summaryrefslogtreecommitdiff
path: root/docs/textdocs/DIAGNOSIS.txt
diff options
context:
space:
mode:
Diffstat (limited to 'docs/textdocs/DIAGNOSIS.txt')
-rw-r--r--docs/textdocs/DIAGNOSIS.txt178
1 files changed, 131 insertions, 47 deletions
diff --git a/docs/textdocs/DIAGNOSIS.txt b/docs/textdocs/DIAGNOSIS.txt
index 6681bdc4bc..2816610a9c 100644
--- a/docs/textdocs/DIAGNOSIS.txt
+++ b/docs/textdocs/DIAGNOSIS.txt
@@ -1,5 +1,8 @@
-DIAGNOSING YOUR SAMBA SERVER
-============================
+Contributor: Andrew Tridgell
+Updated: November 1, 1999
+
+Subject: DIAGNOSING YOUR SAMBA SERVER
+===========================================================================
This file contains a list of tests you can perform to validate your
Samba server. It also tells you what the likely cause of the problem
@@ -10,9 +13,6 @@ You should do ALL the tests, in the order shown. I have tried to
carefully choose them so later tests only use capabilities verified in
the earlier tests.
-I would welcome additions to this set of tests. Please mail them to
-samba-bugs@anu.edu.au
-
If you send me an email saying "it doesn't work" and you have not
followed this test procedure then you should not be surprised if I
ignore your email.
@@ -22,11 +22,14 @@ ASSUMPTIONS
-----------
In all of the tests I assume you have a Samba server called BIGSERVER
-and a PC called ACLIENT. I also assume the PC is running windows for
-workgroups with a recent copy of the microsoft tcp/ip stack. The
-procedure is similar for other types of clients.
+and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the
+PC is running windows for workgroups with a recent copy of the
+microsoft tcp/ip stack. Alternatively, your PC may be running Windows
+95 or Windows NT (Workstation or Server).
+
+The procedure is similar for other types of clients.
-I also assume you know the name of a available share in your
+I also assume you know the name of an available share in your
smb.conf. I will assume this share is called "tmp". You can add a
"tmp" share like by adding the following to smb.conf:
@@ -36,15 +39,28 @@ smb.conf. I will assume this share is called "tmp". You can add a
read only = yes
-THESE TESTS ASSUME VERSION 1.9.15 OR LATER OF THE SAMBA SUITE. SOME
+THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME
COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS
+Please pay attention to the error messages you receive. If any error message
+reports that your server is being unfriendly you should first check that you
+IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf
+file points to name servers that really do exist.
+
+Also, if you do not have DNS server access for name resolution please check
+that the settings for your smb.conf file results in "dns proxy = no". The
+best way to check this is with "testparm smb.conf"
+
TEST 1:
-------
-run the command "testparm". If it reports any errors then your
-smb.conf configuration file is faulty.
+In the directory in which you store your smb.conf file, run the command
+"testparm smb.conf". If it reports any errors then your smb.conf
+configuration file is faulty.
+
+Note: Your smb.conf file may be located in: /etc
+ Or in: /usr/local/samba/lib
TEST 2:
@@ -60,13 +76,18 @@ run ping.
If you get a message saying "host not found" or similar then your DNS
software or /etc/hosts file is not correctly setup. It is possible to
run samba without DNS entries for the server and client, but I assume
-you do have correct entries for the remainder of these tests.
+you do have correct entries for the remainder of these tests.
+
+Another reason why ping might fail is if your host is running firewall
+software. You will need to relax the rules to let in the workstation
+in question, perhaps by allowing access from another subnet (on Linux
+this is done via the ipfwadm program.)
TEST 3:
-------
-run the command "smbclient -L BIGSERVER -U%" on the unix box. You
+Run the command "smbclient -L BIGSERVER" on the unix box. You
should get a list of available shares back.
If you get a error message containing the string "Bad password" then
@@ -76,26 +97,57 @@ valid. Check what your guest account is using "testparm" and
temporarily remove any "hosts allow", "hosts deny", "valid users" or
"invalid users" lines.
