mirror of
https://github.com/samba-team/samba.git
synced 2025-01-07 17:18:11 +03:00
177 lines
4.8 KiB
XML
177 lines
4.8 KiB
XML
<chapter id="FAQ-errors">
|
|
|
|
<title>Common errors</title>
|
|
|
|
<sect1>
|
|
<title>Not listening for calling name</title>
|
|
|
|
<para>
|
|
<programlisting>
|
|
Session request failed (131,129) with myname=HOBBES destname=CALVIN
|
|
Not listening for calling name
|
|
</programlisting>
|
|
</para>
|
|
|
|
<para>
|
|
If you get this when talking to a Samba box then it means that your
|
|
global "hosts allow" or "hosts deny" settings are causing the Samba
|
|
server to refuse the connection.
|
|
</para>
|
|
|
|
<para>
|
|
Look carefully at your "hosts allow" and "hosts deny" lines in the
|
|
global section of smb.conf.
|
|
</para>
|
|
|
|
<para>
|
|
It can also be a problem with reverse DNS lookups not functioning
|
|
correctly, leading to the remote host identity not being able to
|
|
be confirmed, but that is less likely.
|
|
</para>
|
|
</sect1>
|
|
|
|
<sect1>
|
|
<title>System Error 1240</title>
|
|
|
|
<para>
|
|
System error 1240 means that the client is refusing to talk
|
|
to a non-encrypting server. Microsoft changed WinNT in service
|
|
pack 3 to refuse to connect to servers that do not support
|
|
SMB password encryption.
|
|
</para>
|
|
|
|
<para>There are two main solutions:
|
|
<simplelist>
|
|
<member>enable SMB password encryption in Samba. See the encryption part of
|
|
the samba HOWTO Collection</member>
|
|
|
|
<member>disable this new behaviour in NT. See the section about
|
|
Windows NT in the chapter "Portability" of the samba HOWTO collection
|
|
</member>
|
|
</simplelist>
|
|
</para>
|
|
</sect1>
|
|
|
|
<sect1>
|
|
<title>smbclient ignores -N !</title>
|
|
|
|
<para>
|
|
<quote>When getting the list of shares available on a host using the command
|
|
<command>smbclient -N -L</command>
|
|
the program always prompts for the password if the server is a Samba server.
|
|
It also ignores the "-N" argument when querying some (but not all) of our
|
|
NT servers.
|
|
</quote>
|
|
</para>
|
|
<para>
|
|
No, it does not ignore -N, it is just that your server rejected the
|
|
null password in the connection, so smbclient prompts for a password
|
|
to try again.
|
|
</para>
|
|
|
|
<para>
|
|
To get the behaviour that you probably want use <command>smbclient -L host -U%</command>
|
|
</para>
|
|
|
|
<para>
|
|
This will set both the username and password to null, which is
|
|
an anonymous login for SMB. Using -N would only set the password
|
|
to null, and this is not accepted as an anonymous login for most
|
|
SMB servers.
|
|
</para>
|
|
|
|
</sect1>
|
|
|
|
<sect1>
|
|
<title>The data on the CD-Drive I've shared seems to be corrupted!</title>
|
|
|
|
<para>
|
|
Some OSes (notably Linux) default to auto detection of file type on
|
|
cdroms and do cr/lf translation. This is a very bad idea when use with
|
|
Samba. It causes all sorts of stuff ups.
|
|
</para>
|
|
|
|
<para>
|
|
To overcome this problem use conv=binary when mounting the cdrom
|
|
before exporting it with Samba.
|
|
</para>
|
|
|
|
</sect1>
|
|
|
|
<sect1>
|
|
<title>Why can users access home directories of other users?</title>
|
|
|
|
<para>
|
|
<quote>
|
|
We are unable to keep individual users from mapping to any other user's
|
|
home directory once they have supplied a valid password! They only need
|
|
to enter their own password. I have not found *any* method that I can
|
|
use to configure samba to enforce that only a user may map their own
|
|
home directory.
|
|
</quote>
|
|
</para>
|
|
|
|
<para><quote>
|
|
User xyzzy can map his home directory. Once mapped user xyzzy can also map
|
|
*anyone* elses home directory!
|
|
</quote></para>
|
|
|
|
<para>
|
|
This is not a security flaw, it is by design. Samba allows
|
|
users to have *exactly* the same access to the UNIX filesystem
|
|
as they would if they were logged onto the UNIX box, except
|
|
that it only allows such views onto the file system as are
|
|
allowed by the defined shares.
|
|
</para>
|
|
|
|
<para>
|
|
This means that if your UNIX home directories are set up
|
|
such that one user can happily cd into another users
|
|
directory and do an ls, the UNIX security solution is to
|
|
change the UNIX file permissions on the users home directories
|
|
such that the cd and ls would be denied.
|
|
</para>
|
|
|
|
<para>
|
|
Samba tries very hard not to second guess the UNIX administrators
|
|
security policies, and trusts the UNIX admin to set
|
|
the policies and permissions he or she desires.
|
|
</para>
|
|
|
|
<para>
|
|
Samba does allow the setup you require when you have set the
|
|
"only user = yes" option on the share, is that you have not set the
|
|
valid users list for the share.
|
|
</para>
|
|
|
|
<para>
|
|
Note that only user works in conjunction with the users= list,
|
|
so to get the behavior you require, add the line :
|
|
<programlisting>
|
|
users = %S
|
|
</programlisting>
|
|
this is equivalent to:
|
|
<programlisting>
|
|
valid users = %S
|
|
</programlisting>
|
|
to the definition of the [homes] share, as recommended in
|
|
the smb.conf man page.
|
|
</para>
|
|
|
|
</sect1>
|
|
|
|
<sect1>
|
|
<title>Until a few minutes after samba has started, clients get the error "Domain Controller Unavailable"</title>
|
|
<para>
|
|
A domain controller has to announce on the network who it is. This usually takes a while.
|
|
</para>
|
|
</sect1>
|
|
|
|
<sect1>
|
|
<title>I'm getting "open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested" in the logs</title>
|
|
<para>Your loopback device isn't working correctly. Make sure it's running.
|
|
</para>
|
|
</sect1>
|
|
|
|
</chapter>
|