summaryrefslogtreecommitdiff
path: root/docs/htmldocs/Diagnosis.html
diff options
context:
space:
mode:
Diffstat (limited to 'docs/htmldocs/Diagnosis.html')
-rw-r--r--docs/htmldocs/Diagnosis.html548
1 files changed, 548 insertions, 0 deletions
diff --git a/docs/htmldocs/Diagnosis.html b/docs/htmldocs/Diagnosis.html
new file mode 100644
index 0000000000..1944c37be9
--- /dev/null
+++ b/docs/htmldocs/Diagnosis.html
@@ -0,0 +1,548 @@
+<HTML
+><HEAD
+><TITLE
+>Diagnosing your samba server</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="DIAGNOSIS"
+>Diagnosing your samba server</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Introduction</A
+></H1
+><P
+>This file contains a list of tests you can perform to validate your
+Samba server. It also tells you what the likely cause of the problem
+is if it fails any one of these steps. If it passes all these tests
+then it is probably working fine.</P
+><P
+>You should do ALL the tests, in the order shown. I have tried to
+carefully choose them so later tests only use capabilities verified in
+the earlier tests.</P
+><P
+>If you send me an email saying "it doesn't work" and you have not
+followed this test procedure then you should not be surprised if I
+ignore your email.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN8"
+>Assumptions</A
+></H1
+><P
+>In all of the tests I assume you have a Samba server called BIGSERVER
+and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the
+PC is running windows for workgroups with a recent copy of the
+microsoft tcp/ip stack. Alternatively, your PC may be running Windows
+95 or Windows NT (Workstation or Server).</P
+><P
+>The procedure is similar for other types of clients.</P
+><P
+>I also assume you know the name of an available share in your
+smb.conf. I will assume this share is called "tmp". You can add a
+"tmp" share like by adding the following to smb.conf:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>&#13;[tmp]
+ comment = temporary files
+ path = /tmp
+ read only = yes&#13;</PRE
+></P
+><P
+>THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME
+COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS</P
+><P
+>Please pay attention to the error messages you receive. If any error message
+reports that your server is being unfriendly you should first check that you
+IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf
+file points to name servers that really do exist.</P
+><P
+>Also, if you do not have DNS server access for name resolution please check
+that the settings for your smb.conf file results in "dns proxy = no". The
+best way to check this is with "testparm smb.conf"</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN18"
+>Tests</A
+></H1
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN20"
+>Test 1</A
+></H2
+><P
+>In the directory in which you store your smb.conf file, run the command
+"testparm smb.conf". If it reports any errors then your smb.conf
+configuration file is faulty.</P
+><P
+>Note: Your smb.conf file may be located in: <TT
+CLASS="FILENAME"
+>/etc</TT
+>
+ Or in: <TT
+CLASS="FILENAME"
+>/usr/local/samba/lib</TT
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN26"
+>Test 2</A
+></H2
+><P
+>Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
+the unix box. If you don't get a valid response then your TCP/IP
+software is not correctly installed. </P
+><P
+>Note that you will need to start a "dos prompt" window on the PC to
+run ping.</P
+><P
+>If you get a message saying "host not found" or similar then your DNS
+software or /etc/hosts file is not correctly setup. It is possible to
+run samba without DNS entries for the server and client, but I assume
+you do have correct entries for the remainder of these tests. </P
+><P
+>Another reason why ping might fail is if your host is running firewall
+software. You will need to relax the rules to let in the workstation
+in question, perhaps by allowing access from another subnet (on Linux
+this is done via the ipfwadm program.)</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN32"
+>Test 3</A
+></H2
+><P
+>Run the command "smbclient -L BIGSERVER" on the unix box. You
+should get a list of available shares back. </P
+><P
+>If you get a error message containing the string "Bad password" then
+you probably have either an incorrect "hosts allow", "hosts deny" or
+"valid users" line in your smb.conf, or your guest account is not
+valid. Check what your guest account is using "testparm" and
+temporarily remove any "hosts allow", "hosts deny", "valid users" or
+"invalid users" lines.</P
+><P
+>If you get a "connection refused" response then the smbd server may
+not be running. If you installed it in inetd.conf then you probably edited
+that file incorrectly. If you installed it as a daemon then check that
+it is running, and check that the netbios-ssn port is in a LISTEN
+state using "netstat -a".</P
+><P
+>If you get a "session request failed" then the server refused the
+connection. If it says "Your server software is being unfriendly" then
+its probably because you have invalid command line parameters to smbd,
+or a similar fatal problem with the initial startup of smbd. Also
+check your config file (smb.conf) for syntax errors with "testparm"
+and that the various directories where samba keeps its log and lock
+files exist.</P
+><P
+>There are a number of reasons for which smbd may refuse or decline
+a session request. The most common of these involve one or more of
+the following smb.conf file entries:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+> hosts deny = ALL
+ hosts allow = xxx.xxx.xxx.xxx/yy
+ bind interfaces only = Yes</PRE
+></P
+><P
+>In the above, no allowance has been made for any session requests that
+will automatically translate to the loopback adaptor address 127.0.0.1.
