQ-1.html new file mode 100644 index 0000000000..7258a32f1e --- /dev/null +++ b/docs/faq/Samba-meta-FAQ-1.html @@ -0,0 +1,160 @@ +<HTML> +<HEAD> +<TITLE> Samba meta FAQ: Quick Reference Guides to Samba Documentation</TITLE> +</HEAD> +<BODY> +Previous +<A HREF="Samba-meta-FAQ-2.html">Next</A> +<A HREF="Samba-meta-FAQ.html#toc1">Table of Contents</A> +<HR> +<H2><A NAME="s1">1. Quick Reference Guides to Samba Documentation</A></H2> + +<P> +<A NAME="quickref"></A> +</P> +<P>We are endeavouring to provide links here to every major class of +information about Samba or things related to Samba. We cannot list every +document, but we are aiming for all documents to be at most two +referrals from those listed here. This needs constant maintaining, so +please send the author your feedback.</P> + +<H2><A NAME="ss1.1">1.1 Samba for the Impatient</A></H2> + +<P> +<A NAME="impatient"></A> +</P> +<P>You know you should read the documentation but can't wait to start? What +you need to do then is follow the instructions in the following +documents in the order given. This should be enough to get a fairly +simple site going quickly. If you have any problems, refer back to this +meta-FAQ and follow the links to find more reading material.</P> +<P> +<DL> +<P> +<A NAME="ImpGet"></A> +</P> +<DT><B>Getting Samba:</B><DD><P>The fastest way to get Samba +going is and install it is to have an operating system for which the +Samba team has put together an installation package. To see if your OS +is included have a look at the directory +/pub/samba/Binary_Packages/"OS_Vendor" on your nearest +<A HREF="../MIRRORS">mirror site</A>. If it is included follow the +installation instructions in the README file there and then do some +<A HREF="#ImpTest">basic testing</A>. If you are not so fortunate, follow the normal +<A HREF="Samba-meta-FAQ-2.html#WhereFrom">download instructions</A> and then continue with +<A HREF="#ImpInst">building and installing Samba</A>.</P> +<P> +<A NAME="ImpInst"></A> +</P> +<DT><B>Building and Installing Samba:</B><DD><P>At the moment +there are two kinds of Samba server installs besides the prepackaged +binaries mentioned in the previous step. You need to decide if you have a +<A HREF="../UNIX_INSTALL.txt">Unix or close relative</A> or +<A HREF="Samba-Server-FAQ.html#PortInfo">other supported operating system</A>.</P> +<P> +<A NAME="ImpTest"></A> +</P> +<DT><B>Basic Testing:</B><DD><P>Try to connect using the +supplied smbclient command-line program. You need to know the IP +hostname of your server. A service name must be defined in smb.conf, as +given in the examples (under many operating systems if there is a +<F>homes</F> service you can just use a valid username.) Then type +<CODE>smbclient \\hostname\servicename</CODE> +Under most Unixes you will need to put the parameters within quotation +marks. If this works, try connecting from one of the SMB clients you +were planning to use with Samba.</P> +<P> +<A NAME="ImpDebug"></A> +</P> +<DT><B>Debug sequence:</B><DD><P>If you think you have completed the +previous step and things aren't working properly work through +<A HREF="../DIAGNOSIS.txt">the diagnosis recipe.</A></P> +<P> +<A NAME="ImpExp"></A> +</P> +<DT><B>Exporting files to SMB clients:</B><DD><P>You should read the manual pages +for smb.conf, but here is a +<A HREF="Samba-Server-FAQ.html#Exporting">quick answer guide.</A></P> +<P> +<A NAME="ImpControl"></A> +</P> +<DT><B>Controlling user access:</B><DD><P>the quickest and dirtiest way of sharing +resources is to use +<A HREF="Samba-meta-FAQ-4.html#ShareModeSecurity">share level security.</A> If you want to spend more time and have a proper username +and password database you must read the paragraph on +<A HREF="Samba-meta-FAQ-4.html#DomainModeSecurity">domain mode security.</A> If you want +encryption (eg you are using Windows NT clients) follow the +<A HREF="Samba-Server-FAQ.html#SMBEncryptionSteps">SMB encryption instructions.</A></P> +<P> +<A NAME="ImpBrowse"></A> +</P> +<DT><B>Browsing:</B><DD><P>if you are happy to type in "\\samba-server\sharename" +at the client end then do not read any further. Otherwise you need to +understand the +browsing terminology</A> +and read +<A HREF="Samba-Server-FAQ.html#NameBrowsing">Samba-Server-FAQ.html#NameBrowsing</A>. </P> +<P> +<A NAME="ImpPrint"></A> +</P> +<DT><B>Printing:</B><DD><P>See the +<A HREF="Samba-Server-FAQ.html#Printing">printing quick answer guide.</A></P> + +</DL> +</P> +<P>If you have got everything working to this point, you can expect Samba +to be stable and secure: these are its greatest strengths. However Samba +has a great deal to offer and to go further you must do some more +reading. Speed and security optimisations, printer accounting, network +logons, roving profiles, browsing across multiple subnets and so on are +all covered either in this document or in those it refers to.</P> + + +<H2><A NAME="ss1.2">1.2 All Samba Documentation</A></H2> + +<P> +<A NAME="AllDocs"></A> +</P> +<P> +<UL> +<LI> Meta-FAQ. This is the mother of all documents, and is the one you +are reading now. The latest version is always at +<A HREF="http://samba.org/[.....]">http://samba.org/[.....]</A> but there is probably a much +nearer +<A HREF="../MIRRORS">mirror site</A> which you should use +instead. +</LI> +<LI> +<A HREF="Samba-Server-FAQ.html">Samba-Server-FAQ.html</A> is the best starting point for +information about server-side issues. Includes configuration tips and +pointers for Samba on particular operating systems (with 40 to choose +from...) +</LI> +<LI> +<A HREF="Samba-Client-FAQ.html">Samba-Client-FAQ.html</A> is the best starting point for +information about client-side issues, includes a list of all clients +that are known to work with Samba. +</LI> +<LI> +<A HREF="samba-man-index.html">manual pages</A> contains +descriptions of and links to all the Samba manual pages, in Unix man and +postscript format. +</LI> +<LI> +<A HREF="samba-txt-index.html">samba-txt-index.html</A> has descriptions of and links to +a large number of text files have been contributed to samba covering +many topics. These are gradually being absorbed into the FAQs and HOWTOs +but in the meantime you might find helpful answers here. +</LI> +<LI> +</LI> +</UL> +</P> + + +<HR> +Previous +<A HREF="Samba-meta-FAQ-2.html">Next</A> +<A HREF="Samba-meta-FAQ.html#toc1">Table of Contents</A> +</BODY> +</HTML> diff --git a/docs/faq/Samba-meta-FAQ-2.html b/docs/faq/Samba-meta-FAQ-2.html new file mode 100644 index 0000000000..1e36332d42 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ-2.html @@ -0,0 +1,384 @@ +<HTML> +<HEAD> +<TITLE> Samba meta FAQ: General Information</TITLE> +</HEAD> +<BODY> +<A HREF="Samba-meta-FAQ-1.html">Previous</A> +<A HREF="Samba-meta-FAQ-3.html">Next</A> +<A HREF="Samba-meta-FAQ.html#toc2">Table of Contents</A> +<HR> +<H2><A NAME="s2">2. General Information</A></H2> + +<P> +<A NAME="general_info"></A> +</P> +<P>All about Samba - what it is, how to get it, related sources of +information, how to understand the numbering scheme, pizza +details.</P> + +<H2><A NAME="ss2.1">2.1 What is Samba?</A></H2> + +<P> +<A NAME="introduction"></A> +</P> +<P>Samba is a suite of programs which work together to allow clients to +access to a server's filespace and printers via the SMB (Server Message +Block) and CIFS (Common Internet Filesystem) protocols. Initially +written for Unix, Samba now also runs on Netware, OS/2, VMS, StratOS and +Amigas. Ports to BeOS and other operating systems are underway. Samba +gives the capability for these operating systems to behave much like a +LAN Server, Windows NT Server or Pathworks machine, only with added +functionality and flexibility designed to make life easier for +administrators. </P> +<P>This means that using Samba you can share a server's disks and printers +to many sorts of network clients, including Lan Manager, Windows for +Workgroups, Windows NT, Linux, OS/2, and AIX. There is also a generic +client program supplied as part of the Samba suite which gives a user on +the server an ftp-like interface to access filespace and printers on any +other SMB/CIFS servers.</P> +<P>SMB has been implemented over many protocols, including XNS, NBT, IPX, +NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to change +although there have been some requests for NetBEUI support.</P> +<P>Many users report that compared to other SMB implementations Samba is +more stable, faster, and compatible with more clients. Administrators of +some large installations say that Samba is the only SMB server available +which will scale to many tens of thousands of users without crashing. +The easy way to test these claims is to download it and try it for +yourself!</P> +<P>The suite is supplied with full source code under the +<A HREF="../COPYING">GNU Public License</A>. The GPL means that you can +use Samba for whatever purpose you wish (including changing the source +or selling it for money) but under all circumstances the source code +must be made freely available. A copy of the GPL must always be included +in any copy of the package.</P> +<P>The primary creator of the Samba suite is Andrew Tridgell. Later +versions incorporate much effort by many net.helpers. The man pages +and this FAQ were originally written by Karl Auer.</P> + + +<H2><A NAME="ss2.2">2.2 What is the current version of Samba?</A></H2> + +<P> +<A NAME="current_version"></A> +</P> +<P>At time of writing, the current version was 1.9.17. If you want to be +sure check the bottom of the change-log file. +<A HREF="ftp://samba.org/pub/samba/alpha/change-log">ftp://samba.org/pub/samba/alpha/change-log</A></P> +<P>For more information see +<A HREF="#version_nums">What do the version numbers mean?</A></P> + + +<H2><A NAME="ss2.3">2.3 Where can I get it? </A></H2> + +<P> +<A NAME="WhereFrom"></A> +</P> +<P>The Samba suite is available via anonymous ftp from samba.org and +many +<A HREF="../MIRRORS">mirror</A> sites. You will get much +faster performance if you use a mirror site. The latest and greatest +versions of the suite are in the directory:</P> +<P>/pub/samba/</P> +<P>Development (read "alpha") versions, which are NOT necessarily stable +and which do NOT necessarily have accurate documentation, are available +in the directory:</P> +<P>/pub/samba/alpha</P> +<P>Note that binaries are NOT included in any of the above. Samba is +distributed ONLY in source form, though binaries may be available from +other sites. Most Linux distributions, for example, do contain Samba +binaries for that platform. The VMS, OS/2, Netware and Amiga and other +ports typically have binaries made available.</P> +<P>A special case is vendor-provided binary packages. Samba binaries and +default configuration files are put into packages for a specific +operating system. RedHat Linux and Sun Solaris (Sparc and x86) is +already included, and others such as OS/2 may follow. All packages are +in the directory:</P> +<P>/pub/samba/Binary_Packages/"OS_Vendor"</P> + + +<H2><A NAME="ss2.4">2.4 What do the version numbers mean?</A></H2> + +<P> +<A NAME="version_nums"></A> +</P> +<P>It is not recommended that you run a version of Samba with the word +"alpha" in its name unless you know what you are doing and are willing +to do some debugging. Many, many people just get the latest +recommended stable release version and are happy. If you are brave, by +all means take the plunge and help with the testing and development - +but don't install it on your departmental server. Samba is typically +very stable and safe, and this is mostly due to the policy of many +public releases.</P> +<P>How the scheme works:</P> +<P> +<OL> +<LI>When major changes are made the version number is increased. For +example, the transition from 1.9.16 to 1.9.17. However, this version +number will not appear immediately and people should continue to use +1.9.15 for production systems (see next point.) +</LI> +<LI>Just after major changes are made the software is considered +unstable, and a series of alpha releases are distributed, for example +1.9.16alpha1. These are for testing by those who know what they are +doing. The "alpha" in the filename will hopefully scare off those who +are just looking for the latest version to install. +</LI> +<LI>When Andrew thinks that the alphas have stabilised to the point +where he would recommend new users install it, he renames it to the +same version number without the alpha, for example 1.9.17. +</LI> +<LI>Inevitably bugs are found in the "stable" releases and minor patch +levels are released which give us the pXX series, for example 1.9.17p2. +</LI> +</OL> +</P> +<P>So the progression goes:</P> +<P> +<PRE> + 1.9.16p10 (production) + 1.9.16p11 (production) + 1.9.17alpha1 (test sites only) + : + 1.9.17alpha20 (test sites only) + 1.9.17 (production) + 1.9.17p1 (production) +</PRE> +</P> +<P>The above system means that whenever someone looks at the samba ftp +site they will be able to grab the highest numbered release without an +alpha in the name and be sure of getting the current recommended +version.</P> + + +<H2><A NAME="ss2.5">2.5 Where can I go for further information?</A></H2> + +<P> +<A NAME="more"></A> +</P> +<P>There are a number of places to look for more information on Samba, +including:</P> +<P> +<UL> +<LI>Two mailing lists devoted to discussion of Samba-related matters. +See below for subscription information. +</LI> +<LI>The newsgroup comp.protocols.smb, which has a great deal of +discussion about Samba. +</LI> +<LI>The WWW site 'SAMBA Web Pages' at +<A HREF="http://samba.org/samba/">http://samba.org/samba/</A> includes: + +<UL> +<LI>Links to man pages and documentation, including this FAQ</LI> +<LI>A comprehensive survey of Samba users</LI> +<LI>A searchable hypertext archive of the Samba mailing list</LI> +<LI>Links to Samba source code, binaries, and mirrors of both</LI> +<LI>This FAQ and the rest in its family</LI> +</UL> + +</LI> +</UL> +</P> + + +<H2><A NAME="ss2.6">2.6 How do I subscribe to the Samba Mailing Lists?</A></H2> + +<P> +<A NAME="mailinglist"></A> +</P> +<P>Send email to +<A HREF="mailto:listproc@samba.org">listproc@samba.org</A>. Make sure the subject line is blank, +and include the following two lines in the body of the message:</P> +<P> +<BLOCKQUOTE><CODE> +<PRE> +subscribe samba Firstname Lastname +subscribe samba-announce Firstname Lastname +</PRE> +</CODE></BLOCKQUOTE> +</P> +<P>Obviously you should substitute YOUR first name for "Firstname" and +YOUR last name for "Lastname"! Try not to send any signature, it +sometimes confuses the list processor.</P> +<P>The samba list is a digest list - every eight hours or so it sends a +single message containing all the messages that have been received by +the list since the last time and sends a copy of this message to all +subscribers. There are thousands of people on this list.</P> +<P>If you stop being interested in Samba, please send another email to +<A HREF="mailto:listproc@samba.org">listproc@samba.org</A>. Make sure the subject line is blank, and +include the following two lines in the body of the message:</P> +<P> +<BLOCKQUOTE><CODE> +<PRE> +unsubscribe samba +unsubscribe samba-announce +</PRE> +</CODE></BLOCKQUOTE> +</P> +<P>The <B>From:</B> line in your message <EM>MUST</EM> be the same +address you used when you subscribed.</P> + + +<H2><A NAME="ss2.7">2.7 Something's gone wrong - what should I do?</A></H2> + +<P> +<A NAME="wrong"></A> +</P> +<P><B><F>#</F> *** IMPORTANT! *** <F>#</F></B></P> + +<P>DO NOT post messages on mailing lists or in newsgroups until you have +carried out the first three steps given here!</P> +<P> +<OL> +<LI> See if there are any likely looking entries in this FAQ! +If you have just installed Samba, have you run through the checklist in +<A HREF="ftp://samba.org/pub/samba/DIAGNOSIS.txt">DIAGNOSIS.txt</A>? It can save you a lot of time and effort. +DIAGNOSIS.txt can also be found in the docs directory of the Samba +distribution. +</LI> +<LI> Read the man pages for smbd, nmbd and smb.conf, looking for +topics that relate to what you are trying to do. +</LI> +<LI> If there is no obvious solution to hand, try to get a look at +the log files for smbd and/or nmbd for the period during which you +were having problems. You may need to reconfigure the servers to +provide more extensive debugging information - usually level 2 or +level 3 provide ample debugging info. Inspect these logs closely, +looking particularly for the string "Error:". +</LI> +<LI> If you need urgent help and are willing to pay for it see +<A HREF="#PaidSupport">Paid Support</A>. +</LI> +</OL> +</P> +<P>If you still haven't got anywhere, ask the mailing list or newsgroup. In +general nobody minds answering questions provided you have followed the +preceding steps. It might be a good idea to scan the archives of the +mailing list, which are available through the Samba web site described +in the previous section. When you post be sure to include a good +description of your environment and your problem.</P> +<P>If you successfully solve a problem, please mail the FAQ maintainer a +succinct description of the symptom, the problem and the solution, so +that an explanation can be incorporated into the next version.</P> + + +<H2><A NAME="ss2.8">2.8 How do I submit patches or bug reports?</A></H2> + + +<P>If you make changes to the source code, <EM>please</EM> submit these patches +so that everyone else gets the benefit of your work. This is one of +the most important aspects to the maintainence of Samba. Send all +patches to +<A HREF="mailto:samba@samba.org">samba@samba.org</A>. Do not send patches to Andrew Tridgell or any +other individual, they may be lost if you do.</P> +<P>Patch format +------------</P> +<P>If you are sending a patch to fix a problem then please don't just use +standard diff format. As an example, samba@samba.org received this patch from +someone:</P> +<P>382a +#endif +.. +381a +#if !defined(NEWS61)</P> +<P>How are we supposed to work out what this does and where it goes? These +sort of patches only work if we both have identical files in the first +place. The Samba sources are constantly changing at the hands of multiple +developers, so it doesn't work.</P> +<P>Please use either context diffs or (even better) unified diffs. You +get these using "diff -c4" or "diff -u". If you don't have a diff that +can generate these then please send manualy commented patches to I +know what is being changed and where. Most patches are applied by hand so +the info must be clear.</P> +<P>This is a basic guideline that will assist us with assessing your problem +more efficiently :</P> +<P>Machine Arch: +Machine OS: +OS Version: +Kernel:</P> +<P>Compiler: +Libc Version:</P> +<P>Samba Version:</P> +<P>Network Layout (description):</P> +<P>What else is on machine (services, etc):</P> +<P>Some extras :</P> +<P> +<UL> +<LI> what you did and what happened +</LI> +<LI> relevant parts of a debugging output file with debuglevel higher. +If you can't find the relevant parts, please ask before mailing +huge files. +</LI> +<LI> anything else you think is useful to trace down the bug +</LI> +</UL> +</P> + + +<H2><A NAME="ss2.9">2.9 What if I have an URGENT message for the developers?</A></H2> + + +<P>If you have spotted something very serious and believe that it is +important to contact the developers quickly send a message to +samba-urgent@samba.org. This will be processed more quickly than +mail to samba@samba.org. Please think carefully before using this address. An +example of its use might be to report a security hole.</P> +<P>Examples of things <EM>not</EM> to send to samba-urgent include problems +getting Samba to work at all and bugs that cannot potentially cause damage.</P> + + +<H2><A NAME="ss2.10">2.10 What if I need paid-for support?</A></H2> + +<P> +<A NAME="PaidSupport"></A> +</P> +<P>Samba has a large network of consultants who provide Samba support on a +commercial basis. The list is included in the package in +<A HREF="../Support.txt">../Support.txt</A>, and the latest version will always be on the main +samba ftp site. Any company in the world can request that the samba team +include their details in Support.txt so we can give no guarantee of +their services.</P> + + +<H2><A NAME="ss2.11">2.11 Pizza supply details</A></H2> + +<P> +<A NAME="pizza"></A> + +Those who have registered in the Samba survey as "Pizza Factory" will +already know this, but the rest may need some help. Andrew doesn't ask +for payment, but he does appreciate it when people give him +pizza. This calls for a little organisation when the pizza donor is +twenty thousand kilometres away, but it has been done.</P> +<P> +<OL> +<LI> Ring up your local branch of an international pizza chain +and see if they honour their vouchers internationally. Pizza Hut do, +which is how the entire Canberra Linux Users Group got to eat pizza +one night, courtesy of someone in the US. +</LI> +<LI>Ring up a local pizza shop in Canberra and quote a credit +card number for a certain amount, and tell them that Andrew will be +collecting it (don't forget to tell him.) One kind soul from Germany +did this. +</LI> +<LI>Purchase a pizza voucher from your local pizza shop that has +no international affiliations and send it to Andrew. It is completely +useless but he can hang it on the wall next to the one he already has +from Germany :-) +</LI> +<LI>Air freight him a pizza with your favourite regional +flavours. It will probably get stuck in customs or torn apart by +hungry sniffer dogs but it will have been a noble gesture. +</LI> +</OL> +</P> + + +<HR> +<A HREF="Samba-meta-FAQ-1.html">Previous</A> +<A HREF="Samba-meta-FAQ-3.html">Next</A> +<A HREF="Samba-meta-FAQ.html#toc2">Table of Contents</A> +</BODY> +</HTML> diff --git a/docs/faq/Samba-meta-FAQ-3.html b/docs/faq/Samba-meta-FAQ-3.html new file mode 100644 index 0000000000..8ebb38a334 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ-3.html @@ -0,0 +1,101 @@ +<HTML> +<HEAD> +<TITLE> Samba meta FAQ: About the CIFS and SMB Protocols</TITLE> +</HEAD> +<BODY> +<A HREF="Samba-meta-FAQ-2.html">Previous</A> +<A HREF="Samba-meta-FAQ-4.html">Next</A> +<A HREF="Samba-meta-FAQ.html#toc3">Table of Contents</A> +<HR> +<H2><A NAME="s3">3. About the CIFS and SMB Protocols</A></H2> + +<P> +<A NAME="CifsSmb"></A> +</P> + +<H2><A NAME="ss3.1">3.1 What is the Server Message Block (SMB) Protocol?</A></H2> + +<P>SMB is a filesharing protocol that has had several maintainers and +contributors over the years including Xerox, 3Com and most recently +Microsoft. Names for this protocol include LAN Manager and Microsoft +Networking. Parts of the specification has been made public at several +versions including in an X/Open document, as listed at +<A HREF="ftp://ftp.microsoft.com/developr/drg/CIFS/">ftp://ftp.microsoft.com/developr/drg/CIFS/</A>. No specification +releases were made between 1992 and 1996, and during that period +Microsoft became the SMB implementor with the largest market share. +Microsoft developed the specification further for its products but for +various reasons connected with developer's workload rather than market +strategy did not make the changes public. This culminated with the +"Windows NT 0.12" version released with NT 3.5 in 1995 which had significant +improvements and bugs. Because Microsoft client systems are so popular, +it is fair to say that what Microsoft with Windows affects all suppliers +of SMB server products.</P> +<P>From 1994 Andrew Tridgell began doing some serious work on his +Smbserver (now Samba) product and with some helpers started to +implement more and more of these protocols. Samba began to take +a significant share of the SMB server market.</P> + + +<H2><A NAME="ss3.2">3.2 What is the Common Internet Filesystem (CIFS)?</A></H2> + +<P>The initial pressure for Microsoft to document their current SMB +implementation came from the Samba team, who kept coming across things +on the wire that Microsoft either didn't know about or hadn't documented +anywhere (even in the sourcecode to Windows NT.) Then Sun Microsystems +came out with their WebNFS initiative, designed to replace FTP for file +transfers on the Internet. There are many drawbacks to WebNFS (including +its scope - it aims to replace HTTP as well!) but the concept was +attractive. FTP is not very clever, and why should it be harder to get +files from across the world than across the room? </P> +<P>Some hasty revisions were made and an Internet Draft for the Common +Internet Filesystem (CIFS) was released. Note that CIFS is not an +Internet standard and is a very long way from becoming one, BUT the +protocol specification is in the public domain and ongoing discussions +concerning the spec take place on a public mailing list according to the +rules of the Internet Engineering Task Force. For more information and +pointers see +<A HREF="http://samba.org/cifs/">http://samba.org/cifs/</A></P> +<P>The following is taken from +<A HREF="http://www.microsoft.com/intdev/cifs/">http://www.microsoft.com/intdev/cifs/</A></P> +<P> +<PRE> + CIFS defines a standard remote file system access protocol for use + over the Internet, enabling groups of users to work together and + share documents across the Internet or within their corporate + intranets. CIFS is an open, cross-platform technology based on the + native file-sharing protocols built into Microsoft® Windows® and + other popular PC operating systems, and supported on dozens of + other platforms, including UNIX®. With CIFS, millions of computer + users can open and share remote files on the Internet without having + to install new software or change the way they work." +</PRE> +</P> +<P>If you consider CIFS as a backwardsly-compatible refinement of SMB that +will work reasonably efficiently over the Internet you won't be too far +wrong.</P> +<P>The net effect is that Microsoft is now documenting large parts of their +Windows NT fileserver protocols. The security concepts embodied in +Windows NT are part of the specification, which is why Samba +documentation often talks in terms of Windows NT. However there is no +reason why a site shouldn't conduct all its file and printer sharing +with CIFS and yet have no Microsoft products at all.</P> + + +<H2><A NAME="ss3.3">3.3 What is Browsing? </A></H2> + +<P>The term "Browsing" causes a lot of confusion. It is the part of the +SMB/CIFS protocol which allows for resource discovery. For example, in +the Windows NT Explorer it is possible to see a "Network Neighbourhood" +of computers in the same SMB workgroup. Clicking on the name of one of +these machines brings up a list of file and printer resources for +connecting to. In this way you can cruise the network, seeing what +things are available. How this scales to the Internet is a subject for +debate. Look at the CIFS list archives to see what the experts think.</P> + + +<HR> +<A HREF="Samba-meta-FAQ-2.html">Previous</A> +<A HREF="Samba-meta-FAQ-4.html">Next</A> +<A HREF="Samba-meta-FAQ.html#toc3">Table of Contents</A> +</BODY> +</HTML> diff --git a/docs/faq/Samba-meta-FAQ-4.html b/docs/faq/Samba-meta-FAQ-4.html new file mode 100644 index 0000000000..73a9eea847 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ-4.html @@ -0,0 +1,215 @@ +<HTML> +<HEAD> +<TITLE> Samba meta FAQ: Designing A SMB and CIFS Network</TITLE> +</HEAD> +<BODY> +<A HREF="Samba-meta-FAQ-3.html">Previous</A> +<A HREF="Samba-meta-FAQ-5.html">Next</A> +<A HREF="Samba-meta-FAQ.html#toc4">Table of Contents</A> +<HR> +<H2><A NAME="s4">4. Designing A SMB and CIFS Network</A></H2> + + +<P>The big issues for installing any network of LAN or WAN file and print +servers are </P> +<P> +<UL> +<LI>How and where usernames, passwords and other security information +is stored +</LI> +<LI>What method can be used for locating the resources that users have +permission to use +</LI> +<LI>What protocols the clients can converse with +</LI> +</UL> + </P> +<P>If you buy Netware, Windows NT or just about any other LAN fileserver +product you are expected to lock yourself into the product's preferred +answers to these questions. This tendancy is restrictive and often very +expensive for a site where there is only one kind of client or server, +and for sites with a mixture of operating systems it often makes it +impossible to share resources between some sets of users.</P> +<P>The Samba philosophy is to make things as easy as possible for +administators, which means allowing as many combinations of clients, +servers, operating systems and protocols as possible.</P> + +<H2><A NAME="ss4.1">4.1 Workgroups, Domains, Authentication and Browsing</A></H2> + + +<P>From the point of view of networking implementation, Domains and +Workgroups are <EM>exactly</EM> the same, except for the client logon +sequence. Some kind of distributed authentication database is associated +with a domain (there are quite a few choices) and this adds so much +flexibility that many people think of a domain as a completely different +entity to a workgroup. From Samba's point of view a client connecting to +a service presents an authentication token, and it if it is valid they +have access. Samba does not care what mechanism was used to generate +that token in the first place.