samba-mirror/docs/htmldocs/diagnosis.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 33. The samba checklist</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="troubleshooting.html" title="Part V. Troubleshooting"><link rel="previous" href="troubleshooting.html" title="Part V. Troubleshooting"><link rel="next" href="problems.html" title="Chapter 34. Analysing and solving samba problems"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 33. The samba checklist</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="troubleshooting.html">Prev</a> </td><th width="60%" align="center">Part V. Troubleshooting</th><td width="20%" align="right"> <a accesskey="n" href="problems.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="diagnosis"></a>Chapter 33. The samba checklist</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Andrew</span> <span class="surname">Tridgell</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:tridge@samba.org">tridge@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><p class="pubdate">Wed Jan 15</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="diagnosis.html#id3003201">Introduction</a></dt><dt><a href="diagnosis.html#id3003235">Assumptions</a></dt><dt><a href="diagnosis.html#id3003407">The tests</a></dt><dt><a href="diagnosis.html#id3006959">Still having troubles?</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3003201"></a>Introduction</h2></div></div><div></div></div><p>
This file contains a list of tests you can perform to validate your
Samba server. It also tells you what the likely cause of the problem
is if it fails any one of these steps. If it passes all these tests
then it is probably working fine.
</p><p>
You should do ALL the tests, in the order shown. We have tried to
carefully choose them so later tests only use capabilities verified in
the earlier tests.  However, do not stop at the first error as there
have been some instances when continuing with the tests has helped
to solve a problem.
</p><p>
If you send one of the samba mailing lists  an email saying &quot;it doesn't work&quot;
and you have not followed this test procedure then you should not be surprised
if your email is ignored.
</p></div><div xmlns:ns98="" class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3003235"></a>Assumptions</h2></div></div><div></div></div><p>
In all of the tests it is assumed you have a Samba server called 
BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.
</p><p>
The procedure is similar for other types of clients.
</p><p>
It is also assumed you know the name of an available share in your
<tt class="filename">smb.conf</tt>. I will assume this share is called <i class="replaceable"><tt>tmp</tt></i>.
You can add a <i class="replaceable"><tt>tmp</tt></i> share like this by adding the
following to <tt class="filename">smb.conf</tt>:
</p><pre class="programlisting">

[tmp]
 comment = temporary files 
 path = /tmp
 read only = yes

</pre><ns98:p>
</ns98:p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
These tests assume version 3.0 or later of the samba suite.
Some commands shown did not exist in earlier versions. 
</p></div><p>
Please pay attention to the error messages you receive. If any error message
reports that your server is being unfriendly you should first check that your
IP name resolution is correctly set up. eg: Make sure your <tt class="filename">/etc/resolv.conf</tt>
file points to name servers that really do exist.
</p><p>
Also, if you do not have DNS server access for name resolution please check
that the settings for your <tt class="filename">smb.conf</tt> file results in <b class="command">dns proxy = no</b>. The
best way to check this is with <b class="userinput"><tt>testparm smb.conf</tt></b>.
</p><p>
It is helpful to monitor the log files during testing by using the
<b class="command">tail -F <i class="replaceable"><tt>log_file_name</tt></i></b> in a separate
terminal console (use ctrl-alt-F1 through F6 or multiple terminals in X). 
Relevant log files can be found (for default installations) in
<tt class="filename">/usr/local/samba/var</tt>.  Also, connection logs from
machines can be found here or possibly in <tt class="filename">/var/log/samba</tt>
depending on how or if you specified logging in your <tt class="filename">smb.conf</tt> file.
</p><p>
If you make changes to your <tt class="filename">smb.conf</tt> file while going through these test,
don't forget to restart <span class="application">smbd</span> and <span class="application">nmbd</span>.
</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3003407"></a>The tests</h2></div></div><div></div></div><div class="procedure"><p class="title"><b>Procedure 33.1. Diagnosing your samba server</b></p><ol type="1"><li><p>
In the directory in which you store your <tt class="filename">smb.conf</tt> file, run the command
<b class="userinput"><tt>testparm smb.conf</tt></b>. If it reports any errors then your <tt class="filename">smb.conf</tt>
configuration file is faulty.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Your <tt class="filename">smb.conf</tt> file may be located in: <tt class="filename">/etc/samba</tt>
Or in:   <tt class="filename">/usr/local/samba/lib</tt>
</p></div></li><li><p>
Run the command <b class="userinput"><tt>ping BIGSERVER</tt></b> from the PC and 
<b class="userinput"><tt>ping ACLIENT</tt></b> from
the unix box. If you don't get a valid response then your TCP/IP
software is not correctly installed. 
