From 4ea9be5467b6274ec2074af8c6438d42415d8fb6 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij This book is a collection of HOWTOs added to Samba documentation over the years.
-I try to ensure that all are current, but sometimes the is a larger job
-than one person can maintain. The most recent version of this document
+Samba is always under development, and so is it's documentation.
+The most recent version of this document
can be found at
the samba homepage
+>.
If you need to compile samba from source, check the - appropriate appendix chapter.
appropriate appendix chapter.There are sample configuration files in the examples @@ -1566,31 +1602,27 @@ NAME="AEN75" >
[global] - workgroup = MYGROUP +>[global] + workgroup = MYGROUP - [homes] - guest ok = no - read only = no +[homes] + guest ok = no + read only = no
which would allow connections by anyone with an account on the server, using either their login name or - "homes" as the service name. (Note that I also set the + "homes" as the service name. (Note that I also set the workgroup that Samba is part of. See BROWSING.txt for details)
Note that make install will not install - a Make sure you put the smb.conf file. You need to create it - yourself.
Make sure you put the smb.conf file in the same place +> file in the same place you specified in theMakefile).
For more information about security settings for the - [homes] share please refer to the document UNIX_SECURITY.txt.
[homes] share please refer to the chapter + Securing Samba.yourhostname - would be the name of the host where you installed smbd. The smbd. + The aservice is any service you have defined in the smb.conf - file. Try your user name if you just have a [homes] section +> + file. Try your user name if you just have a [homes] + section in smb.conf.
For example if your unix host is bambi and your login - name is fred you would type:
For example if your unix host is bambi + and your login name is fred you would type:$ smbclient //bambi/fred +>smbclient //bambi/fred
Celebrate, or send me a bug report!
Then you might read the file HOWTO chapter Diagnosis and the +>Then you might read the file chapter + Diagnosis and the FAQ. If you are still stuck then try the mailing list or newsgroup (look in the README for details). Samba has been successfully installed at thousands of sites worldwide, so maybe @@ -1825,7 +1886,7 @@ CLASS="SECT2" >
Secondly, in those networks where Samba is the only SMB server technology -wherever possible nmbd should be configured on one (1) machine as the WINS +wherever possible nmbd should be configured on one (1) machine as the WINS server. This makes it easy to manage the browsing environment. If each network segment is configured with it's own Samba WINS server, then the only way to get cross segment browsing to work is by using the @@ -2001,7 +2065,10 @@ CLASS="COMMAND" been committed, but it still needs maturation.
Right now samba WINS does not support MS-WINS replication. This means that
-when setting up Samba as a WINS server there must only be one nmbd configured
+when setting up Samba as a WINS server there must only be one nmbd configured
as a WINS server on the network. Some sites have used multiple Samba WINS
servers for redundancy (one server per subnet) and then used
To configure Samba to register with a WINS server just add
"wins server = a.b.c.d" to your smb.conf file [globals] section. DO NOT EVER use both "wins support = yes" together
-with "wins server = a.b.c.d" particularly not using it's own IP address.
-Specifying both will cause nmbd to refuse to start! Never use both wins support = yes together
+with wins server = a.b.c.d
+particularly not using it's own IP address.
+Specifying both will cause nmbd to refuse to start!2.2. How browsing functions and how to deploy stable and
dependable browsing using Samba
2.3. Use of the Remote Announce
2.4. Use of the Remote Browse Sync
2.5. Use of WINS
user = smb.conf line. The password is then checked in turn against these "possible usernames". If a match is found then the client is authenticated as that user.
This method involves the additions of the following parameters in the smb.conf file:
This method involves the additions of the following parameters in the smb.conf file:5.1.4. Domain Level Security
5.1.4.1. Samba as a member of an MS Windows NT security domain
This method involves additon of the following paramters in the smb.conf file:
This method involves additon of the following paramters in the smb.conf file:The use of the "*" argument to "password server" will cause samba to locate the +>The use of the "*" argument to password server will cause samba to locate the domain controller in a way analogous to the way this is done within MS Windows NT. This is the default behaviour.
5.1.5. ADS Level Security
6.1. Prerequisite Reading
6.2. Background
6.3. Configuring the Samba Domain Controller
6.4. Creating Machine Trust Accounts and Joining Clients to the Domain
6.4.1. Manual Creation of Machine Trust Accounts
6.4.2. "On-the-Fly" Creation of Machine Trust Accounts
6.4.3. Joining the Client to the Domain
6.5. Common Problems and Errors
6.6. What other help can I get?
6.7. Domain Control for Windows 9x/ME
6.7.1. Configuration Instructions: Network Logons
7.1. Prerequisite Reading
7.2. Background
7.3. What qualifies a Domain Controller on the network?
7.3.1. How does a Workstation find its domain controller?
7.3.2. When is the PDC needed?
7.4. Can Samba be a Backup Domain Controller to an NT PDC?
7.5. How do I set up a Samba BDC?
7.5.1. How do I replicate the smbpasswd file?
7.5.2. Can I do this all with LDAP?
8.1. Setup your smb.conf
8.2. Setup your /etc/krb5.conf
If all you want is kerberos support in smbclient then you can skip +>If all you want is kerberos support in smbclient then you can skip straight to Test with smbclientTest with smbclient
now. testing your servers is only needed if you want kerberos -support for smbd and winbindd.smbd and winbindd.
8.5. Testing with smbclient8.5. Testing with smbclient
On your Samba server try to login to a Win2000 server or your Samba -server using smbclient and kerberos. Use smbclient as usual, but -specify the smbclient and kerberos. Use smbclient as usual, but +specify the -k option to choose kerberos authentication.
.
Firstly, you must edit your Firstly, you must edit your smb.conf(5) - file to tell Samba it should now use domain security.
smb.conf file to tell Samba it should + now use domain security.Change (or add) your security = line in the [global] section - of your smb.conf to read:
smb.conf to read:9.2. Why is this better than security = server?
Samba has several features that you might want or might not want to use. The chapters in this -part each cover one specific feature.
Samba has several features that you might want or might not want to use. The chapters in this part each cover one specific feature.10.7. Interaction with the standard Samba file attribute
mapping
Starting with Samba 3.0 alpha 2, a new group mapping function is available. The
current method (likely to change) to manage the groups is a new command called
-smbgroupeditsmbgroupedit.
