Samba Server FAQ <author>Dan Shearer & Paul Blackman, <tt>ictinus@samba.org</tt> <date>v 0.3, 7 Oct '97 <abstract> This is the <em>Server</em> Frequently Asked Questions (FAQ) document for Samba, the free and very popular SMB and CIFS server product. A general <url url="Samba-meta-FAQ.html" name="meta FAQ"> exists and also a companion <url url="Samba-Client-FAQ.html" name="Client FAQ">, together with more detailed HOWTO documents on topics to do with Samba software. This is current to Samba version 1.9.17. Please send any corrections to the author. </abstract> <toc> <sect>What is Samba?<p><label id="WhatIsSamba"> See the <url url="Samba-meta-FAQ.html#introduction" name="meta FAQ introduction"> if you don't have any idea what Samba does. Samba has many features that are not supported in other CIFS and SMB implementations, all of which are commercial. It approaches some problems from a different angle. Some of its features include: <itemize> <item>extremely dynamic runtime configuration <item>host as well as username/password security <item>scriptable SMB client <item>automatic home directory exporting <item>automatic printer exporting <item>intelligent dead connection timeouts <item>guest connections </itemize> Look at the <url url="samba-man-index.html" name="manual pages"> included with the package for a full list of features. The components of the suite are (in summary): <descrip> <tag/smbd/ the SMB server. This handles actual connections from clients, doing all the interfacing with the <url url="Samba-meta-FAQ.html#DomainModeSecurity" name="authentication database"> for file, permission and username work. <tag/nmbd/ the NetBIOS name server, which helps clients locate servers, maintaining the <url url="Samba-meta-FAQ.html#BrowseAndDomainDefs" name="authentication database"> doing the browsing work and managing domains as this capability is being built into Samba. <tag/smbclient/ the scriptable commandline SMB client program. Useful for automated work, printer filters and testing purposes. It is more CIFS-compliant than most commercial implementations. Note that this is not a filesystem. The Samba team does not supply a network filesystem driver, although the smbfs filesystem for Linux is derived from smbclient code. <tag/smbrun/ a little 'glue' program to help the server run external programs. <tag/testprns/ a program to test server access to printers <tag/testparms/ a program to test the Samba configuration file for correctness <tag/smb.conf/ the Samba configuration file <tag/examples/ many examples have been put together for the different operating systems that Samba supports. <tag/Documentation!/ DON'T neglect to read it - you will save a great deal of time! </descrip> <sect>How do I get the CIFS, SMB and NetBIOS protocols?<p><label id="ServerProtocols"> See the <url url="Samba-meta-FAQ.html#CifsSmb" name="meta FAQ on CIFS and SMB"> if you don't have any idea what these protocols are. CIFS and SMB are implemented by the main Samba fileserving daemon, smbd. [.....] nmbd speaks a limited amount of CIFS (...) but is mostly concerned with NetBIOS. NetBIOS is [....] RFC1001, RFC1002 [...] So, provided you have got Samba correctly installed and running you have all three of these protocols. Some operating systems already come with stacks for all or some of these, such as SCO Unix, OS/2 and [...] In this case you must [...] <sect1>What server operating systems are supported?<p><label id="PortInfo"> At the last count, Samba runs on about 40 operating systems! This section looks at general questions about running Samba on the different platforms. Issues specific to particular operating systems are dealt with in elsewhere in this document. Many of the ports have been done by people outside the Samba team keen to get the advantages of Samba. The Samba team is currently trying to bring as many of these ports as possible into the main source tree and integrate the documentation. Samba is an integration tool, and so it has been made as easy as possible to port. The platforms most widely used and thus best tested are Linux and SunOS. This migration has not been completed yet. This means that some documentation is on web sites [...] There are two main families of Samba ports, Unix and other. The Unix ports cover anything that remotely resembles Unix and includes some extremely old products as well as best-sellers, tiny PCs to massive multiprocessor machines supporting hundreds of thousands of users. Samba has been run on more than 30 Unix and Unix-like operating systems. <sect2>Running Samba on a Unix or Unix-like system<p><label id="OnUnix"> <url url="../UNIX-SMB.txt"> describes some of the issues that confront a SMB implementation on unix, and how Samba copes with them. They may help people who are looking at unix<->PC interoperability. There is great variation between Unix implementations, especially those not adhering to the Common Unix Specification agreed to in 1996. Things that can be quite tricky are [.....] There are also some considerable advantages conferred on Samba running under Unix compared to, say, Windows