From 1cc8103fd6508e0b710ef8e119bf71d7de65f9d9 Mon Sep 17 00:00:00 2001 From: Samba Release Account Date: Tue, 26 Aug 1997 01:43:28 +0000 Subject: Added draft cversions of the new Samba doco. Dan. (This used to be commit b5983092a6e63118564c6d1460b522ea8ef02c3a) --- docs/faq/Samba-Server-FAQ.sgml | 492 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 492 insertions(+) create mode 100644 docs/faq/Samba-Server-FAQ.sgml (limited to 'docs/faq/Samba-Server-FAQ.sgml') diff --git a/docs/faq/Samba-Server-FAQ.sgml b/docs/faq/Samba-Server-FAQ.sgml new file mode 100644 index 0000000000..4887481e2b --- /dev/null +++ b/docs/faq/Samba-Server-FAQ.sgml @@ -0,0 +1,492 @@ + + + + +
+ + Samba Server FAQ + +<author>Dan Shearer & Paul Blackman, <tt>ictinus@lake.canberra.edu.au</tt> + +<date>v 0.1, 23 Aug '97 + +<abstract> This is the <em>Server</em> Frequently Asked Questions (FAQ) +document for Samba, the free and very popular SMB and CIFS server +product. A general <url url="Samba-meta-FAQ.html" name="meta FAQ"> +exists and also a companion <url url="Samba-Client-FAQ.html" +name="Client FAQ">, together with more detailed HOWTO documents on +topics to do with Samba software. This is current to Samba version +1.9.17. Please send any corrections to the author. + +</abstract> + +<toc> + +<sect>What is Samba?<p><label id="WhatIsSamba"> + +See the <url url="Samba-meta-FAQ.html#introduction" name="meta FAQ +introduction"> if you don't have any idea what Samba does. + +Samba has many features that are not supported in other CIFS and SMB +implementations, all of which are commercial. It approaches some +problems from a different angle. + +Some of its features include: +<itemize> +<item>extremely dynamic runtime configuration +<item>host as well as username/password security +<item>scriptable SMB client +<item>automatic home directory exporting +<item>automatic printer exporting +<item>intelligent dead connection timeouts +<item>guest connections +</itemize> + +Look at the <url url="samba-man-index.html" name="manual pages"> included with the package for a full list of +features. The components of the suite are (in summary): + +<descrip> + +<tag/smbd/ the SMB server. This handles actual connections from clients, +doing all the interfacing with the <url +url="Samba-meta-FAQ.html#DomainModeSecurity" name="authentication +database"> for file, permission and username work. + +<tag/nmbd/ the NetBIOS name server, which helps clients locate servers, +maintaining the <url url="Samba-meta-FAQ.html#BrowseAndDomainDefs" +name="authentication database"> doing the browsing work and managing +domains as this capability is being built into Samba. + +<tag/smbclient/ the scriptable commandline SMB client program. +Useful for automated work, printer filters and testing purposes. It is +more CIFS-compliant than most commercial implementations. Note that this +is not a filesystem. The Samba team does not supply a network filesystem +driver, although the smbfs filesystem for Linux is derived from +smbclient code. + +<tag/smbrun/ a little 'glue' program to help the server run +external programs. + +<tag/testprns/ a program to test server access to printers + +<tag/testparms/ a program to test the Samba configuration file +for correctness + +<tag/smb.conf/ the Samba configuration file + +<tag/examples/ many examples have been put together for the different +operating systems that Samba supports. + +<tag/Documentation!/ DON'T neglect to read it - you will save a great +deal of time! + +</descrip> + +<sect>How do I get the CIFS, SMB and NetBIOS protocols?<p><label id="ServerProtocols"> + +See the <url url="Samba-meta-FAQ.html#CifsSmb" name="meta FAQ +on CIFS and SMB"> if you don't have any idea what these protocols are. + +CIFS and SMB are implemented by the main Samba fileserving daemon, smbd. +[.....] + +nmbd speaks a limited amount of CIFS (...) but is mostly concerned with +NetBIOS. NetBIOS is [....] + +RFC1001, RFC1002 [...] + +So, provided you have got Samba correctly installed and running you have +all three of these protocols. Some operating systems already come with +stacks for all or some of these, such as SCO Unix, OS/2 and [...] In this +case you must [...] + +<sect1>What server operating systems are supported?