diff options
Diffstat (limited to 'docs/htmldocs/Diagnosis.html')
-rw-r--r-- | docs/htmldocs/Diagnosis.html | 548 |
1 files changed, 548 insertions, 0 deletions
diff --git a/docs/htmldocs/Diagnosis.html b/docs/htmldocs/Diagnosis.html new file mode 100644 index 0000000000..1944c37be9 --- /dev/null +++ b/docs/htmldocs/Diagnosis.html @@ -0,0 +1,548 @@ +<HTML +><HEAD +><TITLE +>Diagnosing your samba server</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD +><BODY +CLASS="ARTICLE" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><DIV +CLASS="ARTICLE" +><DIV +CLASS="TITLEPAGE" +><H1 +CLASS="TITLE" +><A +NAME="DIAGNOSIS" +>Diagnosing your samba server</A +></H1 +><HR></DIV +><DIV +CLASS="SECT1" +><H1 +CLASS="SECT1" +><A +NAME="AEN3" +>Introduction</A +></H1 +><P +>This file contains a list of tests you can perform to validate your +Samba server. It also tells you what the likely cause of the problem +is if it fails any one of these steps. If it passes all these tests +then it is probably working fine.</P +><P +>You should do ALL the tests, in the order shown. I have tried to +carefully choose them so later tests only use capabilities verified in +the earlier tests.</P +><P +>If you send me an email saying "it doesn't work" and you have not +followed this test procedure then you should not be surprised if I +ignore your email.</P +></DIV +><DIV +CLASS="SECT1" +><HR><H1 +CLASS="SECT1" +><A +NAME="AEN8" +>Assumptions</A +></H1 +><P +>In all of the tests I assume you have a Samba server called BIGSERVER +and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the +PC is running windows for workgroups with a recent copy of the +microsoft tcp/ip stack. Alternatively, your PC may be running Windows +95 or Windows NT (Workstation or Server).</P +><P +>The procedure is similar for other types of clients.</P +><P +>I also assume you know the name of an available share in your +smb.conf. I will assume this share is called "tmp". You can add a +"tmp" share like by adding the following to smb.conf:</P +><P +><PRE +CLASS="PROGRAMLISTING" +> [tmp] + comment = temporary files + path = /tmp + read only = yes </PRE +></P +><P +>THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME +COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS</P +><P +>Please pay attention to the error messages you receive. If any error message +reports that your server is being unfriendly you should first check that you +IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf +file points to name servers that really do exist.</P +><P +>Also, if you do not have DNS server access for name resolution please check +that the settings for your smb.conf file results in "dns proxy = no". The +best way to check this is with "testparm smb.conf"</P +></DIV +><DIV +CLASS="SECT1" +><HR><H1 +CLASS="SECT1" +><A +NAME="AEN18" +>Tests</A +></H1 +><DIV +CLASS="SECT2" +><H2 +CLASS="SECT2" +><A +NAME="AEN20" +>Test 1</A +></H2 +><P +>In the directory in which you store your smb.conf file, run the command +"testparm smb.conf". If it reports any errors then your smb.conf +configuration file is faulty.</P +><P +>Note: Your smb.conf file may be located in: <TT +CLASS="FILENAME" +>/etc</TT +> + Or in: <TT +CLASS="FILENAME" +>/usr/local/samba/lib</TT +></P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN26" +>Test 2</A +></H2 +><P +>Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from +the unix box. If you don't get a valid response then your TCP/IP +software is not correctly installed. </P +><P +>Note that you will need to start a "dos prompt" window on the PC to +run ping.</P +><P +>If you get a message saying "host not found" or similar then your DNS +software or /etc/hosts file is not correctly setup. It is possible to +run samba without DNS entries for the server and client, but I assume +you do have correct entries for the remainder of these tests. </P +><P +>Another reason why ping might fail is if your host is running firewall +software. You will need to relax the rules to let in the workstation +in question, perhaps by allowing access from another subnet (on Linux +this is done via the ipfwadm program.)</P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN32" +>Test 3</A +></H2 +><P +>Run the command "smbclient -L BIGSERVER" on the unix box. You +should get a list of available shares back. </P +><P +>If you get a error message containing the string "Bad password" then +you probably have either an incorrect "hosts allow", "hosts deny" or +"valid users" line in your smb.conf, or your guest account is not +valid. Check what your guest account is using "testparm" and +temporarily remove any "hosts allow", "hosts deny", "valid users" or +"invalid users" lines.</P +><P +>If you get a "connection refused" response then the smbd server may +not be running. If you installed it in inetd.conf then you probably edited +that file incorrectly. If you installed it as a daemon then check that +it is running, and check that the netbios-ssn port is in a LISTEN +state using "netstat -a".