<html> <body bgcolor="#ffffff"> <img src="samba2_xs.gif" border="0" alt=" " height="100" width="76" hspace="10" align="left" /> <h1 class="head0">Chapter 12. Troubleshooting Samba</h1> <p><a name="INDEX-1"/><a name="INDEX-2"/>Samba is extremely robust. Once you have everything set up the way you want, you'll probably forget that it is running. When trouble occurs, it's typically during installation or when you're trying to reconfigure the server. Fortunately, a wide variety of resources are available to diagnose these troubles. While we can't describe in detail the solution to every problem you might encounter, you should be able to get a good start at resolving the problem by following the advice given in this chapter.</p> <p>The first section of this chapter lists the tool bag, a collection of tools available for troubleshooting Samba; the second section is a detailed how-to; the last section lists extra resources to track down particularly stubborn problems.</p> <div class="sect1"><a name="samba2-CHP-12-SECT-1"/> <h2 class="head1">The Tool Box</h2> <p><a name="INDEX-3"/><a name="INDEX-4"/>Sometimes Unix seems to be made up of a grab bag of applications and tools. There are tools to troubleshoot tools. And of course, there are several ways to accomplish the same task. When trying to solve a problem related to Samba, a good plan of attack is to use the following:</p> <ul><li> <p>Samba logs</p> </li><li> <p>Samba test utilities</p> </li><li> <p>Unix utilities</p> </li><li> <p>Fault tree</p> </li><li> <p>Documentation and FAQs</p> </li><li> <p>Samba newsgroups</p> </li><li> <p>Searchable mailing list archives</p> </li></ul> <p>Let's go over each of these one-by-one in the following sections.</p> <div class="sect2"><a name="samba2-CHP-12-SECT-1.1"/> <h3 class="head2">Samba Logs</h3> <p><a name="INDEX-5"/><a name="INDEX-6"/>Your first line of attack should always be to check the log files. The Samba log files can help diagnose the vast majority of the problems faced by beginning- to intermediate-level Samba administrators. Samba is quite flexible when it comes to logging. You can set up the server to log as little or as much information as you want. Using substitution variables in the Samba configuration file allows you to isolate individual logs for each system, share, or combination thereof.</p> <p>Logs are placed in <em class="filename">/usr/local/samba/var/smbd.log</em> and <em class="filename">/usr/local/samba/var/nmbd.log</em> by default. You can specify a log directory to use with the <em class="emphasis">-l</em> flag on the command line when starting the Samba daemons. For example:</p> <blockquote><pre class="code"># <tt class="userinput"><b>smbd -l /var/log/samba</b></tt> # <tt class="userinput"><b>nmbd -l /var/log/samba</b></tt></pre></blockquote> <p>Alternatively, you can override the location and name using the <tt class="literal">log</tt><a name="INDEX-7"/> <tt class="literal">file</tt> configuration option in <em class="filename">smb.conf</em>. This option accepts all the substitution variables, so you could easily have the server keep a separate log for each connecting client system by specifying the following:</p> <blockquote><pre class="code">[global] log file = %m.log</pre></blockquote> <p>Another useful trick is to have the server keep a log for each service (share) that is offered, especially if you suspect a particular share is causing trouble. To do this, use the <tt class="literal">%S</tt> variable, like this:</p> <blockquote><pre class="code">[global] log file = %S.log</pre></blockquote> <div class="sect3"><a name="samba2-CHP-12-SECT-1.1.1"/> <h3 class="head3">Log levels</h3> <p><a name="INDEX-8"/>The level of logging that Samba uses can be set in the <em class="filename">smb.conf</em> file using the global <tt class="literal">log</tt> <tt class="literal">level</tt> or <tt class="literal">debug</tt> <tt class="literal">level</tt> option; they are equivalent. The logging level is an integer that can range from 0 to 10. At level 0, no logging is done. Higher values result in more voluminous logging. For example, let's assume that we will use a Windows client to browse a directory on a Samba server. For a small amount of log information, you can use <tt class="literal">log</tt> <tt class="literal">level</tt> <tt class="literal">=</tt> <tt class="literal">1</tt>, which instructs Samba to show only cursory information, in this case only the connection itself:</p> <blockquote><pre class="code">05/25/02 22:02:11 server (192.168.236.86) connect to service public as user pcguest (uid=503,gid=100) (pid 3377)</pre></blockquote> <p>Higher debug levels produce more detailed information. Usually, you won't need more than level 3, which is fully adequate for most Samba administrators. Levels above 3 are used by the developers and dump enormous amounts of cryptic information.