sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code
2110901b38
samba-mirror/docs/htmldocs/diagnosis.html
Gerald Carter 1af74785f3 * merge fixes for SGML syntax errors (does no one ever regenerate the docs?) 
* regenerate the docs
* add some files from SAMBA_3_0
0001-01-01 00:00:00 +00:00

627 lines
16 KiB
HTML
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>Diagnosing your samba server</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="SAMBA Project Documentation"
HREF="samba-howto-collection.html"><LINK
REL="UP"
TITLE="Appendixes"
HREF="appendixes.html"><LINK
REL="PREVIOUS"
TITLE="Reporting Bugs"
HREF="bugreport.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>SAMBA Project Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="bugreport.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
>&nbsp;</TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="DIAGNOSIS">Chapter 26. Diagnosing your samba server</H1
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3378">26.1. Introduction</H1
><P
>This file contains a list of tests you can perform to validate your
Samba server. It also tells you what the likely cause of the problem
is if it fails any one of these steps. If it passes all these tests
then it is probably working fine.</P
><P
>You should do ALL the tests, in the order shown. We have tried to
carefully choose them so later tests only use capabilities verified in
the earlier tests.</P
><P
>If you send one of the samba mailing lists an email saying "it doesn't work"
and you have not followed this test procedure then you should not be surprised
your email is ignored.</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3383">26.2. Assumptions</H1
><P
>In all of the tests it is assumed you have a Samba server called
BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.</P
><P
>The procedure is similar for other types of clients.</P
><P
>It is also assumed you know the name of an available share in your
smb.conf. I will assume this share is called "tmp". You can add a
"tmp" share like by adding the following to smb.conf:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>&#13;[tmp]
comment = temporary files
path = /tmp
read only = yes&#13;</PRE
></P
><P
>THESE TESTS ASSUME VERSION 3.0.0 OR LATER OF THE SAMBA SUITE. SOME
COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS</P
><P
>Please pay attention to the error messages you receive. If any error message
reports that your server is being unfriendly you should first check that you
IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf
file points to name servers that really do exist.</P
><P
>Also, if you do not have DNS server access for name resolution please check
that the settings for your smb.conf file results in "dns proxy = no". The
best way to check this is with "testparm smb.conf"</P
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3393">26.3. Tests</H1
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3395">26.3.1. Test 1</H2
><P
>In the directory in which you store your smb.conf file, run the command
"testparm smb.conf". If it reports any errors then your smb.conf
configuration file is faulty.</P
><P
>Note: Your smb.conf file may be located in: <TT
CLASS="FILENAME"
>/etc/samba</TT
>
Or in: <TT
CLASS="FILENAME"
>/usr/local/samba/lib</TT
></P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3401">26.3.2. Test 2</H2
><P
>Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
the unix box. If you don't get a valid response then your TCP/IP
software is not correctly installed. </P
><P
>Note that you will need to start a "dos prompt" window on the PC to
run ping.</P
><P
>If you get a message saying "host not found" or similar then your DNS
software or /etc/hosts file is not correctly setup. It is possible to
run samba without DNS entries for the server and client, but I assume
you do have correct entries for the remainder of these tests. </P
><P
>Another reason why ping might fail is if your host is running firewall
software. You will need to relax the rules to let in the workstation
in question, perhaps by allowing access from another subnet (on Linux
this is done via the ipfwadm program.)</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3407">26.3.3. Test 3</H2
><P
>Run the command "smbclient -L BIGSERVER" on the unix box. You
should get a list of available shares back. </P
><P
>If you get a error message containing the string "Bad password" then
you probably have either an incorrect "hosts allow", "hosts deny" or
"valid users" line in your smb.conf, or your guest account is not
valid. Check what your guest account is using "testparm" and
temporarily remove any "hosts allow", "hosts deny", "valid users" or
"invalid users" lines.</P
><P
>If you get a "connection refused" response then the smbd server may
not be running. If you installed it in inetd.conf then you probably edited
that file incorrectly. If you installed it as a daemon then check that
it is running, and check that the netbios-ssn port is in a LISTEN
state using "netstat -a".</P
><P
>If you get a "session request failed" then the server refused the
connection. If it says "Your server software is being unfriendly" then
its probably because you have invalid command line parameters to smbd,
or a similar fatal problem with the initial startup of smbd. Also
check your config file (smb.conf) for syntax errors with "testparm"
and that the various directories where samba keeps its log and lock
files exist.</P
><P
>There are a number of reasons for which smbd may refuse or decline
a session request. The most common of these involve one or more of
the following smb.conf file entries:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> hosts deny = ALL
hosts allow = xxx.xxx.xxx.xxx/yy
bind interfaces only = Yes</PRE
></P
><P
>In the above, no allowance has been made for any session requests that
will automatically translate to the loopback adaptor address 127.0.0.1.