</P +><P +>If you get a "session request failed" then the server refused the +connection. If it says "Your server software is being unfriendly" then +its probably because you have invalid command line parameters to smbd, +or a similar fatal problem with the initial startup of smbd. Also +check your config file (smb.conf) for syntax errors with "testparm" +and that the various directories where samba keeps its log and lock +files exist.</P +><P +>There are a number of reasons for which smbd may refuse or decline +a session request. The most common of these involve one or more of +the following smb.conf file entries:</P +><P +><PRE +CLASS="PROGRAMLISTING" +> hosts deny = ALL + hosts allow = xxx.xxx.xxx.xxx/yy + bind interfaces only = Yes</PRE +></P +><P +>In the above, no allowance has been made for any session requests that +will automatically translate to the loopback adaptor address 127.0.0.1. +To solve this problem change these lines to:</P +><P +><PRE +CLASS="PROGRAMLISTING" +> hosts deny = ALL + hosts allow = xxx.xxx.xxx.xxx/yy 127.</PRE +></P +><P +>Do NOT use the "bind interfaces only" parameter where you may wish to +use the samba password change facility, or where smbclient may need to +access local service for name resolution or for local resource +connections. (Note: the "bind interfaces only" parameter deficiency +where it will not allow connections to the loopback address will be +fixed soon).</P +><P +>Another common cause of these two errors is having something already running +on port 139, such as Samba (ie: smbd is running from inetd already) or +something like Digital's Pathworks. Check your inetd.conf file before trying +to start smbd as a daemon, it can avoid a lot of frustration!</P +><P +>And yet another possible cause for failure of TEST 3 is when the subnet mask +and / or broadcast address settings are incorrect. Please check that the +network interface IP Address / Broadcast Address / Subnet Mask settings are +correct and that Samba has correctly noted these in the log.nmb file.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN47" +>Test 4</A +></H2 +><P +>Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the +IP address of your Samba server back.</P +><P +>If you don't then nmbd is incorrectly installed. Check your inetd.conf +if you run it from there, or that the daemon is running and listening +to udp port 137.</P +><P +>One common problem is that many inetd implementations can't take many +parameters on the command line. If this is the case then create a +one-line script that contains the right parameters and run that from +inetd.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN52" +>Test 5</A +></H2 +><P +>run the command <B +CLASS="COMMAND" +>nmblookup -B ACLIENT '*'</B +></P +><P +>You should get the PCs IP address back. If you don't then the client +software on the PC isn't installed correctly, or isn't started, or you +got the name of the PC wrong. </P +><P +>If ACLIENT doesn't resolve via DNS then use the IP address of the +client in the above test.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN58" +>Test 6</A +></H2 +><P +>Run the command <B +CLASS="COMMAND" +>nmblookup -d 2 '*'</B +></P +><P +>This time we are trying the same as the previous test but are trying +it via a broadcast to the default broadcast address. A number of +Netbios/TCPIP hosts on the network should respond, although Samba may +not catch all of the responses in the short time it listens. You +should see "got a positive name query response" messages from several +hosts.</P +><P +>If this doesn't give a similar result to the previous test then +nmblookup isn't correctly getting your broadcast address through its +automatic mechanism. In this case you should experiment use the +"interfaces" option in smb.conf to manually configure your IP +address, broadcast and netmask. </P +><P +>If your PC and server aren't on the same subnet then you will need to +use the -B option to set the broadcast address to the that of the PCs +subnet.</P +><P +>This test will probably fail if your subnet mask and broadcast address are +not correct. (Refer to TEST 3 notes above).</P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN66" +>Test 7</A +></H2 +><P +>Run the command <B +CLASS="COMMAND" +>smbclient //BIGSERVER/TMP</B +>. You should +then be prompted for a password. You should use the password of the account +you are logged into the unix box with. If you want to test with +another account then add the -U >accountname< option to the end of +the command line. eg: +<B +CLASS="COMMAND" +>smbclient //bigserver/tmp -Ujohndoe</B +></P +><P +>Note: It is possible to specify the password along with the username +as follows: +<B +CLASS="COMMAND" +>smbclient //bigserver/tmp -Ujohndoe%secret</B +></P +><P +>Once you enter the password you should get the "smb>" prompt. If you +don't then look at the error message. If it says "invalid network +name" then the service "tmp" is not correctly setup in your smb.conf.