The first immediate reason to use the group mapping on a PDC, is that @@ -9000,9 +9179,9 @@ member machine (an NT/W2K or a samba server running winbind), you would like to give access to a certain directory to some users who are member of a group on your samba PDC. Flag that group as a domain group by running:
smbgroupedit -a unixgroup -tdsmbgroupedit -a unixgroup -td
You can list the various groups in the mapping database like this
Firstly, to enable CUPS based printing from Samba the following options must be -enabled in your smb.conf file [globals] section: +enabled in your smb.conf file [globals] section:
-When these parameters are specified the print directives in smb.conf (as well as in +When these parameters are specified the print directives in smb.conf (as well as in samba itself) will be ignored because samba will directly interface with CUPS through it's application program interface (API) - so long as Samba has been compiled with CUPS library (libcups) support. If samba has NOT been compiled with CUPS support then @@ -10731,7 +10919,7 @@ CLASS="SECT1" >cupsadsmb utility (shipped with all current CUPS versions) makes the sharing of any (or all) installed CUPS printers very -easy. Prior to using it, you need the following settings in smb.conf:
smb.conf:13.7. Sources of CUPS drivers / PPDs
13.7.1. cupsaddsmb
13.8. The CUPS Filter Chains
13.9. CUPS Print Drivers and Devices
13.9.1. Further printing steps
13.10. Limiting the number of pages users can print
13.11. Advanced Postscript Printing from MS Windows
13.12. Auto-Deletion of CUPS spool files
Samba print files pass thru two "spool" directories. One the incoming directory -managed by Samba, (set eg: in the "path = /var/spool/samba" directive in the [printers] -section of "smb.conf"). Second is the spool directory of your UNIX print subsystem. +managed by Samba, (set eg: in the path = /var/spool/samba directive in the [printers] +section of smb.conf). Second is the spool directory of your UNIX print subsystem. For CUPS it is normally "/var/spool/cups/", as set by the cupsd.conf directive "RequestRoot /var/spool/cups".
a Samba-smbd which is compiled against "libcups" (Check on Linux by running "ldd `which smbd`") +> a Samba-smbd which is compiled against "libcups" (Check on Linux by running ldd `which smbd`) a Samba-smb.conf setting of "printing = cups" +> a Samba-smb.conf setting of printing = cups another Samba-smb.conf setting of "printcap = cups" +> another Samba-smb.conf setting of printcap = cups 14.1. Abstract
14.2. Introduction
14.3. What Winbind Provides
14.3.1. Target Uses
14.4. How Winbind Works
14.4.1. Microsoft Remote Procedure Calls
14.4.2. Microsoft Active Directory Services
14.4.3. Name Service Switch
14.4.4. Pluggable Authentication Modules
14.4.5. User and Group ID Allocation
14.4.6. Result Caching
14.5. Installation and Configuration
14.5.1. Introduction
14.5.2. Requirements
14.5.3. Testing Things Out
14.5.3.1. Configure and compile SAMBA
14.5.3.2. Configure nsswitch.conf
14.5.3.3. Configure smb.conf
14.5.3.4. Join the SAMBA server to the PDC domain
14.5.3.5. Start up the winbindd daemon and test it!
14.5.3.6. Fix the init.d startup scripts
14.5.3.6.1. Linux
14.5.3.6.2. Solaris
14.5.3.6.3. Restarting
14.5.3.7. Configure Winbind and PAM
14.5.3.7.1. Linux/FreeBSD-specific PAM configuration
14.5.3.7.2. Solaris-specific configuration
14.6. Limitations
14.7. Conclusion
15.1. Configuring Samba Share Access Controls
15.1.1. Share Permissions Management
15.1.1.1. Windows NT4 Workstation/Server
15.1.1.2. Windows 200x/XP
15.2. Remote Server Administration
15.3. Network Logon Script Magic
16.1. Creating and Managing System Policies
16.1.1. Windows 9x/Me Policies
16.1.2. Windows NT4 Style Policy Files
16.1.2.1. Registry Tattoos
16.1.3. MS Windows 200x / XP Professional Policies
16.1.3.1. Administration of Win2K / XP Policies
16.2. Managing Account/User Policies
16.2.1. With Windows NT4/200x
16.2.2. With a Samba PDC
17.1. Roaming Profiles
NOTE! Roaming profiles support is different for Win9x / Me -and Windows NT4/200x.
Roaming profiles support is different for Win9x / Me and Windows NT4/200x.17.1.1. Samba Configuration for Profile Handling
17.1.1.1. NT4/200x User Profiles
logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath +> logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepathThis is typically implemented like: - logon path = \\%L\Profiles\%u - - where: - %L translates to the name of the Samba server - %u translates to the user name logon path = \\%L\Profiles\%u +where %L translates to the name of the Samba server and %u translates to the user nameThe default for this option is \\%N\%U\profile, namely \\sambaserver\username\profile. The \\N%\%U service is created automatically by the [homes] service. If you are using @@ -15222,12 +15430,9 @@ ALIGN="LEFT" VALIGN="TOP" >
MS Windows NT/2K clients at times do not disconnect a connection to a server -between logons. It is recommended to NOT use the homeshomes meta-service name as part of the profile share path.
17.1.1.2. Windows 9x / Me User Profiles
To support Windows 9x / Me clients, you must use the "logon home" parameter. Samba has -now been fixed so that "net use /home" now works as well, and it, too, relies -on the "logon home" parameter.
net use /home now works as well, and it, too, relies +on the logon home< parameter.By using the logon home parameter, you are restricted to putting Win9x / Me profiles in the user's home directory. But wait! There is a trick you -can use. If you set the following in the [global] section of your smb.conf file:
[global] section of your smb.conf file:then your Windows 9x / Me clients will dutifully put their clients in a subdirectory -of your home directory called .profiles (thus making them hidden).
.profiles (thus making them hidden).Not only that, but 'net use/home' will also work, because of a feature in +>Not only that, but net use/home will also work, because of a feature in Windows 9x / Me. It removes any directory stuff off the end of the home directory area and only uses the server and share portion. That is, it looks like you -specified \\%L\%U for "logon home".
logon home.17.1.1.3. Mixed Windows 9x / Me and Windows NT4/200x User Profiles
You can support profiles for both Win9X and WinNT clients by setting both the -"logon home" and "logon path" parameters. For example:
logon home and logon path parameters. For example:17.1.2. Windows Client Profile Configuration Information
17.1.2.1. Windows 9x / Me Profile Setup
17.1.2.2. Windows NT4 Workstation
17.1.2.3. Windows 2000/XP Professional
17.1.3. Sharing Profiles between W9x/Me and NT4/200x/XP workstations
17.1.4. Profile Migration from Windows NT4/200x Server to Samba
17.1.4.1. Windows NT4 Profile Management Tools
17.1.4.2. Side bar Notes
17.1.4.3. moveuser.exe
17.1.4.4. Get SID
17.2. Mandatory profiles
17.3. Creating/Managing Group Profiles
17.4. Default Profile for Windows Users
17.4.1. MS Windows 9x/Me
17.4.1.1. How User Profiles Are Handled in Windows 9x / Me?
17.4.2. MS Windows NT4 Workstation
17.4.3. MS Windows 200x/XP
Chapter 18. PAM Configuration for Centrally Managed Authentication
Chapter 18. Interdomain Trust RelationshipsSamba-3 supports NT4 style domain trust relationships. This is feature that many sites +will want to use if they migrate to Samba-3 from and NT4 style domain and do NOT want to +adopt Active Directory or an LDAP based authentication back end. This section explains +some background information regarding trust relationships and how to create them. It is now +possible for Samba3 to NT4 trust (and vica versa), as well as Samba3 to Samba3 trusts.