<p><label id="PortInfo"> + +At the last count, Samba runs on about 40 operating systems! This +section looks at general questions about running Samba on the different +platforms. Issues specific to particular operating systems are dealt +with in elsewhere in this document. + +Many of the ports have been done by people outside the Samba team keen +to get the advantages of Samba. The Samba team is currently trying to +bring as many of these ports as possible into the main source tree and +integrate the documentation. Samba is an integration tool, and so it has +been made as easy as possible to port. The platforms most widely used +and thus best tested are Linux and SunOS. + +This migration has not been completed yet. This means that some +documentation is on web sites [...] + +There are two main families of Samba ports, Unix and other. The Unix +ports cover anything that remotely resembles Unix and includes some +extremely old products as well as best-sellers, tiny PCs to massive +multiprocessor machines supporting hundreds of thousands of users. Samba +has been run on more than 30 Unix and Unix-like operating systems. + +<sect2>Running Samba on a Unix or Unix-like system<p><label id="OnUnix"> + +<url url="../UNIX-SMB.txt"> describes some of the issues that confront a +SMB implementation on unix, and how Samba copes with them. They may help +people who are looking at unix<->PC interoperability. + +There is great variation between Unix implementations, especially those +not adhering to the Common Unix Specification agreed to in 1996. Things +that can be quite tricky are [.....] + +There are also some considerable advantages conferred on Samba running +under Unix compared to, say, Windows NT or LAN Server. Unix has [...] + +At time of writing, the Makefile claimed support for: +<itemize> +<item> A/UX 3.0 +<item> AIX +<item> Altos Series 386/1000 +<item> Amiga +<item> Apollo Domain/OS sr10.3 +<item> BSDI +<item> B.O.S. (Bull Operating System) +<item> Cray, Unicos 8.0 +<item> Convex +<item> DGUX. +<item> DNIX. +<item> FreeBSD +<item> HP-UX +<item> Intergraph. +<item> Linux with/without shadow passwords and quota +<item> LYNX 2.3.0 +<item> MachTen (a unix like system for Macintoshes) +<item> Motorola 88xxx/9xx range of machines +<item> NetBSD +<item> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach). +<item> OS/2 using EMX 0.9b +<item> OSF1 +<item> QNX 4.22 +<item> RiscIX. +<item> RISCOs 5.0B +<item> SEQUENT. +<item> SCO (including: 3.2v2, European dist., OpenServer 5) +<item> SGI. +<item> SMP_DC.OSx v1.1-94c079 on Pyramid S series +<item> SONY NEWS, NEWS-OS (4.2.x and 6.1.x) +<item> SUNOS 4 +<item> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later') +<item> Sunsoft ISC SVR3V4 +<item> SVR4 +<item> System V with some berkely extensions (Motorola 88k R32V3.2). +<item> ULTRIX. +<item> UNIXWARE +<item> UXP/DS +</itemize> + + +<sect2>Running Samba on systems unlike Unix<p><label id="OnUnlikeUnix"> + +More recently Samba has been ported to a number of operating systems +which can provide a BSD Unix-like implementation of TCP/IP sockets. +These include OS/2, Netware, VMS, StratOS, Amiga and MVS. BeOS, +Windows NT and several others are being worked on but not yet available +for use. + +Home pages for these ports are: + +[... ] + +<sect1>Exporting server resources with Samba<p><label id="Exporting"> + +Files, printers, CD ROMs and other local devices. Network devices, +including networked filesystems and remote printer queues. Other devices +such as [....] + + 1.4) Configuring SHARES + 1.4.1) Homes service + 1.4.2) Public services + 1.4.3) Application serving + 1.4.4) Team sharing a Samba resource + + 1.5) Printer configuration + 1.5.1) Berkeley LPR/LPD systems + 1.5.2) ATT SysV lp systems + 1.5.3) Using a private printcap file + 1.5.4) Use of the smbprint utility + 1.5.5) Printing from Windows to Unix + 1.5.6) Printing from Unix to Windows + +<sect1>Name Resolution and Browsing<p><label id="NameBrowsing"> + +See also <url url="../BROWSING.txt"> + + 1.6) Name resolution issues + 1.6.1) LMHOSTS file and when to use it + 1.6.2) configuring WINS (support, server, proxy) + 1.6.3) configuring DNS proxy + + 1.7) Problem Diagnosis + 1.8) What NOT to do!!!! + + 3.2) Browse list managment + 3.3) Name resolution mangement + + +<sect1>Handling SMB Encryption<p><label id="SMBEncryptionSteps"> + +SMB encryption is ... + +...in <url url="../ENCRYPTION.txt"> there is... + +Samba compiled with libdes - enabling encrypted passwords + + +<sect2>Laws in different countries affecting Samba<p><label id="CryptoLaws"> + +<sect2>Relationship between encryption and Domain Authentication<p> + +<sect1> Files and record locking + + 3.1.1) Old DOS clients + 3.1.2) Opportunistic locking and the consequences + 3.1.3) Files caching under Windows for Workgroups, Win95 and NT + + Some of the foregoing links into Client-FAQ + +<sect1>Managing Samba Log files<p><label id="LogFiles"> + +<sect1>I can't see the Samba server in any browse lists!