NT or LAN Server. Unix has [...] At time of writing, the Makefile claimed support for: <itemize> <item> A/UX 3.0 <item> AIX <item> Altos Series 386/1000 <item> Amiga <item> Apollo Domain/OS sr10.3 <item> BSDI <item> B.O.S. (Bull Operating System) <item> Cray, Unicos 8.0 <item> Convex <item> DGUX. <item> DNIX. <item> FreeBSD <item> HP-UX <item> Intergraph. <item> Linux with/without shadow passwords and quota <item> LYNX 2.3.0 <item> MachTen (a unix like system for Macintoshes) <item> Motorola 88xxx/9xx range of machines <item> NetBSD <item> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach). <item> OS/2 using EMX 0.9b <item> OSF1 <item> QNX 4.22 <item> RiscIX. <item> RISCOs 5.0B <item> SEQUENT. <item> SCO (including: 3.2v2, European dist., OpenServer 5) <item> SGI. <item> SMP_DC.OSx v1.1-94c079 on Pyramid S series <item> SONY NEWS, NEWS-OS (4.2.x and 6.1.x) <item> SUNOS 4 <item> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later') <item> Sunsoft ISC SVR3V4 <item> SVR4 <item> System V with some berkely extensions (Motorola 88k R32V3.2). <item> ULTRIX. <item> UNIXWARE <item> UXP/DS </itemize> <sect2>Running Samba on systems unlike Unix<p><label id="OnUnlikeUnix"> More recently Samba has been ported to a number of operating systems which can provide a BSD Unix-like implementation of TCP/IP sockets. These include OS/2, Netware, VMS, StratOS, Amiga and MVS. BeOS, Windows NT and several others are being worked on but not yet available for use. Home pages for these ports are: [... ] <sect1>Exporting server resources with Samba<p><label id="Exporting"> Files, printers, CD ROMs and other local devices. Network devices, including networked filesystems and remote printer queues. Other devices such as [....] 1.4) Configuring SHARES 1.4.1) Homes service 1.4.2) Public services 1.4.3) Application serving 1.4.4) Team sharing a Samba resource 1.5) Printer configuration 1.5.1) Berkeley LPR/LPD systems 1.5.2) ATT SysV lp systems 1.5.3) Using a private printcap file 1.5.4) Use of the smbprint utility 1.5.5) Printing from Windows to Unix 1.5.6) Printing from Unix to Windows <sect1>Name Resolution and Browsing<p><label id="NameBrowsing"> See also <url url="../BROWSING.txt"> 1.6) Name resolution issues 1.6.1) LMHOSTS file and when to use it 1.6.2) configuring WINS (support, server, proxy) 1.6.3) configuring DNS proxy 1.7) Problem Diagnosis 1.8) What NOT to do!!!! 3.2) Browse list managment 3.3) Name resolution mangement <sect1>Handling SMB Encryption<p><label id="SMBEncryptionSteps"> SMB encryption is ... ...in <url url="../ENCRYPTION.txt"> there is... Samba compiled with libdes - enabling encrypted passwords <sect2>Laws in different countries affecting Samba<p><label id="CryptoLaws"> <sect2>Relationship between encryption and Domain Authentication<p> <sect1> Files and record locking 3.1.1) Old DOS clients 3.1.2) Opportunistic locking and the consequences 3.1.3) Files caching under Windows for Workgroups, Win95 and NT Some of the foregoing links into Client-FAQ <sect1>Managing Samba Log files<p><label id="LogFiles"> <sect1>I can't see the Samba server in any browse lists!<p><label id="no_browse"> See <url url="ftp://samba.org/pub/samba/BROWSING.txt" name="BROWSING.txt"> for more information on browsing. Browsing.txt can also be found in the docs directory of the Samba source. If your GUI client does not permit you to select non-browsable servers, you may need to do so on the command line. For example, under Lan Manager you might connect to the above service as disk drive M: thusly: <tscreen><verb> net use M: \\mary\fred </verb></tscreen> The details of how to do this and the specific syntax varies from client to client - check your client's documentation. <sect1>Some files that I KNOW are on the server doesn't show up when I view the files from my client! <p> <label id="missing_files"> See the next question. <sect1>Some files on the server show up with really wierd filenames when I view the files from my client! <p> <label id="strange_filenames"> If you check what files are not showing up, you will note that they are files which contain upper case letters or which are otherwise not DOS-compatible (ie, they are not legal DOS filenames for some reason). The Samba server can be configured either to ignore such files completely, or to present them to the client in "mangled" form. If you are not seeing the files at all, the Samba server has most likely been configured to ignore them. Consult the man page smb.conf(5) for details of how to change this - the parameter you need to set is "mangled names = yes". <sect1>My client reports "cannot locate specified computer" or similar<p><label id="cant_see_server"> This indicates one of three things: You supplied an incorrect server name, the underlying TCP/IP layer is not working correctly, or the name you specified cannot be resolved. After carefully checking that the name you typed is the name you should have typed, try doing things like pinging a host or telnetting to somewhere on your network to see if TCP/IP is functioning OK. If it is, the problem is most likely name