From 3d6bb1823c3a82958ee2b80be4f953e23703eb9d Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 30 Apr 2003 21:26:24 +0000 Subject: Docbook XML conversion: projdoc (This used to be commit f7c9df751459da2d4a996d5f0135334fb3f87f69) --- docs/docbook/projdoc/Diagnosis.xml | 522 +++++++++++++++++++++++++++++++++++++ 1 file changed, 522 insertions(+) create mode 100644 docs/docbook/projdoc/Diagnosis.xml (limited to 'docs/docbook/projdoc/Diagnosis.xml') diff --git a/docs/docbook/projdoc/Diagnosis.xml b/docs/docbook/projdoc/Diagnosis.xml new file mode 100644 index 0000000000..150f071b78 --- /dev/null +++ b/docs/docbook/projdoc/Diagnosis.xml @@ -0,0 +1,522 @@ + + + &author.tridge; + &author.jelmer; + Wed Jan 15 + + +The samba checklist + + +Introduction + + +This file contains a list of tests you can perform to validate your +Samba server. It also tells you what the likely cause of the problem +is if it fails any one of these steps. If it passes all these tests +then it is probably working fine. + + + +You should do ALL the tests, in the order shown. We have tried to +carefully choose them so later tests only use capabilities verified in +the earlier tests. However, do not stop at the first error as there +have been some instances when continuing with the tests has helped +to solve a problem. + + + +If you send one of the samba mailing lists an email saying "it doesn't work" +and you have not followed this test procedure then you should not be surprised +if your email is ignored. + + + + + +Assumptions + + +In all of the tests it is assumed you have a Samba server called +BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP. + + + +The procedure is similar for other types of clients. + + + +It is also assumed you know the name of an available share in your +&smb.conf;. I will assume this share is called tmp. +You can add a tmp share like this by adding the +following to &smb.conf;: + + + + +[tmp] + comment = temporary files + path = /tmp + read only = yes + + + + + +These tests assume version 3.0 or later of the samba suite. +Some commands shown did not exist in earlier versions. + + + +Please pay attention to the error messages you receive. If any error message +reports that your server is being unfriendly you should first check that your +IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf +file points to name servers that really do exist. + + + +Also, if you do not have DNS server access for name resolution please check +that the settings for your &smb.conf; file results in dns proxy = no. The +best way to check this is with testparm smb.conf. + + + +It is helpful to monitor the log files during testing by using the +tail -F log_file_name in a separate +terminal console (use ctrl-alt-F1 through F6 or multiple terminals in X). +Relevant log files can be found (for default installations) in +/usr/local/samba/var. Also, connection logs from +machines can be found here or possibly in /var/log/samba +depending on how or if you specified logging in your &smb.conf; file. + + + +If you make changes to your &smb.conf; file while going through these test, +don't forget to restart &smbd; and &nmbd;. + + + + + +The tests + +Diagnosing your samba server + + + +In the directory in which you store your &smb.conf; file, run the command +testparm smb.conf. If it reports any errors then your &smb.conf; +configuration file is faulty. + + + +Your &smb.conf; file may be located in: /etc/samba +Or in: /usr/local/samba/lib + + + + + +Run the command ping BIGSERVER from the PC and +ping ACLIENT from +the unix box. If you don't get a valid response then your TCP/IP +software is not correctly installed. + + + +Note that you will need to start a "dos prompt" window on the PC to +run ping. + + + +If you get a message saying "host not found" or similar then your DNS +software or /etc/hosts file is not correctly setup. +It is possible to +run samba without DNS entries for the server and client, but I assume +you do have correct entries for the remainder of these tests. + + + +Another reason why ping might fail is if your host is running firewall +software. You will need to relax the rules to let in the workstation +in question, perhaps by allowing access from another subnet (on Linux +this is done via the ipfwadm program.) + + + +Note: Modern Linux distributions install ipchains/iptables by default. +This is a common problem that is often overlooked. + + + + + +Run the command smbclient -L BIGSERVER on the unix box. You +should get a list of available shares back. + + + +If you get a error message containing the string "Bad password" then +you probably have either an incorrect hosts allow, +hosts deny or valid users line in your +&smb.conf;, or your guest account is not +valid. Check