</P> +<P>The SMB client logging on to a domain has an expectation that every other +server in the domain should accept the same authentication information. +However the network browsing functionality of domains and workgroups is +identical and is explained in +<A HREF="../BROWSING.txt">../BROWSING.txt</A>.</P> +<P>There are some implementation differences: Windows 95 can be a member of +both a workgroup and a domain, but Windows NT cannot. Windows 95 also +has the concept of an "alternative workgroup". Samba can only be a +member of a single workgroup or domain, although this is due to change +with a future version when nmbd will be split into two daemons, one for +WINS and the other for browsing ( +<A HREF="../NetBIOS.txt">../NetBIOS.txt</A> explains +what WINS is.)</P> + +<H3>Defining the Terms</H3> + +<P> +<A NAME="BrowseAndDomainDefs"></A> +</P> +<P> +<DL> + +<DT><B>Workgroup</B><DD><P>means a collection of machines that maintain a common +browsing database containing information about their shared resources. +They do not necessarily have any security information in common (if they +do, it gets called a Domain.) The browsing database is dynamic, modified +as servers come and go on the network and as resources are added or +deleted. The term "browsing" refers to a user accessing the database via +whatever interface the client provides, eg the OS/2 Workplace Shell or +Windows 95 Explorer. SMB servers agree between themselves as to which +ones will maintain the browsing database. Workgroups can be anywhere on +a connected TCP/IP network, including on different subnets or even on +the Interet. This is a very tricky part of SMB to implement.</P> + +<DT><B>Master Browsers</B><DD><P>are machines which holds the master browsing +database for a workgroup or domain. There are two kinds of Master Browser:</P> +<P> +<UL> +<LI> Domain Master Browser, which holds the master browsing +information for an entire domain, which may well cross multiple TCP/IP +subnets. +</LI> +<LI> Local Master Browser, which holds the master browsing database +for a particular subnet and communicates with the Domain Master Browser +to get information on other subnets. +</LI> +</UL> +</P> +<P>Subnets are differentiated because browsing is based on broadcasts, and +broadcasts do not pass through routers. Subnets are not routed: while it +is possible to have more than one subnet on a single network segment +this is regarded as very bad practice.</P> +<P>Master Browsers (both Domain and Local) are elected dynamically +according to an algorithm which is supposed to take into account the +machine's ability to sustain the browsing load. Samba can be configured +to always act as a master browser, ie it always wins elections under all +circumstances, even against systems such as a Windows NT Primary Domain +Controller which themselves expect to win. </P> +<P>There are also Backup Browsers which are promoted to Master Browsers in +the event of a Master Browser disappearing from the network.</P> +<P>Alternative terms include confusing variations such as "Browse Master", +and "Master Browser" which we are trying to eliminate from the Samba +documentation. </P> + +<DT><B>Domain Controller</B><DD><P>is a term which comes from the Microsoft and IBM +etc implementation of the LAN Manager protocols. It is tied to +authentication. There are other ways of doing domain authentication, but +the Windows NT method has a large market share. The general issues are +discussed in +<A HREF="../DOMAIN.txt">../DOMAIN.txt</A> and a Windows NT-specific +discussion is in +<A HREF="../DOMAIN_CONTROL.txt">../DOMAIN_CONTROL.txt</A>.</P> + +</DL> +</P> + +<H3>Sharelevel (Workgroup) Security Services</H3> + +<P> +<A NAME="ShareModeSecurity"></A> +</P> +<P>With the Samba setting "security = SHARE", all shared resources +information about what password is associated with them but only hints +as to what usernames might be valid (the hint can be 'all users', in +which case any username will work. This is usually a bad idea, but +reflects both the initial implementations of SMB in the mid-80s and +its reincarnation with Windows for Workgroups in 1992. The idea behind +workgroup security was that small independant groups of people could +share information on an ad-hoc basis without there being an +authentication infrastructure present or requiring them to do more than +fill in a dialogue box.</P> + +<H3>Authentication Domain Mode Services</H3> + +<P> +<A NAME="DomainModeSecurity"></A> +</P> +<P>With the Samba settings "security = USER" or "security = SERVER" +accesses to all resources are checked for username/password pair matches +in a more rigorous manner. To the client, this has the effect of +emulating a Microsoft Domain. The client is not concerned whether or not +Samba looks up a Windows NT SAM or does it in some other way.</P> + + +<H2><A NAME="ss4.2">4.2 Authentication Schemes</A></H2> + + +<P>In the simple case authentication information is stored on a single +server and the user types a password on connecting for the first time. +However client operating systems often require a password before they +can be used at all, and in addition users usually want access to more +than one server. Asking users to remember many different passwords in +different contexts just does not work. Some kind of distributed +authentication database is needed. It must cope with password changes +and provide for assigning groups of users the same level of access +permissions. This is why Samba installations often choose to implement a +Domain model straight away.</P> +<P>Authentication decisions are some of the biggest in designing a network. +Are you going to use a scheme native to the client operating system, +native to the server operating system, or newly installed on both? A +list of options relevant to Samba (ie that make sense in the context of +the SMB protocol) follows. Any experiences with other setups would be +appreciated. <F>refer to server FAQ for "passwd chat" passwd program +password server etc etc...</F></P> + +<H3>NIS</H3> + + +<P>For Windows 95, Windows for Workgroups and most other clients Samba can +be a domain controller and share the password database via NIS +transparently. Windows NT is different. +<A HREF="http://www.dcs.qmw.ac.uk/~williams">Free NIS NT client</A></P> + +<H3>Kerberos</H3> + + +<P>Kerberos for US users only: +<A HREF="http://www.cygnus.com/product/unifying-security.html">Kerberos overview</A> +<A HREF="http://www.cygnus.com/product/kerbnet-download.html">Download Kerberos</A></P> + +<H3>FTP</H3> + + +<P>Other NT w/s logon hack via NT</P> + +<H3>Default Server Method</H3> + + + +<H3>Client-side Database Only</H3> + + + + +<H2><A NAME="ss4.3">4.3 Post-Authentication: Netlogon, Logon Scripts, Profiles</A></H2> + + +<P>See +<A HREF="../DOMAIN.txt">../DOMAIN.txt</A></P> + + +<HR> +<A HREF="Samba-meta-FAQ-3.html">Previous</A> +<A HREF="Samba-meta-FAQ-5.html">Next</A> +<A HREF="Samba-meta-FAQ.html#toc4">Table of Contents</A> +</BODY> +</HTML> diff --git a/docs/faq/Samba-meta-FAQ-5.html b/docs/faq/Samba-meta-FAQ-5.html new file mode 100644 index 0000000000..ad528b0a97 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ-5.html @@ -0,0 +1,30 @@ +<HTML> +<HEAD> +<TITLE> Samba meta FAQ: Cross-Protocol File Sharing</TITLE> +</HEAD> +<BODY> +<A HREF="Samba-meta-FAQ-4.html">Previous</A> +<A HREF="Samba-meta-FAQ-6.html">Next</A> +<A HREF="Samba-meta-FAQ.html#toc5">Table of Contents</A> +<HR> +<H2><A NAME="s5">5. Cross-Protocol File Sharing</A></H2> + + +<P>Samba is an important tool for...</P> +<P>It is possible to...</P> +<P>File protocol gateways...</P> +<P>"Setting up a Linux File Server" http://vetrec.mit.edu/people/narf/linux.html</P> +<P>Two free implementations of Appletalk for Unix are Netatalk, +<A HREF="http://www.umich.edu/~rsug/netatalk/">http://www.umich.edu/~rsug/netatalk/</A>, and CAP, +<A HREF="http://www.cs.mu.oz.au/appletalk/atalk.html">http://www.cs.mu.oz.au/appletalk/atalk.html</A>. What Samba offers MS +Windows users, these packages offer to Macs. For more info on these +packages, Samba, and Linux (and other UNIX-based systems) see +<A HREF="http://www.eats.com/linux_mac_win.html">http://www.eats.com/linux_mac_win.html</A> 3.5) Sniffing your nework</P> + + +<HR> +<A HREF="Samba-meta-FAQ-4.html">Previous</A> +<A HREF="Samba-meta-FAQ-6.html">Next</A> +<A HREF="Samba-meta-FAQ.html#toc5">Table of Contents</A> +</BODY> +</HTML> diff --git a/docs/faq/Samba-meta-FAQ-6.html b/docs/faq/Samba-meta-FAQ-6.html new file mode 100644 index 0000000000..f8cd7817d6 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ-6.html @@ -0,0 +1,30 @@ +<HTML> +<HEAD> +<TITLE> Samba meta FAQ: Miscellaneous</TITLE> +</HEAD> +<BODY> +<A HREF="Samba-meta-FAQ-5.html">Previous</A> +Next +<A HREF="Samba-meta-FAQ.html#toc6">Table of Contents</A> +<HR> +<H2><A NAME="s6">6. Miscellaneous</A></H2> + +<P> +<A NAME="miscellaneous"></A> +</P> +<H2><A NAME="ss6.1">6.1 Is Samba Year 2000 compliant?</A></H2> + +<P> +<A NAME="Year2000Compliant"></A> + +The CIFS protocol that Samba implements +negotiates times in various formats, all of which +are able to cope with dates beyond 2000.</P> + + +<HR> +<A HREF="Samba-meta-FAQ-5.html">Previous</A> +Next +<A HREF="Samba-meta-FAQ.html#toc6">Table of Contents</A> +</BODY> +</HTML> diff --git a/docs/faq/Samba-meta-FAQ.html b/docs/faq/Samba-meta-FAQ.html new file mode 100644 index 0000000000..38f094bf33 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ.html @@ -0,0 +1,102 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<HTML> +<HEAD> +<TITLE> Samba meta FAQ</TITLE> +</HEAD> +<BODY> +Previous +<A HREF="Samba-meta-FAQ-1.html">Next</A> +Table of Contents +<HR> +<H1> Samba meta FAQ</H1> + +<H2>Dan Shearer & Paul Blackman, <CODE>ictinus@samba.org</CODE></H2>v 0.3, 7 Oct '97 +<P><HR><EM> This is the meta-Frequently Asked Questions (FAQ) document +for Samba, the free and very popular SMB and CIFS server product. It +contains overview information for the Samba suite of programs, a +quick-start guide, and pointers to all other Samba documentation. Other +FAQs exist for specific client and server issues, and HOWTO documents +for more extended topics to do with Samba software. Current to version +Samba 1.9.17. Please send any corrections to the author. </EM><HR></P> +<P> +<H2><A NAME="toc1">1.</A> <A HREF="Samba-meta-FAQ-1.html">Quick Reference Guides to Samba Documentation</A></H2> +<UL> +<LI><A HREF="Samba-meta-FAQ-1.html#ss1.1">1.1 Samba for the Impatient</A> +<LI><A HREF="Samba-meta-FAQ-1.html#ss1.2">1.2 All Samba Documentation</A> +</UL> + +<P> +<H2><A NAME="toc2">2.</A> <A HREF="Samba-meta-FAQ-2.html">General Information</A></H2> +<UL> +<LI><A HREF="Samba-meta-FAQ-2.html#ss2.1">2.1 What is Samba?</A> +<LI><A HREF="Samba-meta-FAQ-2.html#ss2.2">2.2 What is the current version of Samba?</A> +<LI><A HREF="Samba-meta-FAQ-2.html#ss2.3">2.3 Where can I get it? </A> +<LI><A HREF="Samba-meta-FAQ-2.html#ss2.4">2.4 What do the version numbers mean?</A> +<LI><A HREF="Samba-meta-FAQ-2.html#ss2.5">2.5 Where can I go for further information?</A> +<LI><A HREF="Samba-meta-FAQ-2.html#ss2.6">2.6 How do I subscribe to the Samba Mailing Lists?</A> +<LI><A HREF="Samba-meta-FAQ-2.html#ss2.7">2.7 Something's gone wrong - what should I do?</A> +<LI><A HREF="Samba-meta-FAQ-2.html#ss2.8">2.8 How do I submit patches or bug reports?</A> +<LI><A HREF="Samba-meta-FAQ-2.html#ss2.9">2.9 What if I have an URGENT message for the developers?</A> +<LI><A HREF="Samba-meta-FAQ-2.html#ss2.10">2.10 What if I need paid-for support?</A> +<LI><A HREF="Samba-meta-FAQ-2.html#ss2.11">2.11 Pizza supply details</A> +</UL> + +<P> +<H2><A NAME="toc3">3.</A> <A HREF="Samba-meta-FAQ-3.html">About the CIFS and SMB Protocols</A></H2> +<UL> +<LI><A HREF="Samba-meta-FAQ-3.html#ss3.1">3.1 What is the Server Message Block (SMB) Protocol?</A> +<LI><A HREF="Samba-meta-FAQ-3.html#ss3.2">3.2 What is the Common Internet Filesystem (CIFS)?</A> +<LI><A HREF="Samba-meta-FAQ-3.html#ss3.3">3.3 What is Browsing? </A> +</UL> + +<P> +<H2><A NAME="toc4">4.</A> <A HREF="Samba-meta-FAQ-4.html">Designing A SMB and CIFS Network</A></H2> +<UL> +<LI><A HREF="Samba-meta-FAQ-4.html#ss4.1">4.1 Workgroups, Domains, Authentication and Browsing</A> +<LI><A HREF="Samba-meta-FAQ-4.html#ss4.2">4.2 Authentication Schemes</A> +<LI><A HREF="Samba-meta-FAQ-4.html#ss4.3">4.3 Post-Authentication: Netlogon, Logon Scripts, Profiles</A> +</UL> + +<P> +<H2><A NAME="toc5">5.</A> <A HREF="Samba-meta-FAQ-5.html">Cross-Protocol File Sharing</A></H2> + +<P> +<H2><A NAME="toc6">6.</A> <A HREF="Samba-meta-FAQ-6.html">Miscellaneous</A></H2> +<UL> +<LI><A HREF="Samba-meta-FAQ-6.html#ss6.1">6.1 Is Samba Year 2000 compliant?</A> +</UL> + + +<HR> +Previous +<A HREF="Samba-meta-FAQ-1.html">Next</A> +Table of Contents +</BODY> +</HTML> diff --git a/docs/faq/Samba-meta-FAQ.sgml b/docs/faq/Samba-meta-FAQ.sgml new file mode 100644 index 0000000000..377d81663d --- /dev/null +++ b/docs/faq/Samba-meta-FAQ.sgml @@ -0,0 +1,771 @@ +<!doctype linuxdoc system> <!-- -*- SGML -*- --> +<!-- + v 0.1 23 Aug 1997 Dan Shearer + Original Samba-meta-FAQ.sgml from Paul's sambafaq.sgml + v 0.2 25 Aug 1997 Dan + v 0.3 7 Oct 1997 Paul + Changed samba.canberra refs to samba.anu.../samba/ +--> + +<article> + +<title> Samba meta FAQ + +<author>Dan Shearer & Paul Blackman, <tt>ictinus@samba.org</tt> + +<date>v 0.3, 7 Oct '97 + +<abstract> This is the meta-Frequently Asked Questions (FAQ) document +for Samba, the free and very popular SMB and CIFS server product. It +contains overview information for the Samba suite of programs, a +quick-start guide, and pointers to all other Samba documentation. Other +FAQs exist for specific client and server issues, and HOWTO documents +for more extended topics to do with Samba software. Current to version +Samba 1.9.17. Please send any corrections to the author. +</abstract> + +<toc> + +<sect> Quick Reference Guides to Samba Documentation<p><label id=quickref> + +We are endeavouring to provide links here to every major class of +information about Samba or things related to Samba. We cannot list every +document, but we are aiming for all documents to be at most two +referrals from those listed here. This needs constant maintaining, so +please send the author your feedback. + +<sect1> Samba for the Impatient<p><label id="impatient"> + +You know you should read the documentation but can't wait to start? What +you need to do then is follow the instructions in the following +documents in the order given. This should be enough to get a fairly +simple site going quickly. If you have any problems, refer back to this +meta-FAQ and follow the links to find more reading material. + +<descrip> + +<label id="ImpGet"><tag/Getting Samba:/ The fastest way to get Samba +going is and install it is to have an operating system for which the +Samba team has put together an installation package. To see if your OS +is included have a look at the directory +/pub/samba/Binary_Packages/"OS_Vendor" on your nearest <url +url="../MIRRORS" name="mirror site">. If it is included follow the +installation instructions in the README file there and then do some <ref id="ImpTest" +name="basic testing">. If you are not so fortunate, follow the normal <ref +id="WhereFrom" name="download instructions"> and then continue with <ref +id="ImpInst" name="building and installing Samba">. + +<label id="ImpInst"><tag/Building and Installing Samba:/ At the moment +there are two kinds of Samba server installs besides the prepackaged +binaries mentioned in the previous step. You need to decide if you have a <url url="../UNIX_INSTALL.txt" +name="Unix or close relative"> or <url +url="Samba-Server-FAQ.html#PortInfo" name="other supported operating system">. + +<label id="ImpTest"><tag/Basic Testing:/ Try to connect using the +supplied smbclient command-line program. You need to know the IP +hostname of your server. A service name must be defined in smb.conf, as +given in the examples (under many operating systems if there is a +[homes] service you can just use a valid username.) Then type +<tt> + smbclient \\hostname\servicename +</tt> +Under most Unixes you will need to put the parameters within quotation +marks. If this works, try connecting from one of the SMB clients you +were planning to use with Samba. + +<label id="ImpDebug"><tag/Debug sequence:/ If you think you have completed the +previous step and things aren't working properly work through +<url url="../DIAGNOSIS.txt" name="the diagnosis recipe."> + +<label id="ImpExp"><tag/Exporting files to SMB clients:/ You should read the manual pages +for smb.conf, but here is a <url url="Samba-Server-FAQ.html#Exporting" +name="quick answer guide."> + +<label id="ImpControl"><tag/Controlling user access:/ the quickest and dirtiest way of sharing +resources is to use <ref id="ShareModeSecurity" name="share level +security."> If you want to spend more time and have a proper username +and password database you must read the paragraph on <ref +id="DomainModeSecurity" name="domain mode security."> If you want +encryption (eg you are using Windows NT clients) follow the <url +url="Samba-Server-FAQ.html#SMBEncryptionSteps" name="SMB encryption +instructions."> + +<label id="ImpBrowse"><tag/Browsing:/ if you are happy to type in "\\samba-server\sharename" +at the client end then do not read any further. Otherwise you need to +understand the <ref id="BrowsingDefinitions" name="browsing terminology"> +and read <url url="Samba-Server-FAQ.html#NameBrowsing">. + +<label id="ImpPrint"><tag/Printing:/ See the <url url="Samba-Server-FAQ.html#Printing" +name="printing quick answer guide."> + +</descrip> + +If you have got everything working to this point, you can expect Samba +to be stable and secure: these are its greatest strengths. However Samba +has a great deal to offer and to go further you must do some more +reading. Speed and security optimisations, printer accounting, network +logons, roving profiles, browsing across multiple subnets and so on are +all covered either in this document or in those it refers to. + +<sect1> All Samba Documentation<p><label id=AllDocs> + +<itemize> + +<item> Meta-FAQ. This is the mother of all documents, and is the one you +are reading now. The latest version is always at <url +url="http://samba.org/[.....]"> but there is probably a much +nearer <url url="../MIRRORS" name="mirror site"> which you should use +instead. + +<item> <url url="Samba-Server-FAQ.html"> is the best starting point for +information about server-side issues. Includes configuration tips and +pointers for Samba on particular operating systems (with 40 to choose +from...) + +<item> <url url="Samba-Client-FAQ.html"> is the best starting point for +information about client-side issues, includes a list of all clients +that are known to work with Samba. + +<item> <url url="samba-man-index.html" name="manual pages"> contains +descriptions of and links to all the Samba manual pages, in Unix man and +postscript format. + +<item> <url url="samba-txt-index.html"> has descriptions of and links to +a large number of text files have been contributed to samba covering +many topics. These are gradually being absorbed into the FAQs and HOWTOs +but in the meantime you might find helpful answers here. + +<item> + +</itemize> + +<sect> General Information<p><label id="general_info"> + +All about Samba - what it is, how to get it, related sources of +information, how to understand the numbering scheme, pizza +details. + +<sect1> What is Samba?<p><label id="introduction"> + +Samba is a suite of programs which work together to allow clients to +access to a server's filespace and printers via the SMB (Server Message +Block) and CIFS (Common Internet Filesystem) protocols. Initially +written for Unix, Samba now also runs on Netware, OS/2, VMS, StratOS and +Amigas. Ports to BeOS and other operating systems are underway. Samba +gives the capability for these operating systems to behave much like a +LAN Server, Windows NT Server or Pathworks machine, only with added +functionality and flexibility designed to make life easier for +administrators. + +This means that using Samba you can share a server's disks and printers +to many sorts of network clients, including Lan Manager, Windows for +Workgroups, Windows NT, Linux, OS/2, and AIX. There is also a generic +client program supplied as part of the Samba suite which gives a user on +the server an ftp-like interface to access filespace and printers on any +other SMB/CIFS servers. + +SMB has been implemented over many protocols, including XNS, NBT, IPX, +NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to change +although there have been some requests for NetBEUI support. + +Many users report that compared to other SMB implementations Samba is +more stable, faster, and compatible with more clients. Administrators of +some large installations say that Samba is the only SMB server available +which will scale to many tens of thousands of users without crashing. +The easy way to test these claims is to download it and try it for +yourself! + +The suite is supplied with full source code under the <url +url="../COPYING" name="GNU Public License">. The GPL means that you can +use Samba for whatever purpose you wish (including changing the source +or selling it for money) but under all circumstances the source code +must be made freely available. A copy of the GPL must always be included +in any copy of the package. + +The primary creator of the Samba suite is Andrew Tridgell. Later +versions incorporate much effort by many net.helpers. The man pages +and this FAQ were originally written by Karl Auer. + +<sect1> What is the current version of Samba?<p><label id="current_version"> + +At time of writing, the current version was 1.9.17. If you want to be +sure check the bottom of the change-log file. <url url="ftp://samba.org/pub/samba/alpha/change-log"> + +For more information see <ref id="version_nums" name="What do the version numbers mean?"> + +<sect1> Where can I get it? <p><label id="WhereFrom"> + +The Samba suite is available via anonymous ftp from samba.org and +many <url url="../MIRRORS" name="mirror"> sites. You will get much +faster performance if you use a mirror site. The latest and greatest +versions of the suite are in the directory: + +/pub/samba/ + +Development (read "alpha") versions, which are NOT necessarily stable +and which do NOT necessarily have accurate documentation, are available +in the directory: + +/pub/samba/alpha + +Note that binaries are NOT included in any of the above. Samba is +distributed ONLY in source form, though binaries may be available from +other sites. Most Linux distributions, for example, do contain Samba +binaries for that platform. The VMS, OS/2, Netware and Amiga and other +ports typically have binaries made available. + +A special case is vendor-provided binary packages. Samba binaries and +default configuration files are put into packages for a specific +operating system. RedHat Linux and Sun Solaris (Sparc and x86) is +already included, and others such as OS/2 may follow. All packages are +in the directory: + +/pub/samba/Binary_Packages/"OS_Vendor" + +<sect1>What do the version numbers mean?<p><label id="version_nums"> + +It is not recommended that you run a version of Samba with the word +"alpha" in its name unless you know what you are doing and are willing +to do some debugging. Many, many people just get the latest +recommended stable release version and are happy. If you are brave, by +all means take the plunge and help with the testing and development - +but don't install it on your departmental server. Samba is typically +very stable and safe, and this is mostly due to the policy of many +public releases. + +How the scheme works: + +<enum> + +<item>When major changes are made the version number is increased. For +example, the transition from 1.9.16 to 1.9.17. However, this version +number will not appear immediately and people should continue to use +1.9.15 for production systems (see next point.) + +<item>Just after major changes are made the software is considered +unstable, and a series of alpha releases are distributed, for example +1.9.16alpha1. These are for testing by those who know what they are +doing. The "alpha" in the filename will hopefully scare off those who +are just looking for the latest version to install. + +<item>When Andrew thinks that the alphas have stabilised to the point +where he would recommend new users install it, he renames it to the +same version number without the alpha, for example 1.9.17. + +<item>Inevitably bugs are found in the "stable" releases and minor patch +levels are released which give us the pXX series, for example 1.9.17p2. + +</enum> + +So the progression goes: + +<verb> + 1.9.16p10 (production) + 1.9.16p11 (production) + 1.9.17alpha1 (test sites only) + : + 1.9.17alpha20 (test sites only) + 1.9.17 (production) + 1.9.17p1 (production) +</verb> + +The above system means that whenever someone looks at the samba ftp +site they will be able to grab the highest numbered release without an +alpha in the name and be sure of getting the current recommended +version. + +<sect1> Where can I go for further information?<p><label id="more"> + +There are a number of places to look for more information on Samba, +including: + +<itemize> + +<item>Two mailing lists devoted to discussion of Samba-related matters. +See below for subscription information. + +<item>The newsgroup comp.protocols.smb, which has a great deal of +discussion about Samba. + +<item>The WWW site 'SAMBA Web Pages' at <url +url="http://samba.org/samba/"> includes: + + <itemize> + <item>Links to man pages and documentation, including this FAQ + <item>A comprehensive survey of Samba users + <item>A searchable hypertext archive of the Samba mailing list + <item>Links to Samba source code, binaries, and mirrors of both + <item>This FAQ and the rest in its family + </itemize> + +</itemize> + +<sect1>How do I subscribe to the Samba Mailing Lists?<p><label id="mailinglist"> + +Send email to <htmlurl url="mailto:listproc@samba.org" +name="listproc@samba.org">. Make sure the subject line is blank, +and include the following two lines in the body of the message: + +<tscreen><verb> +subscribe samba Firstname Lastname +subscribe samba-announce Firstname Lastname +</verb></tscreen> + +Obviously you should substitute YOUR first name for "Firstname" and +YOUR last name for "Lastname"! Try not to send any signature, it +sometimes confuses the list processor. + +The samba list is a digest list - every eight hours or so it sends a +single message containing all the messages that have been received by +the list since the last time and sends a copy of this message to all +subscribers. There are thousands of people on this list. + +If you stop being interested in Samba, please send another email to +<htmlurl url="mailto:listproc@samba.org" name="listproc@samba.org">. Make sure the subject line is blank, and +include the following two lines in the body of the message: + +<tscreen><verb> +unsubscribe samba +unsubscribe samba-announce +</verb></tscreen> + +The <bf>From:</bf> line in your message <em>MUST</em> be the same +address you used when you subscribed. + +<sect1> Something's gone wrong - what should I do?<p><label id="wrong"> + +<bf>[#] *** IMPORTANT! *** [#]</bf> +<p> + +DO NOT post messages on mailing lists or in newsgroups until you have +carried out the first three steps given here! + +<enum> <item> See if there are any likely looking entries in this FAQ! +If you have just installed Samba, have you run through the checklist in +<url url="ftp://samba.org/pub/samba/DIAGNOSIS.txt" +name="DIAGNOSIS.txt">? It can save you a lot of time and effort. +DIAGNOSIS.txt can also be found in the docs directory of the Samba +distribution. + +<item> Read the man pages for smbd, nmbd and smb.conf, looking for +topics that relate to what you are trying to do. + +<item> If there is no obvious solution to hand, try to get a look at +the log files for smbd and/or nmbd for the period during which you +were having problems. You may need to reconfigure the servers to +provide more extensive debugging information - usually level 2 or +level 3 provide ample debugging info. Inspect these logs closely, +looking particularly for the string "Error:". + +<item> If you need urgent help and are willing to pay for it see +<ref id="PaidSupport" name="Paid Support">. + +</enum> + +If you still haven't got anywhere, ask the mailing list or newsgroup. In +general nobody minds answering questions provided you have followed the +preceding steps. It might be a good idea to scan the archives of the +mailing list, which are available through the Samba web site described +in the previous section. When you post be sure to include a good +description of your environment and your problem. + +If you successfully solve a problem, please mail the FAQ maintainer a +succinct description of the symptom, the problem and the solution, so +that an explanation can be incorporated into the next version. + +<sect1> How do I submit patches or bug reports?