18.1. Samba and PAM18.1. Trust Relationship Background
A number of Unix systems (eg: Sun Solaris), as well as the -xxxxBSD family and Linux, now utilize the Pluggable Authentication -Modules (PAM) facility to provide all authentication, -authorization and resource control services. Prior to the -introduction of PAM, a decision to use an alternative to -the system password database (/etc/passwd) -would require the provision of alternatives for all programs that provide -security services. Such a choice would involve provision of -alternatives to such programs as: login, -passwd, chown, etc.
MS Windows NT3.x/4.0 type security domains employ a non-hierchical security structure. +The limitations of this architecture as it affects the scalability of MS Windows networking +in large organisations is well known. Additionally, the flat-name space that results from +this design significantly impacts the delegation of administrative responsibilities in +large and diverse organisations.Microsoft developed Active Directory Service (ADS), based on Kerberos and LDAP, as a means +of circumventing the limitations of the older technologies. Not every organisation is ready +or willing to embrace ADS. For small companies the older NT4 style domain security paradigm +is quite adequate, there thus remains an entrenched user base for whom there is no direct +desire to go through a disruptive change to adopt ADS.
Microsoft introduced with MS Windows NT the ability to allow differing security domains +to affect a mechanism so that users from one domain may be given access rights and privilidges +in another domain. The language that describes this capability is couched in terms of +Trusts. Specifically, one domain will trust the users +from another domain. The domain from which users are available to another security domain is +said to be a trusted domain. The domain in which those users have assigned rights and privilidges +is the trusting domain. With NT3.x/4.0 all trust relationships are always in one direction only, +thus if users in both domains are to have privilidges and rights in each others' domain, then it is +necessary to establish two (2) relationships, one in each direction.
PAM provides a mechanism that disconnects these security programs -from the underlying authentication/authorization infrastructure. -PAM is configured either through one file /etc/pam.conf (Solaris), -or by editing individual files that are located in /etc/pam.d.
In an NT4 style MS security domain, all trusts are non-transitive. This means that if there +are three (3) domains (let's call them RED, WHITE, and BLUE) where RED and WHITE have a trust +relationship, and WHITE and BLUE have a trust relationship, then it holds that there is no +implied trust between the RED and BLUE domains. ie: Relationships are explicit and not +transitive.New to MS Windows 2000 ADS security contexts is the fact that trust relationships are two-way +by default. Also, all inter-ADS domain trusts are transitive. In the case of the RED, WHITE and BLUE +domains above, with Windows 2000 and ADS the RED and BLUE domains CAN trust each other. This is +an inherent feature of ADS domains.
18.2. MS Windows NT4 Trust Configuration
There are two steps to creating an inter-domain trust relationship.
18.2.1. NT4 as the Trusting Domain
For MS Windows NT4, all domain trust relationships are configured using the Domain User Manager. +To affect a two way trust relationship it is necessary for each domain administrator to make +available (for use by an external domain) it's security resources. This is done from the Domain +User Manager Policies entry on the menu bar. From the Policy menu, select Trust Relationships, then +next to the lower box that is labelled "Permitted to Trust this Domain" are two buttons, "Add" and +"Remove". The "Add" button will open a panel in which needs to be entered the remote domain that +will be able to assign user rights to your domain. In addition it is necessary to enter a password +that is specific to this trust relationship. The password is added twice.
18.2.2. NT4 as the Trusted Domain
A trust relationship will work only when the other (trusting) domain makes the appropriate connections +with the trusted domain. To consumate the trust relationship the administrator will launch the +Domain User Manager, from the menu select Policies, then select Trust Relationships, then click on the +"Add" button that is next to the box that is labelled "Trusted Domains". A panel will open in +which must be entered the name of the remote domain as well as the password assigned to that trust.
18.3. Configuring Samba Domain Trusts
This descitpion is meant to be a fairly short introduction about how to set up a Samba server so +that it could participate in interdomain trust relationships. Trust relationship support in Samba +is in its early stage, so lot of things don't work yet. Paricularly, the contents of this document +applies to NT4-style trusts.
Each of the procedures described below is treated as they were performed with Windows NT4 Server on +one end. The other end could just as well be another Samba3 domain. It can be clearly seen, after +reading this document, that combining Samba-specific parts of what's written below leads to trust +between domains in purely Samba environment.
18.3.1. Samba3 as the Trusting Domain
In order to set Samba PDC to be trusted party of the relationship first you need +to create special account for domain that will be the trusting party. To do that, +you can use 'smbpasswd' utility. Creating the trusted domain account is very +similiar to creating the connection to the trusting machine's account. Suppose, +your domain is called SAMBA, and the remote domain is called RUMBA. Your first +step will be to issue this command from your favourite shell:
deity# smbpasswd -a -i rumba + New SMB password: XXXXXXXX + Retype SMB password: XXXXXXXX + Added user rumba$ + + where: + -a means to add a new account into the passdb database + -i means create this account with the Inter-Domain trust flag + + The account name will be 'rumba$' (the name ofthe remote domain)fter issuing this command you'll be asked for typing account's +password. You can use any password you want, but be aware that Windows NT will +not change this password until 7 days have passed since account creating. +After command returns successfully, you can look at your new account's entry +(in the way depending on your configuration) and see that account's name is +really RUMBA$ and it has 'I' flag in the flags field. Now you're ready to confirm +the trust by establishing it from Windows NT Server.
Open 'User Manager for Domains' and from menu 'Policies' select 'Trust Relationships...'. +Right beside 'Trusted domains' list press 'Add...' button. You'll be prompted for +trusted domain name and the relationship's password. Type in SAMBA, as this is +your domain name and the password you've just used during account creation. +Press OK and if everything went fine, you will see 'Trusted domain relationship +successfully established' message. Well done.
18.3.2. Samba3 as the Trusted Domain
This time activities are somewhat reversed. Again, we'll assume that your domain +controlled by Samba PDC is called SAMBA and NT-controlled domain is called RUMBA.
The very first thing is to add account for SAMBA domain on RUMBA's PDC.
Launch the Domain User Manager, then from the menu select 'Policies', 'Trust Relationships'. +Now, next to 'Trusted Domains' box press the 'Add' button, and type in the name of the trusted +domein (SAMBA) and password securing the relationship.
Password can be arbitrarily chosen the more, because it's easy to change it +from Samba server whenever you want. After confirming password your account is +ready and waiting. Now it's Samba's turn.