resolution. If your client has a facility to do so, hardcode a mapping between the hosts IP and the name you want to use. For example, with Lan Manager or Windows for Workgroups you would put a suitable entry in the file LMHOSTS. If this works, the problem is in the communication between your client and the netbios name server. If it does not work, then there is something fundamental wrong with your naming and the solution is beyond the scope of this document. If you do not have any server on your subnet supplying netbios name resolution, hardcoded mappings are your only option. If you DO have a netbios name server running (such as the Samba suite's nmbd program), the problem probably lies in the way it is set up. Refer to Section Two of this FAQ for more ideas. By the way, remember to REMOVE the hardcoded mapping before further tests :-) <sect1>My client reports "cannot locate specified share name" or similar<p> <label id="cant_see_share"> This message indicates that your client CAN locate the specified server, which is a good start, but that it cannot find a service of the name you gave. The first step is to check the exact name of the service you are trying to connect to (consult your system administrator). Assuming it exists and you specified it correctly (read your client's docs on how to specify a service name correctly), read on: <itemize> <item> Many clients cannot accept or use service names longer than eight characters. <item> Many clients cannot accept or use service names containing spaces. <item> Some servers (not Samba though) are case sensitive with service names. <item> Some clients force service names into upper case. </itemize> <sect1>Printing doesn't work :-(<p> <label id="no_printing"> Make sure that the specified print command for the service you are connecting to is correct and that it has a fully-qualified path (eg., use "/usr/bin/lpr" rather than just "lpr", if you happen to be using Unix). Make sure that the spool directory specified for the service is writable by the user connected to the service. Make sure that the user specified in the service is permitted to use the printer. Check the debug log produced by smbd. Search for the printer name and see if the log turns up any clues. Note that error messages to do with a service ipc$ are meaningless - they relate to the way the client attempts to retrieve status information when using the LANMAN1 protocol. If using WfWg then you need to set the default protocol to TCP/IP, not Netbeui. This is a WfWg bug. If using the Lanman1 protocol (the default) then try switching to coreplus. Also not that print status error messages don't mean printing won't work. The print status is received by a different mechanism. <sect1>My client reports "This server is not configured to list shared resources" <p> <label id="cant_list_shares"> Your guest account is probably invalid for some reason. Samba uses the guest account for browsing in smbd. Check that your guest account is valid. See also 'guest account' in smb.conf man page. <sect1>Issues specific to Unix and Unix-like systems<p><label id="UnixIssues"> <sect2>Printing doesn't work with my Unix Samba server<p> <label id="no_printing"> The user "nobody" often has problems with printing, even if it worked with an earlier version of Samba. Try creating another guest user other than "nobody". <sect2>Log message "you appear to have a trapdoor uid system" <p><label id="trapdoor_uid"> This can have several causes. It might be because you are using a uid or gid of 65535 or -1. This is a VERY bad idea, and is a big security hole. Check carefully in your /etc/passwd file and make sure that no user has uid 65535 or -1. Especially check the "nobody" user, as many broken systems are shipped with nobody setup with a uid of 65535. It might also mean that your OS has a trapdoor uid/gid system :-) This means that once a process changes effective uid from root to another user it can't go back to root. Unfortunately Samba relies on being able to change effective uid from root to non-root and back again to implement its security policy. If your OS has a trapdoor uid system this won't work, and several things in Samba may break. Less things will break if you use user or server level security instead of the default share level security, but you may still strike problems. The problems don't give rise to any security holes, so don't panic, but it does mean some of Samba's capabilities will be unavailable. In particular you will not be able to connect to the Samba server as two different uids at once. This may happen if you try to print as a "guest" while accessing a share as a normal user. It may also affect your ability to list the available shares as this is normally done as the guest user. Complain to your OS vendor and ask them to fix their system. Note: the reason why 65535 is a VERY bad choice of uid and gid is that it casts to -1 as a uid, and the setreuid() system call ignores (with no error) uid changes to -1. This means any daemon attempting to run as uid 65535 will actually run as root. This is not good! </article>