<p><label id="no_browse"> + See <url url="ftp://samba.anu.edu.au/pub/samba/BROWSING.txt" name="BROWSING.txt"> + for more information on browsing. Browsing.txt can also be found + in the docs directory of the Samba source. + +If your GUI client does not permit you to select non-browsable +servers, you may need to do so on the command line. For example, under +Lan Manager you might connect to the above service as disk drive M: +thusly: +<tscreen><verb> + net use M: \\mary\fred +</verb></tscreen> +The details of how to do this and the specific syntax varies from +client to client - check your client's documentation. + +<sect1>Some files that I KNOW are on the server doesn't show up when I view the files from my client! <p> <label id="missing_files"> +See the next question. + +<sect1>Some files on the server show up with really wierd filenames when I view the files from my client! <p> <label id="strange_filenames"> +If you check what files are not showing up, you will note that they +are files which contain upper case letters or which are otherwise not +DOS-compatible (ie, they are not legal DOS filenames for some reason). + +The Samba server can be configured either to ignore such files +completely, or to present them to the client in "mangled" form. If you +are not seeing the files at all, the Samba server has most likely been +configured to ignore them. Consult the man page smb.conf(5) for +details of how to change this - the parameter you need to set is +"mangled names = yes". + +<sect1>My client reports "cannot locate specified computer" or similar<p><label id="cant_see_server"> +This indicates one of three things: You supplied an incorrect server +name, the underlying TCP/IP layer is not working correctly, or the +name you specified cannot be resolved. + +After carefully checking that the name you typed is the name you +should have typed, try doing things like pinging a host or telnetting +to somewhere on your network to see if TCP/IP is functioning OK. If it +is, the problem is most likely name resolution. + +If your client has a facility to do so, hardcode a mapping between the +hosts IP and the name you want to use. For example, with Man Manager +or Windows for Workgroups you would put a suitable entry in the file +LMHOSTS. If this works, the problem is in the communication between +your client and the netbios name server. If it does not work, then +there is something fundamental wrong with your naming and the solution +is beyond the scope of this document. + +If you do not have any server on your subnet supplying netbios name +resolution, hardcoded mappings are your only option. If you DO have a +netbios name server running (such as the Samba suite's nmbd program), +the problem probably lies in the way it is set up. Refer to Section +Two of this FAQ for more ideas. + +By the way, remember to REMOVE the hardcoded mapping before further +tests :-) + +<sect1>My client reports "cannot locate specified share name" or similar<p> <label id="cant_see_share"> +This message indicates that your client CAN locate the specified +server, which is a good start, but that it cannot find a service of +the name you gave. + +The first step is to check the exact name of the service you are +trying to connect to (consult your system administrator). Assuming it +exists and you specified it correctly (read your client's doco on how +to specify a service name correctly), read on: + +<itemize> +<item> Many clients cannot accept or use service names longer than eight characters. +<item> Many clients cannot accept or use service names containing spaces. +<item> Some servers (not Samba though) are case sensitive with service names. +<item> Some clients force service names into upper case. +</itemize> + +<sect1>My client reports "cannot find domain controller", "cannot log on to the network" or similar <p> <label id="cant_see_net"> +Nothing is wrong - Samba does not implement the primary domain name +controller stuff for several reasons, including the fact that the +whole concept of a primary domain controller and "logging in to a +network" doesn't fit well with clients possibly running on multiuser +machines (such as users of smbclient under Unix). Having said that, +several developers are working hard on building it in to the next +major version of Samba. If you can contribute, send a message to +<htmlurl url="mailto:samba-bugs@anu.edu.au" name="samba-bugs@anu.edu.au"> ! + +Seeing this message should not affect your ability to mount redirected +disks and printers, which is really what all this is about. + +For many clients (including Windows for Workgroups and Lan Manager), +setting the domain to STANDALONE at least gets rid of the message. + +<sect1>Printing doesn't work :-(<p> <label id="no_printing"> + +Make sure that the specified print command for the service you are +connecting to is correct and that it has a fully-qualified path (eg., +use "/usr/bin/lpr" rather than just "lpr", if you happen to be using +Unix). + +Make sure that the spool directory specified for the service is +writable by the user connected to the service. + +Make sure that the user specified