Using your favourite shell while being logged on as root, issue this command:
deity# net rpc trustdom establish rumbaYou'll be prompted for password you've just typed on your Windows NT4 Server box. +Don't worry if you will see the error message with returned code of +NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT. It means the +password you gave is correct and the NT4 Server says the account is ready for trusting your domain +and not for ordinary connection. After that, be patient it can take a while (especially +in large networks), you should see 'Success' message. Contgratulations! Your trust +relationship has just been established.
Note that you have to run this command as root, since you need write access to +your secrets.tdb file.
Chapter 19. PAM Configuration for Centrally Managed Authentication
19.1. Samba and PAM
A number of Unix systems (eg: Sun Solaris), as well as the +xxxxBSD family and Linux, now utilize the Pluggable Authentication +Modules (PAM) facility to provide all authentication, +authorization and resource control services. Prior to the +introduction of PAM, a decision to use an alternative to +the system password database (/etc/passwd) +would require the provision of alternatives for all programs that provide +security services. Such a choice would involve provision of +alternatives to such programs as: login, +passwd, chown, etc.
PAM provides a mechanism that disconnects these security programs +from the underlying authentication/authorization infrastructure. +PAM is configured either through one file /etc/pam.conf (Solaris), +or by editing individual files that are located in /etc/pam.d.
18.2. Distributed Authentication19.2. Distributed Authentication
The astute administrator will realize from this that the @@ -16891,8 +17368,8 @@ CLASS="SECT1" >
18.3. PAM Configuration in smb.conf19.3. PAM Configuration in smb.conf
There is an option in smb.conf called Chapter 19. Stackable VFS modulesChapter 20. Stackable VFS modules
19.1. Introduction and configuration20.1. Introduction and configuration
Since samba 3.0, samba supports stackable VFS(Virtual File System) modules. @@ -16980,16 +17457,16 @@ CLASS="SECT1" >
19.2. Included modules20.2. Included modules
19.2.1. audit20.2.1. audit
A simple module to audit file access to the syslog @@ -17026,8 +17503,8 @@ CLASS="SECT2" >
19.2.2. extd_audit20.2.2. extd_audit
This module is identical with the
19.2.3. recycle20.2.3. recycle
A recycle-bin like modules. When used any unlink call @@ -17119,8 +17596,8 @@ CLASS="SECT2" >
19.2.4. netatalk20.2.4. netatalk
A netatalk module, that will ease co-existence of samba and @@ -17152,8 +17629,8 @@ CLASS="SECT1" >
19.3. VFS modules available elsewhere20.3. VFS modules available elsewhere
This section contains a listing of various other VFS modules that @@ -17168,8 +17645,8 @@ CLASS="SECT2" >
19.3.1. DatabaseFS20.3.1. DatabaseFS
URL:
19.3.2. vscan20.3.2. vscan
URL: Chapter 20. Hosting a Microsoft Distributed File System tree on SambaChapter 21. Hosting a Microsoft Distributed File System tree on Samba
Table of Contents20.1. Instructions21.1. Instructions
The Distributed File System (or Dfs) provides a means of @@ -17364,8 +17841,8 @@ CLASS="SECT2" >
20.1.1. Notes21.1.1. Notes
Chapter 21. Integrating MS Windows networks with SambaChapter 22. Integrating MS Windows networks with SambaThis section deals with NetBIOS over TCP/IP name to IP address resolution. If you your MS Windows clients are NOT configured to use NetBIOS over TCP/IP then this @@ -17480,8 +17957,8 @@ CLASS="SECT1" >
21.1. Name Resolution in a pure Unix/Linux world22.1. Name Resolution in a pure Unix/Linux world
The key configuration files covered in this section are:
21.1.1. 22.1.1. /etc/hosts
21.1.2. 22.1.2. /etc/resolv.conf
21.1.3. 22.1.3. /etc/host.conf
21.1.4. 22.1.4. /etc/nsswitch.conf
21.2. Name resolution as used within MS Windows networking22.2. Name resolution as used within MS Windows networking
MS Windows networking is predicated about the name each machine @@ -17824,8 +18301,8 @@ CLASS="SECT2" >
21.2.1. The NetBIOS Name Cache22.2.1. The NetBIOS Name Cache
All MS Windows machines employ an in memory buffer in which is @@ -17851,8 +18328,8 @@ CLASS="SECT2" >
21.2.2. The LMHOSTS file22.2.2. The LMHOSTS file
This file is usually located in MS Windows NT 4.0 or @@ -17954,8 +18431,8 @@ CLASS="SECT2" >
21.2.3. HOSTS file22.2.3. HOSTS file
This file is usually located in MS Windows NT 4.0 or 2000 in @@ -17976,8 +18453,8 @@ CLASS="SECT2" >
21.2.4. DNS Lookup22.2.4. DNS Lookup
This capability is configured in the TCP/IP setup area in the network @@ -17996,8 +18473,8 @@ CLASS="SECT2" >
21.2.5. WINS Lookup22.2.5. WINS Lookup
A WINS (Windows Internet Name Server) service is the equivaent of the @@ -18017,7 +18494,10 @@ CLASS="PROGRAMLISTING" >
To configure Samba to use a WINS server the following parameters are -needed in the smb.conf file:
smb.conf file:Chapter 22. Improved browsing in sambaChapter 23. Improved browsing in samba22.1. Overview of browsing23.1. Overview of browsing
SMB networking provides a mechanism by which clients can access a list @@ -18077,12 +18557,18 @@ CLASS="SECT1" >
22.2. Browsing support in samba23.2. Browsing support in samba
Samba facilitates browsing. The browsing is supported by nmbd -and is also controlled by options in the smb.conf file (see smb.conf(5)). +>Samba facilitates browsing. The browsing is supported by nmbd +and is also controlled by options in the smb.conf file. Samba can act as a local browse master for a workgroup and the ability for samba to support domain logons and scripts is now available.
22.3. Problem resolution23.3. Problem resolution
If something doesn't work then hopefully the log.nmb file will help @@ -18199,15 +18685,18 @@ server resources.
The other big problem people have is that their broadcast address, netmask or IP address is wrong (specified with the "interfaces" option -in smb.conf)
smb.conf)22.4. Browsing across subnets23.4. Browsing across subnets
Since the release of Samba 1.9.17(alpha1) Samba has been @@ -18231,14 +18720,17 @@ another subnet without using a WINS server.
smb.conf file.22.4.1. How does cross subnet browsing work ?23.4.1. How does cross subnet browsing work ?
Cross subnet browsing is a complicated dance, containing multiple @@ -18448,13 +18940,16 @@ CLASS="SECT1" >
22.5. Setting up a WINS server23.5. Setting up a WINS server
Either a Samba machine or a Windows NT Server machine may be set up as a WINS server. To set a Samba machine to be a WINS server you must -add the following option to the smb.conf file on the selected machine : +add the following option to the smb.conf file on the selected machine : in the [globals] section add the line
smb.conf files :
where >name or IP address< is either the DNS name of the WINS server machine or its IP address.