</p> <p>Here is an example of output at levels 2 and 3 for the same operation. Don't worry if you don't understand the intricacies of an SMB connection; the point is simply to show you what types of information are shown at the different <a name="INDEX-9"/>logging levels:</p> <blockquote><pre class="code"> /* Level 2 */ Got SIGHUP Processing section "[homes]" Processing section "[public]" Processing section "[temp]" Allowed connection from 192.168.236.86 (192.168.236.86) to IPC$ Allowed connection from 192.168.236.86 (192.168.236.86) to IPC/ /* Level 3 */ 05/25/02 22:15:09 Transaction 63 of length 67 switch message SMBtconX (pid 3377) Allowed connection from 192.168.236.86 (192.168.236.86) to IPC$ ACCEPTED: guest account and guest ok found free connection number 105 Connect path is /tmp chdir to /tmp chdir to / 05/25/02 22:15:09 server (192.168.236.86) connect to service IPC$ as user pcguest (uid=503,gid=100) (pid 3377) 05/25/02 22:15:09 tconX service=ipc$ user=pcguest cnum=105 05/25/02 22:15:09 Transaction 64 of length 99 switch message SMBtrans (pid 3377) chdir to /tmp trans <\PIPE\LANMAN> data=0 params=19 setup=0 Got API command 0 of form <WrLeh> <B13BWz> (tdscnt=0,tpscnt=19,mdrcnt=4096,mprcnt=8) Doing RNetShareEnum RNetShareEnum gave 4 entries of 4 (1 4096 126 4096) 05/25/02 22:15:11 Transaction 65 of length 99 switch message SMBtrans (pid 3377) chdir to / chdir to /tmp trans <\PIPE\LANMAN> data=0 params=19 setup=0 Got API command 0 of form <WrLeh> <B13BWz> (tdscnt=0,tpscnt=19,mdrcnt=4096,mprcnt=8) Doing RNetShareEnum RNetShareEnum gave 4 entries of 4 (1 4096 126 4096) 05/25/02 22:15:11 Transaction 66 of length 95 switch message SMBtrans2 (pid 3377) chdir to / chdir to /pcdisk/public call_trans2findfirst: dirtype = 0, maxentries = 6, close_after_first=0, close_if_end = 0 requires_resume_key = 0 level = 260, max_data_bytes = 2432 unix_clean_name [./DESKTOP.INI] unix_clean_name [desktop.ini] unix_clean_name [./] creating new dirptr 1 for path ./, expect_close = 1 05/25/02 22:15:11 Transaction 67 of length 53 switch message SMBgetatr (pid 3377) chdir to / <i class="lineannotation">[... deleted ...]</i></pre></blockquote> <p>We cut off this listing after the first packet because it runs on for many pages. However, be aware that log levels above 3 will quickly consume disk space with megabytes of excruciating detail concerning Samba's internal operations. Log level 3 is extremely useful for following exactly what the server is doing, and most of the time it will be obvious where an error occurs by glancing through the log file.</p> <p>Using a high log level (3 or above) will <em class="emphasis">seriously</em> slow down the Samba server. Remember that every log message generated causes a write to disk (an inherently slow operation) and log levels greater than 2 produce massive amounts of data. Essentially, you should turn on logging level 3 only when you're actively tracking a problem in the Samba server. <a name="INDEX-10"/></p> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-1.1.2"/> <h3 class="head3">Activating and deactivating logging</h3> <p><a name="INDEX-11"/><a name="INDEX-12"/>To turn logging on and off, set the appropriate level in the <tt class="literal">[global]</tt> section of <em class="filename">smb.conf</em>. Then, you can either restart Samba or force the current daemon to reprocess the configuration file by sending it a hangup (HUP) signal. You also can send the <em class="emphasis">smbd</em> process a SIGUSR1 signal to increase its log level by one while it's running, like this:</p> <blockquote><pre class="code"># <tt class="userinput"><b>kill -SIGUSR1 1234</b></tt></pre></blockquote> <p>or a SIGUSR2 signal to decrease it by one:</p> <blockquote><pre class="code"># <tt class="userinput"><b>kill -SIGUSR2 1234</b></tt></pre></blockquote> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-1.1.3"/> <h3 class="head3">Logging by individual client systems or users</h3> <p>An effective way to diagnose problems without hampering other users is to assign different log levels for different systems in the <tt class="literal">[global]</tt> section of the <em class="filename">smb.conf</em> file. We can do this by building on the strategy we presented earlier:</p> <blockquote><pre class="code">[global] log level = 0 log file = /usr/local/samba/var/log.