To solve this problem change these lines to:</P
><P
><PRE
CLASS="PROGRAMLISTING"
> hosts deny = ALL
hosts allow = xxx.xxx.xxx.xxx/yy 127.</PRE
></P
><P
>Do NOT use the "bind interfaces only" parameter where you may wish to
use the samba password change facility, or where smbclient may need to
access local service for name resolution or for local resource
connections. (Note: the "bind interfaces only" parameter deficiency
where it will not allow connections to the loopback address will be
fixed soon).</P
><P
>Another common cause of these two errors is having something already running
on port 139, such as Samba (ie: smbd is running from inetd already) or
something like Digital's Pathworks. Check your inetd.conf file before trying
to start smbd as a daemon, it can avoid a lot of frustration!</P
><P
>And yet another possible cause for failure of TEST 3 is when the subnet mask
and / or broadcast address settings are incorrect. Please check that the
network interface IP Address / Broadcast Address / Subnet Mask settings are
correct and that Samba has correctly noted these in the log.nmb file.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3422">26.3.4. Test 4</H2
><P
>Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
IP address of your Samba server back.</P
><P
>If you don't then nmbd is incorrectly installed. Check your inetd.conf
if you run it from there, or that the daemon is running and listening
to udp port 137.</P
><P
>One common problem is that many inetd implementations can't take many
parameters on the command line. If this is the case then create a
one-line script that contains the right parameters and run that from
inetd.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3427">26.3.5. Test 5</H2
><P
>run the command <B
CLASS="COMMAND"
>nmblookup -B ACLIENT '*'</B
></P
><P
>You should get the PCs IP address back. If you don't then the client
software on the PC isn't installed correctly, or isn't started, or you
got the name of the PC wrong. </P
><P
>If ACLIENT doesn't resolve via DNS then use the IP address of the
client in the above test.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3433">26.3.6. Test 6</H2
><P
>Run the command <B
CLASS="COMMAND"
>nmblookup -d 2 '*'</B
></P
><P
>This time we are trying the same as the previous test but are trying
it via a broadcast to the default broadcast address. A number of
Netbios/TCPIP hosts on the network should respond, although Samba may
not catch all of the responses in the short time it listens. You
should see "got a positive name query response" messages from several
hosts.</P
><P
>If this doesn't give a similar result to the previous test then
nmblookup isn't correctly getting your broadcast address through its
automatic mechanism. In this case you should experiment use the
"interfaces" option in smb.conf to manually configure your IP
address, broadcast and netmask. </P
><P
>If your PC and server aren't on the same subnet then you will need to
use the -B option to set the broadcast address to the that of the PCs
subnet.</P
><P
>This test will probably fail if your subnet mask and broadcast address are
not correct. (Refer to TEST 3 notes above).</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3441">26.3.7. Test 7</H2
><P
>Run the command <B
CLASS="COMMAND"
>smbclient //BIGSERVER/TMP</B
>. You should
then be prompted for a password. You should use the password of the account
you are logged into the unix box with. If you want to test with
another account then add the -U &gt;accountname&lt; option to the end of
the command line. eg:
<B
CLASS="COMMAND"
>smbclient //bigserver/tmp -Ujohndoe</B
></P
><P
>Note: It is possible to specify the password along with the username
as follows:
<B
CLASS="COMMAND"
>smbclient //bigserver/tmp -Ujohndoe%secret</B
></P
><P
>Once you enter the password you should get the "smb&#62;" prompt. If you
don't then look at the error message. If it says "invalid network
name" then the service "tmp" is not correctly setup in your smb.conf.</P
><P
>If it says "bad password" then the likely causes are:</P
><P
></P
><OL
TYPE="1"
><LI
><P
> you have shadow passords (or some other password system) but didn't
compile in support for them in smbd
</P
></LI
><LI
><P
> your "valid users" configuration is incorrect
</P
></LI
><LI
><P
> you have a mixed case password and you haven't enabled the "password
level" option at a high enough level
</P
></LI
><LI
><P
> the "path =" line in smb.conf is incorrect. Check it with testparm
</P
></LI
><LI
><P
> you enabled password encryption but didn't create the SMB encrypted
password file
</P
></LI
></OL
><P
>Once connected you should be able to use the commands
<B
CLASS="COMMAND"
>dir</B
> <B
CLASS="COMMAND"
>get</B
> <B
CLASS="COMMAND"
>put</B
> etc.