+To solve this problem change these lines to:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+> hosts deny = ALL
+ hosts allow = xxx.xxx.xxx.xxx/yy 127.</PRE
+></P
+><P
+>Do NOT use the "bind interfaces only" parameter where you may wish to
+use the samba password change facility, or where smbclient may need to
+access local service for name resolution or for local resource
+connections. (Note: the "bind interfaces only" parameter deficiency
+where it will not allow connections to the loopback address will be
+fixed soon).</P
+><P
+>Another common cause of these two errors is having something already running
+on port 139, such as Samba (ie: smbd is running from inetd already) or
+something like Digital's Pathworks. Check your inetd.conf file before trying
+to start smbd as a daemon, it can avoid a lot of frustration!</P
+><P
+>And yet another possible cause for failure of TEST 3 is when the subnet mask
+and / or broadcast address settings are incorrect. Please check that the
+network interface IP Address / Broadcast Address / Subnet Mask settings are
+correct and that Samba has correctly noted these in the log.nmb file.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN47"
+>Test 4</A
+></H2
+><P
+>Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
+IP address of your Samba server back.</P
+><P
+>If you don't then nmbd is incorrectly installed. Check your inetd.conf
+if you run it from there, or that the daemon is running and listening
+to udp port 137.</P
+><P
+>One common problem is that many inetd implementations can't take many
+parameters on the command line. If this is the case then create a
+one-line script that contains the right parameters and run that from
+inetd.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN52"
+>Test 5</A
+></H2
+><P
+>run the command <B
+CLASS="COMMAND"
+>nmblookup -B ACLIENT '*'</B
+></P
+><P
+>You should get the PCs IP address back. If you don't then the client
+software on the PC isn't installed correctly, or isn't started, or you
+got the name of the PC wrong. </P
+><P
+>If ACLIENT doesn't resolve via DNS then use the IP address of the
+client in the above test.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN58"
+>Test 6</A
+></H2
+><P
+>Run the command <B
+CLASS="COMMAND"
+>nmblookup -d 2 '*'</B
+></P
+><P
+>This time we are trying the same as the previous test but are trying
+it via a broadcast to the default broadcast address. A number of
+Netbios/TCPIP hosts on the network should respond, although Samba may
+not catch all of the responses in the short time it listens. You
+should see "got a positive name query response" messages from several
+hosts.</P
+><P
+>If this doesn't give a similar result to the previous test then
+nmblookup isn't correctly getting your broadcast address through its
+automatic mechanism. In this case you should experiment use the
+"interfaces" option in smb.conf to manually configure your IP
+address, broadcast and netmask. </P
+><P
+>If your PC and server aren't on the same subnet then you will need to
+use the -B option to set the broadcast address to the that of the PCs
+subnet.</P
+><P
+>This test will probably fail if your subnet mask and broadcast address are
+not correct. (Refer to TEST 3 notes above).</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN66"
+>Test 7</A
+></H2
+><P
+>Run the command <B
+CLASS="COMMAND"
+>smbclient //BIGSERVER/TMP</B
+>. You should
+then be prompted for a password. You should use the password of the account
+you are logged into the unix box with. If you want to test with
+another account then add the -U &gt;accountname&lt; option to the end of
+the command line. eg:
+<B
+CLASS="COMMAND"
+>smbclient //bigserver/tmp -Ujohndoe</B
+></P
+><P
+>Note: It is possible to specify the password along with the username
+as follows:
+<B
+CLASS="COMMAND"
+>smbclient //bigserver/tmp -Ujohndoe%secret</B
+></P
+><P
+>Once you enter the password you should get the "smb&#62;" prompt. If you
+don't then look at the error message. If it says "invalid network
+name" then the service "tmp" is not correctly setup in your smb.conf.</P
+><P
+>If it says "bad password" then the likely causes are:</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+> you have shadow passords (or some other password system) but didn't
+ compile in support for them in smbd
+ </P
+></LI
+><LI
+><P
+> your "valid users" configuration is incorrect
+ </P
+></LI
+><LI
+><P
+> you have a mixed case password and you haven't enabled the "password
+ level" option at a high enough level
+ </P
+></LI
+><LI
+><P
+> the "path =" line in smb.conf is incorrect. Check it with testparm
+ </P
+></LI
+><LI
+><P
+> you enabled password encryption but didn't create the SMB encrypted
+ password file
+ </P
+></LI
+></OL
+><P
+>Once connected you should be able to use the commands
+<B
+CLASS="COMMAND"
+>dir</B
+> <B
+CLASS="COMMAND"
+>get</B
+> <B
+CLASS="COMMAND"
+>put</B
+> etc.