<p> + +If you make changes to the source code, <em>please</em> submit these patches +so that everyone else gets the benefit of your work. This is one of +the most important aspects to the maintainence of Samba. Send all +patches to <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">. Do not send patches to Andrew Tridgell or any +other individual, they may be lost if you do. + +Patch format +------------ + +If you are sending a patch to fix a problem then please don't just use +standard diff format. As an example, samba@samba.org received this patch from +someone: + +382a +#endif +.. +381a +#if !defined(NEWS61) + +How are we supposed to work out what this does and where it goes? These +sort of patches only work if we both have identical files in the first +place. The Samba sources are constantly changing at the hands of multiple +developers, so it doesn't work. + +Please use either context diffs or (even better) unified diffs. You +get these using "diff -c4" or "diff -u". If you don't have a diff that +can generate these then please send manualy commented patches to I +know what is being changed and where. Most patches are applied by hand so +the info must be clear. + +This is a basic guideline that will assist us with assessing your problem +more efficiently : + +Machine Arch: +Machine OS: +OS Version: +Kernel: + +Compiler: +Libc Version: + +Samba Version: + +Network Layout (description): + +What else is on machine (services, etc): + +Some extras : + +<itemize> + +<item> what you did and what happened + +<item> relevant parts of a debugging output file with debuglevel higher. + If you can't find the relevant parts, please ask before mailing + huge files. + +<item> anything else you think is useful to trace down the bug + +</itemize> + +<sect1> What if I have an URGENT message for the developers?<p> + +If you have spotted something very serious and believe that it is +important to contact the developers quickly send a message to +samba-urgent@samba.org. This will be processed more quickly than +mail to samba@samba.org. Please think carefully before using this address. An +example of its use might be to report a security hole. + +Examples of things <em>not</em> to send to samba-urgent include problems +getting Samba to work at all and bugs that cannot potentially cause damage. + +<sect1> What if I need paid-for support?<p><label id=PaidSupport> + +Samba has a large network of consultants who provide Samba support on a +commercial basis. The list is included in the package in <url +url="../Support.txt">, and the latest version will always be on the main +samba ftp site. Any company in the world can request that the samba team +include their details in Support.txt so we can give no guarantee of +their services. + +<sect1> Pizza supply details<p><label id="pizza"> +Those who have registered in the Samba survey as "Pizza Factory" will +already know this, but the rest may need some help. Andrew doesn't ask +for payment, but he does appreciate it when people give him +pizza. This calls for a little organisation when the pizza donor is +twenty thousand kilometres away, but it has been done. + +<enum> +<item> Ring up your local branch of an international pizza chain +and see if they honour their vouchers internationally. Pizza Hut do, +which is how the entire Canberra Linux Users Group got to eat pizza +one night, courtesy of someone in the US. + +<item>Ring up a local pizza shop in Canberra and quote a credit +card number for a certain amount, and tell them that Andrew will be +collecting it (don't forget to tell him.) One kind soul from Germany +did this. + +<item>Purchase a pizza voucher from your local pizza shop that has +no international affiliations and send it to Andrew. It is completely +useless but he can hang it on the wall next to the one he already has +from Germany :-) + +<item>Air freight him a pizza with your favourite regional +flavours. It will probably get stuck in customs or torn apart by +hungry sniffer dogs but it will have been a noble gesture. + +</enum> + +<sect>About the CIFS and SMB Protocols<p><label id="CifsSmb"> + +<sect1> What is the Server Message Block (SMB) Protocol?<p> +SMB is a filesharing protocol that has had several maintainers and +contributors over the years including Xerox, 3Com and most recently +Microsoft. Names for this protocol include LAN Manager and Microsoft +Networking. Parts of the specification has been made public at several +versions including in an X/Open document, as listed at +<url url="ftp://ftp.microsoft.com/developr/drg/CIFS/">. No specification +releases were made between 1992 and 1996, and during that period +Microsoft became the SMB implementor with the largest market share. +Microsoft developed the specification further for its products but for +various reasons connected with developer's workload rather than market +strategy did not make the changes public. This culminated with the +"Windows NT 0.12" version released with NT 3.5 in 1995 which had significant +improvements and bugs. Because Microsoft client systems are so popular, +it is fair to say that what Microsoft with Windows affects all suppliers +of SMB server products. + +From 1994 Andrew Tridgell began doing some serious work on his +Smbserver (now Samba) product and with some helpers started to +implement more and more of these protocols. Samba began to take +a significant share of the SMB server market. + +<sect1> What is the Common Internet Filesystem (CIFS)?<p> +The initial pressure for Microsoft to document their current SMB +implementation came from the Samba team, who kept coming across things +on the wire that Microsoft either didn't know about or hadn't documented +anywhere (even in the sourcecode to Windows NT.) Then Sun Microsystems +came out with their WebNFS initiative, designed to replace FTP for file +transfers on the Internet. There are many drawbacks to WebNFS (including +its scope - it aims to replace HTTP as well!) but the concept was +attractive. FTP is not very clever, and why should it be harder to get +files from across the world than across the room? + +Some hasty revisions were made and an Internet Draft for the Common +Internet Filesystem (CIFS) was released. Note that CIFS is not an +Internet standard and is a very long way from becoming one, BUT the +protocol specification is in the public domain and ongoing discussions +concerning the spec take place on a public mailing list according to the +rules of the Internet Engineering Task Force. For more information and +pointers see <url url="http://samba.org/cifs/"> + +The following is taken from <url url="http://www.microsoft.com/intdev/cifs/"> + +<verb> + CIFS defines a standard remote file system access protocol for use + over the Internet, enabling groups of users to work together and + share documents across the Internet or within their corporate + intranets. CIFS is an open, cross-platform technology based on the + native file-sharing protocols built into Microsoft® Windows® and + other popular PC operating systems, and supported on dozens of + other platforms, including UNIX®. With CIFS, millions of computer + users can open and share remote files on the Internet without having + to install new software or change the way they work." +</verb> + +If you consider CIFS as a backwardsly-compatible refinement of SMB that +will work reasonably efficiently over the Internet you won't be too far +wrong. + +The net effect is that Microsoft is now documenting large parts of their +Windows NT fileserver protocols. The security concepts embodied in +Windows NT are part of the specification, which is why Samba +documentation often talks in terms of Windows NT. However there is no +reason why a site shouldn't conduct all its file and printer sharing +with CIFS and yet have no Microsoft products at all. + +<sect1> What is Browsing? <p> +The term "Browsing" causes a lot of confusion. It is the part of the +SMB/CIFS protocol which allows for resource discovery. For example, in +the Windows NT Explorer it is possible to see a "Network Neighbourhood" +of computers in the same SMB workgroup. Clicking on the name of one of +these machines brings up a list of file and printer resources for +connecting to. In this way you can cruise the network, seeing what +things are available. How this scales to the Internet is a subject for +debate. Look at the CIFS list archives to see what the experts think. + +<sect>Designing A SMB and CIFS Network<p> + +The big issues for installing any network of LAN or WAN file and print +servers are + +<itemize> + +<item>How and where usernames, passwords and other security information +is stored + +<item>What method can be used for locating the resources that users have +permission to use + +<item>What protocols the clients can converse with + +</itemize> + +If you buy Netware, Windows NT or just about any other LAN fileserver +product you are expected to lock yourself into the product's preferred +answers to these questions. This tendancy is restrictive and often very +expensive for a site where there is only one kind of client or server, +and for sites with a mixture of operating systems it often makes it +impossible to share resources between some sets of users. + +The Samba philosophy is to make things as easy as possible for +administators, which means allowing as many combinations of clients, +servers, operating systems and protocols as possible. + +<sect1>Workgroups, Domains, Authentication and Browsing<p> + +From the point of view of networking implementation, Domains and +Workgroups are <em>exactly</em> the same, except for the client logon +sequence. Some kind of distributed authentication database is associated +with a domain (there are quite a few choices) and this adds so much +flexibility that many people think of a domain as a completely different +entity to a workgroup. From Samba's point of view a client connecting to +a service presents an authentication token, and it if it is valid they +have access. Samba does not care what mechanism was used to generate +that token in the first place. + +The SMB client logging on to a domain has an expectation that every other +server in the domain should accept the same authentication information. +However the network browsing functionality of domains and workgroups is +identical and is explained in <url url="../BROWSING.txt">. + +There are some implementation differences: Windows 95 can be a member of +both a workgroup and a domain, but Windows NT cannot. Windows 95 also +has the concept of an "alternative workgroup". Samba can only be a +member of a single workgroup or domain, although this is due to change +with a future version when nmbd will be split into two daemons, one for +WINS and the other for browsing (<url url="../NetBIOS.txt"> explains +what WINS is.) + +<sect2> Defining the Terms<p><label id="BrowseAndDomainDefs"> + +<descrip> + +<tag/Workgroup/ means a collection of machines that maintain a common +browsing database containing information about their shared resources. +They do not necessarily have any security information in common (if they +do, it gets called a Domain.) The browsing database is dynamic, modified +as servers come and go on the network and as resources are added or +deleted. The term "browsing" refers to a user accessing the database via +whatever interface the client provides, eg the OS/2 Workplace Shell or +Windows 95 Explorer. SMB servers agree between themselves as to which +ones will maintain the browsing database. Workgroups can be anywhere on +a connected TCP/IP network, including on different subnets or even on +the Interet. This is a very tricky part of SMB to implement. + +<tag/Master Browsers/ are machines which holds the master browsing +database for a workgroup or domain. There are two kinds of Master Browser: + +<itemize> + +<item> Domain Master Browser, which holds the master browsing +information for an entire domain, which may well cross multiple TCP/IP +subnets. + +<item> Local Master Browser, which holds the master browsing database +for a particular subnet and communicates with the Domain Master Browser +to get information on other subnets. + +</itemize> + +Subnets are differentiated because browsing is based on broadcasts, and +broadcasts do not pass through routers. Subnets are not routed: while it +is possible to have more than one subnet on a single network segment +this is regarded as very bad practice. + +Master Browsers (both Domain and Local) are elected dynamically +according to an algorithm which is supposed to take into account the +machine's ability to sustain the browsing load. Samba can be configured +to always act as a master browser, ie it always wins elections under all +circumstances, even against systems such as a Windows NT Primary Domain +Controller which themselves expect to win. + +There are also Backup Browsers which are promoted to Master Browsers in +the event of a Master Browser disappearing from the network. + +Alternative terms include confusing variations such as "Browse Master", +and "Master Browser" which we are trying to eliminate from the Samba +documentation. + +<tag/Domain Controller/ is a term which comes from the Microsoft and IBM +etc implementation of the LAN Manager protocols. It is tied to +authentication. There are other ways of doing domain authentication, but +the Windows NT method has a large market share. The general issues are +discussed in <url url="../DOMAIN.txt"> and a Windows NT-specific +discussion is in <url url="../DOMAIN_CONTROL.txt">. + +</descrip> + +<sect2>Sharelevel (Workgroup) Security Services<p><label id="ShareModeSecurity"> + +With the Samba setting "security = SHARE", all shared resources +information about what password is associated with them but only hints +as to what usernames might be valid (the hint can be 'all users', in +which case any username will work. This is usually a bad idea, but +reflects both the initial implementations of SMB in the mid-80s and +its reincarnation with Windows for Workgroups in 1992. The idea behind +workgroup security was that small independant groups of people could +share information on an ad-hoc basis without there being an +authentication infrastructure present or requiring them to do more than +fill in a dialogue box. + +<sect2>Authentication Domain Mode Services<p><label id="DomainModeSecurity"> + +With the Samba settings "security = USER" or "security = SERVER" +accesses to all resources are checked for username/password pair matches +in a more rigorous manner. To the client, this has the effect of +emulating a Microsoft Domain. The client is not concerned whether or not +Samba looks up a Windows NT SAM or does it in some other way. + +<sect1>Authentication Schemes<p> + +In the simple case authentication information is stored on a single +server and the user types a password on connecting for the first time. +However client operating systems often require a password before they +can be used at all, and in addition users usually want access to more +than one server. Asking users to remember many different passwords in +different contexts just does not work. Some kind of distributed +authentication database is needed. It must cope with password changes +and provide for assigning groups of users the same level of access +permissions. This is why Samba installations often choose to implement a +Domain model straight away. + +Authentication decisions are some of the biggest in designing a network. +Are you going to use a scheme native to the client operating system, +native to the server operating system, or newly installed on both? A +list of options relevant to Samba (ie that make sense in the context of +the SMB protocol) follows. Any experiences with other setups would be +appreciated. [refer to server FAQ for "passwd chat" passwd program +password server etc etc...] + +<sect2>NIS<p> + +For Windows 95, Windows for Workgroups and most other clients Samba can +be a domain controller and share the password database via NIS +transparently. Windows NT is different. +<url url="http://www.dcs.qmw.ac.uk/~williams" name="Free NIS NT client"> + +<sect2>Kerberos<p> + +Kerberos for US users only: +<url url="http://www.cygnus.com/product/unifying-security.html" +name="Kerberos overview"> +<url url="http://www.cygnus.com/product/kerbnet-download.html" +name="Download Kerberos"> + +<sect2>FTP<p> + +Other NT w/s logon hack via NT + +<sect2>Default Server Method<p> + +<sect2>Client-side Database Only<p> + +<sect1>Post-Authentication: Netlogon, Logon Scripts, Profiles<p> + +See <url url="../DOMAIN.txt"> + +<sect>Cross-Protocol File Sharing<p> + +Samba is an important tool for... + +It is possible to... + +File protocol gateways... + +"Setting up a Linux File Server" http://vetrec.mit.edu/people/narf/linux.html + +Two free implementations of Appletalk for Unix are Netatalk, <url +url="http://www.umich.edu/~rsug/netatalk/">, and CAP, <url +url="http://www.cs.mu.oz.au/appletalk/atalk.html">. What Samba offers MS +Windows users, these packages offer to Macs. For more info on these +packages, Samba, and Linux (and other UNIX-based systems) see <url +url="http://www.eats.com/linux_mac_win.html"> 3.5) Sniffing your nework + + +<sect>Miscellaneous<p><label id="miscellaneous"> +<sect1>Is Samba Year 2000 compliant?<p><label id="Year2000Compliant"> +The CIFS protocol that Samba implements +negotiates times in various formats, all of which +are able to cope with dates beyond 2000. + +</article> diff --git a/docs/faq/Samba-meta-FAQ.txt b/docs/faq/Samba-meta-FAQ.txt new file mode 100644 index 0000000000..01fc8d6ccf --- /dev/null +++ b/docs/faq/Samba-meta-FAQ.txt @@ -0,0 +1,924 @@ + Samba meta FAQ + Dan Shearer & Paul Blackman, ictinus@samba.org + v 0.3, 7 Oct '97 + + This is the meta-Frequently Asked Questions (FAQ) document for Samba, + the free and very popular SMB and CIFS server product. It contains + overview information for the Samba suite of programs, a quick-start + guide, and pointers to all other Samba documentation. Other FAQs exist + for specific client and server issues, and HOWTO documents for more + extended topics to do with Samba software. Current to version Samba + 1.9.17. Please send any corrections to the author. + ______________________________________________________________________ + + Table of Contents: + + 1. Quick Reference Guides to Samba Documentation + + 1.1. Samba for the Impatient + + 1.2. All Samba Documentation + + 2. General Information + + 2.1. What is Samba? + + 2.2. What is the current version of Samba? + + 2.3. Where can I get it? + + 2.4. What do the version numbers mean? + + 2.5. Where can I go for further information? + + 2.6. How do I subscribe to the Samba Mailing Lists? + + 2.7. Something's gone wrong - what should I do? + + 2.8. How do I submit patches or bug reports? + + 2.9. What if I have an URGENT message for the developers? + + 2.10. What if I need paid-for support? + + 2.11. Pizza supply details + + 3. About the CIFS and SMB Protocols + + 3.1. What is the Server Message Block (SMB) Protocol? + + 3.2. What is the Common Internet Filesystem (CIFS)? + + 3.3. What is Browsing? + + 4. Designing A SMB and CIFS Network + + 4.1. Workgroups, Domains, Authentication and Browsing + + 4.1.1. Defining the Terms + + 4.1.2. Sharelevel (Workgroup) Security Services + + 4.1.3. Authentication Domain Mode Services + + 4.2. Authentication Schemes + + + 4.2.1. NIS + + 4.2.2. Kerberos + + 4.2.3. FTP + + 4.2.4. Default Server Method + + 4.2.5. Client-side Database Only + + 4.3. Post-Authentication: Netlogon, Logon Scripts, Profiles + + 5. Cross-Protocol File Sharing + + 6. Miscellaneous + + 6.1. Is Samba Year 2000 compliant? + ______________________________________________________________________ + + 11.. QQuuiicckk RReeffeerreennccee GGuuiiddeess ttoo SSaammbbaa DDooccuummeennttaattiioonn + + + We are endeavouring to provide links here to every major class of + information about Samba or things related to Samba. We cannot list + every document, but we are aiming for all documents to be at most two + referrals from those listed here. This needs constant maintaining, so + please send the author your feedback. + + + 11..11.. SSaammbbaa ffoorr tthhee IImmppaattiieenntt + + + You know you should read the documentation but can't wait to start? + What you need to do then is follow the instructions in the following + documents in the order given. This should be enough to get a fairly + simple site going quickly. If you have any problems, refer back to + this meta-FAQ and follow the links to find more reading material. + + + + GGeettttiinngg SSaammbbaa:: + The fastest way to get Samba going is and install it is to have + an operating system for which the Samba team has put together an + installation package. To see if your OS is included have a look + at the directory /pub/samba/Binary_Packages/"OS_Vendor" on your + nearest mirror site <../MIRRORS>. If it is included follow the + installation instructions in the README file there and then do + some ``basic testing''. If you are not so fortunate, follow the + normal ``download instructions'' and then continue with + ``building and installing Samba''. + + + BBuuiillddiinngg aanndd IInnssttaalllliinngg SSaammbbaa:: + At the moment there are two kinds of Samba server installs + besides the prepackaged binaries mentioned in the previous step. + You need to decide if you have a Unix or close relative + <../UNIX_INSTALL.txt> or other supported operating system + <Samba-Server-FAQ.html#PortInfo>. + + + BBaassiicc TTeessttiinngg:: + Try to connect using the supplied smbclient command-line + program. You need to know the IP hostname of your server. A + service name must be defined in smb.conf, as given in the + examples (under many operating systems if there is a homes + service you can just use a valid username.) Then type smbclient + \hostnamevicename Under most Unixes you will need to put the + parameters within quotation marks. If this works, try connecting + from one of the SMB clients you were planning to use with Samba. + + + DDeebbuugg sseeqquueennccee:: + If you think you have completed the previous step and things + aren't working properly work through the diagnosis recipe. + <../DIAGNOSIS.txt> + + + EExxppoorrttiinngg ffiilleess ttoo SSMMBB cclliieennttss:: + You should read the manual pages for smb.conf, but here is a + quick answer guide. <Samba-Server-FAQ.html#Exporting> + + + CCoonnttrroolllliinngg uusseerr aacccceessss:: + the quickest and dirtiest way of sharing resources is to use + ``share level security.'' If you want to spend more time and + have a proper username and password database you must read the + paragraph on ``domain mode security.'' If you want encryption + (eg you are using Windows NT clients) follow the SMB encryption + instructions. <Samba-Server-FAQ.html#SMBEncryptionSteps> + + + BBrroowwssiinngg:: + if you are happy to type in "\samba-serverrename" at the client + end then do not read any further. Otherwise you need to + understand the ``browsing terminology'' and read <Samba-Server- + FAQ.html#NameBrowsing>. + + + PPrriinnttiinngg:: + See the printing quick answer guide. <Samba-Server- + FAQ.html#Printing> + + + If you have got everything working to this point, you can expect Samba + to be stable and secure: these are its greatest strengths. However + Samba has a great deal to offer and to go further you must do some + more reading. Speed and security optimisations, printer accounting, + network logons, roving profiles, browsing across multiple subnets and + so on are all covered either in this document or in those it refers + to. + + + 11..22.. AAllll SSaammbbaa DDooccuummeennttaattiioonn + + + + +o Meta-FAQ. This is the mother of all documents, and is the one you + are reading now. The latest version is always at + <http://samba.org/[.....]> but there is probably a much + nearer mirror site <../MIRRORS> which you should use instead. + + +o <Samba-Server-FAQ.html> is the best starting point for information + about server-side issues. Includes configuration tips and pointers + for Samba on particular operating systems (with 40 to choose + from...) + + +o <Samba-Client-FAQ.html> is the best starting point for information + about client-side issues, includes a list of all clients that are + known to work with Samba. + + +o manual pages <samba-man-index.html> contains descriptions of and + links to all the Samba manual pages, in Unix man and postscript + format. + + +o <samba-txt-index.html> has descriptions of and links to a large + number of text files have been contributed to samba covering many + topics. These are gradually being absorbed into the FAQs and HOWTOs + but in the meantime you might find helpful answers here. + + +o + + + 22.. GGeenneerraall IInnffoorrmmaattiioonn + + + All about Samba - what it is, how to get it, related sources of + information, how to understand the numbering scheme, pizza details. + + + 22..11.. WWhhaatt iiss SSaammbbaa?? + + + Samba is a suite of programs which work together to allow clients to + access to a server's filespace and printers via the SMB (Server + Message Block) and CIFS (Common Internet Filesystem) protocols. + Initially written for Unix, Samba now also runs on Netware, OS/2, VMS, + StratOS and Amigas. Ports to BeOS and other operating systems are + underway. Samba gives the capability for these operating systems to + behave much like a LAN Server, Windows NT Server or Pathworks machine, + only with added functionality and flexibility designed to make life + easier for administrators. + + This means that using Samba you can share a server's disks and + printers to many sorts of network clients, including Lan Manager, + Windows for Workgroups, Windows NT, Linux, OS/2, and AIX. There is + also a generic client program supplied as part of the Samba suite + which gives a user on the server an ftp-like interface to access + filespace and printers on any other SMB/CIFS servers. + + SMB has been implemented over many protocols, including XNS, NBT, IPX, + NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to + change although there have been some requests for NetBEUI support. + + Many users report that compared to other SMB implementations Samba is + more stable, faster, and compatible with more clients. Administrators + of some large installations say that Samba is the only SMB server + available which will scale to many tens of thousands of users without + crashing. The easy way to test these claims is to download it and try + it for yourself! + + The suite is supplied with full source code under the GNU Public + License <../COPYING>. The GPL means that you can use Samba for + whatever purpose you wish (including changing the source or selling it + for money) but under all circumstances the source code must be made + freely available. A copy of the GPL must always be included in any + copy of the package. + + The primary creator of the Samba suite is Andrew Tridgell. Later + versions incorporate much effort by many net.helpers. The man pages + and this FAQ were originally written by Karl Auer. + + + 22..22.. WWhhaatt iiss tthhee ccuurrrreenntt vveerrssiioonn ooff SSaammbbaa?? + + + At time of writing, the current version was 1.9.17. If you want to be + sure check the bottom of the change-log file. + <ftp://samba.org/pub/samba/alpha/change-log> + For more information see ``What do the version numbers mean?'' + + + 22..33.. WWhheerree ccaann II ggeett iitt?? + + + The Samba suite is available via anonymous ftp from samba.org + and many mirror <../MIRRORS> sites. You will get much faster + performance if you use a mirror site. The latest and greatest versions + of the suite are in the directory: + + /pub/samba/ + + Development (read "alpha") versions, which are NOT necessarily stable + and which do NOT necessarily have accurate documentation, are + available in the directory: + + /pub/samba/alpha + + Note that binaries are NOT included in any of the above. Samba is + distributed ONLY in source form, though binaries may be available from + other sites. Most Linux distributions, for example, do contain Samba + binaries for that platform. The VMS, OS/2, Netware and Amiga and other + ports typically have binaries made available. + + A special case is vendor-provided binary packages. Samba binaries and + default configuration files are put into packages for a specific + operating system. RedHat Linux and Sun Solaris (Sparc and x86) is + already included, and others such as OS/2 may follow. All packages are + in the directory: + + /pub/samba/Binary_Packages/"OS_Vendor" + + + 22..44.. WWhhaatt ddoo tthhee vveerrssiioonn nnuummbbeerrss mmeeaann?? + + + It is not recommended that you run a version of Samba with the word + "alpha" in its name unless you know what you are doing and are willing + to do some debugging. Many, many people just get the latest + recommended stable release version and are happy. If you are brave, by + all means take the plunge and help with the testing and development - + but don't install it on