-If you get a "connection refused" response then the smbd server could
-not be run. If you installed it in inetd.conf then you probably edited
+If you get a "connection refused" response then the smbd server may
+not be running. If you installed it in inetd.conf then you probably edited
that file incorrectly. If you installed it as a daemon then check that
it is running, and check that the netbios-ssn port is in a LISTEN
state using "netstat -a".
If you get a "session request failed" then the server refused the
-connection. If it says "your server software is being unfriendly" then
+connection. If it says "Your server software is being unfriendly" then
its probably because you have invalid command line parameters to smbd,
or a similar fatal problem with the initial startup of smbd. Also
-check your config file for syntax errors with "testparm".
+check your config file (smb.conf) for syntax errors with "testparm"
+and that the various directories where samba keeps its log and lock
+files exist.
+
+There are a number of reasons for which smbd may refuse or decline
+a session request. The most common of these involve one or more of
+the following smb.conf file entries:
+ hosts deny = ALL
+ hosts allow = xxx.xxx.xxx.xxx/yy
+ bind interfaces only = Yes
+
+In the above, no allowance has been made for any session requests that
+will automatically translate to the loopback adaptor address 127.0.0.1.
+To solve this problem change these lines to:
+ hosts deny = ALL
+ hosts allow = xxx.xxx.xxx.xxx/yy 127.
+Do NOT use the "bind interfaces only" parameter where you may wish to
+use the samba password change facility, or where smbclient may need to
+access local service for name resolution or for local resource
+connections. (Note: the "bind interfaces only" parameter deficiency
+where it will not allow connections to the loopback address will be
+fixed soon).
+
+Another common cause of these two errors is having something already running
+on port 139, such as Samba (ie: smbd is running from inetd already) or
+something like Digital's Pathworks. Check your inetd.conf file before trying
+to start smbd as a daemon, it can avoid a lot of frustration!
+
+And yet another possible cause for failure of TEST 3 is when the subnet mask
+and / or broadcast address settings are incorrect. Please check that the
+network interface IP Address / Broadcast Address / Subnet Mask settings are
+correct and that Samba has correctly noted these in the log.nmb file.
TEST 4:
-------
-run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
+Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
IP address of your Samba server back.
If you don't then nmbd is incorrectly installed. Check your inetd.conf
-if yu run it from there, or that the daemon is running and listening
+if you run it from there, or that the daemon is running and listening
to udp port 137.
One common problem is that many inetd implementations can't take many
@@ -103,6 +155,7 @@ parameters on the command line. If this is the case then create a
one-line script that contains the right parameters and run that from
inetd.
+
TEST 5:
-------
@@ -110,14 +163,16 @@ run the command "nmblookup -B ACLIENT '*'"
You should get the PCs IP address back. If you don't then the client
software on the PC isn't installed correctly, or isn't started, or you
-got the name of the PC wrong. Note that you probably won't get a "node
-status response" from the PC due to a bug in the microsoft netbios
-nameserver implementation (it responds to the wrong port number).
+got the name of the PC wrong.
+
+If ACLIENT doesn't resolve via DNS then use the IP address of the
+client in the above test.
+
TEST 6:
-------
-run the command "nmblookup -d 2 '*'"
+Run the command "nmblookup -d 2 '*'"
This time we are trying the same as the previous test but are trying
it via a broadcast to the default broadcast address. A number of
@@ -128,33 +183,29 @@ hosts.
If this doesn't give a similar result to the previous test then
nmblookup isn't correctly getting your broadcast address through its
-automatic mechanism. In this case you should experiment with the -B
-option which allows you to manually specify the broadcast address,
-overriding the automatic detection. You should try different broadcast
-addresses until your find the one that works. It will most likely be
-something like a.b.c.255 as microsoft tcpip stacks only listen on 1's
-based broadcast addresses. If you get stuck then ask your local
-networking guru for help (and show them this paragraph).
-
-If you find you do need the -B option (ie. the automatic detection
-doesn't work) then you should add the -B option with the right
-broadcast address for your network to the command line of nmbd in
-inetd.conf or in the script you use to start nmbd as a daemon. Once
-you do this go back to the "nmblookup __SAMBA__ -B BIGSERVER" test to
-make sure you have it running properly.