in the service is permitted to use +the printer. + +Check the debug log produced by smbd. Search for the printer name and +see if the log turns up any clues. Note that error messages to do with +a service ipc$ are meaningless - they relate to the way the client +attempts to retrieve status information when using the LANMAN1 +protocol. + +If using WfWg then you need to set the default protocol to TCP/IP, not +Netbeui. This is a WfWg bug. + +If using the Lanman1 protocol (the default) then try switching to +coreplus. Also not that print status error messages don't mean +printing won't work. The print status is received by a different +mechanism. + +<sect1>My programs install on the server OK, but refuse to work properly<p><label id="programs_wont_run"> +There are numerous possible reasons for this, but one MAJOR +possibility is that your software uses locking. Make sure you are +using Samba 1.6.11 or later. It may also be possible to work around +the problem by setting "locking=no" in the Samba configuration file +for the service the software is installed on. This should be regarded +as a strictly temporary solution. + +In earlier Samba versions there were some difficulties with the very +latest Microsoft products, particularly Excel 5 and Word for Windows +6. These should have all been solved. If not then please let Andrew +Tridgell know via email at <htmlurl url="mailto:samba-bugs@anu.edu.au" name="samba-bugs@anu.edu.au">. + +<sect1>My "server string" doesn't seem to be recognised<p><label id="bad_server_string"> +OR My client reports the default setting, eg. "Samba 1.9.15p4", instead +of what I have changed it to in the smb.conf file. + +You need to use the -C option in nmbd. The "server string" affects +what smbd puts out and -C affects what nmbd puts out. + +Current versions of Samba (1.9.16 +) have combined these options into +the "server string" field of smb.conf, -C for nmbd is now obsolete. + +<sect1>My client reports "This server is not configured to list shared resources" <p> <label id="cant_list_shares"> +Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid. + +See also 'guest account' in smb.conf man page. + +<sect1>Issues specific to Unix and Unix-like systems<p><label id="UnixIssues"> + +<sect2>Printing doesn't work with my Unix Samba server<p> <label id="no_printing"> + +The user "nobody" often has problems with printing, even if it worked +with an earlier version of Samba. Try creating another guest user other +than "nobody". + +<sect2>Log message "you appear to have a trapdoor uid system" <p><label id="trapdoor_uid"> +This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535. + +It might also mean that your OS has a trapdoor uid/gid system :-) + +This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems. + +The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user. + +Complain to your OS vendor and ask them to fix their system. + +Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good! + +<sect1>Issues specific to IBM OS/2 systems<p><label id="OS2Issues"> + +<url url="http://carol.wins.uva.nl/~leeuw/samba/samba2.html" name="Samba for OS/2"> + +<sect1>Issues specific to IBM MVS systems<p><label id="MVSIssues"> + +<url url="ftp://ftp.mks.com/pub/samba/" name="Samba for OS/390 MVS"> + +<sect1>Issues specific to Digital VMS systems<p><label id="VMSIssues"> + +<sect1>Issues specific to Amiga systems<p><label id="AmigaIssues"> + +<url url="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/" name="Samba for Amiga"> + +There is a mailing list for Samba on the Amiga. + + Subscribing. + + Send an email to rask-samba-request@kampsax.dtu.dk with the word subscribe +in the message. The list server will use the address in the Reply-To: or +From: header field, in that order. + + Unsubscribing. + + Send an email to rask-samba-request@kampsax.dtu.dk with the word +unsubscribe in the message. The list server will use the address in the +Reply-To: or From: header field, in that order. If you are unsure which +address you are subscribed with, look at the headers. You should see a +"From " (no colon) or Return-Path: header looking something like + + rask-samba-owner-myname=my.domain@kampsax.dtu.dk + +where myname=my.domain gives you the address myname@my.domain. This also +means that I will always be able to find out which address is causing +bounces, for example. + List archive. + + Messages sent to the list are archived in HTML. See the mailing list home +page at <URL url="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/"> + +<sect1>Issues specific to Novell IntraNetware systems<p><label id="NetwareIssues"> + +<sect1>Issues specific to Stratos VOS systems<p><label id="NetwareIssues"> + +<url url="ftp://ftp.stratus.com/pub/vos/tools/" name="Samba for Stratus VOS"> + +</article> -- cgit