your departmental server. Samba is typically + very stable and safe, and this is mostly due to the policy of many + public releases. + + How the scheme works: + + + 1. When major changes are made the version number is increased. For + example, the transition from 1.9.16 to 1.9.17. However, this + version number will not appear immediately and people should + continue to use 1.9.15 for production systems (see next point.) + + 2. Just after major changes are made the software is considered + unstable, and a series of alpha releases are distributed, for + example 1.9.16alpha1. These are for testing by those who know what + they are doing. The "alpha" in the filename will hopefully scare + off those who are just looking for the latest version to install. + + 3. When Andrew thinks that the alphas have stabilised to the point + where he would recommend new users install it, he renames it to the + same version number without the alpha, for example 1.9.17. + + 4. Inevitably bugs are found in the "stable" releases and minor patch + levels are released which give us the pXX series, for example + 1.9.17p2. + + So the progression goes: + + + 1.9.16p10 (production) + 1.9.16p11 (production) + 1.9.17alpha1 (test sites only) + : + 1.9.17alpha20 (test sites only) + 1.9.17 (production) + 1.9.17p1 (production) + + + + The above system means that whenever someone looks at the samba ftp + site they will be able to grab the highest numbered release without an + alpha in the name and be sure of getting the current recommended + version. + + + 22..55.. WWhheerree ccaann II ggoo ffoorr ffuurrtthheerr iinnffoorrmmaattiioonn?? + + + There are a number of places to look for more information on Samba, + including: + + + +o Two mailing lists devoted to discussion of Samba-related matters. + See below for subscription information. + + +o The newsgroup comp.protocols.smb, which has a great deal of + discussion about Samba. + + +o The WWW site 'SAMBA Web Pages' at <http://samba.org/samba/> + includes: + + + +o Links to man pages and documentation, including this FAQ + + +o A comprehensive survey of Samba users + + +o A searchable hypertext archive of the Samba mailing list + + +o Links to Samba source code, binaries, and mirrors of both + + +o This FAQ and the rest in its family + + + + 22..66.. HHooww ddoo II ssuubbssccrriibbee ttoo tthhee SSaammbbaa MMaaiilliinngg LLiissttss?? + + + Send email to listproc@samba.org. Make sure the subject line is + blank, and include the following two lines in the body of the message: + + + + subscribe samba Firstname Lastname + subscribe samba-announce Firstname Lastname + + + + + Obviously you should substitute YOUR first name for "Firstname" and + YOUR last name for "Lastname"! Try not to send any signature, it + sometimes confuses the list processor. + + The samba list is a digest list - every eight hours or so it sends a + single message containing all the messages that have been received by + the list since the last time and sends a copy of this message to all + subscribers. There are thousands of people on this list. + + If you stop being interested in Samba, please send another email to + listproc@samba.org. Make sure the subject line is blank, and + include the following two lines in the body of the message: + + + + unsubscribe samba + unsubscribe samba-announce + + + + + The FFrroomm:: line in your message _M_U_S_T be the same address you used when + you subscribed. + + + 22..77.. SSoommeetthhiinngg''ss ggoonnee wwrroonngg -- wwhhaatt sshhoouulldd II ddoo?? + + + ## ****** IIMMPPOORRTTAANNTT!! ****** ## + + + DO NOT post messages on mailing lists or in newsgroups until you have + carried out the first three steps given here! + + + 1. See if there are any likely looking entries in this FAQ! If you + have just installed Samba, have you run through the checklist in + DIAGNOSIS.txt <ftp://samba.org/pub/samba/DIAGNOSIS.txt>? It + can save you a lot of time and effort. DIAGNOSIS.txt can also be + found in the docs directory of the Samba distribution. + + 2. Read the man pages for smbd, nmbd and smb.conf, looking for topics + that relate to what you are trying to do. + + 3. If there is no obvious solution to hand, try to get a look at the + log files for smbd and/or nmbd for the period during which you were + having problems. You may need to reconfigure the servers to provide + more extensive debugging information - usually level 2 or level 3 + provide ample debugging info. Inspect these logs closely, looking + particularly for the string "Error:". + + 4. If you need urgent help and are willing to pay for it see ``Paid + Support''. + + If you still haven't got anywhere, ask the mailing list or newsgroup. + In general nobody minds answering questions provided you have followed + the preceding steps. It might be a good idea to scan the archives of + the mailing list, which are available through the Samba web site + described in the previous section. When you post be sure to include a + good description of your environment and your problem. + + If you successfully solve a problem, please mail the FAQ maintainer a + succinct description of the symptom, the problem and the solution, so + that an explanation can be incorporated into the next version. + + + + + 22..88.. HHooww ddoo II ssuubbmmiitt ppaattcchheess oorr bbuugg rreeppoorrttss?? + + + If you make changes to the source code, _p_l_e_a_s_e submit these patches so + that everyone else gets the benefit of your work. This is one of the + most important aspects to the maintainence of Samba. Send all patches + to samba@samba.org. Do not send patches to Andrew Tridgell + or any other individual, they may be lost if you do. + + Patch format ------------ + + If you are sending a patch to fix a problem then please don't just use + standard diff format. As an example, samba@samba.org received this patch + from someone: + + 382a #endif 381a #if !defined(NEWS61) + + How are we supposed to work out what this does and where it goes? + These sort of patches only work if we both have identical files in the + first place. The Samba sources are constantly changing at the hands of + multiple developers, so it doesn't work. + + Please use either context diffs or (even better) unified diffs. You + get these using "diff -c4" or "diff -u". If you don't have a diff that + can generate these then please send manualy commented patches to I + know what is being changed and where. Most patches are applied by hand + so the info must be clear. + + This is a basic guideline that will assist us with assessing your + problem more efficiently : + + Machine Arch: Machine OS: OS Version: Kernel: + + Compiler: Libc Version: + + Samba Version: + + Network Layout (description): + + What else is on machine (services, etc): + + Some extras : + + + +o what you did and what happened + + +o relevant parts of a debugging output file with debuglevel higher. + If you can't find the relevant parts, please ask before mailing + huge files. + + +o anything else you think is useful to trace down the bug + + + 22..99.. WWhhaatt iiff II hhaavvee aann UURRGGEENNTT mmeessssaaggee ffoorr tthhee ddeevveellooppeerrss?? + + + If you have spotted something very serious and believe that it is + important to contact the developers quickly send a message to samba- + urgent@samba.org. This will be processed more quickly than mail + to samba@samba.org. Please think carefully before using this address. An + example of its use might be to report a security hole. + + Examples of things _n_o_t to send to samba-urgent include problems + getting Samba to work at all and bugs that cannot potentially cause + damage. + + 22..1100.. WWhhaatt iiff II nneeeedd ppaaiidd--ffoorr ssuuppppoorrtt?? + + + Samba has a large network of consultants who provide Samba support on + a commercial basis. The list is included in the package in + <../Support.txt>, and the latest version will always be on the main + samba ftp site. Any company in the world can request that the samba + team include their details in Support.txt so we can give no guarantee + of their services. + + + 22..1111.. PPiizzzzaa ssuuppppllyy ddeettaaiillss + + + Those who have registered in the Samba survey as "Pizza Factory" will + already know this, but the rest may need some help. Andrew doesn't ask + for payment, but he does appreciate it when people give him pizza. + This calls for a little organisation when the pizza donor is twenty + thousand kilometres away, but it has been done. + + + 1. Ring up your local branch of an international pizza chain and see + if they honour their vouchers internationally. Pizza Hut do, which + is how the entire Canberra Linux Users Group got to eat pizza one + night, courtesy of someone in the US. + + 2. Ring up a local pizza shop in Canberra and quote a credit card + number for a certain amount, and tell them that Andrew will be + collecting it (don't forget to tell him.) One kind soul from + Germany did this. + + 3. Purchase a pizza voucher from your local pizza shop that has no + international affiliations and send it to Andrew. It is completely + useless but he can hang it on the wall next to the one he already + has from Germany :-) + + 4. Air freight him a pizza with your favourite regional flavours. It + will probably get stuck in customs or torn apart by hungry sniffer + dogs but it will have been a noble gesture. + + + 33.. AAbboouutt tthhee CCIIFFSS aanndd SSMMBB PPrroottooccoollss + + + + 33..11.. WWhhaatt iiss tthhee SSeerrvveerr MMeessssaaggee BBlloocckk ((SSMMBB)) PPrroottooccooll?? + + SMB is a filesharing protocol that has had several maintainers and + contributors over the years including Xerox, 3Com and most recently + Microsoft. Names for this protocol include LAN Manager and Microsoft + Networking. Parts of the specification has been made public at several + versions including in an X/Open document, as listed at + <ftp://ftp.microsoft.com/developr/drg/CIFS/>. No specification + releases were made between 1992 and 1996, and during that period + Microsoft became the SMB implementor with the largest market share. + Microsoft developed the specification further for its products but for + various reasons connected with developer's workload rather than market + strategy did not make the changes public. This culminated with the + "Windows NT 0.12" version released with NT 3.5 in 1995 which had + significant improvements and bugs. Because Microsoft client systems + are so popular, it is fair to say that what Microsoft with Windows + affects all suppliers of SMB server products. + + From 1994 Andrew Tridgell began doing some serious work on his + Smbserver (now Samba) product and with some helpers started to + implement more and more of these protocols. Samba began to take a + significant share of the SMB server market. + + + 33..22.. WWhhaatt iiss tthhee CCoommmmoonn IInntteerrnneett FFiilleessyysstteemm ((CCIIFFSS))?? + + The initial pressure for Microsoft to document their current SMB + implementation came from the Samba team, who kept coming across things + on the wire that Microsoft either didn't know about or hadn't + documented anywhere (even in the sourcecode to Windows NT.) Then Sun + Microsystems came out with their WebNFS initiative, designed to + replace FTP for file transfers on the Internet. There are many + drawbacks to WebNFS (including its scope - it aims to replace HTTP as + well!) but the concept was attractive. FTP is not very clever, and why + should it be harder to get files from across the world than across the + room? + + Some hasty revisions were made and an Internet Draft for the Common + Internet Filesystem (CIFS) was released. Note that CIFS is not an + Internet standard and is a very long way from becoming one, BUT the + protocol specification is in the public domain and ongoing discussions + concerning the spec take place on a public mailing list according to + the rules of the Internet Engineering Task Force. For more information + and pointers see <http://samba.org/cifs/> + + The following is taken from <http://www.microsoft.com/intdev/cifs/> + + + CIFS defines a standard remote file system access protocol for use + over the Internet, enabling groups of users to work together and + share documents across the Internet or within their corporate + intranets. CIFS is an open, cross-platform technology based on the + native file-sharing protocols built into Microsoft Windows and + other popular PC operating systems, and supported on dozens of + other platforms, including UNIX. With CIFS, millions of computer + users can open and share remote files on the Internet without having + to install new software or change the way they work." + + + + If you consider CIFS as a backwardsly-compatible refinement of SMB + that will work reasonably efficiently over the Internet you won't be + too far wrong. + + The net effect is that Microsoft is now documenting large parts of + their Windows NT fileserver protocols. The security concepts embodied + in Windows NT are part of the specification, which is why Samba + documentation often talks in terms of Windows NT. However there is no + reason why a site shouldn't conduct all its file and printer sharing + with CIFS and yet have no Microsoft products at all. + + + 33..33.. WWhhaatt iiss BBrroowwssiinngg?? + + The term "Browsing" causes a lot of confusion. It is the part of the + SMB/CIFS protocol which allows for resource discovery. For example, in + the Windows NT Explorer it is possible to see a "Network + Neighbourhood" of computers in the same SMB workgroup. Clicking on the + name of one of these machines brings up a list of file and printer + resources for connecting to. In this way you can cruise the network, + seeing what things are available. How this scales to the Internet is a + subject for debate. Look at the CIFS list archives to see what the + experts think. + + + + + 44.. DDeessiiggnniinngg AA SSMMBB aanndd CCIIFFSS NNeettwwoorrkk + + + The big issues for installing any network of LAN or WAN file and print + servers are + + + +o How and where usernames, passwords and other security information + is stored + + +o What method can be used for locating the resources that users have + permission to use + + +o What protocols the clients can converse with + + + If you buy Netware, Windows NT or just about any other LAN fileserver + product you are expected to lock yourself into the product's preferred + answers to these questions. This tendancy is restrictive and often + very expensive for a site where there is only one kind of client or + server, and for sites with a mixture of operating systems it often + makes it impossible to share resources between some sets of users. + + The Samba philosophy is to make things as easy as possible for + administators, which means allowing as many combinations of clients, + servers, operating systems and protocols as possible. + + + 44..11.. WWoorrkkggrroouuppss,, DDoommaaiinnss,, AAuutthheennttiiccaattiioonn aanndd BBrroowwssiinngg + + + From the point of view of networking implementation, Domains and + Workgroups are _e_x_a_c_t_l_y the same, except for the client logon sequence. + Some kind of distributed authentication database is associated with a + domain (there are quite a few choices) and this adds so much + flexibility that many people think of a domain as a completely + different entity to a workgroup. From Samba's point of view a client + connecting to a service presents an authentication token, and it if it + is valid they have access. Samba does not care what mechanism was used + to generate that token in the first place. + + The SMB client logging on to a domain has an expectation that every + other server in the domain should accept the same authentication + information. However the network browsing functionality of domains + and workgroups is identical and is explained in <../BROWSING.txt>. + + There are some implementation differences: Windows 95 can be a member + of both a workgroup and a domain, but Windows NT cannot. Windows 95 + also has the concept of an "alternative workgroup". Samba can only be + a member of a single workgroup or domain, although this is due to + change with a future version when nmbd will be split into two daemons, + one for WINS and the other for browsing ( <../NetBIOS.txt> explains + what WINS is.) + + + 44..11..11.. DDeeffiinniinngg tthhee TTeerrmmss + + + + + WWoorrkkggrroouupp + means a collection of machines that maintain a common browsing + database containing information about their shared resources. + They do not necessarily have any security information in common + (if they do, it gets called a Domain.) The browsing database is + dynamic, modified as servers come and go on the network and as + resources are added or deleted. The term "browsing" refers to a + user accessing the database via whatever interface the client + provides, eg the OS/2 Workplace Shell or Windows 95 Explorer. + SMB servers agree between themselves as to which ones will + maintain the browsing database. Workgroups can be anywhere on a + connected TCP/IP network, including on different subnets or even + on the Interet. This is a very tricky part of SMB to implement. + + + MMaasstteerr BBrroowwsseerrss + are machines which holds the master browsing database for a + workgroup or domain. There are two kinds of Master Browser: + + + +o Domain Master Browser, which holds the master browsing + information for an entire domain, which may well cross multiple + TCP/IP subnets. + + +o Local Master Browser, which holds the master browsing database + for a particular subnet and communicates with the Domain Master + Browser to get information on other subnets. + + Subnets are differentiated because browsing is based on + broadcasts, and broadcasts do not pass through routers. Subnets + are not routed: while it is possible to have more than one + subnet on a single network segment this is regarded as very bad + practice. + + Master Browsers (both Domain and Local) are elected dynamically + according to an algorithm which is supposed to take into account + the machine's ability to sustain the browsing load. Samba can be + configured to always act as a master browser, ie it always wins + elections under all circumstances, even against systems such as + a Windows NT Primary Domain Controller which themselves expect + to win. + + There are also Backup Browsers which are promoted to Master + Browsers in the event of a Master Browser disappearing from the + network. + + Alternative terms include confusing variations such as "Browse + Master", and "Master Browser" which we are trying to eliminate + from the Samba documentation. + + + DDoommaaiinn CCoonnttrroolllleerr + is a term which comes from the Microsoft and IBM etc + implementation of the LAN Manager protocols. It is tied to + authentication. There are other ways of doing domain + authentication, but the Windows NT method has a large market + share. The general issues are discussed in <../DOMAIN.txt> and + a Windows NT-specific discussion is in <../DOMAIN_CONTROL.txt>. + + + + 44..11..22.. SShhaarreelleevveell ((WWoorrkkggrroouupp)) SSeeccuurriittyy SSeerrvviicceess + + + With the Samba setting "security = SHARE", all shared resources + information about what password is associated with them but only hints + as to what usernames might be valid (the hint can be 'all users', in + which case any username will work. This is usually a bad idea, but + reflects both the initial implementations of SMB in the mid-80s and + its reincarnation with Windows for Workgroups in 1992. The idea behind + workgroup security was that small independant groups of people could + share information on an ad-hoc basis without there being an + authentication infrastructure present or requiring them to do more + than fill in a dialogue box. + + + 44..11..33.. AAuutthheennttiiccaattiioonn DDoommaaiinn MMooddee SSeerrvviicceess + + + With the Samba settings "security = USER" or "security = SERVER" + accesses to all resources are checked for username/password pair + matches in a more rigorous manner. To the client, this has the effect + of emulating a Microsoft Domain. The client is not concerned whether + or not Samba looks up a Windows NT SAM or does it in some other way. + + + 44..22.. AAuutthheennttiiccaattiioonn SScchheemmeess + + + In the simple case authentication information is stored on a single + server and the user types a password on connecting for the first time. + However client operating systems often require a password before they + can be used at all, and in addition users usually want access to more + than one server. Asking users to remember many different passwords in + different contexts just does not work. Some kind of distributed + authentication database is needed. It must cope with password changes + and provide for assigning groups of users the same level of access + permissions. This is why Samba installations often choose to implement + a Domain model straight away. + + Authentication decisions are some of the biggest in designing a + network. Are you going to use a scheme native to the client operating + system, native to the server operating system, or newly installed on + both? A list of options relevant to Samba (ie that make sense in the + context of the SMB protocol) follows. Any experiences with other + setups would be appreciated. refer to server FAQ for "passwd chat" + passwd program password server etc etc... + + + 44..22..11.. NNIISS + + + For Windows 95, Windows for Workgroups and most other clients Samba + can be a domain controller and share the password database via NIS + transparently. Windows NT is different. Free NIS NT client + <http://www.dcs.qmw.ac.uk/~williams> + + + 44..22..22.. KKeerrbbeerrooss + + + Kerberos for US users only: Kerberos overview + <http://www.cygnus.com/product/unifying-security.html> Download + Kerberos <http://www.cygnus.com/product/kerbnet-download.html> + + + 44..22..33.. FFTTPP + + + Other NT w/s logon hack via NT + + + 44..22..44.. DDeeffaauulltt SSeerrvveerr MMeetthhoodd + + + + + + 44..22..55.. CClliieenntt--ssiiddee DDaattaabbaassee OOnnllyy + + + + 44..33.. PPoosstt--AAuutthheennttiiccaattiioonn:: NNeettllooggoonn,, LLooggoonn SSccrriippttss,, PPrrooffiilleess + + + See <../DOMAIN.txt> + + + 55.. CCrroossss--PPrroottooccooll FFiillee SShhaarriinngg + + + Samba is an important tool for... + + It is possible to... + + File protocol gateways... + + "Setting up a Linux File Server" + http://vetrec.mit.edu/people/narf/linux.html + + Two free implementations of Appletalk for Unix are Netatalk, + <http://www.umich.edu/~rsug/netatalk/>, and CAP, + <http://www.cs.mu.oz.au/appletalk/atalk.html>. What Samba offers MS + Windows users, these packages offer to Macs. For more info on these + packages, Samba, and Linux (and other UNIX-based systems) see + <http://www.eats.com/linux_mac_win.html> 3.5) Sniffing your nework + + + + 66.. MMiisscceellllaanneeoouuss + + + 66..11.. IIss SSaammbbaa YYeeaarr 22000000 ccoommpplliiaanntt?? + + + The CIFS protocol that Samba implements negotiates times in various + formats, all of which are able to cope with dates beyond 2000. + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/faq/sambafaq-1.html b/docs/faq/sambafaq-1.html new file mode 100644 index 0000000000..dde0784099 --- /dev/null +++ b/docs/faq/sambafaq-1.html @@ -0,0 +1,392 @@ +<HTML> +<HEAD> +<TITLE> Samba FAQ: General Information</TITLE> +</HEAD> +<BODY> +Previous +<A HREF="sambafaq-2.html">Next</A> +<A HREF="sambafaq.html#toc1">Table of Contents</A> +<HR> +<H2><A NAME="s1">1. General Information</A></H2> + +<P> +<A NAME="general_info"></A> +</P> +<P>All about Samba - what it is, how to get it, related sources of +information, how to understand the version numbering scheme, pizza +details</P> + +<H2><A NAME="ss1.1">1.1 What is Samba? </A></H2> + +<P> +<A NAME="introduction"></A> + +Samba is a suite of programs which work together to allow clients to +access to a server's filespace and printers via the SMB (Server +Message Block) protocol. Initially written for Unix, Samba now also +runs on Netware, OS/2 and VMS.</P> +<P>In practice, this means that you can redirect disks and printers to +Unix disks and printers from Lan Manager clients, Windows for +Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2 +clients. There is also a generic Unix client program supplied as part +of the suite which allows Unix users to use an ftp-like interface to +access filespace and printers on any other SMB servers. This gives the +capability for these operating systems to behave much like a LAN +Server or Windows NT Server machine, only with added functionality and +flexibility designed to make life easier for administrators.</P> +<P>The components of the suite are (in summary):</P> +<P> +<UL> +<LI><B>smbd</B>, the SMB server. This handles actual connections from clients, doing all the file, permission and username work</LI> +<LI><B>nmbd</B>, the Netbios name server, which helps clients locate servers, doing the browsing work and managing domains as this capability is being built into Samba</LI> +<LI><B>smbclient</B>, the Unix-hosted client program</LI> +<LI><B>smbrun</B>, a little 'glue' program to help the server run external programs</LI> +<LI><B>testprns</B>, a program to test server access to printers</LI> +<LI><B>testparms</B>, a program to test the Samba configuration file for correctness</LI> +<LI><B>smb.conf</B>, the Samba configuration file</LI> +<LI><B>smbprint</B>, a sample script to allow a Unix host to use smbclient to print to an SMB server</LI> +<LI><B>Documentation!</B> DON'T neglect to read it - you will save a great deal of time!</LI> +</UL> +</P> +<P>The suite is supplied with full source (of course!) and is GPLed.</P> +<P>The primary creator of the Samba suite is Andrew Tridgell. Later +versions incorporate much effort by many net.helpers. The man pages +and this FAQ were originally written by Karl Auer.</P> + + +<H2><A NAME="ss1.2">1.2 What is the current version of Samba? </A></H2> + +<P> +<A NAME="current_version"></A> + +At time of writing, the current version was 1.9.17. If you want to be +sure check the bottom of the change-log file. +<A HREF="ftp://samba.org/pub/samba/alpha/change-log">ftp://samba.org/pub/samba/alpha/change-log</A></P> +<P>For more information see +<A HREF="#version_nums">What do the version numbers mean?</A></P> + + +<H2><A NAME="ss1.3">1.3 Where can I get it? </A></H2> + +<P> +<A NAME="where"></A> + +The Samba suite is available via anonymous ftp from +samba.org. The latest and greatest versions of the suite are in +the directory:</P> +<P>/pub/samba/</P> +<P>Development (read "alpha") versions, which are NOT necessarily stable +and which do NOT necessarily have accurate documentation, are +available in the directory:</P> +<P>/pub/samba/alpha</P> +<P>Note that binaries are NOT included in any of the above. Samba is +distributed ONLY in source form, though binaries may be available from +other sites. Recent versions of some Linux distributions, for example, +do contain Samba binaries for that platform.</P> + + +<H2><A NAME="ss1.4">1.4 What do the version numbers mean? </A></H2> + +<P> +<A NAME="version_nums"></A> + +It is not recommended that you run a version of Samba with the word +"alpha" in its name unless you know what you are doing and are willing +to do some debugging. Many, many people just get the latest +recommended stable release version and are happy. If you are brave, by +all means take the plunge and help with the testing and development - +but don't install it on your departmental server. Samba is typically +very stable and safe, and this is mostly due to the policy of many +public releases.</P> +<P>How the scheme works: +<OL> +<LI>When major changes are made the version number is increased. For +example, the transition from 1.9.15 to 1.9.16. However, this version +number will not appear immediately and people should continue to use +1.9.15 for production systems (see next point.) +</LI> +<LI>Just after major changes are made the software is considered +unstable, and a series of alpha releases are distributed, for example +1.9.16alpha1. These are for testing by those who know what they are +doing. The "alpha" in the filename will hopefully scare off those who +are just looking for the latest version to install. +</LI> +<LI>When Andrew thinks that the alphas have stabilised to the point +where he would recommend new users install it, he renames it to the +same version number without the alpha, for example 1.9.16. +</LI> +<LI>Inevitably bugs are found in the "stable" releases and minor patch +levels are released which give us the pXX series, for example 1.9.16p2.</LI> +</OL> + +So the progression goes: +<PRE> + 1.9.15p7 (production) + 1.9.15p8 (production) + 1.9.16alpha1 (test sites only) + : + 1.9.16alpha20 (test sites only) + 1.9.16 (production) + 1.9.16p1 (production) +</PRE> + +The above system means that whenever someone looks at the samba ftp +site they will be able to grab the highest numbered release without an +alpha in the name and be sure of getting the current recommended +version.