Note that this line MUST NOT BE SET in the smb.conf file of the Samba +>Note that this line MUST NOT BE SET in the smb.conf file of the Samba server acting as the WINS server itself. If you set both the
22.6. Setting up Browsing in a WORKGROUP23.6. Setting up Browsing in a WORKGROUP
To set up cross subnet browsing on a network containing machines @@ -18553,7 +19054,10 @@ cross subnet browsing possible for a workgroup.
In an WORKGROUP environment the domain master browser must be a Samba server, and there must only be one domain master browser per workgroup name. To set up a Samba server as a domain master browser, -set the following option in the [global] section of the smb.conf file :smb.conf file :The domain master browser should also preferrably be the local master browser for its own subnet. In order to achieve this set the following -options in the [global] section of the smb.conf file :
smb.conf file :smb.conf file :22.7. Setting up Browsing in a DOMAIN23.7. Setting up Browsing in a DOMAIN
If you are adding Samba servers to a Windows NT Domain then @@ -18710,7 +19220,7 @@ CLASS="SECT1" CLASS="SECT1" >22.8. Forcing samba to be the master23.8. Forcing samba to be the master
Who becomes the
22.9. Making samba the domain master23.9. Making samba the domain master
The domain master is responsible for collating the browse lists of @@ -18869,8 +19379,8 @@ CLASS="SECT1" >
22.10. Note about broadcast addresses23.10. Note about broadcast addresses
If your network uses a "0" based broadcast address (for example if it @@ -18883,8 +19393,8 @@ CLASS="SECT1" >
22.11. Multiple interfaces23.11. Multiple interfaces
Samba now supports machines with multiple network interfaces. If you @@ -18892,10 +19402,10 @@ have multiple interfaces then you will need to use the interfaces -option in smb.conf to configure them. See smb.conf(5) for details.
smb.conf to configure them.Chapter 23. Securing SambaChapter 24. Securing Samba23.1. Introduction24.1. Introduction
This note was attached to the Samba 2.2.8 release notes as it contained an @@ -18923,8 +19433,8 @@ CLASS="SECT1" >
23.2. Using host based protection24.2. Using host based protection
In many installations of Samba the greatest threat comes for outside @@ -18933,8 +19443,17 @@ any host, which means that if you run an insecure version of Samba on a host that is directly connected to the Internet you can be especially vulnerable.
One of the simplest fixes in this case is to use the 'hosts allow' and -'hosts deny' options in the Samba smb.conf configuration file to only +>One of the simplest fixes in this case is to use the hosts allow and +hosts deny options in the Samba smb.conf configuration file to only allow access to your server from a specific range of hosts. An example might be:
23.3. Using interface protection24.3. Using interface protection
By default Samba will accept connections on any network interface that @@ -18991,8 +19510,8 @@ CLASS="SECT1" >
23.4. Using a firewall24.4. Using a firewall
Many people use a firewall to deny access to services that they don't @@ -19021,8 +19540,8 @@ CLASS="SECT1" >
23.5. Using a IPC$ share deny24.5. Using a IPC$ share deny
If the above methods are not suitable, then you could also place a @@ -19060,11 +19579,15 @@ CLASS="SECT1" >
23.6. Upgrading Samba24.6. Upgrading Samba
Please check regularly on http://www.samba.org/ for updates and +>Please check regularly on http://www.samba.org/ for updates and important announcements. Occasionally security releases are made and it is highly recommended to upgrade Samba when a security vulnerability is discovered.
Chapter 24. Unicode/CharsetsChapter 25. Unicode/Charsets24.1. What are charsets and unicode?25.1. What are charsets and unicode?
Computers communicate in numbers. In texts, each number will be @@ -19132,8 +19655,8 @@ CLASS="SECT1" >
24.2. Samba and charsets25.2. Samba and charsets
As of samba 3.0, samba can (and will) talk unicode over the wire. Internally, @@ -19185,8 +19708,6 @@ CLASS="COMMAND" >
- 25. 26. SWAT - The Samba Web Admininistration Tool
- 25.1. 26.1. SWAT Features and Benefits
- 25.1.1. 26.1.1. The SWAT Home Page
- 25.1.2. 26.1.2. Global Settings
- 25.1.3. 26.1.3. The SWAT Wizard
- 25.1.4. 26.1.4. Share Settings
- 25.1.5. 26.1.5. Printing Settings
- 25.1.6. 26.1.6. The Status Page
- 25.1.7. 26.1.7. The Password Change Page
- 26. 27. Migration from NT4 PDC to Samba-3 PDC
- 26.1. 27.1. Planning and Getting Started
- 26.1.1. 27.1.1. Objectives
- 26.1.2. 27.1.2. Steps In Migration Process
- 26.2. 27.2. Managing Samba-3 Domain Control
- 27. 28. Samba performance issues
- 27.1. 28.1. Comparisons
- 27.2. 28.2. Socket options
- 27.3. 28.3. Read size
- 27.4. 28.4. Max xmit
- 27.5. 28.5. Log level
- 27.6. 28.6. Read raw
- 27.7. 28.7. Write raw
- 27.8. 28.8. Slow Clients
- 27.9. 28.9. Slow Logins
- 27.10. 28.10. Client tuning
- 28. 29. Portability
- 29. 30. Samba and other CIFS clients
- 29.1. 30.1. Macintosh clients?
- 29.2. 30.2. OS2 Client
- 29.2.1. 30.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?
- 29.2.2. 30.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?
- 29.2.3. 30.2.3. Are there any other issues when OS/2 (any version) is used as a client?
- 29.2.4. 30.2.4. How do I get printer driver download working for OS/2 clients?
- 29.3. 30.3. Windows for Workgroups
- 29.4. 30.4. Windows '95/'98
- 29.5. 30.5. Windows 2000 Service Pack 2
- 29.6. 30.6. Windows NT 3.1
- 30. 31. How to compile SAMBA
- 31. 32. Reporting Bugs
- 31.1. 32.1. Introduction
- 31.2. 32.2. General info
- 31.3. 32.3. Debug levels
- 31.4. 32.4. Internal errors
- 31.5. 32.5. Attaching to a running process
- 31.6. 32.6. Patches
- 32. 33. The samba checklist
Chapter 25. SWAT - The Samba Web Admininistration ToolChapter 26. SWAT - The Samba Web Admininistration Tool
- 32.1. 33.1. Introduction
- 32.2. 33.2. Assumptions
- 32.3. 33.3. The tests
- 32.4. 33.4. Still having troubles?
This is a rough guide to SWAT.
25.1. SWAT Features and Benefits26.1. SWAT Features and Benefits
You must use at least the following ...
25.1.1. The SWAT Home Page26.1.1. The SWAT Home Page
Blah blah here.
25.1.2. Global Settings26.1.2. Global Settings
Document steps right here!
25.1.3. The SWAT Wizard26.1.3. The SWAT Wizard
Lots of blah blah here.