</p><p>
Note that you will need to start a &quot;dos prompt&quot; window on the PC to
run ping.
</p><p>
If you get a message saying <span class="errorname">host not found</span> or similar then your DNS
software or <tt class="filename">/etc/hosts</tt> file is not correctly setup.
It is possible to
run samba without DNS entries for the server and client, but I assume
you do have correct entries for the remainder of these tests. 
</p><p>
Another reason why ping might fail is if your host is running firewall 
software. You will need to relax the rules to let in the workstation
in question, perhaps by allowing access from another subnet (on Linux
this is done via the <span class="application">ipfwadm</span> program.)
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Modern Linux distributions install ipchains/iptables by default. 
This is a common problem that is often overlooked.
</p></div></li><li><p>
Run the command <b class="userinput"><tt>smbclient -L BIGSERVER</tt></b> on the unix box. You
should get a list of available shares back. 
</p><p>
If you get a error message containing the string &quot;Bad password&quot; then
you probably have either an incorrect <b class="command">hosts allow</b>, 
<b class="command">hosts deny</b> or <b class="command">valid users</b> line in your 
<tt class="filename">smb.conf</tt>, or your guest account is not
valid. Check what your guest account is using <span class="application">testparm</span> and
temporarily remove any <b class="command">hosts allow</b>, <b class="command">hosts deny</b>, <b class="command">valid users</b> or <b class="command">invalid users</b> lines.
</p><p>
If you get a <span class="errorname">connection refused</span> response then the smbd server may
not be running. If you installed it in inetd.conf then you probably edited
that file incorrectly. If you installed it as a daemon then check that
it is running, and check that the netbios-ssn port is in a LISTEN
state using <b class="userinput"><tt>netstat -a</tt></b>.
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
Some Unix / Linux systems use <b class="command">xinetd</b> in place of
<b class="command">inetd</b>. Check your system documentation for the location
of the control file/s for your particular system implementation of
this network super daemon.
</p></div><p>
If you get a <span class="errorname">session request failed</span> then the server refused the
connection. If it says &quot;Your server software is being unfriendly&quot; then
its probably because you have invalid command line parameters to <span class="application">smbd</span>,
or a similar fatal problem with the initial startup of <span class="application">smbd</span>. Also
check your config file (<tt class="filename">smb.conf</tt>) for syntax errors with <span class="application">testparm</span>
and that the various directories where samba keeps its log and lock
files exist.
</p><p>
There are a number of reasons for which smbd may refuse or decline
a session request. The most common of these involve one or more of
the following <tt class="filename">smb.conf</tt> file entries:
</p><pre class="programlisting">
	hosts deny = ALL
	hosts allow = xxx.xxx.xxx.xxx/yy
	bind interfaces only = Yes
</pre><p>
In the above, no allowance has been made for any session requests that
will automatically translate to the loopback adaptor address 127.0.0.1.
To solve this problem change these lines to:
</p><pre class="programlisting">
	hosts deny = ALL
	hosts allow = xxx.xxx.xxx.xxx/yy 127.
</pre><p>
Do <span class="emphasis"><em>not</em></span> use the <b class="command">bind interfaces only</b> parameter where you 
may wish to
use the samba password change facility, or where <span class="application">smbclient</span> may need to
access a local service for name resolution or for local resource
connections. (Note: the <b class="command">bind interfaces only</b> parameter deficiency
where it will not allow connections to the loopback address will be
fixed soon).
</p><p>
Another common cause of these two errors is having something already running 
on port <tt class="constant">139</tt>, such as Samba 
(ie: <span class="application">smbd</span> is running from <span class="application">inetd</span> already) or
something like Digital's Pathworks. Check your <tt class="filename">inetd.conf</tt> file before trying
to start <span class="application">smbd</span> as a daemon, it can avoid a lot of frustration!
</p><p>
And yet another possible cause for failure of this test is when the subnet mask
and / or broadcast address settings are incorrect. Please check that the
network interface IP Address / Broadcast Address / Subnet Mask settings are
correct and that Samba has correctly noted these in the <tt class="filename">log.nmb</tt> file.