</P> + + +<H2><A NAME="ss1.5">1.5 What platforms are supported? </A></H2> + +<P> +<A NAME="platforms"></A> + +Many different platforms have run Samba successfully. The platforms +most widely used and thus best tested are Linux and SunOS.</P> +<P>At time of writing, the Makefile claimed support for: +<UL> +<LI> A/UX 3.0</LI> +<LI> AIX</LI> +<LI> Altos Series 386/1000</LI> +<LI> Amiga</LI> +<LI> Apollo Domain/OS sr10.3</LI> +<LI> BSDI </LI> +<LI> B.O.S. (Bull Operating System)</LI> +<LI> Cray, Unicos 8.0</LI> +<LI> Convex</LI> +<LI> DGUX. </LI> +<LI> DNIX.</LI> +<LI> FreeBSD</LI> +<LI> HP-UX</LI> +<LI> Intergraph. </LI> +<LI> Linux with/without shadow passwords and quota</LI> +<LI> LYNX 2.3.0</LI> +<LI> MachTen (a unix like system for Macintoshes)</LI> +<LI> Motorola 88xxx/9xx range of machines</LI> +<LI> NetBSD</LI> +<LI> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).</LI> +<LI> OS/2 using EMX 0.9b</LI> +<LI> OSF1</LI> +<LI> QNX 4.22</LI> +<LI> RiscIX. </LI> +<LI> RISCOs 5.0B</LI> +<LI> SEQUENT. </LI> +<LI> SCO (including: 3.2v2, European dist., OpenServer 5)</LI> +<LI> SGI.</LI> +<LI> SMP_DC.OSx v1.1-94c079 on Pyramid S series</LI> +<LI> SONY NEWS, NEWS-OS (4.2.x and 6.1.x)</LI> +<LI> SUNOS 4</LI> +<LI> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')</LI> +<LI> Sunsoft ISC SVR3V4</LI> +<LI> SVR4</LI> +<LI> System V with some berkely extensions (Motorola 88k R32V3.2).</LI> +<LI> ULTRIX.</LI> +<LI> UNIXWARE</LI> +<LI> UXP/DS</LI> +</UL> +</P> + + +<H2><A NAME="ss1.6">1.6 How can I find out more about Samba? </A></H2> + +<P> +<A NAME="more"></A> + +There are a number of places to look for more information on Samba, including: +<UL> +<LI>Two mailing lists devoted to discussion of Samba-related matters. </LI> +<LI>The newsgroup, comp.protocols.smb, which has a great deal of discussion on Samba. </LI> +<LI>The WWW site 'SAMBA Web Pages' at +<A HREF="http://samba.edu.au/samba/">http://samba.edu.au/samba/</A> includes: +<UL> +<LI>Links to man pages and documentation, including this FAQ</LI> +<LI>A comprehensive survey of Samba users.</LI> +<LI>A searchable hypertext archive of the Samba mailing list.</LI> +<LI>Links to Samba source code, binaries, and mirrors of both.</LI> +</UL> +</LI> +<LI>The long list of topic documentation. These files can be found in the 'docs' directory of the Samba source, or at +<A HREF="ftp://samba.org/pub/samba/docs/">ftp://samba.org/pub/samba/docs/</A> +<UL> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/Application_Serving.txt">Application_Serving.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/BROWSING.txt">BROWSING.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/BUGS.txt">BUGS.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/DIAGNOSIS.txt">DIAGNOSIS.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/DNIX.txt">DNIX.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/DOMAIN.txt">DOMAIN.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/DOMAIN_CONTROL.txt">CONTROL.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt">ENCRYPTION.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/Faxing.txt">Faxing.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/GOTCHAS.txt">GOTCHAS.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/HINTS.txt">HINTS.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/INSTALL.sambatar">INSTALL.sambatar</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/INSTALL.txt">INSTALL.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/MIRRORS">MIRRORS</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/NetBIOS.txt">NetBIOS.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/OS2.txt">OS2.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/PROJECTS">PROJECTS</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/Passwords.txt">Passwords.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/Printing.txt">Printing.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/README.DCEDFS">README.DCEDFS</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/README.OS2">README.OS2</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/README.jis">README.jis</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/README.sambatar">README.sambatar</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/SCO.txt">SCO.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/SMBTAR.notes">SMBTAR.notes</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/Speed.txt">Speed.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/Support.txt">Support.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/THANKS">THANKS</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/Tracing.txt">Tracing.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/UNIX-SMB.txt">SMB.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/Warp.txt">Warp.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/WinNT.txt">WinNT.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/history">history</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/security_level.txt">level.txt</A></LI> +<LI> +<A HREF="ftp://samba.org/pub/samba/docs/wfw_slip.htm">slip.htm</A></LI> +</UL> +</LI> +</UL> +</P> + + +<H2><A NAME="ss1.7">1.7 How do I subscribe to the Samba Mailing Lists?</A></H2> + +<P> +<A NAME="mailinglist"></A> + +Send email to +<A HREF="mailto:listproc@samba.org">listproc@samba.org</A>. Make sure the subject line is +blank, and include the following two lines in the body of the message: +<BLOCKQUOTE><CODE> +<PRE> +subscribe samba Firstname Lastname +subscribe samba-announce Firstname Lastname +</PRE> +</CODE></BLOCKQUOTE> + +Obviously you should substitute YOUR first name for "Firstname" and +YOUR last name for "Lastname"! Try not to send any signature stuff, it +sometimes confuses the list processor.</P> +<P>The samba list is a digest list - every eight hours or so it +regurgitates a single message containing all the messages that have +been received by the list since the last time and sends a copy of this +message to all subscribers.</P> +<P>If you stop being interested in Samba, please send another email to +<A HREF="mailto:listproc@samba.org">listproc@samba.org</A>. Make sure the subject line is blank, and +include the following two lines in the body of the message: +<BLOCKQUOTE><CODE> +<PRE> +unsubscribe samba +unsubscribe samba-announce +</PRE> +</CODE></BLOCKQUOTE> + +The <B>From:</B> line in your message <EM>MUST</EM> be the same address you used when +you subscribed.</P> + + +<H2><A NAME="ss1.8">1.8 Something's gone wrong - what should I do? </A></H2> + +<P> +<A NAME="wrong"></A> + +<B><F>#</F> *** IMPORTANT! *** <F>#</F></B></P> +<P>DO NOT post messages on mailing lists or in newsgroups until you have +carried out the first three steps given here!</P> +<P>Firstly, see if there are any likely looking entries in this FAQ! If +you have just installed Samba, have you run through the checklist in +<A HREF="ftp://samba.org/pub/samba/DIAGNOSIS.txt">DIAGNOSIS.txt</A>? It can save you a lot of time and effort. +DIAGNOSIS.txt can also be found in the docs directory of the Samba distribution.</P> +<P>Secondly, read the man pages for smbd, nmbd and smb.conf, looking for +topics that relate to what you are trying to do.</P> +<P>Thirdly, if there is no obvious solution to hand, try to get a look at +the log files for smbd and/or nmbd for the period during which you +were having problems. You may need to reconfigure the servers to +provide more extensive debugging information - usually level 2 or +level 3 provide ample debugging info. Inspect these logs closely, +looking particularly for the string "Error:".</P> +<P>Fourthly, if you still haven't got anywhere, ask the mailing list or +newsgroup. In general nobody minds answering questions provided you +have followed the preceding steps. It might be a good idea to scan the +archives of the mailing list, which are available through the Samba +web site described in the previous +section.</P> +<P>If you successfully solve a problem, please mail the FAQ maintainer a +succinct description of the symptom, the problem and the solution, so +I can incorporate it in the next version.</P> +<P>If you make changes to the source code, _please_ submit these patches +so that everyone else gets the benefit of your work. This is one of +the most important aspects to the maintainence of Samba. Send all +patches to +<A HREF="mailto:samba@samba.org">samba@samba.org</A>. Do not send patches to Andrew Tridgell or any +other individual, they may be lost if you do.</P> + + +<H2><A NAME="ss1.9">1.9 Pizza supply details </A></H2> + +<P> +<A NAME="pizza"></A> + +Those who have registered in the Samba survey as "Pizza Factory" will +already know this, but the rest may need some help. Andrew doesn't ask +for payment, but he does appreciate it when people give him +pizza. This calls for a little organisation when the pizza donor is +twenty thousand kilometres away, but it has been done.</P> +<P>Method 1: Ring up your local branch of an international pizza chain +and see if they honour their vouchers internationally. Pizza Hut do, +which is how the entire Canberra Linux Users Group got to eat pizza +one night, courtesy of someone in the US</P> +<P>Method 2: Ring up a local pizza shop in Canberra and quote a credit +card number for a certain amount, and tell them that Andrew will be +collecting it (don't forget to tell him.) One kind soul from Germany +did this.</P> +<P>Method 3: Purchase a pizza voucher from your local pizza shop that has +no international affiliations and send it to Andrew. It is completely +useless but he can hang it on the wall next to the one he already has +from Germany :-)</P> +<P>Method 4: Air freight him a pizza with your favourite regional +flavours. It will probably get stuck in customs or torn apart by +hungry sniffer dogs but it will have been a noble gesture.</P> + + +<HR> +Previous +<A HREF="sambafaq-2.html">Next</A> +<A HREF="sambafaq.html#toc1">Table of Contents</A> +</BODY> +</HTML> diff --git a/docs/faq/sambafaq-2.html b/docs/faq/sambafaq-2.html new file mode 100644 index 0000000000..8978bc331c --- /dev/null +++ b/docs/faq/sambafaq-2.html @@ -0,0 +1,236 @@ +<HTML> +<HEAD> +<TITLE> Samba FAQ: Compiling and installing Samba on a Unix host</TITLE> +</HEAD> +<BODY> +<A HREF="sambafaq-1.html">Previous</A> +<A HREF="sambafaq-3.html">Next</A> +<A HREF="sambafaq.html#toc2">Table of Contents</A> +<HR> +<H2><A NAME="s2">2. Compiling and installing Samba on a Unix host</A></H2> + +<P> +<A NAME="unix_install"></A> +</P> + +<H2><A NAME="ss2.1">2.1 I can't see the Samba server in any browse lists!</A></H2> + +<P> +<A NAME="no_browse"></A> + +See BROWSING.txt for more information on browsing. BROWSING.txt can +be found in the docs directory of the Samba source.</P> <P>If your GUI +client does not permit you to select non-browsable servers, you may +need to do so on the command line. For example, under Lan Manager you +might connect to the above service as disk drive M: thusly: +<BLOCKQUOTE><CODE> +<PRE> + net use M: \\mary\fred +</PRE> +</CODE></BLOCKQUOTE> + +The details of how to do this and the specific syntax varies from +client to client - check your client's documentation.</P> + + +<H2><A NAME="ss2.2">2.2 Some files that I KNOW are on the server doesn't show up when I view the files from my client! </A></H2> + +<P> +<A NAME="missing_files"></A> + +See the next question.</P> + +<H2><A NAME="ss2.3">2.3 Some files on the server show up with really wierd filenames when I view the files from my client! </A></H2> + +<P> +<A NAME="strange_filenames"></A> + +If you check what files are not showing up, you will note that they +are files which contain upper case letters or which are otherwise not +DOS-compatible (ie, they are not legal DOS filenames for some reason).</P> +<P>The Samba server can be configured either to ignore such files +completely, or to present them to the client in "mangled" form. If you +are not seeing the files at all, the Samba server has most likely been +configured to ignore them. Consult the man page smb.conf(5) for +details of how to change this - the parameter you need to set is +"mangled names = yes".</P> + + +<H2><A NAME="ss2.4">2.4 My client reports "cannot locate specified computer" or similar</A></H2> + +<P> +<A NAME="cant_see_server"></A> + +This indicates one of three things: You supplied an incorrect server +name, the underlying TCP/IP layer is not working correctly, or the +name you specified cannot be resolved.</P> +<P>After carefully checking that the name you typed is the name you +should have typed, try doing things like pinging a host or telnetting +to somewhere on your network to see if TCP/IP is functioning OK. If it +is, the problem is most likely name resolution.</P> +<P>If your client has a facility to do so, hardcode a mapping between the +hosts IP and the name you want to use. For example, with Man Manager +or Windows for Workgroups you would put a suitable entry in the file +LMHOSTS. If this works, the problem is in the communication between +your client and the netbios name server. If it does not work, then +there is something fundamental wrong with your naming and the solution +is beyond the scope of this document.</P> +<P>If you do not have any server on your subnet supplying netbios name +resolution, hardcoded mappings are your only option. If you DO have a +netbios name server running (such as the Samba suite's nmbd program), +the problem probably lies in the way it is set up. Refer to Section +Two of this FAQ for more ideas.</P> +<P>By the way, remember to REMOVE the hardcoded mapping before further +tests :-) </P> + + +<H2><A NAME="ss2.5">2.5 My client reports "cannot locate specified share name" or similar</A></H2> + +<P> +<A NAME="cant_see_share"></A> + +This message indicates that your client CAN locate the specified +server, which is a good start, but that it cannot find a service of +the name you gave.</P> +<P>The first step is to check the exact name of the service you are +trying to connect to (consult your system administrator). Assuming it +exists and you specified it correctly (read your client's doco on how +to specify a service name correctly), read on:</P> +<P> +<UL> +<LI> Many clients cannot accept or use service names longer than eight characters.</LI> +<LI> Many clients cannot accept or use service names containing spaces.</LI> +<LI> Some servers (not Samba though) are case sensitive with service names.</LI> +<LI> Some clients force service names into upper case.</LI> +</UL> +</P> + + +<H2><A NAME="ss2.6">2.6 My client reports "cannot find domain controller", "cannot log on to the network" or similar </A></H2> + +<P> +<A NAME="cant_see_net"></A> + +Nothing is wrong - Samba does not implement the primary domain name +controller stuff for several reasons, including the fact that the +whole concept of a primary domain controller and "logging in to a +network" doesn't fit well with clients possibly running on multiuser +machines (such as users of smbclient under Unix). Having said that, +several developers are working hard on building it in to the next +major version of Samba. If you can contribute, send a message to +<A HREF="mailto:samba@samba.org">samba@samba.org</A> !</P> +<P>Seeing this message should not affect your ability to mount redirected +disks and printers, which is really what all this is about.</P> +<P>For many clients (including Windows for Workgroups and Lan Manager), +setting the domain to STANDALONE at least gets rid of the message.</P> + + +<H2><A NAME="ss2.7">2.7 Printing doesn't work :-(</A></H2> + +<P> +<A NAME="no_printing"></A> + +Make sure that the specified print command for the service you are +connecting to is correct and that it has a fully-qualified path (eg., +use "/usr/bin/lpr" rather than just "lpr").</P> +<P>Make sure that the spool directory specified for the service is +writable by the user connected to the service. In particular the user +"nobody" often has problems with printing, even if it worked with an +earlier version of Samba. Try creating another guest user other than +"nobody".</P> +<P>Make sure that the user specified in the service is permitted to use +the printer.</P> +<P>Check the debug log produced by smbd. Search for the printer name and +see if the log turns up any clues. Note that error messages to do with +a service ipc$ are meaningless - they relate to the way the client +attempts to retrieve status information when using the LANMAN1 +protocol.</P> +<P>If using WfWg then you need to set the default protocol to TCP/IP, not +Netbeui. This is a WfWg bug.</P> +<P>If using the Lanman1 protocol (the default) then try switching to +coreplus. Also not that print status error messages don't mean +printing won't work. The print status is received by a different +mechanism.</P> + + +<H2><A NAME="ss2.8">2.8 My programs install on the server OK, but refuse to work properly</A></H2> + +<P> +<A NAME="programs_wont_run"></A> + +There are numerous possible reasons for this, but one MAJOR +possibility is that your software uses locking. Make sure you are +using Samba 1.6.11 or later. It may also be possible to work around +the problem by setting "locking=no" in the Samba configuration file +for the service the software is installed on. This should be regarded +as a strictly temporary solution.</P> +<P>In earlier Samba versions there were some difficulties with the very +latest Microsoft products, particularly Excel 5 and Word for Windows +6. These should have all been solved. If not then please let Andrew +Tridgell know via email at +<A HREF="mailto:samba@samba.org">samba@samba.org</A>.</P> + + +<H2><A NAME="ss2.9">2.9 My "server string" doesn't seem to be recognised</A></H2> + +<P> +<A NAME="bad_server_string"></A> + +OR My client reports the default setting, eg. "Samba 1.9.15p4", instead +of what I have changed it to in the smb.conf file.</P> +<P>You need to use the -C option in nmbd. The "server string" affects +what smbd puts out and -C affects what nmbd puts out.</P> +<P>Current versions of Samba (1.9.16 +) have combined these options into +the "server string" field of smb.conf, -C for nmbd is now obsolete.</P> + + +<H2><A NAME="ss2.10">2.10 My client reports "This server is not configured to list shared resources" </A></H2> + +<P> +<A NAME="cant_list_shares"></A> + +Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid.</P> +<P>See also 'guest account' in smb.conf man page.</P> + + +<H2><A NAME="ss2.11">2.11 Log message "you appear to have a trapdoor uid system" </A></H2> + +<P> +<A NAME="trapdoor_uid"></A> + +This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535.</P> +<P>It might also mean that your OS has a trapdoor uid/gid system :-)</P> +<P>This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems.</P> +<P>The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user.</P> +<P>Complain to your OS vendor and ask them to fix their system.</P> +<P>Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good!</P> + + +<HR> +<A HREF="sambafaq-1.html">Previous</A> +<A HREF="sambafaq-3.html">Next</A> +<A HREF="sambafaq.html#toc2">Table of Contents</A> +</BODY> +</HTML> diff --git a/docs/faq/sambafaq-3.html b/docs/faq/sambafaq-3.html new file mode 100644 index 0000000000..d7e0c7abd2 --- /dev/null +++ b/docs/faq/sambafaq-3.html @@ -0,0 +1,322 @@ +<HTML> +<HEAD> +<TITLE> Samba FAQ: Common client questions</TITLE> +</HEAD> +<BODY> +<A HREF="sambafaq-2.html">Previous</A> +<A HREF="sambafaq-4.html">Next</A> +<A HREF="sambafaq.html#toc3">Table of Contents</A> +<HR> +<H2><A NAME="s3">3. Common client questions</A></H2> + +<P> +<A NAME="client_questions"></A> +</P> + +<H2><A NAME="ss3.1">3.1 Are there any Macintosh clients for Samba?</A></H2> + +<P> +<A NAME="mac_clients"></A> + +Yes! Thursby now have a CIFS Client / Server called DAVE - see +<A HREF="http://www.thursby.com/">http://www.thursby.com/</A>. +They test it against Windows 95, Windows NT and samba for compatibility issues. +At the time of writing, DAVE was at version 1.0.1. The 1.0.0 to 1.0.1 update is available +as a free download from the Thursby web site (the speed of finder copies has +been greatly enhanced, and there are bug-fixes included).</P> +<P>Alternatives - There are two free implementations of AppleTalk for +several kinds of UNIX machnes, and several more commercial ones. +These products allow you to run file services and print services +natively to Macintosh users, with no additional support required on +the Macintosh. The two free omplementations are Netatalk, +<A HREF="http://www.umich.edu/~rsug/netatalk/">http://www.umich.edu/~rsug/netatalk/</A>, and CAP, +<A HREF="http://www.cs.mu.oz.au/appletalk/atalk.html">http://www.cs.mu.oz.au/appletalk/atalk.html</A>. What Samba offers +MS Windows users, these packages offer to Macs. For more info on +these packages, Samba, and Linux (and other UNIX-based systems) +see +<A HREF="http://www.eats.com/linux_mac_win.html">http://www.eats.com/linux_mac_win.html</A></P> + + +<H2><A NAME="ss3.2">3.2 "Session request failed (131,130)" error</A></H2> + +<P> +<A NAME="sess_req_fail"></A> + +The following answer is provided by John E. Miller:</P> +<P>I'll assume that you're able to ping back and forth between the +machines by IP address and name, and that you're using some security +model where you're confident that you've got user IDs and passwords +right. The logging options (-d3 or greater) can help a lot with that. +DNS and WINS configuration can also impact connectivity as well.</P> +<P>Now, on to 'scope id's. Somewhere in your Win95 TCP/IP network +configuration (I'm too much of an NT bigot to know where it's located +in the Win95 setup, but I'll have to learn someday since I teach for a +Microsoft Solution Provider Authorized Tech Education Center - what an +acronym...) <F>Note: It's under Control Panel | Network | TCP/IP | WINS +Configuration</F> there's a little text entry field called something like +'Scope ID'.</P> +<P>This field essentially creates 'invisible' sub-workgroups on the same +wire. Boxes can only see other boxes whose Scope IDs are set to the +exact same value - it's sometimes used by OEMs to configure their +boxes to browse only other boxes from the same vendor and, in most +environments, this field should be left blank. If you, in fact, have +something in this box that EXACT value (case-sensitive!) needs to be +provided to smbclient and nmbd as the -i (lowercase) parameter. So, if +your Scope ID is configured as the string 'SomeStr' in Win95 then +you'd have to use smbclient -iSomeStr <F>otherparms</F> in connecting to +it.</P> + + +<H2><A NAME="ss3.3">3.3 How do I synchronise my PC's clock with my Samba server? </A></H2> + +<P> +<A NAME="synchronise_clock"></A> + +To syncronize your PC's clock with your Samba server: +<UL> +<LI> Copy timesync.pif to your windows directory</LI> +<LI> timesync.pif can be found at: +<A HREF="http://samba.org/samba/binaries/miscellaneous/timesync.pif">http://samba.org/samba/binaries/miscellaneous/timesync.pif</A></LI> +<LI> Add timesync.pif to your 'Start Up' group/folder</LI> +<LI> Open the properties dialog box for the program/icon</LI> +<LI> Make sure the 'Run Minimized' option is set in program 'Properties'</LI> +<LI> Change the command line section that reads <F>\\sambahost</F> to reflect the name of your server.</LI> +<LI> Close the properties dialog box by choosing 'OK'</LI> +</UL> + +Each time you start your computer (or login for Win95) your PC will +synchronize its clock with your Samba server.</P> +<P>Alternativley, if you clients support Domain Logons, you can setup Domain Logons with Samba +- see: +<A HREF="ftp://samba.org/pub/samba/docs/BROWSING.txt">BROWSING.txt</A> *** for more information.</P> +<P>Then add +<BLOCKQUOTE><CODE> +<PRE> +NET TIME \\%L /SET /YES +</PRE> +</CODE></BLOCKQUOTE> + +as one of the lines in the logon script.</P> + +<H2><A NAME="ss3.4">3.4 Problems with WinDD, NTrigue, WinCenterPro etc</A></H2> + +<P> +<A NAME="multiple_session_clients"></A> +</P> +<P>All of the above programs are applications that sit on an NT box and +allow multiple users to access the NT GUI applications from remote +workstations (often over X).</P> +<P>What has this got to do with Samba? The problem comes when these users +use filemanager to mount shares from a Samba server. The most common +symptom is that the first user to connect get correct file permissions +and has a nice day, but subsequent connections get logged in as the +same user as the first person to login. They find that they cannot +access files in their own home directory, but that they can access +files in the first users home directory (maybe not such a nice day +after all?)</P> +<P>Why does this happen? The above products all share a common heritage +(and code base I believe). They all open just a single TCP based SMB +connection to the Samba server, and requests from all users are piped +over this connection. This is unfortunate, but not fatal.</P> +<P>It means that if you run your Samba server in share level security +(the default) then things will definately break as described +above. The share level SMB security model has no provision for +multiple user IDs on the one SMB connection. See +<A HREF="ftp://samba.org/pub/samba/docs/security_level.txt">security_level.txt</A> in +the docs for more info on share/user/server level security.</P> +<P>If you run in user or server level security then you have a chance, +but only if you have a recent version of Samba (at least 1.9.15p6). In +older versions bugs in Samba meant you still would have had problems.</P> +<P>If you have a trapdoor uid system in your OS then it will never work +properly. Samba needs to be able to switch uids on the connection and +it can't if your OS has a trapdoor uid system. You'll know this +because Samba will note it in your logs.</P> +<P>Also note that you should not use the magic "homes" share name with +products like these, as otherwise all users will end up with the same +home directory. Use <F>\\server\username</F> instead.</P> + + +<H2><A NAME="ss3.5">3.5 Problem with printers under NT</A></H2> + +<P> +<A NAME="nt_printers"></A> + +This info from Stefan Hergeth +hergeth@f7axp1.informatik.fh-muenchen.de may be useful:</P> +<P>A network-printer (with ethernetcard) is connected to the NT-Clients +via our UNIX-Fileserver (SAMBA-Server), like the configuration told by +Matthew Harrell harrell@leech.nrl.navy.mil (see WinNT.txt) +<OL> +<LI>If a user has choosen this printer as the default printer in his +NT-Session and this printer is not connected to the network +(e.g. switched off) than this user has a problem with the SAMBA- +connection of his filesystems. It's very slow. +</LI> +<LI>If the printer is connected to the network everything works fine. +</LI> +<LI>When the smbd ist started with debug level 3, you can see that the +NT spooling system try to connect to the printer many times. If the +printer ist not connected to the network this request fails and the +NT spooler is wasting a lot of time to connect to the printer service. +This seems to be the reason for the slow network connection. +</LI> +<LI>Maybe it's possible to change this behaviour by setting different +printer properties in the Print-Manager-Menu of NT, but i didn't try it yet.</LI> +</OL> +</P> + + +<H2><A NAME="ss3.6">3.6 Why are my file's timestamps off by an hour, or by a few hours?</A></H2> + +<P> +<A NAME="dst_bugs"></A> + +This is from Paul Eggert eggert@twinsun.com.</P> +<P>Most likely it's a problem with your time zone settings.</P> +<P>Internally, Samba maintains time in traditional Unix format, +namely, the number of seconds since 1970-01-01 00:00:00 Universal Time +(or ``GMT''), not counting leap seconds.</P> +<P>On the server side, Samba uses the Unix TZ variable to convert +internal timestamps to and from local time. So on the server side, there are +two things to get right. +<OL> +<LI>The Unix system clock must have the correct Universal time. +Use the shell command "sh -c 'TZ=UTC0 date'" to check this. +</LI> +<LI>The TZ environment variable must be set on the server +before Samba is invoked. The details of this depend on the +server OS, but typically you must edit a file whose name is +/etc/TIMEZONE or /etc/default/init, or run the command `zic -l'. +</LI> +<LI>TZ must have the correct value. +<OL> +<LI>If possible, use geographical time zone settings +(e.g. TZ='America/Los_Angeles' or perhaps +TZ=':US/Pacific'). These are supported by most +popular Unix OSes, are easier to get right, and are +more accurate for historical timestamps. If your +operating system has out-of-date tables, you should be +able to update them from the public domain time zone +tables at +<A HREF="ftp://elsie.nci.nih.gov/pub/">ftp://elsie.nci.nih.gov/pub/</A>. +</LI> +<LI>If your system does not support geographical timezone +settings, you must use a Posix-style TZ strings, e.g. +TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. +Posix TZ strings can take the following form (with optional +items in brackets): +<PRE> + StdOffset[Dst[Offset],Date/Time,Date/Time] +</PRE> + +where: +<UL> +<LI> `Std' is the standard time designation (e.g. `PST'). +</LI> +<LI> `Offset' is the number of hours behind UTC (e.g. `8'). +Prepend a `-' if you are ahead of UTC, and +append `:30' if you are at a half-hour offset. +Omit all the remaining items if you do not use +daylight-saving time. +</LI> +<LI> `Dst' is the daylight-saving time designation +(e.g. `PDT'). + +The optional second `Offset' is the number of +hours that daylight-saving time is behind UTC. +The default is 1 hour ahead of standard time. +</LI> +<LI> `Date/Time,Date/Time' specify when daylight-saving +time starts and ends. The format for a date is +`Mm.n.d', which specifies the dth day (0 is Sunday) +of the nth week of the mth month, where week 5 means +the last such day in the month. The format for a +time is <F>h</F>h<F>:mm[:ss</F>], using a 24-hour clock.