%m include = /usr/local/samba/lib/smb.conf.%m</pre></blockquote> <p>These options instruct Samba to use unique configuration and log files for each client that connects. Now all you have to do is create an <em class="filename">smb.conf</em> file for a specific client system with a <tt class="literal">log</tt> <tt class="literal">level</tt> <tt class="literal">=</tt> <tt class="literal">3</tt> entry in it (the others will pick up the default log level of 0) and use that log file to track down the problem.</p> <p>Similarly, if only particular users are experiencing a problem—and it travels from system to system with them—you can isolate logging to a specific user by adding the following to the <em class="filename">smb.conf</em> file:</p> <blockquote><pre class="code">[global] log level = 0 log file = /usr/local/samba/var/log.%u include = /usr/local/samba/lib/smb.conf.%u</pre></blockquote> <p>Then you can create a unique <em class="filename">smb.conf</em> file for each user you wish to monitor (e.g., <em class="filename">/usr/local/samba/lib/smb.conf.tim</em>). Files containing the configuration option <tt class="literal">log</tt> <tt class="literal">level</tt> <tt class="literal">=</tt> <tt class="literal">3</tt> and only those users will get more detailed logging.<a name="INDEX-13"/><a name="INDEX-14"/></p> </div> </div> <div class="sect2"><a name="samba2-CHP-12-SECT-1.2"/> <h3 class="head2">Samba Test Utilities</h3> <p><a name="INDEX-15"/><a name="INDEX-16"/>A rigorous set of tests that exercise the major parts of Samba are described in various files in the <em class="emphasis">/docs/textdocs</em> directory of the Samba distribution kit, starting with <em class="emphasis">DIAGNOSIS.txt</em>. The fault tree in this chapter is a more detailed version of the basic tests suggested by the Samba Team, but it covers only installation and reconfiguration diagnosis, such as <em class="emphasis">DIAGNOSIS.txt</em>. The other files in the <em class="emphasis">/docs</em> subdirectories address specific problems and instruct you how to troubleshoot items not included in this book. If the fault tree doesn't suffice, be sure to look at <em class="emphasis">DIAGNOSIS.txt</em><a name="INDEX-17"/> and its friends.</p> </div> <div class="sect2"><a name="samba2-CHP-12-SECT-1.3"/> <h3 class="head2">Unix Utilities</h3> <p>Sometimes it's useful to use a tool outside the Samba suite to examine what's happening inside the server. Three diagnostic tools can be of particular help in debugging Samba troubles: <em class="emphasis">trace</em>, <em class="emphasis">tcpdump</em>, and <em class="emphasis">Ethereal</em>.</p> <div class="sect3"><a name="samba2-CHP-12-SECT-1.3.1"/> <h3 class="head3">Using trace</h3> <p>The <em class="emphasis">trace</em><a name="INDEX-18"/> command masquerades under several different names, depending on the operating system you are using. On Linux it will be <em class="emphasis">strace</em><a name="INDEX-19"/>; on Solaris you'll use <em class="emphasis">truss</em><a name="INDEX-20"/>; SGI will have <em class="emphasis">padc</em><a name="INDEX-21"/> and <em class="emphasis">par</em><a name="INDEX-22"/>; and HP-UX will have <em class="emphasis">trace</em> or <em class="emphasis">tusc</em><a name="INDEX-23"/>. All have essentially the same function, which is to display each operating system function call as it is executed. This allows you to follow the execution of a program, such as the Samba server, and often pinpoints the exact call that is causing the difficulty.</p> <p>One problem that <em class="emphasis">trace</em> can highlight is an incorrect version of a dynamically linked library. This can happen if you've downloaded prebuilt binaries of Samba. You'll typically see the offending call at the end of the <em class="emphasis">trace</em>, just before the program terminates.