+Type <B
+CLASS="COMMAND"
+>help &gt;command&lt;</B
+> for instructions. You should
+especially check that the amount of free disk space shown is correct
+when you type <B
+CLASS="COMMAND"
+>dir</B
+>.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN92"
+>Test 8</A
+></H2
+><P
+>On the PC type the command <B
+CLASS="COMMAND"
+>net view \\BIGSERVER</B
+>. You will
+need to do this from within a "dos prompt" window. You should get back a
+list of available shares on the server.</P
+><P
+>If you get a "network name not found" or similar error then netbios
+name resolution is not working. This is usually caused by a problem in
+nmbd. To overcome it you could do one of the following (you only need
+to choose one of them):</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+> fixup the nmbd installation</P
+></LI
+><LI
+><P
+> add the IP address of BIGSERVER to the "wins server" box in the
+ advanced tcp/ip setup on the PC.</P
+></LI
+><LI
+><P
+> enable windows name resolution via DNS in the advanced section of
+ the tcp/ip setup</P
+></LI
+><LI
+><P
+> add BIGSERVER to your lmhosts file on the PC.</P
+></LI
+></OL
+><P
+>If you get a "invalid network name" or "bad password error" then the
+same fixes apply as they did for the "smbclient -L" test above. In
+particular, make sure your "hosts allow" line is correct (see the man
+pages)</P
+><P
+>Also, do not overlook that fact that when the workstation requests the
+connection to the samba server it will attempt to connect using the
+name with which you logged onto your Windows machine. You need to make
+sure that an account exists on your Samba server with that exact same
+name and password.</P
+><P
+>If you get "specified computer is not receiving requests" or similar
+it probably means that the host is not contactable via tcp services.
+Check to see if the host is running tcp wrappers, and if so add an entry in
+the hosts.allow file for your client (or subnet, etc.)</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN109"
+>Test 9</A
+></H2
+><P
+>Run the command <B
+CLASS="COMMAND"
+>net use x: \\BIGSERVER\TMP</B
+>. You should
+be prompted for a password then you should get a "command completed
+successfully" message. If not then your PC software is incorrectly
+installed or your smb.conf is incorrect. make sure your "hosts allow"
+and other config lines in smb.conf are correct.</P
+><P
+>It's also possible that the server can't work out what user name to
+connect you as. To see if this is the problem add the line "user =
+USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the
+username corresponding to the password you typed. If you find this
+fixes things you may need the username mapping option.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN114"
+>Test 10</A
+></H2
+><P
+>Run the command <B
+CLASS="COMMAND"
+>nmblookup -M TESTGROUP</B
+> where
+TESTGROUP is the name of the workgroup that your Samba server and
+Windows PCs belong to. You should get back the IP address of the
+master browser for that workgroup.</P
+><P
+>If you don't then the election process has failed. Wait a minute to
+see if it is just being slow then try again. If it still fails after
+that then look at the browsing options you have set in smb.conf. Make
+sure you have <B
+CLASS="COMMAND"
+>preferred master = yes</B
+> to ensure that
+an election is held at startup.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN120"
+>Test 11</A
+></H2
+><P
+>From file manager try to browse the server. Your samba server should
+appear in the browse list of your local workgroup (or the one you
+specified in smb.conf). You should be able to double click on the name
+of the server and get a list of shares. If you get a "invalid
+password" error when you do then you are probably running WinNT and it
+is refusing to browse a server that has no encrypted password
+capability and is in user level security mode. In this case either set
+<B
+CLASS="COMMAND"
+>security = server</B
+> AND
+<B
+CLASS="COMMAND"
+>password server = Windows_NT_Machine</B
+> in your
+smb.conf file, or enable encrypted passwords AFTER compiling in support
+for encrypted passwords (refer to the Makefile).</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN125"
+>Still having troubles?</A
+></H1
+><P
+>Try the mailing list or newsgroup, or use the ethereal utility to
+sniff the problem. The official samba mailing list can be reached at
+<A
+HREF="mailto:samba@samba.org"
+TARGET="_top"
+>samba@samba.org</A
+>. To find
+out more about samba and how to subscribe to the mailing list check
+out the samba web page at
+<A
+HREF="http://samba.org/samba"
+TARGET="_top"
+>http://samba.org/samba</A
+></P
+><P
+>Also look at the other docs in the Samba package!</P
+></DIV
+></DIV
+></BODY
+></HTML
+> \ No newline at end of file