</LI> +</UL> + +Other Posix string formats are allowed but you don't want +to know about them.</LI> +</OL> +</LI> +</OL> + +On the client side, you must make sure that your client's clock and +time zone is also set appropriately. <F>[I don't know how to do this.</F>] +Samba traditionally has had many problems dealing with time zones, due +to the bizarre ways that Microsoft network protocols handle time +zones. A common symptom is for file timestamps to be off by an hour. +To work around the problem, try disconnecting from your Samba server +and then reconnecting to it; or upgrade your Samba server to +1.9.16alpha10 or later.</P> + + +<H2><A NAME="ss3.7">3.7 How do I set the printer driver name correctly? </A></H2> + +<P> +<A NAME="printer_driver_name"></A> + +Question: +On NT, I opened "Printer Manager" and "Connect to Printer". +Enter <F>"\\ptdi270\ps1"</F> in the box of printer. I got the +following error message: +<BLOCKQUOTE><CODE> +<PRE> + You do not have sufficient access to your machine + to connect to the selected printer, since a driver + needs to be installed locally. +</PRE> +</CODE></BLOCKQUOTE> + +Answer:</P> +<P>In the more recent versions of Samba you can now set the "printer +driver" in smb.conf. This tells the client what driver to use. For +example: +<BLOCKQUOTE><CODE> +<PRE> + printer driver = HP LaserJet 4L +</PRE> +</CODE></BLOCKQUOTE> + +with this, NT knows to use the right driver. You have to get this string +exactly right.</P> +<P>To find the exact string to use, you need to get to the dialog box in +your client where you select which printer driver to install. The +correct strings for all the different printers are shown in a listbox +in that dialog box.</P> +<P>You could also try setting the driver to NULL like this: +<BLOCKQUOTE><CODE> +<PRE> + printer driver = NULL +</PRE> +</CODE></BLOCKQUOTE> + +this is effectively what older versions of Samba did, so if that +worked for you then give it a go. If this does work then let us know via +<A HREF="mailto:samba@samba.org">samba@samba.org</A>, +and we'll make it the default. Currently the default is a 0 length +string.</P> + + +<H2><A NAME="ss3.8">3.8 I've applied NT 4.0 SP3, and now I can't access Samba shares, Why?</A></H2> + +<P> +<A NAME="NT_SP3_FIX"></A> + +As of SP3, Microsoft has decided that they will no longer default to +passing clear text passwords over the network. To enable access to +Samba shares from NT 4.0 SP3, you must do <B>ONE</B> of two things: +<OL> +<LI> Set the Samba configuration option 'security = user' and implement all of the stuff detailed in +<A HREF="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt">ENCRYPTION.txt</A>.</LI> +<LI> Follow Microsoft's directions for setting your NT box to allow plain text passwords. see +<A HREF="http://www.microsoft.com/kb/articles/q166/7/30.htm">Knowledge Base Article Q166730</A></LI> +</OL> +</P> + + +<HR> +<A HREF="sambafaq-2.html">Previous</A> +<A HREF="sambafaq-4.html">Next</A> +<A HREF="sambafaq.html#toc3">Table of Contents</A> +</BODY> +</HTML> diff --git a/docs/faq/sambafaq-4.html b/docs/faq/sambafaq-4.html new file mode 100644 index 0000000000..94d5c41990 --- /dev/null +++ b/docs/faq/sambafaq-4.html @@ -0,0 +1,37 @@ +<HTML> +<HEAD> +<TITLE> Samba FAQ: Specific client application problems</TITLE> +</HEAD> +<BODY> +<A HREF="sambafaq-3.html">Previous</A> +<A HREF="sambafaq-5.html">Next</A> +<A HREF="sambafaq.html#toc4">Table of Contents</A> +<HR> +<H2><A NAME="s4">4. Specific client application problems</A></H2> + +<P> +<A NAME="client_problems"></A> +</P> + +<H2><A NAME="ss4.1">4.1 MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</A></H2> + +<P> +<A NAME="cant_change_properties"></A> + +When installing MS Office on a Samba drive for which you have admin +user permissions, ie. admin users = username, you will find the +setup program unable to complete the installation.</P> +<P>To get around this problem, do the installation without admin user +permissions The problem is that MS Office Setup checks that a file is +rdonly by trying to open it for writing.</P> +<P>Admin users can always open a file for writing, as they run as root. +You just have to install as a non-admin user and then use "chown -R" +to fix the owner.</P> + + +<HR> +<A HREF="sambafaq-3.html">Previous</A> +<A HREF="sambafaq-5.html">Next</A> +<A HREF="sambafaq.html#toc4">Table of Contents</A> +</BODY> +</HTML> diff --git a/docs/faq/sambafaq-5.html b/docs/faq/sambafaq-5.html new file mode 100644 index 0000000000..0a6e9d08f0 --- /dev/null +++ b/docs/faq/sambafaq-5.html @@ -0,0 +1,30 @@ +<HTML> +<HEAD> +<TITLE> Samba FAQ: Miscellaneous</TITLE> +</HEAD> +<BODY> +<A HREF="sambafaq-4.html">Previous</A> +Next +<A HREF="sambafaq.html#toc5">Table of Contents</A> +<HR> +<H2><A NAME="s5">5. Miscellaneous</A></H2> + +<P> +<A NAME="miscellaneous"></A> +</P> +<H2><A NAME="ss5.1">5.1 Is Samba Year 2000 compliant?</A></H2> + +<P> +<A NAME="Year2000Compliant"></A> + +The CIFS protocol that Samba implements +negotiates times in various formats, all of which +are able to cope with dates beyond 2000.</P> + + +<HR> +<A HREF="sambafaq-4.html">Previous</A> +Next +<A HREF="sambafaq.html#toc5">Table of Contents</A> +</BODY> +</HTML> diff --git a/docs/faq/sambafaq.html b/docs/faq/sambafaq.html new file mode 100644 index 0000000000..2c703885cd --- /dev/null +++ b/docs/faq/sambafaq.html @@ -0,0 +1,115 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<HTML> +<HEAD> +<TITLE> Samba FAQ</TITLE> +</HEAD> +<BODY> +Previous +<A HREF="sambafaq-1.html">Next</A> +Table of Contents +<HR> +<H1> Samba FAQ</H1> + +<H2>Paul Blackman, <CODE>ictinus@samba.org</CODE></H2>v 0.8, June '97 +<P><HR><EM> This is the Frequently Asked Questions (FAQ) document for +Samba, the free and very popular SMB server product. An SMB server +allows file and printer connections from clients such as Windows, +OS/2, Linux and others. Current to version 1.9.17. Please send any +corrections to the author.</EM><HR></P> +<P> +<H2><A NAME="toc1">1.</A> <A HREF="sambafaq-1.html">General Information</A></H2> +<UL> +<LI><A HREF="sambafaq-1.html#ss1.1">1.1 What is Samba? </A> +<LI><A HREF="sambafaq-1.html#ss1.2">1.2 What is the current version of Samba? </A> +<LI><A HREF="sambafaq-1.html#ss1.3">1.3 Where can I get it? </A> +<LI><A HREF="sambafaq-1.html#ss1.4">1.4 What do the version numbers mean? </A> +<LI><A HREF="sambafaq-1.html#ss1.5">1.5 What platforms are supported? </A> +<LI><A HREF="sambafaq-1.html#ss1.6">1.6 How can I find out more about Samba? </A> +<LI><A HREF="sambafaq-1.html#ss1.7">1.7 How do I subscribe to the Samba Mailing Lists?</A> +<LI><A HREF="sambafaq-1.html#ss1.8">1.8 Something's gone wrong - what should I do? </A> +<LI><A HREF="sambafaq-1.html#ss1.9">1.9 Pizza supply details </A> +</UL> + +<P> +<H2><A NAME="toc2">2.</A> <A HREF="sambafaq-2.html">Compiling and installing Samba on a Unix host</A></H2> +<UL> +<LI><A HREF="sambafaq-2.html#ss2.1">2.1 I can't see the Samba server in any browse lists!</A> +<LI><A HREF="sambafaq-2.html#ss2.2">2.2 Some files that I KNOW are on the server doesn't show up when I view the files from my client! </A> +<LI><A HREF="sambafaq-2.html#ss2.3">2.3 Some files on the server show up with really wierd filenames when I view the files from my client! </A> +<LI><A HREF="sambafaq-2.html#ss2.4">2.4 My client reports "cannot locate specified computer" or similar</A> +<LI><A HREF="sambafaq-2.html#ss2.5">2.5 My client reports "cannot locate specified share name" or similar</A> +<LI><A HREF="sambafaq-2.html#ss2.6">2.6 My client reports "cannot find domain controller", "cannot log on to the network" or similar </A> +<LI><A HREF="sambafaq-2.html#ss2.7">2.7 Printing doesn't work :-(</A> +<LI><A HREF="sambafaq-2.html#ss2.8">2.8 My programs install on the server OK, but refuse to work properly</A> +<LI><A HREF="sambafaq-2.html#ss2.9">2.9 My "server string" doesn't seem to be recognised</A> +<LI><A HREF="sambafaq-2.html#ss2.10">2.10 My client reports "This server is not configured to list shared resources" </A> +<LI><A HREF="sambafaq-2.html#ss2.11">2.11 Log message "you appear to have a trapdoor uid system" </A> +</UL> + +<P> +<H2><A NAME="toc3">3.</A> <A HREF="sambafaq-3.html">Common client questions</A></H2> +<UL> +<LI><A HREF="sambafaq-3.html#ss3.1">3.1 Are there any Macintosh clients for Samba?</A> +<LI><A HREF="sambafaq-3.html#ss3.2">3.2 "Session request failed (131,130)" error</A> +<LI><A HREF="sambafaq-3.html#ss3.3">3.3 How do I synchronise my PC's clock with my Samba server? </A> +<LI><A HREF="sambafaq-3.html#ss3.4">3.4 Problems with WinDD, NTrigue, WinCenterPro etc</A> +<LI><A HREF="sambafaq-3.html#ss3.5">3.5 Problem with printers under NT</A> +<LI><A HREF="sambafaq-3.html#ss3.6">3.6 Why are my file's timestamps off by an hour, or by a few hours?</A> +<LI><A HREF="sambafaq-3.html#ss3.7">3.7 How do I set the printer driver name correctly? </A> +<LI><A HREF="sambafaq-3.html#ss3.8">3.8 I've applied NT 4.0 SP3, and now I can't access Samba shares, Why?</A> +</UL> + +<P> +<H2><A NAME="toc4">4.</A> <A HREF="sambafaq-4.html">Specific client application problems</A></H2> +<UL> +<LI><A HREF="sambafaq-4.html#ss4.1">4.1 MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</A> +</UL> + +<P> +<H2><A NAME="toc5">5.</A> <A HREF="sambafaq-5.html">Miscellaneous</A></H2> +<UL> +<LI><A HREF="sambafaq-5.html#ss5.1">5.1 Is Samba Year 2000 compliant?</A> +</UL> + + +<HR> +Previous +<A HREF="sambafaq-1.html">Next</A> +Table of Contents +</BODY> +</HTML> diff --git a/docs/faq/sambafaq.sgml b/docs/faq/sambafaq.sgml new file mode 100644 index 0000000000..333ac55f67 --- /dev/null +++ b/docs/faq/sambafaq.sgml @@ -0,0 +1,792 @@ +<!doctype linuxdoc system> <!-- -*- SGML -*- --> +<!-- + v 0.5 18 Oct 1996 Dan Shearer Dan.Shearer@unisa.edu.au + First linuxdoc-sgml version, outline only + v 0.6 25 Oct 1996 Dan + Filled in from current text faq + v 0.7 1 June 1997 Paul + Replicated changes in txt faq to sgml faq + 9 June 1997 Paul + Lots of changes, added doco list, updated compatible systems list + added NT SP3 entry, added Year 2000 entry, Getting ready for 1.9.17 + v 0.8 7th Oct 97 Paul + changed samba.canberra entries to samba.anu.../samba/ +--> + +<article> + +<title> Samba FAQ + +<author>Paul Blackman, <tt>ictinus@samba.org</tt> + +<date>v 0.8, June '97 + +<abstract> This is the Frequently Asked Questions (FAQ) document for +Samba, the free and very popular SMB server product. An SMB server +allows file and printer connections from clients such as Windows, +OS/2, Linux and others. Current to version 1.9.17. Please send any +corrections to the author. +</abstract> + +<toc> + +<sect> General Information<p> <label id="general_info"> + +All about Samba - what it is, how to get it, related sources of +information, how to understand the version numbering scheme, pizza +details + +<sect1> What is Samba? <p> <label id="introduction"> +Samba is a suite of programs which work together to allow clients to +access to a server's filespace and printers via the SMB (Server +Message Block) protocol. Initially written for Unix, Samba now also +runs on Netware, OS/2 and VMS. + +In practice, this means that you can redirect disks and printers to +Unix disks and printers from Lan Manager clients, Windows for +Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2 +clients. There is also a generic Unix client program supplied as part +of the suite which allows Unix users to use an ftp-like interface to +access filespace and printers on any other SMB servers. This gives the +capability for these operating systems to behave much like a LAN +Server or Windows NT Server machine, only with added functionality and +flexibility designed to make life easier for administrators. + +The components of the suite are (in summary): + +<itemize> +<item><bf>smbd</bf>, the SMB server. This handles actual connections from clients, doing all the file, permission and username work +<item><bf>nmbd</bf>, the Netbios name server, which helps clients locate servers, doing the browsing work and managing domains as this capability is being built into Samba +<item><bf>smbclient</bf>, the Unix-hosted client program +<item><bf>smbrun</bf>, a little 'glue' program to help the server run external programs +<item><bf>testprns</bf>, a program to test server access to printers +<item><bf>testparms</bf>, a program to test the Samba configuration file for correctness +<item><bf>smb.conf</bf>, the Samba configuration file +<item><bf>smbprint</bf>, a sample script to allow a Unix host to use smbclient to print to an SMB server +<item><bf>Documentation!</bf> DON'T neglect to read it - you will save a great deal of time! +</itemize> + +The suite is supplied with full source (of course!) and is GPLed. + +The primary creator of the Samba suite is Andrew Tridgell. Later +versions incorporate much effort by many net.helpers. The man pages +and this FAQ were originally written by Karl Auer. + +<sect1> What is the current version of Samba? <p><label id="current_version"> +At time of writing, the current version was 1.9.17. If you want to be +sure check the bottom of the change-log file. <url url="ftp://samba.org/pub/samba/alpha/change-log"> + +For more information see <ref id="version_nums" name="What do the +version numbers mean?"> + +<sect1> Where can I get it? <p> <label id="where"> +The Samba suite is available via anonymous ftp from +samba.org. The latest and greatest versions of the suite are in +the directory: + +/pub/samba/ + +Development (read "alpha") versions, which are NOT necessarily stable +and which do NOT necessarily have accurate documentation, are +available in the directory: + +/pub/samba/alpha + +Note that binaries are NOT included in any of the above. Samba is +distributed ONLY in source form, though binaries may be available from +other sites. Recent versions of some Linux distributions, for example, +do contain Samba binaries for that platform. + +<sect1> What do the version numbers mean? <p> <label id="version_nums"> +It is not recommended that you run a version of Samba with the word +"alpha" in its name unless you know what you are doing and are willing +to do some debugging. Many, many people just get the latest +recommended stable release version and are happy. If you are brave, by +all means take the plunge and help with the testing and development - +but don't install it on your departmental server. Samba is typically +very stable and safe, and this is mostly due to the policy of many +public releases. + +How the scheme works: +<enum> +<item>When major changes are made the version number is increased. For +example, the transition from 1.9.15 to 1.9.16. However, this version +number will not appear immediately and people should continue to use +1.9.15 for production systems (see next point.) + +<item>Just after major changes are made the software is considered +unstable, and a series of alpha releases are distributed, for example +1.9.16alpha1. These are for testing by those who know what they are +doing. The "alpha" in the filename will hopefully scare off those who +are just looking for the latest version to install. + +<item>When Andrew thinks that the alphas have stabilised to the point +where he would recommend new users install it, he renames it to the +same version number without the alpha, for example 1.9.16. + +<item>Inevitably bugs are found in the "stable" releases and minor patch +levels are released which give us the pXX series, for example 1.9.16p2. +</enum> +So the progression goes: +<verb> + 1.9.15p7 (production) + 1.9.15p8 (production) + 1.9.16alpha1 (test sites only) + : + 1.9.16alpha20 (test sites only) + 1.9.16 (production) + 1.9.16p1 (production) +</verb> +The above system means that whenever someone looks at the samba ftp +site they will be able to grab the highest numbered release without an +alpha in the name and be sure of getting the current recommended +version. + +<sect1> What platforms are supported? <p> <label id="platforms"> +Many different platforms have run Samba successfully. The platforms +most widely used and thus best tested are Linux and SunOS. + +At time of writing, the Makefile claimed support for: +<itemize> +<item> A/UX 3.0 +<item> AIX +<item> Altos Series 386/1000 +<item> Amiga +<item> Apollo Domain/OS sr10.3 +<item> BSDI +<item> B.O.S. (Bull Operating System) +<item> Cray, Unicos 8.0 +<item> Convex +<item> DGUX. +<item> DNIX. +<item> FreeBSD +<item> HP-UX +<item> Intergraph. +<item> Linux with/without shadow passwords and quota +<item> LYNX 2.3.0 +<item> MachTen (a unix like system for Macintoshes) +<item> Motorola 88xxx/9xx range of machines +<item> NetBSD +<item> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach). +<item> OS/2 using EMX 0.9b +<item> OSF1 +<item> QNX 4.22 +<item> RiscIX. +<item> RISCOs 5.0B +<item> SEQUENT. +<item> SCO (including: 3.2v2, European dist., OpenServer 5) +<item> SGI. +<item> SMP_DC.OSx v1.1-94c079 on Pyramid S series +<item> SONY NEWS, NEWS-OS (4.2.x and 6.1.x) +<item> SUNOS 4 +<item> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later') +<item> Sunsoft ISC SVR3V4 +<item> SVR4 +<item> System V with some berkely extensions (Motorola 88k R32V3.2). +<item> ULTRIX. +<item> UNIXWARE +<item> UXP/DS +</itemize> + +<sect1> How can I find out more about Samba? <p> <label id="more"> +There are a number of places to look for more information on Samba, including: +<itemize> +<item>Two mailing lists devoted to discussion of Samba-related matters. +<item>The newsgroup, comp.protocols.smb, which has a great deal of discussion on Samba. +<item>The WWW site 'SAMBA Web Pages' at <url url="http://samba.edu.au/samba/"> includes: + <itemize> + <item>Links to man pages and documentation, including this FAQ + <item>A comprehensive survey of Samba users. + <item>A searchable hypertext archive of the Samba mailing list. + <item>Links to Samba source code, binaries, and mirrors of both. + </itemize> +<item>The long list of topic documentation. These files can be found in the 'docs' directory of the Samba source, or at <url url="ftp://samba.org/pub/samba/docs/"> + <itemize> + <item><url url="ftp://samba.org/pub/samba/docs/Application_Serving.txt" name="Application_Serving.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/BROWSING.txt" name="BROWSING.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/BUGS.txt" name="BUGS.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/DIAGNOSIS.txt" name="DIAGNOSIS.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/DNIX.txt" name="DNIX.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/DOMAIN.txt" name="DOMAIN.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/DOMAIN_CONTROL.txt" name="CONTROL.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt" name="ENCRYPTION.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/Faxing.txt" name="Faxing.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/GOTCHAS.txt" name="GOTCHAS.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/HINTS.txt" name="HINTS.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/INSTALL.sambatar" name="INSTALL.sambatar"> + <item><url url="ftp://samba.org/pub/samba/docs/INSTALL.txt" name="INSTALL.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/MIRRORS" name="MIRRORS"> + <item><url url="ftp://samba.org/pub/samba/docs/NetBIOS.txt" name="NetBIOS.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/OS2.txt" name="OS2.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/PROJECTS" name="PROJECTS"> + <item><url url="ftp://samba.org/pub/samba/docs/Passwords.txt" name="Passwords.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/Printing.txt" name="Printing.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/README.DCEDFS" name="README.DCEDFS"> + <item><url url="ftp://samba.org/pub/samba/docs/README.OS2" name="README.OS2"> + <item><url url="ftp://samba.org/pub/samba/docs/README.jis" name="README.jis"> + <item><url url="ftp://samba.org/pub/samba/docs/README.sambatar" name="README.sambatar"> + <item><url url="ftp://samba.org/pub/samba/docs/SCO.txt" name="SCO.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/SMBTAR.notes" name="SMBTAR.notes"> + <item><url url="ftp://samba.org/pub/samba/docs/Speed.txt" name="Speed.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/Support.txt" name="Support.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/THANKS" name="THANKS"> + <item><url url="ftp://samba.org/pub/samba/docs/Tracing.txt" name="Tracing.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/UNIX-SMB.txt" name="SMB.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/Warp.txt" name="Warp.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/WinNT.txt" name="WinNT.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/history" name="history"> + <item><url url="ftp://samba.org/pub/samba/docs/security_level.txt" name="level.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/wfw_slip.htm" name="slip.htm"> + </itemize> +</itemize> + +<sect1>How do I subscribe to the Samba Mailing Lists?<p><label id="mailinglist"> +Send email to <htmlurl url="mailto:listproc@samba.org" name="listproc@samba.org">. Make sure the subject line is +blank, and include the following two lines in the body of the message: +<tscreen><verb> +subscribe samba Firstname Lastname +subscribe samba-announce Firstname Lastname +</verb></tscreen> +Obviously you should substitute YOUR first name for "Firstname" and +YOUR last name for "Lastname"! Try not to send any signature stuff, it +sometimes confuses the list processor. + +The samba list is a digest list - every eight hours or so it +regurgitates a single message containing all the messages that have +been received by the list since the last time and sends a copy of this +message to all subscribers. + +If you stop being interested in Samba, please send another email to +<htmlurl url="mailto:listproc@samba.org" name="listproc@samba.org">. Make sure the subject line is blank, and +include the following two lines in the body of the message: +<tscreen><verb> +unsubscribe samba +unsubscribe samba-announce +</verb></tscreen> +The <bf>From:</bf> line in your message <em>MUST</em> be the same address you used when +you subscribed. + +<sect1> Something's gone wrong - what should I do? <p> <label id="wrong"> +<bf>[#] *** IMPORTANT! *** [#]</bf> +<p>DO NOT post messages on mailing lists or in newsgroups until you have +carried out the first three steps given here! + +Firstly, see if there are any likely looking entries in this FAQ! If +you have just installed Samba, have you run through the checklist in +<url url="ftp://samba.org/pub/samba/DIAGNOSIS.txt" name="DIAGNOSIS.txt">? It can save you a lot of time and effort. +DIAGNOSIS.txt can also be found in the docs directory of the Samba distribution. + +Secondly, read the man pages for smbd, nmbd and smb.conf, looking for +topics that relate to what you are trying to do. + +Thirdly, if there is no obvious solution to hand, try to get a look at +the log files for smbd and/or nmbd for the period during which you +were having problems. You may need to reconfigure the servers to +provide more extensive debugging information - usually level 2 or +level 3 provide ample debugging info. Inspect these logs closely, +looking particularly for the string "Error:". + +Fourthly, if you still haven't got anywhere, ask the mailing list or +newsgroup. In general nobody minds answering questions provided you +have followed the preceding steps. It might be a good idea to scan the +archives of the mailing list, which are available through the Samba +web site described in the previous +section. + +If you successfully solve a problem, please mail the FAQ maintainer a +succinct description of the symptom, the problem and the solution, so +I can incorporate it in the next version. + +If you make changes to the source code, _please_ submit these patches +so that everyone else gets the benefit of your work. This is one of +the most important aspects to the maintainence of Samba. Send all +patches to <htmlurl url="mailto:samba-patches@samba.org" name="samba-patches@samba.org">. Do not send patches to Andrew Tridgell or any +other individual, they may be lost if you do. + +<sect1> Pizza supply details <p> <label id="pizza"> +Those who have registered in the Samba survey as "Pizza Factory" will +already know this, but the rest may need some help. Andrew doesn't ask +for payment, but he does appreciate it when people give him +pizza. This calls for a little organisation when the pizza donor is +twenty thousand kilometres away, but it has been done. + +Method 1: Ring up your local branch of an international pizza chain +and see if they honour their vouchers internationally. Pizza Hut do, +which is how the entire Canberra Linux Users Group got to eat pizza +one night, courtesy of someone in the US + +Method 2: Ring up a local pizza shop in Canberra and quote a credit +card number for a certain amount, and tell them that Andrew will be +collecting it (don't forget to tell him.) One kind soul from Germany +did this. + +Method 3: Purchase a pizza voucher from your local pizza shop that has +no international affiliations and send it to Andrew. It is completely +useless but he can hang it on the wall next to the one he already has +from Germany :-) + +Method 4: Air freight him a pizza with your favourite regional +flavours. It will probably get stuck in customs or torn apart by +hungry sniffer dogs but it will have been a noble gesture. + +<sect>Compiling and installing Samba on a Unix host<p><label id="unix_install"> + +<sect1>I can't see the Samba server in any browse lists!