25.1.4. Share Settings26.1.4. Share Settings
Document steps right here!
25.1.5. Printing Settings26.1.5. Printing Settings
Document steps right here!
25.1.6. The Status Page26.1.6. The Status Page
Document steps right here!
25.1.7. The Password Change Page26.1.7. The Password Change Page
Document steps right here!
Chapter 26. Migration from NT4 PDC to Samba-3 PDCChapter 27. Migration from NT4 PDC to Samba-3 PDCThis is a rough guide to assist those wishing to migrate from NT4 domain control to Samba-3 based domain control.
26.1. Planning and Getting Started27.1. Planning and Getting Started
You must use at least the following ...
26.1.1. Objectives27.1.1. Objectives
Blah blah objectives here.
26.1.2. Steps In Migration Process27.1.2. Steps In Migration Process
Document steps right here!
26.2. Managing Samba-3 Domain Control27.2. Managing Samba-3 Domain Control
Lots of blah blah here.
Chapter 27. Samba performance issuesChapter 28. Samba performance issuesChapter 29. Samba and other CIFS clientsChapter 30. Samba and other CIFS clients27.1. Comparisons28.1. Comparisons
The Samba server uses TCP to talk to the client. Thus if you are @@ -19824,8 +20345,8 @@ CLASS="SECT1" >
27.2. Socket options28.2. Socket options
There are a number of socket options that can greatly affect the @@ -19852,8 +20373,8 @@ CLASS="SECT1" >
27.3. Read size28.3. Read size
The option "read size" affects the overlap of disk reads/writes with @@ -19878,8 +20399,8 @@ CLASS="SECT1" >
27.4. Max xmit28.4. Max xmit
At startup the client and server negotiate a "maximum transmit" size, @@ -19901,8 +20422,8 @@ CLASS="SECT1" >
27.5. Log level28.5. Log level
If you set the log level (also known as "debug level") higher than 2 @@ -19915,8 +20436,8 @@ CLASS="SECT1" >
27.6. Read raw28.6. Read raw
The "read raw" operation is designed to be an optimised, low-latency @@ -19937,8 +20458,8 @@ CLASS="SECT1" >
27.7. Write raw28.7. Write raw
The "write raw" operation is designed to be an optimised, low-latency @@ -19954,8 +20475,8 @@ CLASS="SECT1" >
27.8. Slow Clients28.8. Slow Clients
One person has reported that setting the protocol to COREPLUS rather @@ -19971,8 +20492,8 @@ CLASS="SECT1" >
27.9. Slow Logins28.9. Slow Logins
Slow logins are almost always due to the password checking time. Using @@ -19984,8 +20505,8 @@ CLASS="SECT1" >
27.10. Client tuning28.10. Client tuning
Often a speed problem can be traced to the client. The client (for @@ -20092,7 +20613,7 @@ CLASS="CHAPTER" >Chapter 28. PortabilityChapter 29. Portability
Samba works on a wide range of platforms but the interface all the platforms provide is not always compatible. This chapter contains @@ -20102,8 +20623,8 @@ CLASS="SECT1" >
28.1. HPUX29.1. HPUX
HP's implementation of supplementary groups is, er, non-standard (for @@ -20132,8 +20653,8 @@ CLASS="SECT1" >
28.2. SCO Unix29.2. SCO Unix
@@ -20149,8 +20670,8 @@ CLASS="SECT1" >
28.3. DNIX29.3. DNIX
DNIX has a problem with seteuid() and setegid(). These routines are @@ -20256,8 +20777,8 @@ CLASS="SECT1" >
28.4. RedHat Linux Rembrandt-II29.4. RedHat Linux Rembrandt-II
By default RedHat Rembrandt-II during installation adds an @@ -20280,19 +20801,22 @@ CLASS="SECT1" >
28.5. AIX29.5. AIX
28.5.1. Sequential Read Ahead29.5.1. Sequential Read Ahead
Disabling Sequential Read Ahead using "vmtune -r 0" improves +>Disabling Sequential Read Ahead using vmtune -r 0 improves samba performance significally.
This chapter contains client-specific information.
29.1. Macintosh clients?30.1. Macintosh clients?
Yes.
29.2. OS2 Client30.2. OS2 Client
29.2.1. How can I configure OS/2 Warp Connect or +NAME="AEN4330" +>30.2.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?
29.2.2. How can I configure OS/2 Warp 3 (not Connect), +NAME="AEN4345" +>30.2.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?
29.2.3. Are there any other issues when OS/2 (any version) +NAME="AEN4354" +>30.2.3. Are there any other issues when OS/2 (any version) is used as a client?
29.2.4. How do I get printer driver download working +NAME="AEN4358" +>30.2.4. How do I get printer driver download working for OS/2 clients?
29.3. Windows for Workgroups30.3. Windows for Workgroups
29.3.1. Use latest TCP/IP stack from Microsoft30.3.1. Use latest TCP/IP stack from Microsoft
Use the latest TCP/IP stack from microsoft if you use Windows @@ -20567,8 +21091,8 @@ CLASS="SECT2" >
29.3.2. Delete .pwl files after password change30.3.2. Delete .pwl files after password change
WfWg does a lousy job with passwords. I find that if I change my @@ -20587,8 +21111,8 @@ CLASS="SECT2" >
29.3.3. Configure WfW password handling30.3.3. Configure WfW password handling
There is a program call admincfg.exe @@ -20606,8 +21130,8 @@ CLASS="SECT2" >
29.3.4. Case handling of passwords30.3.4. Case handling of passwords
Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the
29.3.5. Use TCP/IP as default protocol30.3.5. Use TCP/IP as default protocol
To support print queue reporting you may find @@ -20640,8 +21164,8 @@ CLASS="SECT1" >
29.4. Windows '95/'9830.4. Windows '95/'98
When using Windows 95 OEM SR2 the following updates are recommended where Samba @@ -20688,8 +21212,8 @@ CLASS="SECT1" >
29.5. Windows 2000 Service Pack 230.5. Windows 2000 Service Pack 2
@@ -20788,8 +21312,8 @@ CLASS="SECT1" >
29.6. Windows NT 3.130.6. Windows NT 3.1
If you have problems communicating across routers with Windows @@ -20806,7 +21330,7 @@ CLASS="CHAPTER" >Chapter 30. How to compile SAMBAChapter 31. How to compile SAMBA
You can obtain the samba source from the
30.1. Access Samba source code via CVS31.1. Access Samba source code via CVS
30.1.1. Introduction31.1.1. Introduction
Samba is developed in an open environment. Developers use CVS @@ -20849,8 +21373,8 @@ CLASS="SECT2" >
30.1.2. CVS Access to samba.org31.1.2. CVS Access to samba.org
The machine samba.org runs a publicly accessible CVS @@ -20862,8 +21386,8 @@ CLASS="SECT3" >
30.1.2.1. Access via CVSweb31.1.2.1. Access via CVSweb
You can access the source code via your @@ -20883,8 +21407,8 @@ CLASS="SECT3" >
30.1.2.2. Access via cvs31.1.2.2. Access via cvs
You can also access the source code via a @@ -20988,8 +21512,8 @@ CLASS="SECT1" >
30.2. Accessing the samba sources via rsync and ftp31.2. Accessing the samba sources via rsync and ftp
pserver.samba.org also exports unpacked copies of most parts of the CVS tree at
30.3. Building the Binaries31.3. Building the Binaries
To do this, first run the program
30.3.1. Compiling samba with Active Directory support31.3.1. Compiling samba with Active Directory support
In order to compile samba with ADS support, you need to have installed @@ -21152,8 +21676,8 @@ CLASS="SECT3" >
30.3.1.1. Installing the required packages for Debian31.3.1.1. Installing the required packages for Debian
On Debian you need to install the following packages:
30.3.1.2. Installing the required packages for RedHat31.3.1.2. Installing the required packages for RedHat
On RedHat this means you should have at least:
30.4. Starting the smbd and nmbd31.4. Starting the smbd and nmbd
You must choose to start smbd and nmbd either @@ -21265,8 +21789,8 @@ CLASS="SECT2" >
30.4.1. Starting from inetd.conf31.4.1. Starting from inetd.conf
NOTE; The following will be different if @@ -21310,8 +21834,28 @@ CLASS="FILENAME" > varies between unixes. Look at the other entries in inetd.conf for a guide.