</p></li><li><p>
Run the command <b class="userinput"><tt>nmblookup -B BIGSERVER __SAMBA__</tt></b>. You should get the
IP address of your Samba server back.
</p><p>
If you don't then nmbd is incorrectly installed. Check your <tt class="filename">inetd.conf</tt>
if you run it from there, or that the daemon is running and listening
to udp port 137.
</p><p>
One common problem is that many inetd implementations can't take many
parameters on the command line. If this is the case then create a
one-line script that contains the right parameters and run that from
inetd.
</p></li><li><p>run the command <b class="userinput"><tt>nmblookup -B ACLIENT '*'</tt></b></p><p>
You should get the PCs IP address back. If you don't then the client
software on the PC isn't installed correctly, or isn't started, or you
got the name of the PC wrong. 
</p><p>
If ACLIENT doesn't resolve via DNS then use the IP address of the
client in the above test.
</p></li><li><p>
Run the command <b class="userinput"><tt>nmblookup -d 2 '*'</tt></b>
</p><p>
This time we are trying the same as the previous test but are trying
it via a broadcast to the default broadcast address. A number of
Netbios/TCPIP hosts on the network should respond, although Samba may
not catch all of the responses in the short time it listens. You
should see <span class="errorname">got a positive name query response</span>
messages from several hosts.
</p><p>
If this doesn't give a similar result to the previous test then
nmblookup isn't correctly getting your broadcast address through its
automatic mechanism. In this case you should experiment with the
<b class="command">interfaces</b> option in <tt class="filename">smb.conf</tt> to manually configure your IP
address, broadcast and netmask. 
</p><p>
If your PC and server aren't on the same subnet then you will need to
use the <i class="parameter"><tt>-B</tt></i> option to set the broadcast address to that of the PCs
subnet.
</p><p>
This test will probably fail if your subnet mask and broadcast address are
not correct. (Refer to TEST 3 notes above).
</p></li><li><p>
Run the command <b class="userinput"><tt>smbclient //BIGSERVER/TMP</tt></b>. You should 
then be prompted for a password. You should use the password of the account
you are logged into the unix box with. If you want to test with
another account then add the <i class="parameter"><tt>-U <i class="replaceable"><tt>accountname</tt></i></tt></i> option to the end of
the command line.  eg: 
<b class="userinput"><tt>smbclient //bigserver/tmp -Ujohndoe</tt></b>
</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
It is possible to specify the password along with the username
as follows:
<b class="userinput"><tt>smbclient //bigserver/tmp -Ujohndoe%secret</tt></b>
</p></div><p>
Once you enter the password you should get the <tt class="prompt">smb&gt;</tt> prompt. If you
don't then look at the error message. If it says <span class="errorname">invalid network
name</span> then the service <span class="emphasis"><em>&quot;tmp&quot;</em></span> is not correctly setup in your <tt class="filename">smb.conf</tt>.
</p><p>
If it says <span class="errorname">bad password</span> then the likely causes are:
</p><div class="orderedlist"><ol type="1"><li><p>
	you have shadow passords (or some other password system) but didn't
	compile in support for them in <span class="application">smbd</span>
	</p></li><li><p>
	your <b class="command">valid users</b> configuration is incorrect
	</p></li><li><p>
	you have a mixed case password and you haven't enabled the <b class="command">password
	level</b> option at a high enough level
	</p></li><li><p>
	the <b class="command">path =</b> line in <tt class="filename">smb.conf</tt> is incorrect. Check it with <span class="application">testparm</span>
	</p></li><li><p>
	you enabled password encryption but didn't map unix to samba users
	</p></li></ol></div><p>
Once connected you should be able to use the commands 
<b class="command">dir</b> <b class="command">get</b> <b class="command">put</b> etc. 
Type <b class="command">help <i class="replaceable"><tt>command</tt></i></b> for instructions. You should
especially check that the amount of free disk space shown is correct
when you type <b class="command">dir</b>.
</p></li><li><p>
On the PC, type the command <b class="userinput"><tt>net view \\BIGSERVER</tt></b>. You will 
need to do this from within a &quot;dos prompt&quot; window. You should get back a 
list of available shares on the server.