<p><label id="no_browse"> + See <url url="ftp://samba.org/pub/samba/BROWSING.txt" name="BROWSING.txt"> + for more information on browsing. Browsing.txt can also be found + in the docs directory of the Samba source. + +If your GUI client does not permit you to select non-browsable +servers, you may need to do so on the command line. For example, under +Lan Manager you might connect to the above service as disk drive M: +thusly: +<tscreen><verb> + net use M: \\mary\fred +</verb></tscreen> +The details of how to do this and the specific syntax varies from +client to client - check your client's documentation. + +<sect1>Some files that I KNOW are on the server doesn't show up when I view the files from my client! <p> <label id="missing_files"> +See the next question. +<sect1>Some files on the server show up with really wierd filenames when I view the files from my client! <p> <label id="strange_filenames"> +If you check what files are not showing up, you will note that they +are files which contain upper case letters or which are otherwise not +DOS-compatible (ie, they are not legal DOS filenames for some reason). + +The Samba server can be configured either to ignore such files +completely, or to present them to the client in "mangled" form. If you +are not seeing the files at all, the Samba server has most likely been +configured to ignore them. Consult the man page smb.conf(5) for +details of how to change this - the parameter you need to set is +"mangled names = yes". + +<sect1>My client reports "cannot locate specified computer" or similar<p><label id="cant_see_server"> +This indicates one of three things: You supplied an incorrect server +name, the underlying TCP/IP layer is not working correctly, or the +name you specified cannot be resolved. + +After carefully checking that the name you typed is the name you +should have typed, try doing things like pinging a host or telnetting +to somewhere on your network to see if TCP/IP is functioning OK. If it +is, the problem is most likely name resolution. + +If your client has a facility to do so, hardcode a mapping between the +hosts IP and the name you want to use. For example, with Man Manager +or Windows for Workgroups you would put a suitable entry in the file +LMHOSTS. If this works, the problem is in the communication between +your client and the netbios name server. If it does not work, then +there is something fundamental wrong with your naming and the solution +is beyond the scope of this document. + +If you do not have any server on your subnet supplying netbios name +resolution, hardcoded mappings are your only option. If you DO have a +netbios name server running (such as the Samba suite's nmbd program), +the problem probably lies in the way it is set up. Refer to Section +Two of this FAQ for more ideas. + +By the way, remember to REMOVE the hardcoded mapping before further +tests :-) + +<sect1>My client reports "cannot locate specified share name" or similar<p> <label id="cant_see_share"> +This message indicates that your client CAN locate the specified +server, which is a good start, but that it cannot find a service of +the name you gave. + +The first step is to check the exact name of the service you are +trying to connect to (consult your system administrator). Assuming it +exists and you specified it correctly (read your client's doco on how +to specify a service name correctly), read on: + +<itemize> +<item> Many clients cannot accept or use service names longer than eight characters. +<item> Many clients cannot accept or use service names containing spaces. +<item> Some servers (not Samba though) are case sensitive with service names. +<item> Some clients force service names into upper case. +</itemize> + +<sect1>My client reports "cannot find domain controller", "cannot log on to the network" or similar <p> <label id="cant_see_net"> +Nothing is wrong - Samba does not implement the primary domain name +controller stuff for several reasons, including the fact that the +whole concept of a primary domain controller and "logging in to a +network" doesn't fit well with clients possibly running on multiuser +machines (such as users of smbclient under Unix). Having said that, +several developers are working hard on building it in to the next +major version of Samba. If you can contribute, send a message to +<htmlurl url="mailto:samba@samba.org" name="samba@samba.org"> ! + +Seeing this message should not affect your ability to mount redirected +disks and printers, which is really what all this is about. + +For many clients (including Windows for Workgroups and Lan Manager), +setting the domain to STANDALONE at least gets rid of the message. + +<sect1>Printing doesn't work :-(<p> <label id="no_printing"> +Make sure that the specified print command for the service you are +connecting to is correct and that it has a fully-qualified path (eg., +use "/usr/bin/lpr" rather than just "lpr"). + +Make sure that the spool directory specified for the service is +writable by the user connected to the service. In particular the user +"nobody" often has problems with printing, even if it worked with an +earlier version of Samba. Try creating another guest user other than +"nobody". + +Make sure that the user specified in the service is permitted to use +the printer. + +Check the debug log produced by smbd. Search for the printer name and +see if the log turns up any clues. Note that error messages to do with +a service ipc$ are meaningless - they relate to the way the client +attempts to retrieve status information when using the LANMAN1 +protocol. + +If using WfWg then you need to set the default protocol to TCP/IP, not +Netbeui. This is a WfWg bug. + +If using the Lanman1 protocol (the default) then try switching to +coreplus. Also not that print status error messages don't mean +printing won't work. The print status is received by a different +mechanism. + +<sect1>My programs install on the server OK, but refuse to work properly<p><label id="programs_wont_run"> +There are numerous possible reasons for this, but one MAJOR +possibility is that your software uses locking. Make sure you are +using Samba 1.6.11 or later. It may also be possible to work around +the problem by setting "locking=no" in the Samba configuration file +for the service the software is installed on. This should be regarded +as a strictly temporary solution. + +In earlier Samba versions there were some difficulties with the very +latest Microsoft products, particularly Excel 5 and Word for Windows +6. These should have all been solved. If not then please let Andrew +Tridgell know via email at <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">. + +<sect1>My "server string" doesn't seem to be recognised<p><label id="bad_server_string"> +OR My client reports the default setting, eg. "Samba 1.9.15p4", instead +of what I have changed it to in the smb.conf file. + +You need to use the -C option in nmbd. The "server string" affects +what smbd puts out and -C affects what nmbd puts out. + +Current versions of Samba (1.9.16 +) have combined these options into +the "server string" field of smb.conf, -C for nmbd is now obsolete. + +<sect1>My client reports "This server is not configured to list shared resources" <p> <label id="cant_list_shares"> +Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid. + +See also 'guest account' in smb.conf man page. + +<sect1>Log message "you appear to have a trapdoor uid system" <p><label id="trapdoor_uid"> +This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535. + +It might also mean that your OS has a trapdoor uid/gid system :-) + +This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems. + +The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user. + +Complain to your OS vendor and ask them to fix their system. + +Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good! + +<sect>Common client questions<p> <label id="client_questions"> + +<sect1>Are there any Macintosh clients for Samba?<p> <label id="mac_clients"> +Yes! Thursby now have a CIFS Client / Server called DAVE - see <url url="http://www.thursby.com/">. +They test it against Windows 95, Windows NT and samba for compatibility issues. +At the time of writing, DAVE was at version 1.0.1. The 1.0.0 to 1.0.1 update is available +as a free download from the Thursby web site (the speed of finder copies has +been greatly enhanced, and there are bug-fixes included). + +Alternatives - There are two free implementations of AppleTalk for +several kinds of UNIX machnes, and several more commercial ones. +These products allow you to run file services and print services +natively to Macintosh users, with no additional support required on +the Macintosh. The two free omplementations are Netatalk, +<url url="http://www.umich.edu/~rsug/netatalk/">, and CAP, +<url url="http://www.cs.mu.oz.au/appletalk/atalk.html">. What Samba offers +MS Windows users, these packages offer to Macs. For more info on +these packages, Samba, and Linux (and other UNIX-based systems) +see <url url="http://www.eats.com/linux_mac_win.html"> + +<sect1>"Session request failed (131,130)" error<p> <label id="sess_req_fail"> +The following answer is provided by John E. Miller: + +I'll assume that you're able to ping back and forth between the +machines by IP address and name, and that you're using some security +model where you're confident that you've got user IDs and passwords +right. The logging options (-d3 or greater) can help a lot with that. +DNS and WINS configuration can also impact connectivity as well. + +Now, on to 'scope id's. Somewhere in your Win95 TCP/IP network +configuration (I'm too much of an NT bigot to know where it's located +in the Win95 setup, but I'll have to learn someday since I teach for a +Microsoft Solution Provider Authorized Tech Education Center - what an +acronym...) [Note: It's under Control Panel | Network | TCP/IP | WINS +Configuration] there's a little text entry field called something like +'Scope ID'. + +This field essentially creates 'invisible' sub-workgroups on the same +wire. Boxes can only see other boxes whose Scope IDs are set to the +exact same value - it's sometimes used by OEMs to configure their +boxes to browse only other boxes from the same vendor and, in most +environments, this field should be left blank. If you, in fact, have +something in this box that EXACT value (case-sensitive!) needs to be +provided to smbclient and nmbd as the -i (lowercase) parameter. So, if +your Scope ID is configured as the string 'SomeStr' in Win95 then +you'd have to use smbclient -iSomeStr [otherparms] in connecting to +it. + +<sect1>How do I synchronise my PC's clock with my Samba server? <p><label id="synchronise_clock"> +To syncronize your PC's clock with your Samba server: +<itemize> +<item> Copy timesync.pif to your windows directory + <item> timesync.pif can be found at: + <url +url="http://samba.org/samba/binaries/miscellaneous/timesync.pif"> +<item> Add timesync.pif to your 'Start Up' group/folder +<item> Open the properties dialog box for the program/icon +<item> Make sure the 'Run Minimized' option is set in program 'Properties' +<iteM> Change the command line section that reads [\\sambahost] to reflect the name of your server. +<item> Close the properties dialog box by choosing 'OK' +</itemize> +Each time you start your computer (or login for Win95) your PC will +synchronize its clock with your Samba server. + +Alternativley, if you clients support Domain Logons, you can setup Domain Logons with Samba + - see: <url url="ftp://samba.org/pub/samba/docs/BROWSING.txt" name="BROWSING.txt"> *** for more information. +<p>Then add +<tscreen><verb> +NET TIME \\%L /SET /YES +</verb></tscreen> +as one of the lines in the logon script. +<sect1>Problems with WinDD, NTrigue, WinCenterPro etc<p> +<label id="multiple_session_clients"> + +All of the above programs are applications that sit on an NT box and +allow multiple users to access the NT GUI applications from remote +workstations (often over X). + +What has this got to do with Samba? The problem comes when these users +use filemanager to mount shares from a Samba server. The most common +symptom is that the first user to connect get correct file permissions +and has a nice day, but subsequent connections get logged in as the +same user as the first person to login. They find that they cannot +access files in their own home directory, but that they can access +files in the first users home directory (maybe not such a nice day +after all?) + +Why does this happen? The above products all share a common heritage +(and code base I believe). They all open just a single TCP based SMB +connection to the Samba server, and requests from all users are piped +over this connection. This is unfortunate, but not fatal. + +It means that if you run your Samba server in share level security +(the default) then things will definately break as described +above. The share level SMB security model has no provision for +multiple user IDs on the one SMB connection. See <url url="ftp://samba.org/pub/samba/docs/security_level.txt" name="security_level.txt"> in +the docs for more info on share/user/server level security. + +If you run in user or server level security then you have a chance, +but only if you have a recent version of Samba (at least 1.9.15p6). In +older versions bugs in Samba meant you still would have had problems. + +If you have a trapdoor uid system in your OS then it will never work +properly. Samba needs to be able to switch uids on the connection and +it can't if your OS has a trapdoor uid system. You'll know this +because Samba will note it in your logs. + +Also note that you should not use the magic "homes" share name with +products like these, as otherwise all users will end up with the same +home directory. Use [\\server\username] instead. + +<sect1>Problem with printers under NT<p> <label id="nt_printers"> +This info from Stefan Hergeth +hergeth@f7axp1.informatik.fh-muenchen.de may be useful: + + A network-printer (with ethernetcard) is connected to the NT-Clients +via our UNIX-Fileserver (SAMBA-Server), like the configuration told by + Matthew Harrell harrell@leech.nrl.navy.mil (see WinNT.txt) +<enum> +<item>If a user has choosen this printer as the default printer in his + NT-Session and this printer is not connected to the network + (e.g. switched off) than this user has a problem with the SAMBA- + connection of his filesystems. It's very slow. + +<item>If the printer is connected to the network everything works fine. + +<item>When the smbd ist started with debug level 3, you can see that the + NT spooling system try to connect to the printer many times. If the + printer ist not connected to the network this request fails and the + NT spooler is wasting a lot of time to connect to the printer service. + This seems to be the reason for the slow network connection. + +<item>Maybe it's possible to change this behaviour by setting different + printer properties in the Print-Manager-Menu of NT, but i didn't try it yet. +</enum> + +<sect1>Why are my file's timestamps off by an hour, or by a few hours?<p><label id="dst_bugs"> +This is from Paul Eggert eggert@twinsun.com. + +Most likely it's a problem with your time zone settings. + +Internally, Samba maintains time in traditional Unix format, +namely, the number of seconds since 1970-01-01 00:00:00 Universal Time +(or ``GMT''), not counting leap seconds. + +On the server side, Samba uses the Unix TZ variable to convert +internal timestamps to and from local time. So on the server side, there are +two things to get right. +<enum> +<item>The Unix system clock must have the correct Universal time. + Use the shell command "sh -c 'TZ=UTC0 date'" to check this. + +<item>The TZ environment variable must be set on the server + before Samba is invoked. The details of this depend on the + server OS, but typically you must edit a file whose name is + /etc/TIMEZONE or /etc/default/init, or run the command `zic -l'. + +<item>TZ must have the correct value. +<enum> + <item>If possible, use geographical time zone settings + (e.g. TZ='America/Los_Angeles' or perhaps + TZ=':US/Pacific'). These are supported by most + popular Unix OSes, are easier to get right, and are + more accurate for historical timestamps. If your + operating system has out-of-date tables, you should be + able to update them from the public domain time zone + tables at <url url="ftp://elsie.nci.nih.gov/pub/">. + + <item>If your system does not support geographical timezone + settings, you must use a Posix-style TZ strings, e.g. + TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. + Posix TZ strings can take the following form (with optional + items in brackets): +<verb> + StdOffset[Dst[Offset],Date/Time,Date/Time] +</verb> + where: +<itemize> +<item> `Std' is the standard time designation (e.g. `PST'). + +<item> `Offset' is the number of hours behind UTC (e.g. `8'). + Prepend a `-' if you are ahead of UTC, and + append `:30' if you are at a half-hour offset. + Omit all the remaining items if you do not use + daylight-saving time. + +<item> `Dst' is the daylight-saving time designation + (e.g. `PDT'). + + The optional second `Offset' is the number of + hours that daylight-saving time is behind UTC. + The default is 1 hour ahead of standard time. + +<item> `Date/Time,Date/Time' specify when daylight-saving + time starts and ends. The format for a date is + `Mm.n.d', which specifies the dth day (0 is Sunday) + of the nth week of the mth month, where week 5 means + the last such day in the month. The format for a + time is [h]h[:mm[:ss]], using a 24-hour clock. +</itemize> + Other Posix string formats are allowed but you don't want + to know about them. +</enum> +</enum> +On the client side, you must make sure that your client's clock and +time zone is also set appropriately. [[I don't know how to do this.]] +Samba traditionally has had many problems dealing with time zones, due +to the bizarre ways that Microsoft network protocols handle time +zones. A common symptom is for file timestamps to be off by an hour. +To work around the problem, try disconnecting from your Samba server +and then reconnecting to it; or upgrade your Samba server to +1.9.16alpha10 or later. + +<sect1> How do I set the printer driver name correctly? <p><label id="printer_driver_name"> +Question: + On NT, I opened "Printer Manager" and "Connect to Printer". + Enter ["\\ptdi270\ps1"] in the box of printer. I got the + following error message: +<tscreen><verb> + You do not have sufficient access to your machine + to connect to the selected printer, since a driver + needs to be installed locally. +</verb></tscreen> +Answer: + +In the more recent versions of Samba you can now set the "printer +driver" in smb.conf. This tells the client what driver to use. For +example: +<tscreen><verb> + printer driver = HP LaserJet 4L +</verb></tscreen> +with this, NT knows to use the right driver. You have to get this string +exactly right. + +To find the exact string to use, you need to get to the dialog box in +your client where you select which printer driver to install. The +correct strings for all the different printers are shown in a listbox +in that dialog box. + +You could also try setting the driver to NULL like this: +<tscreen><verb> + printer driver = NULL +</verb></tscreen> +this is effectively what older versions of Samba did, so if that +worked for you then give it a go. If this does work then let us know via <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">, +and we'll make it the default. Currently the default is a 0 length +string. + +<sect1>I've applied NT 4.0 SP3, and now I can't access Samba shares, Why?<p><label id="NT_SP3_FIX"> +As of SP3, Microsoft has decided that they will no longer default to +passing clear text passwords over the network. To enable access to +Samba shares from NT 4.0 SP3, you must do <bf>ONE</bf> of two things: +<enum> +<item> Set the Samba configuration option 'security = user' and implement all of the stuff detailed in <url url="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt" name="ENCRYPTION.txt">. +<item> Follow Microsoft's directions for setting your NT box to allow plain text passwords. see <url url="http://www.microsoft.com/kb/articles/q166/7/30.htm" name="Knowledge Base Article Q166730"> +</enum> + +<sect>Specific client application problems<p> <label id="client_problems"> + +<sect1>MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"<p> <label id="cant_change_properties"> +When installing MS Office on a Samba drive for which you have admin +user permissions, ie. admin users = username, you will find the +setup program unable to complete the installation. + +To get around this problem, do the installation without admin user +permissions The problem is that MS Office Setup checks that a file is +rdonly by trying to open it for writing. + +Admin users can always open a file for writing, as they run as root. +You just have to install as a non-admin user and then use "chown -R" +to fix the owner. + +<sect>Miscellaneous<p> <label id="miscellaneous"> +<sect1>Is Samba Year 2000 compliant?<p><label id="Year2000Compliant"> +The CIFS protocol that Samba implements +negotiates times in various formats, all of which +are able to cope with dates beyond 2000. + +</article> diff --git a/docs/faq/sambafaq.txt b/docs/faq/sambafaq.txt new file mode 100644 index 0000000000..e629e8ad87 --- /dev/null +++ b/docs/faq/sambafaq.txt @@ -0,0 +1,1122 @@ + Samba FAQ + Paul Blackman, ictinus@samba.org + v 0.8, June '97 + + This is the Frequently Asked Questions (FAQ) document for Samba, the + free and very popular SMB server product. An SMB server allows file + and printer connections from clients such as Windows, OS/2, Linux and + others. Current to version 1.9.17. Please send any corrections to the + author. + ______________________________________________________________________ + + Table of Contents: + + 1. General Information + + 1.1. What is Samba? + + 1.2. What is the current version of Samba? + + 1.3. Where can I get it? + + 1.4. What do the version numbers mean? + + 1.5. What platforms are supported? + + 1.6. How can I find out more about Samba? + + 1.7. How do I subscribe to the Samba Mailing Lists? + + 1.8. Something's gone wrong - what should I do? + + 1.9. Pizza supply details + + 2. Compiling and installing Samba on a Unix host + + 2.1. I can't see the Samba server in any browse lists! + + 2.2. Some files that I KNOW are on the server doesn't show up when + I view the files from my client! + + 2.3. Some files on the server show up with really wierd filenames + when I view the files from my client! + + 2.4. My client reports "cannot locate specified computer" or + similar + + 2.5. My client reports "cannot locate specified share name" or + similar + + 2.6. My client reports "cannot find domain controller", "cannot log + on to the network" or similar + + 2.7. Printing doesn't work :-( + + 2.8. My programs install on the server OK, but refuse to work + properly + + 2.9. My "server string" doesn't seem to be recognised + + 2.10. My client reports "This server is not configured to list + shared resources" + + 2.11. Log message "you appear to have a trapdoor uid system" + + 3. Common client questions + + 3.1. Are there any Macintosh clients for Samba? + + 3.2. "Session request failed (131,130)" error + + 3.3. How do I synchronise my PC's clock with my Samba server? + + 3.4. Problems with WinDD, NTrigue, WinCenterPro etc + + 3.5. Problem with printers under NT + + 3.6. Why are my file's timestamps off by an hour, or by a few + hours? + + 3.7. How do I set the printer driver name correctly? + + 3.8. I've applied NT 4.0 SP3, and now I can't access Samba shares, + Why? + + 4. Specific client application problems + + 4.1. MS Office Setup reports "Cannot change properties of + 'MSOFFICEUP.INI'" + + 5. Miscellaneous + + 5.1. Is Samba Year 2000 compliant? + ______________________________________________________________________ + + 11.. GGeenneerraall IInnffoorrmmaattiioonn + + + + All about Samba - what it is, how to get it, related sources of + information, how to understand the version numbering scheme, pizza + details + + + 11..11.. WWhhaatt iiss SSaammbbaa?? + + + Samba is a suite of programs which work together to allow clients to + access to a server's filespace and printers via the SMB (Server + Message Block) protocol. Initially written for Unix, Samba now also + runs on Netware, OS/2 and VMS. + + In practice, this means that you can redirect disks and printers to + Unix disks and printers from Lan Manager clients, Windows for + Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2 + clients. There is also a generic Unix client program supplied as part + of the suite which allows Unix users to use an ftp-like interface to + access filespace and printers on any other SMB servers. This gives the + capability for these operating systems to behave much like a LAN + Server or Windows NT Server machine, only with added functionality and + flexibility designed to make life easier for administrators. + + The components of the suite are (in summary): + + + +o ssmmbbdd, the SMB server. This handles actual connections from clients, + doing all the file, permission and username work + + +o nnmmbbdd, the Netbios name server, which helps clients locate servers, + doing the browsing work and managing domains as this capability is + being built into Samba + + + +o ssmmbbcclliieenntt, the Unix-hosted client program + + +o ssmmbbrruunn, a little 'glue' program to help the server run external + programs + + +o tteessttpprrnnss, a program to test server access to printers + + +o tteessttppaarrmmss, a program to test the Samba configuration file for + correctness + + +o ssmmbb..ccoonnff, the Samba configuration file + + +o ssmmbbpprriinntt, a sample script to allow a Unix host to use smbclient to + print to an SMB server + + +o DDooccuummeennttaattiioonn!! DON'T neglect to read it - you will save a great + deal of time! + + The suite is supplied with full source (of course!) and is GPLed. + + The primary creator of the Samba suite is Andrew Tridgell. Later + versions incorporate much effort by many net.helpers. The man pages + and this FAQ were originally written by Karl Auer. + + + 11..22.. WWhhaatt iiss tthhee ccuurrrreenntt vveerrssiioonn ooff SSaammbbaa?? + + + At time of writing, the current version was 1.9.17. If you want to be + sure check the bottom of the change-log file. + <ftp://samba.org/pub/samba/alpha/change-log> + + For more information see ``What do the version numbers mean?'' + + + 11..33.. WWhheerree ccaann II ggeett iitt?? + + + The Samba suite is available via anonymous ftp from samba.org. + The latest and greatest versions of the suite are in the directory: + + /pub/samba/ + + Development (read "alpha") versions, which are NOT necessarily stable + and which do NOT necessarily have accurate documentation, are + available in the directory: + + /pub/samba/alpha + + Note that binaries are NOT included in any of the above. Samba is + distributed ONLY in source form, though binaries may be available from + other sites. Recent versions of some Linux distributions, for example, + do contain Samba binaries for that platform. + + + 11..44.. WWhhaatt ddoo tthhee vveerrssiioonn nnuummbbeerrss mmeeaann?? + + + It is not recommended that you run a version of Samba with the word + "alpha" in its name unless you know what you are doing and are willing + to do some debugging. Many, many people just get the latest + recommended stable release version and are happy. If you are brave, by + all means take the plunge and help with the testing and development - + but don't install it on your departmental server. Samba is typically + very stable and safe, and this is mostly due to the policy of many + public releases. + How the scheme works: + + 1. When major changes are made the version number is increased. For + example, the transition from 1.9.15 to 1.9.16. However, this + version number will not appear immediately and people should + continue to use 1.9.15 for production systems (see next point.) + + 2. Just after major changes are made the software is considered + unstable, and a series of alpha releases are distributed, for + example 1.9.16alpha1. These are for testing by those who know what + they are doing. The "alpha" in the filename will hopefully scare + off those who are just looking for the latest version to install. + + 3. When Andrew thinks that the alphas have stabilised to the point + where he would recommend new users install it, he renames it to the + same version number without the alpha, for example 1.9.16. + + 4. Inevitably bugs are found in the "stable" releases and minor patch + levels are released which give us the pXX series, for example + 1.9.16p2. + + So the progression goes: + + 1.9.15p7 (production) + 1.9.15p8 (production) + 1.9.16alpha1 (test sites only) + : + 1.9.16alpha20 (test sites only) + 1.9.16 (production) + 1.9.16p1 (production) + + + The above system means that whenever someone looks at the samba ftp + site they will be able to grab the highest numbered release without an + alpha in the name and be sure of getting the current recommended ver- + sion. + + + 11..55.. WWhhaatt ppllaattffoorrmmss aarree ssuuppppoorrtteedd?? + + + Many different platforms have run Samba successfully. The platforms + most widely used and thus best tested are Linux and SunOS. + + At time of writing, the Makefile claimed support for: + + +o A/UX 3.0 + + +o AIX + + +o Altos Series 386/1000 + + +o Amiga + + +o Apollo Domain/OS sr10.3 + + +o BSDI + + +o B.O.S. (Bull Operating System) + + +o Cray, Unicos 8.0 + + +o Convex + + +o DGUX. + + +o DNIX. + + +o FreeBSD + + +o HP-UX + + +o Intergraph. + + +o Linux with/without shadow passwords and quota + + +o LYNX 2.3.0 + + +o MachTen (a unix like system for Macintoshes) + + +o Motorola 88xxx/9xx range of machines + + +o NetBSD + + +o NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for + Mach). + + +o OS/2 using EMX 0.9b + + +o OSF1 + + +o QNX 4.22 + + +o RiscIX. + + +o RISCOs 5.0B + + +o SEQUENT. + + +o SCO (including: 3.2v2, European dist., OpenServer 5) + + +o SGI. + + +o SMP_DC.OSx v1.1-94c079 on Pyramid S series + + +o SONY NEWS, NEWS-OS (4.2.x and 6.1.x) + + +o SUNOS 4 + + +o SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later') + + +o Sunsoft ISC SVR3V4 + + +o SVR4 + + +o System V with some berkely extensions (Motorola 88k R32V3.2). + + +o ULTRIX. + + +o UNIXWARE + + +o UXP/DS + + + 11..66.. HHooww ccaann II ffiinndd oouutt mmoorree aabboouutt SSaammbbaa?? + + + There are a number of places to look for more information on Samba, + including: + + +o Two mailing lists devoted to discussion of Samba-related matters. + + +o The newsgroup, comp.protocols.smb, which has a great deal of + discussion on Samba. + + +o The WWW site 'SAMBA Web Pages' at <http://samba.edu.au/samba/> + includes: + + +o Links to man pages and documentation, including this FAQ + + +o A comprehensive survey of Samba users. + + +o A searchable hypertext archive of the Samba mailing list. + + +o Links to Samba source code, binaries, and mirrors of both. + + +o The long list of topic documentation. These files can be found in + the 'docs' directory of the Samba source, or at + <ftp://samba.org/pub/samba/docs/> + + +o Application_Serving.txt + <ftp://samba.org/pub/samba/docs/Application_Serving.txt> + + +o BROWSING.txt <ftp://samba.org/pub/samba/docs/BROWSING.txt> + + +o BUGS.txt <ftp://samba.org/pub/samba/docs/BUGS.txt> + + +o DIAGNOSIS.txt <ftp://samba.org/pub/samba/docs/DIAGNOSIS.txt> + + +o DNIX.txt <ftp://samba.org/pub/samba/docs/DNIX.txt> + + +o DOMAIN.txt <ftp://samba.org/pub/samba/docs/DOMAIN.txt> + + +o CONTROL.txt + <ftp://samba.org/pub/samba/docs/DOMAIN_CONTROL.txt> + + +o ENCRYPTION.txt + <ftp://samba.org/pub/samba/docs/ENCRYPTION.txt> + + +o Faxing.txt <ftp://samba.org/pub/samba/docs/Faxing.txt> + + +o