NOTE: Some unixes already have entries like netbios_ns +>Some unixes already have entries like netbios_ns (note the underscore) in /etc/services/etc/inetd.conf to make them consistent.
NOTE: On many systems you may need to use the - "interfaces" option in smb.conf to specify the IP address +>
On many systems you may need to use the + interfaces option in smb.conf to specify the IP address and netmask of your interfaces. Run ifconfig tries to determine it at run time, but fails on some unixes.
30.4.2. Alternative: starting it as a daemon31.4.2. Alternative: starting it as a daemon
To start the server as a daemon you should create @@ -21472,14 +22050,14 @@ CLASS="CHAPTER" >Chapter 31. Reporting BugsChapter 32. Reporting Bugs
31.1. Introduction32.1. Introduction
The email address for bug reports for stable releases is
31.2. General info32.2. General info
Before submitting a bug report check your config for silly @@ -21547,8 +22125,8 @@ CLASS="SECT1" >
31.3. Debug levels32.3. Debug levels
If the bug has anything to do with Samba behaving incorrectly as a @@ -21587,7 +22165,10 @@ CLASS="REPLACEABLE" CLASS="REPLACEABLE" >machine is the name of the client you wish to debug. In that file -put any smb.conf commands you want, for example +put any smb.conf commands you want, for example log level=
31.4. Internal errors32.4. Internal errors
If you get a "INTERNAL ERROR" message in your log files it means that @@ -21682,8 +22263,8 @@ CLASS="SECT1" >
31.5. Attaching to a running process32.5. Attaching to a running process
Unfortunately some unixes (in particular some recent linux kernels) @@ -21714,8 +22295,8 @@ CLASS="SECT1" >
31.6. Patches32.6. Patches
The best sort of bug report is one that includes a fix! If you send us @@ -21737,14 +22318,14 @@ CLASS="CHAPTER" >Chapter 32. The samba checklistChapter 33. The samba checklist
32.1. Introduction33.1. Introduction
This file contains a list of tests you can perform to validate your @@ -21765,8 +22346,8 @@ CLASS="SECT1" >
32.2. Assumptions33.2. Assumptions
In all of the tests it is assumed you have a Samba server called @@ -21775,8 +22356,21 @@ BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.
The procedure is similar for other types of clients.It is also assumed you know the name of an available share in your -smb.conf. I will assume this share is called "tmp". You can add a -"tmp" share like by adding the following to smb.conf:
smb.conf. I will assume this share is called tmp. +You can add a tmp share like by adding the +following to smb.conf:
THESE TESTS ASSUME VERSION 3.0.0 OR LATER OF THE SAMBA SUITE. SOME -COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS
These tests assume version 3.0 or later of the samba suite. Some commands shown did not exist in earlier versions.Please pay attention to the error messages you receive. If any error message reports that your server is being unfriendly you should first check that you -IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf +IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf file points to name servers that really do exist.
Also, if you do not have DNS server access for name resolution please check -that the settings for your smb.conf file results in "dns proxy = no". The -best way to check this is with "testparm smb.conf"
smb.conf file results in dns proxy = no. The +best way to check this is with testparm smb.conf.32.3. The tests33.3. The tests
In the directory in which you store your smb.conf file, run the command -"testparm smb.conf". If it reports any errors then your smb.conf +>In the directory in which you store your smb.conf file, run the command +testparm smb.conf. If it reports any errors then your smb.conf configuration file is faulty.
Note: Your smb.conf file may be located in:
Your smb.conf file may be located in: /etc/samba - Or in: /usr/local/samba/lib
Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from +>Run the command ping BIGSERVER from the PC and +ping ACLIENT from the unix box. If you don't get a valid response then your TCP/IP software is not correctly installed.
If you get a message saying "host not found" or similar then your DNS -software or /etc/hosts file is not correctly setup. It is possible to +software or /etc/hosts file is not correctly setup. +It is possible to run samba without DNS entries for the server and client, but I assume you do have correct entries for the remainder of these tests.
Another reason why ping might fail is if your host is running firewall software. You will need to relax the rules to let in the workstation in question, perhaps by allowing access from another subnet (on Linux -this is done via the ipfwadm program.)
ipfwadm program.)Run the command "smbclient -L BIGSERVER" on the unix box. You +>Run the command smbclient -L BIGSERVER on the unix box. You should get a list of available shares back.
If you get a error message containing the string "Bad password" then -you probably have either an incorrect "hosts allow", "hosts deny" or -"valid users" line in your smb.conf, or your guest account is not -valid. Check what your guest account is using "testparm" and -temporarily remove any "hosts allow", "hosts deny", "valid users" or -"invalid users" lines.
hosts allow, +hosts deny or valid users line in your +smb.conf, or your guest account is not +valid. Check what your guest account is using testparm and +temporarily remove any hosts allow, hosts deny, valid users or invalid users lines.If you get a "connection refused" response then the smbd server may not be running. If you installed it in inetd.conf then you probably edited that file incorrectly. If you installed it as a daemon then check that it is running, and check that the netbios-ssn port is in a LISTEN -state using "netstat -a".
netstat -a.If you get a "session request failed" then the server refused the connection. If it says "Your server software is being unfriendly" then -its probably because you have invalid command line parameters to smbd, -or a similar fatal problem with the initial startup of smbd. Also -check your config file (smb.conf) for syntax errors with "testparm" +its probably because you have invalid command line parameters to smbd, +or a similar fatal problem with the initial startup of smbd. Also +check your config file (smb.conf) for syntax errors with testparm and that the various directories where samba keeps its log and lock files exist.