what your guest account is using &testparm; and +temporarily remove any hosts allow, hosts deny, valid users or invalid users lines. + + + +If you get a "connection refused" response then the smbd server may +not be running. If you installed it in inetd.conf then you probably edited +that file incorrectly. If you installed it as a daemon then check that +it is running, and check that the netbios-ssn port is in a LISTEN +state using netstat -a. + + + +Some Unix / Linux systems use xinetd in place of +inetd. Check your system documentation for the location +of the control file/s for your particular system implementation of +this network super daemon. + + + +If you get a "session request failed" then the server refused the +connection. If it says "Your server software is being unfriendly" then +its probably because you have invalid command line parameters to &smbd;, +or a similar fatal problem with the initial startup of &smbd;. Also +check your config file (&smb.conf;) for syntax errors with &testparm; +and that the various directories where samba keeps its log and lock +files exist. + + + +There are a number of reasons for which smbd may refuse or decline +a session request. The most common of these involve one or more of +the following &smb.conf; file entries: + + + + hosts deny = ALL + hosts allow = xxx.xxx.xxx.xxx/yy + bind interfaces only = Yes + + + +In the above, no allowance has been made for any session requests that +will automatically translate to the loopback adaptor address 127.0.0.1. +To solve this problem change these lines to: + + + + hosts deny = ALL + hosts allow = xxx.xxx.xxx.xxx/yy 127. + + + +Do NOT use the bind interfaces only parameter where you +may wish to +use the samba password change facility, or where &smbclient; may need to +access a local service for name resolution or for local resource +connections. (Note: the bind interfaces only parameter deficiency +where it will not allow connections to the loopback address will be +fixed soon). + + + +Another common cause of these two errors is having something already running +on port 139, such as Samba (ie: smbd is running from inetd already) or +something like Digital's Pathworks. Check your inetd.conf file before trying +to start &smbd; as a daemon, it can avoid a lot of frustration! + + + +And yet another possible cause for failure of this test is when the subnet mask +and / or broadcast address settings are incorrect. Please check that the +network interface IP Address / Broadcast Address / Subnet Mask settings are +correct and that Samba has correctly noted these in the log.nmb file. + + + + + + + +Run the command nmblookup -B BIGSERVER __SAMBA__. You should get the +IP address of your Samba server back. + + + +If you don't then nmbd is incorrectly installed. Check your inetd.conf +if you run it from there, or that the daemon is running and listening +to udp port 137. + + + +One common problem is that many inetd implementations can't take many +parameters on the command line. If this is the case then create a +one-line script that contains the right parameters and run that from +inetd. + + + + + + +run the command nmblookup -B ACLIENT '*' + + +You should get the PCs IP address back. If you don't then the client +software on the PC isn't installed correctly, or isn't started, or you +got the name of the PC wrong. + + + +If ACLIENT doesn't resolve via DNS then use the IP address of the +client in the above test. + + + + + + + +Run the command nmblookup -d 2 '*' + + + +This time we are trying the same as the previous test but are trying +it via a broadcast to the default broadcast address. A number of +Netbios/TCPIP hosts on the network should respond, although Samba may +not catch all of the responses in the short time it listens. You +should see "got a positive name query response" messages from several +hosts. + + + +If this doesn't give a similar result to the previous test then +nmblookup isn't correctly getting your broadcast address through its +automatic mechanism. In this case you should experiment with the +interfaces option in &smb.conf; to manually configure your IP +address, broadcast and netmask. + + + +If your PC and server aren't on the same subnet then you will need to +use the -B option to set the broadcast address to that of the PCs +subnet. + + + +This test will probably fail if your subnet mask and broadcast address are +not correct. (Refer to TEST 3 notes above). + + + + + + + +Run the command smbclient //BIGSERVER/TMP. You should +then be prompted for a password. You should use the password of the account +you are logged into the unix box with. If you want to test with +another account then add the -U accountname option to the end of +the command line. eg: +smbclient //bigserver/tmp -Ujohndoe + + + +It is possible to specify the password along with the username +as follows: +smbclient //bigserver/tmp -Ujohndoe%secret + + + +Once you enter the password you should get the smb> prompt. If you +don't then look at the error message. If it says "invalid network +name" then the service "tmp" is not correctly setup in your &smb.conf;. + + + +If it says "bad password" then the likely causes are: + + + + + + you have shadow passords (or some other password system) but didn't + compile in support for them in &smbd; + + + + + + your valid users configuration is incorrect + + + + + + you have a mixed case password and you haven't enabled the password + level option at a high enough level + + + + + + the path = line in &smb.conf; is incorrect. Check it with &testparm; + + + + + + you enabled password encryption but didn't create the SMB encrypted + password file + + + + + +Once connected you should be able to use the commands +dir get put etc. +Type help command for instructions. You should +especially check that the amount of free disk space shown is correct +when you type dir. + + + + + + + +On the PC, type the command net view \\BIGSERVER. You will +need to do this from within a "dos prompt" window. You should get back a +list of available shares on the server. + + + +If you get a "network name not found" or similar error then netbios +name resolution is not working. This is usually caused by a problem in +nmbd. To overcome it you could do one of the following (you only need +to choose one of them): + + + + + fixup the &nmbd; installation + + + + add the IP address of BIGSERVER to the wins server box in the + advanced tcp/ip setup on the PC. + + + + enable windows name resolution via DNS in the advanced section of + the tcp/ip setup + + + + add BIGSERVER to your lmhosts file on the PC. + + + + +If you get a "invalid network name" or "bad password error" then the +same fixes apply as they did for the smbclient -L test above. In +particular, make sure your hosts allow line is correct (see the man +pages) + + + +Also, do not overlook that fact that when the workstation requests the +connection to the samba server it will attempt to connect using the +name with which you logged onto your Windows machine. You need to make +sure that an account exists on your Samba server with that exact same +name and password. + + + +If you get "specified computer is not receiving requests" or similar +it probably means that the host is not contactable via tcp services. +Check to see if the host is running tcp wrappers, and if so add an entry in +the hosts.allow file for your client (or subnet, etc.) + + + + + + + +Run the command net use x: \\BIGSERVER\TMP. You should +be prompted for a password then you should get a "command completed +successfully" message. If not then your PC software is incorrectly +installed or your smb.conf is incorrect. make sure your hosts allow +and other config lines in &smb.conf; are correct. + + + +It's also possible that the server can't work out what user name to +connect you as. To see if this is the problem add the line user = +username to the [tmp] section of +&smb.conf; where username is the +username corresponding to the password you typed. If you find this +fixes things you may need the username mapping option. + + + +It might also be the case that your client only sends encrypted passwords +and you have encrypt passwords = no in &smb.conf; +Turn it back on to fix. + + + + + + + +Run the command nmblookup -M testgroup where +testgroup is the name of the workgroup that your Samba server and +Windows PCs belong to. You should get back the IP address of the +master browser for that workgroup. + + + +If you don't then the election process has failed. Wait a minute to +see if it is just being slow then try again. If it still fails after +that then look at the browsing options you have set in &smb.conf;. Make +sure you have preferred master = yes to ensure that +an election is held at startup. + + + + + + + +>From file manager try to browse the server. Your samba server should +appear in the browse list of your local workgroup (or the one you +specified in smb.conf). You should be able to double click on the name +of the server and get a list of shares. If you get a "invalid +password" error when you do then you are probably running WinNT and it +is refusing to browse a server that has no encrypted password +capability and is in user level security mode. In this case either set +security = server AND +password server = Windows_NT_Machine in your +&smb.conf; file, or make sure encrypted passwords is +set to "yes". + + + + + + + +Still having troubles? + +Read the chapter on +Analysing and Solving Problems. + + + + + -- cgit