+automatic mechanism. In this case you should experiment use the
+"interfaces" option in smb.conf to manually configure your IP
+address, broadcast and netmask.
If your PC and server aren't on the same subnet then you will need to
use the -B option to set the broadcast address to the that of the PCs
subnet.
+This test will probably fail if your subnet mask and broadcast address are
+not correct. (Refer to TEST 3 notes above).
+
TEST 7:
-------
-run the command "smbclient '\\BIGSERVER\TMP'". You should then be
+Run the command "smbclient //BIGSERVER/TMP". You should then be
prompted for a password. You should use the password of the account
you are logged into the unix box with. If you want to test with
-another account then add the -U <accountname> option to the command
-line.
+another account then add the -U <accountname> option to the end of
+the command line. eg: smbclient //bigserver/tmp -Ujohndoe
+
+Note: It is possible to specify the password along with the username
+as follows:
+ smbclient //bigserver/tmp -Ujohndoe%secret
Once you enter the password you should get the "smb>" prompt. If you
don't then look at the error message. If it says "invalid network
@@ -168,6 +219,8 @@ compile in support for them in smbd
- you have a mixed case password and you haven't enabled the "password
level" option at a high enough level
- the "path =" line in smb.conf is incorrect. Check it with testparm
+- you enabled password encryption but didn't create the SMB encrypted
+password file
Once connected you should be able to use the commands "dir" "get"
"put" etc. Type "help <command>" for instructions. You should
@@ -199,11 +252,22 @@ same fixes apply as they did for the "smbclient -L" test above. In
particular, make sure your "hosts allow" line is correct (see the man
pages)
+Also, do not overlook that fact that when the workstation requests the
+connection to the samba server it will attempt to connect using the
+name with which you logged onto your Windows machine. You need to make
+sure that an account exists on your Samba server with that exact same
+name and password.
+
+If you get "specified computer is not receiving requests" or similar
+it probably means that the host is not contactable via tcp services.
+Check to see if the host is running tcp wrappers, and if so add an entry in
+the hosts.allow file for your client (or subnet, etc.)
+
TEST 9:
--------
-run the command "net use x: \\BIGSERVER\TMP". You should be prompted
+Run the command "net use x: \\BIGSERVER\TMP". You should be prompted
for a password then you should get a "command completed successfully"
message. If not then your PC software is incorrectly installed or your
smb.conf is incorrect. make sure your "hosts allow" and other config
@@ -215,23 +279,43 @@ USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the
username corresponding to the password you typed. If you find this
fixes things you may need the username mapping option.
-
TEST 10:
--------
+Run the command "nmblookup -M TESTGROUP" where TESTGROUP is the name
+of the workgroup that your Samba server and Windows PCs belong to. You
+should get back the IP address of the master browser for that
+workgroup.
+
+If you don't then the election process has failed. Wait a minute to
+see if it is just being slow then try again. If it still fails after
+that then look at the browsing options you have set in smb.conf. Make
+sure you have "preferred master = yes" to ensure that an election is
+held at startup.
+
+TEST 11:
+--------
+
From file manager try to browse the server. Your samba server should
appear in the browse list of your local workgroup (or the one you
-specified in the Makefile). You should be able to double click on the
-name of the server and get a list of shares. If you get a "invalid
+specified in smb.conf). You should be able to double click on the name
+of the server and get a list of shares. If you get a "invalid
password" error when you do then you are probably running WinNT and it
is refusing to browse a server that has no encrypted password
-capability and is in user level security mode.
+capability and is in user level security mode. In this case either set
+"security = server" AND "password server = Windows_NT_Machine" in your
+smb.conf file, or enable encrypted passwords AFTER compiling in support
+for encrypted passwords (refer to the Makefile).
Still having troubles?
----------------------
Try the mailing list or newsgroup, or use the tcpdump-smb utility to
-sniff the problem.
+sniff the problem. The official samba mailing list can be reached at
+samba@samba.org. To find out more about samba and how to
+subscribe to the mailing list check out the samba web page at
+ http://samba.org/samba
+Also look at the other docs in the Samba package!
generated by cgit (git 2.34.1) at 2024-12-22 10:58:54 +0000