GOTCHAS.txt <ftp://samba.org/pub/samba/docs/GOTCHAS.txt> + + +o HINTS.txt <ftp://samba.org/pub/samba/docs/HINTS.txt> + + +o INSTALL.sambatar + <ftp://samba.org/pub/samba/docs/INSTALL.sambatar> + + +o INSTALL.txt <ftp://samba.org/pub/samba/docs/INSTALL.txt> + + +o MIRRORS <ftp://samba.org/pub/samba/docs/MIRRORS> + + +o NetBIOS.txt <ftp://samba.org/pub/samba/docs/NetBIOS.txt> + + +o OS2.txt <ftp://samba.org/pub/samba/docs/OS2.txt> + + +o PROJECTS <ftp://samba.org/pub/samba/docs/PROJECTS> + + +o Passwords.txt <ftp://samba.org/pub/samba/docs/Passwords.txt> + + +o Printing.txt <ftp://samba.org/pub/samba/docs/Printing.txt> + + +o README.DCEDFS <ftp://samba.org/pub/samba/docs/README.DCEDFS> + + +o README.OS2 <ftp://samba.org/pub/samba/docs/README.OS2> + + +o README.jis <ftp://samba.org/pub/samba/docs/README.jis> + + +o README.sambatar + <ftp://samba.org/pub/samba/docs/README.sambatar> + + +o SCO.txt <ftp://samba.org/pub/samba/docs/SCO.txt> + + +o SMBTAR.notes <ftp://samba.org/pub/samba/docs/SMBTAR.notes> + + +o Speed.txt <ftp://samba.org/pub/samba/docs/Speed.txt> + + +o Support.txt <ftp://samba.org/pub/samba/docs/Support.txt> + + +o THANKS <ftp://samba.org/pub/samba/docs/THANKS> + + +o Tracing.txt <ftp://samba.org/pub/samba/docs/Tracing.txt> + + +o SMB.txt <ftp://samba.org/pub/samba/docs/UNIX-SMB.txt> + + +o Warp.txt <ftp://samba.org/pub/samba/docs/Warp.txt> + + +o WinNT.txt <ftp://samba.org/pub/samba/docs/WinNT.txt> + + +o history <ftp://samba.org/pub/samba/docs/history> + + +o level.txt + <ftp://samba.org/pub/samba/docs/security_level.txt> + + +o slip.htm <ftp://samba.org/pub/samba/docs/wfw_slip.htm> + + + 11..77.. HHooww ddoo II ssuubbssccrriibbee ttoo tthhee SSaammbbaa MMaaiilliinngg LLiissttss?? + + + Send email to listproc@samba.org. Make sure the subject line is + blank, and include the following two lines in the body of the message: + + + subscribe samba Firstname Lastname + subscribe samba-announce Firstname Lastname + + + + + Obviously you should substitute YOUR first name for "Firstname" and + YOUR last name for "Lastname"! Try not to send any signature stuff, it + sometimes confuses the list processor. + + The samba list is a digest list - every eight hours or so it + regurgitates a single message containing all the messages that have + been received by the list since the last time and sends a copy of this + message to all subscribers. + + If you stop being interested in Samba, please send another email to + listproc@samba.org. Make sure the subject line is blank, and + include the following two lines in the body of the message: + + + unsubscribe samba + unsubscribe samba-announce + + + + + The FFrroomm:: line in your message _M_U_S_T be the same address you used when + you subscribed. + + + 11..88.. SSoommeetthhiinngg''ss ggoonnee wwrroonngg -- wwhhaatt sshhoouulldd II ddoo?? + + + ## ****** IIMMPPOORRTTAANNTT!! ****** ## + + DO NOT post messages on mailing lists or in newsgroups until you have + carried out the first three steps given here! + + Firstly, see if there are any likely looking entries in this FAQ! If + you have just installed Samba, have you run through the checklist in + DIAGNOSIS.txt <ftp://samba.org/pub/samba/DIAGNOSIS.txt>? It can + save you a lot of time and effort. DIAGNOSIS.txt can also be found in + the docs directory of the Samba distribution. + + Secondly, read the man pages for smbd, nmbd and smb.conf, looking for + topics that relate to what you are trying to do. + + Thirdly, if there is no obvious solution to hand, try to get a look at + the log files for smbd and/or nmbd for the period during which you + were having problems. You may need to reconfigure the servers to + provide more extensive debugging information - usually level 2 or + level 3 provide ample debugging info. Inspect these logs closely, + looking particularly for the string "Error:". + + Fourthly, if you still haven't got anywhere, ask the mailing list or + newsgroup. In general nobody minds answering questions provided you + have followed the preceding steps. It might be a good idea to scan the + archives of the mailing list, which are available through the Samba + web site described in the previous section. + + If you successfully solve a problem, please mail the FAQ maintainer a + succinct description of the symptom, the problem and the solution, so + I can incorporate it in the next version. + + If you make changes to the source code, _please_ submit these patches + so that everyone else gets the benefit of your work. This is one of + the most important aspects to the maintainence of Samba. Send all + patches to samba@samba.org. Do not send patches to Andrew + Tridgell or any other individual, they may be lost if you do. + + + 11..99.. PPiizzzzaa ssuuppppllyy ddeettaaiillss + + + Those who have registered in the Samba survey as "Pizza Factory" will + already know this, but the rest may need some help. Andrew doesn't ask + for payment, but he does appreciate it when people give him pizza. + This calls for a little organisation when the pizza donor is twenty + thousand kilometres away, but it has been done. + + Method 1: Ring up your local branch of an international pizza chain + and see if they honour their vouchers internationally. Pizza Hut do, + which is how the entire Canberra Linux Users Group got to eat pizza + one night, courtesy of someone in the US + + Method 2: Ring up a local pizza shop in Canberra and quote a credit + card number for a certain amount, and tell them that Andrew will be + collecting it (don't forget to tell him.) One kind soul from Germany + did this. + + Method 3: Purchase a pizza voucher from your local pizza shop that has + no international affiliations and send it to Andrew. It is completely + useless but he can hang it on the wall next to the one he already has + from Germany :-) + + + Method 4: Air freight him a pizza with your favourite regional + flavours. It will probably get stuck in customs or torn apart by + hungry sniffer dogs but it will have been a noble gesture. + + + 22.. CCoommppiilliinngg aanndd iinnssttaalllliinngg SSaammbbaa oonn aa UUnniixx hhoosstt + + + + 22..11.. II ccaann''tt sseeee tthhee SSaammbbaa sseerrvveerr iinn aannyy bbrroowwssee lliissttss!! + + + See BROWSING.txt <ftp://samba.org/pub/samba/BROWSING.txt> for + more information on browsing. Browsing.txt can also be found in the + docs directory of the Samba source. + + If your GUI client does not permit you to select non-browsable + servers, you may need to do so on the command line. For example, under + Lan Manager you might connect to the above service as disk drive M: + thusly: + + + net use M: \\mary\fred + + + + + The details of how to do this and the specific syntax varies from + client to client - check your client's documentation. + + + 22..22.. SSoommee ffiilleess tthhaatt II KKNNOOWW aarree oonn tthhee sseerrvveerr ddooeessnn''tt sshhooww uupp wwhheenn II + vviieeww tthhee ffiilleess ffrroomm mmyy cclliieenntt!! + + + See the next question. + + 22..33.. SSoommee ffiilleess oonn tthhee sseerrvveerr sshhooww uupp wwiitthh rreeaallllyy wwiieerrdd ffiilleennaammeess + wwhheenn II vviieeww tthhee ffiilleess ffrroomm mmyy cclliieenntt!! + + + If you check what files are not showing up, you will note that they + are files which contain upper case letters or which are otherwise not + DOS-compatible (ie, they are not legal DOS filenames for some reason). + + The Samba server can be configured either to ignore such files + completely, or to present them to the client in "mangled" form. If you + are not seeing the files at all, the Samba server has most likely been + configured to ignore them. Consult the man page smb.conf(5) for + details of how to change this - the parameter you need to set is + "mangled names = yes". + + + 22..44.. MMyy cclliieenntt rreeppoorrttss ""ccaannnnoott llooccaattee ssppeecciiffiieedd ccoommppuutteerr"" oorr ssiimmiillaarr + + + This indicates one of three things: You supplied an incorrect server + name, the underlying TCP/IP layer is not working correctly, or the + name you specified cannot be resolved. + + After carefully checking that the name you typed is the name you + should have typed, try doing things like pinging a host or telnetting + to somewhere on your network to see if TCP/IP is functioning OK. If it + is, the problem is most likely name resolution. + + + If your client has a facility to do so, hardcode a mapping between the + hosts IP and the name you want to use. For example, with Man Manager + or Windows for Workgroups you would put a suitable entry in the file + LMHOSTS. If this works, the problem is in the communication between + your client and the netbios name server. If it does not work, then + there is something fundamental wrong with your naming and the solution + is beyond the scope of this document. + + If you do not have any server on your subnet supplying netbios name + resolution, hardcoded mappings are your only option. If you DO have a + netbios name server running (such as the Samba suite's nmbd program), + the problem probably lies in the way it is set up. Refer to Section + Two of this FAQ for more ideas. + + By the way, remember to REMOVE the hardcoded mapping before further + tests :-) + + + 22..55.. MMyy cclliieenntt rreeppoorrttss ""ccaannnnoott llooccaattee ssppeecciiffiieedd sshhaarree nnaammee"" oorr ssiimmii-- + llaarr + + + This message indicates that your client CAN locate the specified + server, which is a good start, but that it cannot find a service of + the name you gave. + + The first step is to check the exact name of the service you are + trying to connect to (consult your system administrator). Assuming it + exists and you specified it correctly (read your client's doco on how + to specify a service name correctly), read on: + + + +o Many clients cannot accept or use service names longer than eight + characters. + + +o Many clients cannot accept or use service names containing spaces. + + +o Some servers (not Samba though) are case sensitive with service + names. + + +o Some clients force service names into upper case. + + + 22..66.. MMyy cclliieenntt rreeppoorrttss ""ccaannnnoott ffiinndd ddoommaaiinn ccoonnttrroolllleerr"",, ""ccaannnnoott lloogg + oonn ttoo tthhee nneettwwoorrkk"" oorr ssiimmiillaarr + + + Nothing is wrong - Samba does not implement the primary domain name + controller stuff for several reasons, including the fact that the + whole concept of a primary domain controller and "logging in to a + network" doesn't fit well with clients possibly running on multiuser + machines (such as users of smbclient under Unix). Having said that, + several developers are working hard on building it in to the next + major version of Samba. If you can contribute, send a message to + samba@samba.org ! + + Seeing this message should not affect your ability to mount redirected + disks and printers, which is really what all this is about. + + For many clients (including Windows for Workgroups and Lan Manager), + setting the domain to STANDALONE at least gets rid of the message. + + + + + + 22..77.. PPrriinnttiinngg ddooeessnn''tt wwoorrkk ::--(( + + + Make sure that the specified print command for the service you are + connecting to is correct and that it has a fully-qualified path (eg., + use "/usr/bin/lpr" rather than just "lpr"). + + Make sure that the spool directory specified for the service is + writable by the user connected to the service. In particular the user + "nobody" often has problems with printing, even if it worked with an + earlier version of Samba. Try creating another guest user other than + "nobody". + + Make sure that the user specified in the service is permitted to use + the printer. + + Check the debug log produced by smbd. Search for the printer name and + see if the log turns up any clues. Note that error messages to do with + a service ipc$ are meaningless - they relate to the way the client + attempts to retrieve status information when using the LANMAN1 + protocol. + + If using WfWg then you need to set the default protocol to TCP/IP, not + Netbeui. This is a WfWg bug. + + If using the Lanman1 protocol (the default) then try switching to + coreplus. Also not that print status error messages don't mean + printing won't work. The print status is received by a different + mechanism. + + + 22..88.. MMyy pprrooggrraammss iinnssttaallll oonn tthhee sseerrvveerr OOKK,, bbuutt rreeffuussee ttoo wwoorrkk pprroopp-- + eerrllyy + + + There are numerous possible reasons for this, but one MAJOR + possibility is that your software uses locking. Make sure you are + using Samba 1.6.11 or later. It may also be possible to work around + the problem by setting "locking=no" in the Samba configuration file + for the service the software is installed on. This should be regarded + as a strictly temporary solution. + + In earlier Samba versions there were some difficulties with the very + latest Microsoft products, particularly Excel 5 and Word for Windows + 6. These should have all been solved. If not then please let Andrew + Tridgell know via email at samba@samba.org. + + + 22..99.. MMyy ""sseerrvveerr ssttrriinngg"" ddooeessnn''tt sseeeemm ttoo bbee rreeccooggnniisseedd + + + OR My client reports the default setting, eg. "Samba 1.9.15p4", + instead of what I have changed it to in the smb.conf file. + + You need to use the -C option in nmbd. The "server string" affects + what smbd puts out and -C affects what nmbd puts out. + + Current versions of Samba (1.9.16 +) have combined these options into + the "server string" field of smb.conf, -C for nmbd is now obsolete. + + + 22..1100.. MMyy cclliieenntt rreeppoorrttss ""TThhiiss sseerrvveerr iiss nnoott ccoonnffiigguurreedd ttoo lliisstt sshhaarreedd + rreessoouurrcceess"" + + + Your guest account is probably invalid for some reason. Samba uses the + guest account for browsing in smbd. Check that your guest account is + valid. + + See also 'guest account' in smb.conf man page. + + + 22..1111.. LLoogg mmeessssaaggee ""yyoouu aappppeeaarr ttoo hhaavvee aa ttrraappddoooorr uuiidd ssyysstteemm"" + + + This can have several causes. It might be because you are using a uid + or gid of 65535 or -1. This is a VERY bad idea, and is a big security + hole. Check carefully in your /etc/passwd file and make sure that no + user has uid 65535 or -1. Especially check the "nobody" user, as many + broken systems are shipped with nobody setup with a uid of 65535. + + It might also mean that your OS has a trapdoor uid/gid system :-) + + This means that once a process changes effective uid from root to + another user it can't go back to root. Unfortunately Samba relies on + being able to change effective uid from root to non-root and back + again to implement its security policy. If your OS has a trapdoor uid + system this won't work, and several things in Samba may break. Less + things will break if you use user or server level security instead of + the default share level security, but you may still strike problems. + + The problems don't give rise to any security holes, so don't panic, + but it does mean some of Samba's capabilities will be unavailable. In + particular you will not be able to connect to the Samba server as two + different uids at once. This may happen if you try to print as a + "guest" while accessing a share as a normal user. It may also affect + your ability to list the available shares as this is normally done as + the guest user. + + Complain to your OS vendor and ask them to fix their system. + + Note: the reason why 65535 is a VERY bad choice of uid and gid is that + it casts to -1 as a uid, and the setreuid() system call ignores (with + no error) uid changes to -1. This means any daemon attempting to run + as uid 65535 will actually run as root. This is not good! + + + 33.. CCoommmmoonn cclliieenntt qquueessttiioonnss + + + + + 33..11.. AArree tthheerree aannyy MMaacciinnttoosshh cclliieennttss ffoorr SSaammbbaa?? + + + Yes! Thursby now have a CIFS Client / Server called DAVE - see + <http://www.thursby.com/>. They test it against Windows 95, Windows + NT and samba for compatibility issues. At the time of writing, DAVE + was at version 1.0.1. The 1.0.0 to 1.0.1 update is available as a free + download from the Thursby web site (the speed of finder copies has + been greatly enhanced, and there are bug-fixes included). + + Alternatives - There are two free implementations of AppleTalk for + several kinds of UNIX machnes, and several more commercial ones. + These products allow you to run file services and print services + natively to Macintosh users, with no additional support required on + the Macintosh. The two free omplementations are Netatalk, + <http://www.umich.edu/~rsug/netatalk/>, and CAP, + <http://www.cs.mu.oz.au/appletalk/atalk.html>. What Samba offers MS + Windows users, these packages offer to Macs. For more info on these + packages, Samba, and Linux (and other UNIX-based systems) see + <http://www.eats.com/linux_mac_win.html> + 33..22.. SSeessssiioonn rreeqquueesstt ffaaiilleedd ((113311,,113300))"" eerrrroorr + + + The following answer is provided by John E. Miller: + + I'll assume that you're able to ping back and forth between the + machines by IP address and name, and that you're using some security + model where you're confident that you've got user IDs and passwords + right. The logging options (-d3 or greater) can help a lot with that. + DNS and WINS configuration can also impact connectivity as well. + + Now, on to 'scope id's. Somewhere in your Win95 TCP/IP network + configuration (I'm too much of an NT bigot to know where it's located + in the Win95 setup, but I'll have to learn someday since I teach for a + Microsoft Solution Provider Authorized Tech Education Center - what an + acronym...) Note: It's under Control Panel | Network | TCP/IP | WINS + Configuration there's a little text entry field called something like + + This field essentially creates 'invisible' sub-workgroups on the same + wire. Boxes can only see other boxes whose Scope IDs are set to the + exact same value - it's sometimes used by OEMs to configure their + boxes to browse only other boxes from the same vendor and, in most + environments, this field should be left blank. If you, in fact, have + something in this box that EXACT value (case-sensitive!) needs to be + provided to smbclient and nmbd as the -i (lowercase) parameter. So, if + your Scope ID is configured as the string 'SomeStr' in Win95 then + you'd have to use smbclient -iSomeStr otherparms in connecting to it. + + + 33..33.. HHooww ddoo II ssyynncchhrroonniissee mmyy PPCC''ss cclloocckk wwiitthh mmyy SSaammbbaa sseerrvveerr?? + + + To syncronize your PC's clock with your Samba server: + + +o Copy timesync.pif to your windows directory + + +o timesync.pif can be found at: + <http://samba.org/samba/binaries/miscellaneous/timesync.pif> + + +o Add timesync.pif to your 'Start Up' group/folder + + +o Open the properties dialog box for the program/icon + + +o Make sure the 'Run Minimized' option is set in program 'Properties' + + +o Change the command line section that reads \sambahost to reflect + the name of your server. + + +o Close the properties dialog box by choosing 'OK' + + Each time you start your computer (or login for Win95) your PC will + synchronize its clock with your Samba server. + + Alternativley, if you clients support Domain Logons, you can setup + Domain Logons with Samba - see: BROWSING.txt + <ftp://samba.org/pub/samba/docs/BROWSING.txt> *** for more + information. + + Then add + + + NET TIME \\%L /SET /YES + + + + + as one of the lines in the logon script. + + 33..44.. PPrroobblleemmss wwiitthh WWiinnDDDD,, NNTTrriigguuee,, WWiinnCCeenntteerrPPrroo eettcc + + + All of the above programs are applications that sit on an NT box and + allow multiple users to access the NT GUI applications from remote + workstations (often over X). + + What has this got to do with Samba? The problem comes when these users + use filemanager to mount shares from a Samba server. The most common + symptom is that the first user to connect get correct file permissions + and has a nice day, but subsequent connections get logged in as the + same user as the first person to login. They find that they cannot + access files in their own home directory, but that they can access + files in the first users home directory (maybe not such a nice day + after all?) + + Why does this happen? The above products all share a common heritage + (and code base I believe). They all open just a single TCP based SMB + connection to the Samba server, and requests from all users are piped + over this connection. This is unfortunate, but not fatal. + + It means that if you run your Samba server in share level security + (the default) then things will definately break as described above. + The share level SMB security model has no provision for multiple user + IDs on the one SMB connection. See security_level.txt + <ftp://samba.org/pub/samba/docs/security_level.txt> in the docs + for more info on share/user/server level security. + + If you run in user or server level security then you have a chance, + but only if you have a recent version of Samba (at least 1.9.15p6). In + older versions bugs in Samba meant you still would have had problems. + + If you have a trapdoor uid system in your OS then it will never work + properly. Samba needs to be able to switch uids on the connection and + it can't if your OS has a trapdoor uid system. You'll know this + because Samba will note it in your logs. + + Also note that you should not use the magic "homes" share name with + products like these, as otherwise all users will end up with the same + home directory. Use \serversername instead. + + + 33..55.. PPrroobblleemm wwiitthh pprriinntteerrss uunnddeerr NNTT + + + This info from Stefan Hergeth hergeth@f7axp1.informatik.fh-muenchen.de + may be useful: + + A network-printer (with ethernetcard) is connected to the NT-Clients + via our UNIX-Fileserver (SAMBA-Server), like the configuration told by + Matthew Harrell harrell@leech.nrl.navy.mil (see WinNT.txt) + + 1. If a user has choosen this printer as the default printer in his + NT-Session and this printer is not connected to the network (e.g. + switched off) than this user has a problem with the SAMBA- + connection of his filesystems. It's very slow. + + 2. If the printer is connected to the network everything works fine. + + 3. When the smbd ist started with debug level 3, you can see that the + NT spooling system try to connect to the printer many times. If the + printer ist not connected to the network this request fails and the + NT spooler is wasting a lot of time to connect to the printer + service. This seems to be the reason for the slow network + connection. + + 4. Maybe it's possible to change this behaviour by setting different + printer properties in the Print-Manager-Menu of NT, but i didn't + try it yet. + + + 33..66.. WWhhyy aarree mmyy ffiillee''ss ttiimmeessttaammppss ooffff bbyy aann hhoouurr,, oorr bbyy aa ffeeww hhoouurrss?? + + + This is from Paul Eggert eggert@twinsun.com. + + Most likely it's a problem with your time zone settings. + + Internally, Samba maintains time in traditional Unix format, namely, + the number of seconds since 1970-01-01 00:00:00 Universal Time (or + ``GMT''), not counting leap seconds. + + On the server side, Samba uses the Unix TZ variable to convert + internal timestamps to and from local time. So on the server side, + there are two things to get right. + + 1. The Unix system clock must have the correct Universal time. Use + the shell command "sh -c 'TZ=UTC0 date'" to check this. + + 2. The TZ environment variable must be set on the server before Samba + is invoked. The details of this depend on the server OS, but + typically you must edit a file whose name is /etc/TIMEZONE or + /etc/default/init, or run the command `zic -l'. + + 3. TZ must have the correct value. + + a. If possible, use geographical time zone settings (e.g. + TZ='America/Los_Angeles' or perhaps TZ=':US/Pacific'). These + are supported by most popular Unix OSes, are easier to get + right, and are more accurate for historical timestamps. If your + operating system has out-of-date tables, you should be able to + update them from the public domain time zone tables at + <ftp://elsie.nci.nih.gov/pub/>. + + b. If your system does not support geographical timezone settings, + you must use a Posix-style TZ strings, e.g. + TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. Posix TZ + strings can take the following form (with optional items in + brackets): + + StdOffset[Dst[Offset],Date/Time,Date/Time] + + + where: + + +o `Std' is the standard time designation (e.g. `PST'). + + +o `Offset' is the number of hours behind UTC (e.g. `8'). Prepend + a `-' if you are ahead of UTC, and append `:30' if you are at a + half-hour offset. Omit all the remaining items if you do not + use daylight-saving time. + + +o `Dst' is the daylight-saving time designation (e.g. `PDT'). + + The optional second `Offset' is the number of hours that + daylight-saving time is behind UTC. The default is 1 hour ahead + of standard time. + + +o `Date/Time,Date/Time' specify when daylight-saving time starts + and ends. The format for a date is `Mm.n.d', which specifies + the dth day (0 is Sunday) of the nth week of the mth month, + where week 5 means the last such day in the month. The format + for a time is hh:mm[:ss], using a 24-hour clock. + + Other Posix string formats are allowed but you don't want to + know about them. + + On the client side, you must make sure that your client's clock and + time zone is also set appropriately. [I don't know how to do + this.] Samba traditionally has had many problems dealing with time + zones, due to the bizarre ways that Microsoft network protocols + handle time zones. A common symptom is for file timestamps to be + off by an hour. To work around the problem, try disconnecting from + your Samba server and then reconnecting to it; or upgrade your + Samba server to 1.9.16alpha10 or later. + + + 33..77.. HHooww ddoo II sseett tthhee pprriinntteerr ddrriivveerr nnaammee ccoorrrreeccttllyy?? + + + Question: On NT, I opened "Printer Manager" and "Connect to Printer". + Enter "\ptdi270s1" + in the box of printer. I got the following error message: + + + You do not have sufficient access to your machine + to connect to the selected printer, since a driver + needs to be installed locally. + + + + + Answer: + + In the more recent versions of Samba you can now set the "printer + driver" in smb.conf. This tells the client what driver to use. For + example: + + + printer driver = HP LaserJet 4L + + + + + with this, NT knows to use the right driver. You have to get this + string exactly right. + + To find the exact string to use, you need to get to the dialog box in + your client where you select which printer driver to install. The + correct strings for all the different printers are shown in a listbox + in that dialog box. + + You could also try setting the driver to NULL like this: + + + printer driver = NULL + + + + + this is effectively what older versions of Samba did, so if that + worked for you then give it a go. If this does work then let us know + via samba@samba.org, and we'll make it the default. Cur- + rently the default is a 0 length string. + + + 33..88.. II''vvee aapppplliieedd NNTT 44..00 SSPP33,, aanndd nnooww II ccaann''tt aacccceessss SSaammbbaa sshhaarreess,, + WWhhyy?? + + + As of SP3, Microsoft has decided that they will no longer default to + passing clear text passwords over the network. To enable access to + Samba shares from NT 4.0 SP3, you must do OONNEE of two things: + + 1. Set the Samba configuration option 'security = user' and implement + all of the stuff detailed in ENCRYPTION.txt + <ftp://samba.org/pub/samba/docs/ENCRYPTION.txt>. + + 2. Follow Microsoft's directions for setting your NT box to allow + plain text passwords. see Knowledge Base Article Q166730 + <http://www.microsoft.com/kb/articles/q166/7/30.htm> + + + 44.. SSppeecciiffiicc cclliieenntt aapppplliiccaattiioonn pprroobblleemmss + + + + + 44..11.. MMSS OOffffiiccee SSeettuupp rreeppoorrttss ""CCaannnnoott cchhaannggee pprrooppeerrttiieess ooff ''MMSSOOFF-- + FFIICCEEUUPP..IINNII''"" + + + When installing MS Office on a Samba drive for which you have admin + user permissions, ie. admin users = username, you will find the setup + program unable to complete the installation. + + To get around this problem, do the installation without admin user + permissions The problem is that MS Office Setup checks that a file is + rdonly by trying to open it for writing. + + Admin users can always open a file for writing, as they run as root. + You just have to install as a non-admin user and then use "chown -R" + to fix the owner. + + + 55.. MMiisscceellllaanneeoouuss + + + + 55..11.. IIss SSaammbbaa YYeeaarr 22000000 ccoommpplliiaanntt?? + + + The CIFS protocol that Samba implements negotiates times in various + formats, all of which are able to cope with dates beyond 2000. + + + + + + + + + + + + + + + + + + |