Type <B
CLASS="COMMAND"
>help &gt;command&lt;</B
> for instructions. You should
especially check that the amount of free disk space shown is correct
when you type <B
CLASS="COMMAND"
>dir</B
>.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3467">26.3.8. Test 8</H2
><P
>On the PC type the command <B
CLASS="COMMAND"
>net view \\BIGSERVER</B
>. You will
need to do this from within a "dos prompt" window. You should get back a
list of available shares on the server.</P
><P
>If you get a "network name not found" or similar error then netbios
name resolution is not working. This is usually caused by a problem in
nmbd. To overcome it you could do one of the following (you only need
to choose one of them):</P
><P
></P
><OL
TYPE="1"
><LI
><P
> fixup the nmbd installation</P
></LI
><LI
><P
> add the IP address of BIGSERVER to the "wins server" box in the
advanced tcp/ip setup on the PC.</P
></LI
><LI
><P
> enable windows name resolution via DNS in the advanced section of
the tcp/ip setup</P
></LI
><LI
><P
> add BIGSERVER to your lmhosts file on the PC.</P
></LI
></OL
><P
>If you get a "invalid network name" or "bad password error" then the
same fixes apply as they did for the "smbclient -L" test above. In
particular, make sure your "hosts allow" line is correct (see the man
pages)</P
><P
>Also, do not overlook that fact that when the workstation requests the
connection to the samba server it will attempt to connect using the
name with which you logged onto your Windows machine. You need to make
sure that an account exists on your Samba server with that exact same
name and password.</P
><P
>If you get "specified computer is not receiving requests" or similar
it probably means that the host is not contactable via tcp services.
Check to see if the host is running tcp wrappers, and if so add an entry in
the hosts.allow file for your client (or subnet, etc.)</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3484">26.3.9. Test 9</H2
><P
>Run the command <B
CLASS="COMMAND"
>net use x: \\BIGSERVER\TMP</B
>. You should
be prompted for a password then you should get a "command completed
successfully" message. If not then your PC software is incorrectly
installed or your smb.conf is incorrect. make sure your "hosts allow"
and other config lines in smb.conf are correct.</P
><P
>It's also possible that the server can't work out what user name to
connect you as. To see if this is the problem add the line "user =
USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the
username corresponding to the password you typed. If you find this
fixes things you may need the username mapping option. </P
><P
>It might also be the case that your client only sends encrypted passwords
and you have <B
CLASS="COMMAND"
>encrypt passwords = no</B
> in <TT
CLASS="FILENAME"
>smb.conf</TT
>.
Turn it back on to fix.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3492">26.3.10. Test 10</H2
><P
>Run the command <B
CLASS="COMMAND"
>nmblookup -M TESTGROUP</B
> where
TESTGROUP is the name of the workgroup that your Samba server and
Windows PCs belong to. You should get back the IP address of the
master browser for that workgroup.</P
><P
>If you don't then the election process has failed. Wait a minute to
see if it is just being slow then try again. If it still fails after
that then look at the browsing options you have set in smb.conf. Make
sure you have <B
CLASS="COMMAND"
>preferred master = yes</B
> to ensure that
an election is held at startup.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN3498">26.3.11. Test 11</H2
><P
>From file manager try to browse the server. Your samba server should
appear in the browse list of your local workgroup (or the one you
specified in smb.conf). You should be able to double click on the name
of the server and get a list of shares. If you get a "invalid
password" error when you do then you are probably running WinNT and it
is refusing to browse a server that has no encrypted password
capability and is in user level security mode. In this case either set
<B
CLASS="COMMAND"
>security = server</B
> AND
<B
CLASS="COMMAND"
>password server = Windows_NT_Machine</B
> in your
smb.conf file, or enable encrypted passwords AFTER compiling in support
for encrypted passwords (refer to the Makefile).</P
></DIV
></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN3503">26.4. Still having troubles?</H1
><P
>Try the mailing list or newsgroup, or use the ethereal utility to
sniff the problem. The official samba mailing list can be reached at
<A
HREF="mailto:samba@samba.org"
TARGET="_top"
>samba@samba.org</A
>. To find
out more about samba and how to subscribe to the mailing list check
out the samba web page at
<A
HREF="http://samba.org/samba"
TARGET="_top"
>http://samba.org/samba</A
></P
><P
>Also look at the other docs in the Samba package!</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="bugreport.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="samba-howto-collection.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>&nbsp;</TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Reporting Bugs</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="appendixes.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>&nbsp;</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
View Git Blame Copy Permalink