There are a number of reasons for which smbd may refuse or decline a session request. The most common of these involve one or more of -the following smb.conf file entries:
smb.conf file entries:Do NOT use the "bind interfaces only" parameter where you may wish to -use the samba password change facility, or where smbclient may need to +>Do NOT use the bind interfaces only parameter where you +may wish to +use the samba password change facility, or where smbclient may need to access local service for name resolution or for local resource -connections. (Note: the "bind interfaces only" parameter deficiency +connections. (Note: the bind interfaces only parameter deficiency where it will not allow connections to the loopback address will be fixed soon).
Another common cause of these two errors is having something already running -on port 139, such as Samba (ie: smbd is running from inetd already) or -something like Digital's Pathworks. Check your inetd.conf file before trying -to start smbd as a daemon, it can avoid a lot of frustration!
inetd already) or +something like Digital's Pathworks. Check your inetd.conf file before trying +to start smbd as a daemon, it can avoid a lot of frustration!And yet another possible cause for failure of TEST 3 is when the subnet mask +>And yet another possible cause for failure of this test is when the subnet mask and / or broadcast address settings are incorrect. Please check that the network interface IP Address / Broadcast Address / Subnet Mask settings are -correct and that Samba has correctly noted these in the log.nmb file.
log.nmb file.Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the +>Run the command nmblookup -B BIGSERVER __SAMBA__. You should get the IP address of your Samba server back.
If you don't then nmbd is incorrectly installed. Check your inetd.conf +>If you don't then nmbd is incorrectly installed. Check your inetd.conf if you run it from there, or that the daemon is running and listening to udp port 137.
run the command nmblookup -B ACLIENT '*'run the command nmblookup -B ACLIENT '*'
You should get the PCs IP address back. If you don't then the client @@ -21942,9 +22697,9 @@ client in the above test.
Run the command nmblookup -d 2 '*'Run the command nmblookup -d 2 '*'
This time we are trying the same as the previous test but are trying @@ -21957,11 +22712,20 @@ hosts.
If this doesn't give a similar result to the previous test then nmblookup isn't correctly getting your broadcast address through its automatic mechanism. In this case you should experiment use the -"interfaces" option in smb.conf to manually configure your IP +interfaces option in smb.conf to manually configure your IP address, broadcast and netmask.If your PC and server aren't on the same subnet then you will need to -use the -B option to set the broadcast address to the that of the PCs +use the -B option to set the broadcast address to the that of the PCs subnet.
This test will probably fail if your subnet mask and broadcast address are @@ -21969,29 +22733,65 @@ not correct. (Refer to TEST 3 notes above).
Run the command smbclient //BIGSERVER/TMPRun the command smbclient //BIGSERVER/TMP. You should then be prompted for a password. You should use the password of the account you are logged into the unix box with. If you want to test with -another account then add the -U >accountname< option to the end of +another account then add the -U accountname option to the end of the command line. eg: -smbclient //bigserver/tmp -Ujohndoesmbclient //bigserver/tmp -Ujohndoe
Note: It is possible to specify the password along with the username +>
It is possible to specify the password along with the username as follows: -smbclient //bigserver/tmp -Ujohndoe%secretsmbclient //bigserver/tmp -Ujohndoe%secret
Once you enter the password you should get the "smb>" prompt. If you +>Once you enter the password you should get the smb> prompt. If you don't then look at the error message. If it says "invalid network -name" then the service "tmp" is not correctly setup in your smb.conf.
smb.conf.If it says "bad password" then the likely causes are:
you have shadow passords (or some other password system) but didn't - compile in support for them in smbd + compile in support for them in smbd
your "valid users" configuration is incorrect +> your valid users configuration is incorrect
you have a mixed case password and you haven't enabled the "password - level" option at a high enough level +> you have a mixed case password and you haven't enabled the password + level option at a high enough level
the "path =" line in smb.conf is incorrect. Check it with testparm +> the path = line in smb.conf is incorrect. Check it with testparm
- etc. Type help >command<help command for instructions. You should especially check that the amount of free disk space shown is correct when you type
On the PC type the command net view \\BIGSERVEROn the PC type the command net view \\BIGSERVER. You will need to do this from within a "dos prompt" window. You should get back a list of available shares on the server.
fixup the nmbd installation
fixup the nmbd installationadd the IP address of BIGSERVER to the "wins server" box in the +> add the IP address of BIGSERVER to the wins server box in the advanced tcp/ip setup on the PC.
If you get a "invalid network name" or "bad password error" then the -same fixes apply as they did for the "smbclient -L" test above. In -particular, make sure your "hosts allow" line is correct (see the man +same fixes apply as they did for the smbclient -L test above. In +particular, make sure your hosts allow line is correct (see the man pages)
Also, do not overlook that fact that when the workstation requests the @@ -22100,22 +22933,47 @@ name and password.
If you get "specified computer is not receiving requests" or similar it probably means that the host is not contactable via tcp services. Check to see if the host is running tcp wrappers, and if so add an entry in -the hosts.allow file for your client (or subnet, etc.)hosts.allow file for your client (or subnet, etc.)Run the command net use x: \\BIGSERVER\TMPRun the command net use x: \\BIGSERVER\TMP. You should be prompted for a password then you should get a "command completed successfully" message. If not then your PC software is incorrectly -installed or your smb.conf is incorrect. make sure your "hosts allow" -and other config lines in smb.conf are correct.
hosts allow +and other config lines in smb.conf are correct.It's also possible that the server can't work out what user name to -connect you as. To see if this is the problem add the line "user = -USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the +connect you as. To see if this is the problem add the line user = +username to the [tmp] section of +smb.conf where username is the username corresponding to the password you typed. If you find this fixes things you may need the username mapping option.
in smb.conf. +> Turn it back on to fix.
Run the command nmblookup -M TESTGROUPRun the command nmblookup -M testgroup where -TESTGROUP is the name of the workgroup that your Samba server and +testgroup is the name of the workgroup that your Samba server and Windows PCs belong to. You should get back the IP address of the master browser for that workgroup.
If you don't then the election process has failed. Wait a minute to see if it is just being slow then try again. If it still fails after -that then look at the browsing options you have set in smb.conf. Make +that then look at the browsing options you have set in smb.conf. Make sure you have preferred master = yespassword server = Windows_NT_Machine in your -smb.conf file, or enable encrypted passwords AFTER compiling in support -for encrypted passwords (refer to the Makefile).
smb.conf file, or make sure encrypted passwords is +set to "yes".32.4. Still having troubles?33.4. Still having troubles?
Try the mailing list or newsgroup, or use the ethereal utility to @@ -22194,8 +23067,6 @@ HREF="http://samba.org/samba" TARGET="_top" >http://samba.org/samba/
Also look at the other docs in the Samba package!