</p><p>
If you get a <span class="errorname">network name not found</span> or similar error then netbios
name resolution is not working. This is usually caused by a problem in
nmbd. To overcome it you could do one of the following (you only need
to choose one of them):
</p><div class="orderedlist"><ol type="1"><li><p>
	fixup the <span class="application">nmbd</span> installation
</p></li><li><p>
	add the IP address of BIGSERVER to the <b class="command">wins server</b> box in the
	advanced tcp/ip setup on the PC.
</p></li><li><p>
	enable windows name resolution via DNS in the advanced section of
	the tcp/ip setup
</p></li><li><p>
	add BIGSERVER to your lmhosts file on the PC.
</p></li></ol></div><p>
If you get a <span class="errorname">invalid network name</span> or <span class="errorname">bad password error</span> then the
same fixes apply as they did for the <b class="userinput"><tt>smbclient -L</tt></b> test above. In
particular, make sure your <b class="command">hosts allow</b> line is correct (see the man
pages)
</p><p>
Also, do not overlook that fact that when the workstation requests the
connection to the samba server it will attempt to connect using the 
name with which you logged onto your Windows machine. You need to make
sure that an account exists on your Samba server with that exact same
name and password.
</p><p>
If you get <span class="errorname">specified computer is not receiving requests</span> or similar
it probably means that the host is not contactable via tcp services.
Check to see if the host is running tcp wrappers, and if so add an entry in
the <tt class="filename">hosts.allow</tt> file for your client (or subnet, etc.)
</p></li><li><p>
Run the command <b class="userinput"><tt>net use x: \\BIGSERVER\TMP</tt></b>. You should 
be prompted for a password then you should get a <tt class="computeroutput">command completed 
successfully</tt> message. If not then your PC software is incorrectly 
installed or your smb.conf is incorrect. make sure your <b class="command">hosts allow</b>
and other config lines in <tt class="filename">smb.conf</tt> are correct.
</p><p>
It's also possible that the server can't work out what user name to
connect you as. To see if this is the problem add the line <i class="parameter"><tt>user =
<i class="replaceable"><tt>username</tt></i></tt></i> to the <i class="parameter"><tt>[tmp]</tt></i> section of 
<tt class="filename">smb.conf</tt> where <i class="replaceable"><tt>username</tt></i> is the
username corresponding to the password you typed. If you find this
fixes things you may need the username mapping option. 
</p><p>
It might also be the case that your client only sends encrypted passwords 
and you have <i class="parameter"><tt>encrypt passwords = no</tt></i> in <tt class="filename">smb.conf</tt>
Turn it back on to fix.
</p></li><li><p>
Run the command <b class="userinput"><tt>nmblookup -M <i class="replaceable"><tt>testgroup</tt></i></tt></b> where 
<i class="replaceable"><tt>testgroup</tt></i> is the name of the workgroup that your Samba server and 
Windows PCs belong to. You should get back the IP address of the 
master browser for that workgroup.
</p><p>
If you don't then the election process has failed. Wait a minute to
see if it is just being slow then try again. If it still fails after
that then look at the browsing options you have set in <tt class="filename">smb.conf</tt>. Make
sure you have <i class="parameter"><tt>preferred master = yes</tt></i> to ensure that 
an election is held at startup.
</p></li><li><p>
&gt;From file manager try to browse the server. Your samba server should
appear in the browse list of your local workgroup (or the one you
specified in smb.conf). You should be able to double click on the name
of the server and get a list of shares. If you get a &quot;invalid
password&quot; error when you do then you are probably running WinNT and it
is refusing to browse a server that has no encrypted password
capability and is in user level security mode. In this case either set
<i class="parameter"><tt>security = server</tt></i> AND 
<i class="parameter"><tt>password server = Windows_NT_Machine</tt></i> in your
<tt class="filename">smb.conf</tt> file, or make sure <i class="parameter"><tt>encrypted passwords</tt></i> is
set to &quot;yes&quot;.
</p></li></ol></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3006959"></a>Still having troubles?</h2></div></div><div></div></div><p>Read the chapter on 
<a href="problems.html" title="Chapter 34. Analysing and solving samba problems">Analysing and Solving Problems</a>.
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="troubleshooting.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="troubleshooting.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="problems.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Part V. Troubleshooting </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 34. Analysing and solving samba problems</td></tr></table></div></body></html>