</P +><P +>If it says "bad password" then the likely causes are:</P +><P +></P +><OL +TYPE="1" +><LI +><P +> you have shadow passords (or some other password system) but didn't + compile in support for them in smbd + </P +></LI +><LI +><P +> your "valid users" configuration is incorrect + </P +></LI +><LI +><P +> you have a mixed case password and you haven't enabled the "password + level" option at a high enough level + </P +></LI +><LI +><P +> the "path =" line in smb.conf is incorrect. Check it with testparm + </P +></LI +><LI +><P +> you enabled password encryption but didn't create the SMB encrypted + password file + </P +></LI +></OL +><P +>Once connected you should be able to use the commands +<B +CLASS="COMMAND" +>dir</B +> <B +CLASS="COMMAND" +>get</B +> <B +CLASS="COMMAND" +>put</B +> etc. +Type <B +CLASS="COMMAND" +>help >command<</B +> for instructions. You should +especially check that the amount of free disk space shown is correct +when you type <B +CLASS="COMMAND" +>dir</B +>.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN92" +>Test 8</A +></H2 +><P +>On the PC type the command <B +CLASS="COMMAND" +>net view \\BIGSERVER</B +>. You will +need to do this from within a "dos prompt" window. You should get back a +list of available shares on the server.</P +><P +>If you get a "network name not found" or similar error then netbios +name resolution is not working. This is usually caused by a problem in +nmbd. To overcome it you could do one of the following (you only need +to choose one of them):</P +><P +></P +><OL +TYPE="1" +><LI +><P +> fixup the nmbd installation</P +></LI +><LI +><P +> add the IP address of BIGSERVER to the "wins server" box in the + advanced tcp/ip setup on the PC.</P +></LI +><LI +><P +> enable windows name resolution via DNS in the advanced section of + the tcp/ip setup</P +></LI +><LI +><P +> add BIGSERVER to your lmhosts file on the PC.</P +></LI +></OL +><P +>If you get a "invalid network name" or "bad password error" then the +same fixes apply as they did for the "smbclient -L" test above. In +particular, make sure your "hosts allow" line is correct (see the man +pages)</P +><P +>Also, do not overlook that fact that when the workstation requests the +connection to the samba server it will attempt to connect using the +name with which you logged onto your Windows machine. You need to make +sure that an account exists on your Samba server with that exact same +name and password.</P +><P +>If you get "specified computer is not receiving requests" or similar +it probably means that the host is not contactable via tcp services. +Check to see if the host is running tcp wrappers, and if so add an entry in +the hosts.allow file for your client (or subnet, etc.)</P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN109" +>Test 9</A +></H2 +><P +>Run the command <B +CLASS="COMMAND" +>net use x: \\BIGSERVER\TMP</B +>. You should +be prompted for a password then you should get a "command completed +successfully" message. If not then your PC software is incorrectly +installed or your smb.conf is incorrect. make sure your "hosts allow" +and other config lines in smb.conf are correct.</P +><P +>It's also possible that the server can't work out what user name to +connect you as. To see if this is the problem add the line "user = +USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the +username corresponding to the password you typed. If you find this +fixes things you may need the username mapping option.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN114" +>Test 10</A +></H2 +><P +>Run the command <B +CLASS="COMMAND" +>nmblookup -M TESTGROUP</B +> where +TESTGROUP is the name of the workgroup that your Samba server and +Windows PCs belong to. You should get back the IP address of the +master browser for that workgroup.</P +><P +>If you don't then the election process has failed. Wait a minute to +see if it is just being slow then try again. If it still fails after +that then look at the browsing options you have set in smb.conf. Make +sure you have <B +CLASS="COMMAND" +>preferred master = yes</B +> to ensure that +an election is held at startup.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN120" +>Test 11</A +></H2 +><P +>From file manager try to browse the server. Your samba server should +appear in the browse list of your local workgroup (or the one you +specified in smb.conf). You should be able to double click on the name +of the server and get a list of shares. If you get a "invalid +password" error when you do then you are probably running WinNT and it +is refusing to browse a server that has no encrypted password +capability and is in user level security mode. In this case either set +<B +CLASS="COMMAND" +>security = server</B +> AND +<B +CLASS="COMMAND" +>password server = Windows_NT_Machine</B +> in your +smb.conf file, or enable encrypted passwords AFTER compiling in support +for encrypted passwords (refer to the Makefile).</P +></DIV +></DIV +><DIV +CLASS="SECT1" +><HR><H1 +CLASS="SECT1" +><A +NAME="AEN125" +>Still having troubles?</A +></H1 +><P +>Try the mailing list or newsgroup, or use the ethereal utility to +sniff the problem. The official samba mailing list can be reached at +<A +HREF="mailto:samba@samba.org" +TARGET="_top" +>samba@samba.org</A +>. To find +out more about samba and how to subscribe to the mailing list check +out the samba web page at +<A +HREF="http://samba.org/samba" +TARGET="_top" +>http://samba.org/samba</A +></P +><P +>Also look at the other docs in the Samba package!</P +></DIV +></DIV +></BODY +></HTML +>
\ No newline at end of file |