</p> <p>A sample <em class="emphasis">strace</em> output for the Linux operating system follows. This is a small section of a larger file created during the opening of a directory on the Samba server. Each line lists a system call and includes its parameters and the return value. If there was an error, the error value (e.g., <tt class="literal">ENOENT</tt>) and its explanation are also shown. You can look up the parameter types and the errors that can occur in the appropriate <em class="emphasis">trace</em> manual page for the operating system you are using.</p> <blockquote><pre class="code">chdir("/pcdisk/public") = 0 stat("mini/desktop.ini", 0xbffff7ec) = -1 ENOENT (No such file or directory) stat("mini", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0 stat("mini/desktop.ini", 0xbffff7ec) = -1 ENOENT (No such file or directory) open("mini", O_RDONLY) = 5 fcntl(5, F_SETFD, FD_CLOEXEC) = 0 fstat(5, {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0 lseek(5, 0, SEEK_CUR) = 0 SYS_141(0x5, 0xbfffdbbc, 0xedc, 0xbfffdbbc, 0x80ba708) = 196 lseek(5, 0, SEEK_CUR) = 1024 SYS_141(0x5, 0xbfffdbbc, 0xedc, 0xbfffdbbc, 0x80ba708) = 0 close(5) = 0 stat("mini/desktop.ini", 0xbffff86c) = -1 ENOENT (No such file or directory) write(3, "\0\0\0#\377SMB\10\1\0\2\0\200\1\0"..., 39) = 39 SYS_142(0xff, 0xbffffc3c, 0, 0, 0xbffffc08) = 1 read(3, "\0\0\0?", 4) = 4 read(3, "\377SMBu\0\0\0\0\0\0\0\0\0\0\0\0"..., 63) = 63 time(NULL) = 896143871</pre></blockquote> <p>This example shows several <em class="emphasis">stat() calls</em> failing to find the files they were expecting. You don't have to be an expert to see that the file <em class="emphasis">desktop.ini</em> is missing from that directory. In fact, many difficult problems can be identified by looking for obvious, repeatable errors with <em class="emphasis">trace</em>. Often, you need not look further than the last message before a crash.</p> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-1.3.2"/> <h3 class="head3">Using tcpdump</h3> <p>The <em class="emphasis">tcpdump</em><a name="INDEX-24"/> program, as extended by Andrew <a name="INDEX-25"/>Tridgell, allows you to monitor SMB <a name="INDEX-26"/>network traffic in real time. A variety of output formats are available, and you can filter the output to look at only a particular type of traffic. You can examine all conversations between client and server, including SMB and NMB broadcast messages. While its troubleshooting capabilities lie mainly at the OSI network layer, you can still use its output to get a general idea of what the server and client are attempting to do.</p> <p>A sample <em class="emphasis">tcpdump</em> log follows. In this instance, the client has requested a directory listing, and the server has responded appropriately, giving the directory names <tt class="literal">homes</tt>, <tt class="literal">public</tt>, <tt class="literal">IPC$</tt>, and <tt class="literal">temp</tt> (we've added a few explanations on the right):</p> <blockquote><pre class="code">$ <tt class="userinput"><b>tcpdump -v -s 255 -i eth0 port not telnet</b></tt> SMB PACKET: SMBtrans (REQUEST) <i class="lineannotation"> Request packet</i> SMB Command = 0x25 <i class="lineannotation">Request was ls or dir</i> [000] 01 00 00 10 <i class="lineannotation">....</i> >>> NBT Packet <i class="lineannotation">Outer frame of SMB packet</i> NBT Session Packet Flags=0x0 Length=226 [lines skipped] SMB PACKET: SMBtrans (REPLY) <i class="lineannotation">Beginning of a reply to request</i> SMB Command = 0x25 <i class="lineannotation">Command was an ls or dir</i> Error class = 0x0 Error code = 0 <i class="lineannotation">No errors</i> Flags1 = 0x80 Flags2 = 0x1 Tree ID = 105 Proc ID = 6075 UID = 100 MID = 30337 Word Count = 10 TotParamCnt=8 TotDataCnt=163 Res1=0 ParamCnt=8 ParamOff=55 Res2=0 DataCnt=163 DataOff=63 Res3=0 Lsetup=0 Param Data: (8 bytes) [000] 00 00 00 00 05 00 05 00 ........ Data Data: (135 bytes) <i class="lineannotation">Actual directory contents:</i> [000] 68 6F 6D 65 73 00 00 00 00 00 00 00 00 00 00 00 homes... ........ [010] 64 00 00 00 70 75 62 6C 69 63 00 00 00 00 00 00 d...publ ic...... [020] 00 00 00 00 75 00 00 00 74 65 6D 70 00 00 00 00 ....u... temp.... [030] 00 00 00 00 00 00 00 00 76 00 00 00 49 50 43 24 ........ v...IPC$ [040] 00 00 00 00 00 00 00 00 00 00 03 00 77 00 00 00 ........ ....w... [050] 64 6F 6E 68 61 6D 00 00 00 00 00 00 00 00 00 00 donham.. ........ [060] 92 00 00 00 48 6F 6D 65 20 44 69 72 65 63 74 6F ....Home Directo [070] 72 69 65 73 00 00 00 49 50 43 20 53 65 72 76 69 ries...I PC Servi [080] 63 65 20 28 53 61 6D ce (Sam</pre></blockquote> <p>This is more of the same debugging session as we saw before with the <em class="emphasis">trace</em> command: the listing of a directory. The options we used were <em class="emphasis">-v</em> (verbose), <em class="emphasis">-i eth0</em> to tell <em class="emphasis">tcpdump</em> on which interface to listen (an Ethernet port), and <em class="emphasis">-s 255</em> to tell it to save the first 255 bytes of each packet instead of the default: the first 68. The option <tt class="literal">port</tt> <tt class="literal">not</tt> <tt class="literal">telnet</tt> is used to avoid screens of telnet traffic, because we were logged in to the server remotely. The <em class="emphasis">tcpdump</em> program actually has quite a number of options to filter just the traffic you want to look at. If you've used <em class="emphasis">snoop</em> or <em class="emphasis">etherdump</em>, it will look vaguely familiar.</p> <p>You can download the modified <em class="emphasis">tcpdump</em> from the Samba FTP server, located at <a href="ftp://samba.anu.edu.au/pub/samba/tcpdump-smb">ftp://samba.anu.edu.au/pub/samba/tcpdump-smb</a>. Other versions might not include support for the SMB protocol; if you don't see output such as that shown in the example, you'll need to use the SMB-enabled version.</p> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-1.3.3"/> <h3 class="head3">Using Ethereal</h3> <p><a name="INDEX-27"/>Ethereal (<a href="http://www.ethereal.com">http://www.ethereal.com</a>) is a GUI-based utility that performs the same basic function as <em class="emphasis">tcpdump</em>. You might prefer Ethereal because it is much easier to use. Once you have Ethereal running, just do the following:</p> <ol><li> <p>Select Start from the Capture menu.</p> </li><li> <p>Click the OK button in the dialog box that appears. This will bring up a dialog box showing how many packets Ethereal has seen. Perform the actions on the system(s) in your network to reproduce the problem you are analyzing.</p> </li><li> <p>Click the Stop button in the Ethereal dialog box to make it finish collecting data.</p> </li><li> <p>In the main Ethereal window, click any item in the upper window to view it in the lower window. In the lower window, click any of the boxes containing a plus sign (<tt class="literal">+</tt>) to expand the view.</p> </li></ol> <p>Ethereal does a good job of translating the content of the packets it encounters into human-readable format, and you should have little trouble seeing what happened on the network during the capture period. <a name="INDEX-28"/><a name="INDEX-29"/></p> </div> </div> </div> <div class="sect1"><a name="samba2-CHP-12-SECT-2"/> <h2 class="head1">The Fault Tree</h2> <p><a name="INDEX-30"/><a name="INDEX-31"/><a name="INDEX-32"/><a name="INDEX-33"/>The fault tree presented in this section is for diagnosing and fixing problems that occur when you're installing and reconfiguring Samba. It's an expanded form of the trouble and diagnostic document <em class="filename">DIAGNOSIS.txt</em>, which is part of the Samba distribution.</p> <p>Before you set out to troubleshoot any part of the Samba suite, you should know the following information:</p> <ul><li> <p>Your client IP address (we use 192.168.236.10)</p> </li><li> <p>Your server IP address (we use 192.168.236.86)</p> </li><li> <p>The netmask for your network (typically 255.255.255.0)</p> </li><li> <p>Whether the systems are all on the same subnet (ours are)</p> </li></ul> <p>For clarity, we've renamed the server in the following examples to <tt class="literal">server.example.com</tt>, and the client system to <tt class="literal">client.example.com</tt>.</p> <div class="sect2"><a name="samba2-CHP-12-SECT-2.1"/> <h3 class="head2">How to Use the Fault Tree</h3> <p>Start the tests here, without skipping forward; it won't take long (about 5 minutes) and might actually save you time backtracking. Whenever a test succeeds, you will be given a name of a section to which you can safely skip.</p> </div> <div class="sect2"><a name="samba2-CHP-12-SECT-2.2"/> <h3 class="head2">Troubleshooting Low-Level IP</h3> <p><a name="INDEX-34"/>The first series of tests is that of the low-level services that Samba needs to run. The tests in this section verify that:</p> <ul><li> <p>The IP software works</p> </li><li> <p>The Ethernet hardware works</p> </li><li> <p>Basic name service is in place</p> </li></ul> <p>Subsequent sections add TCP software, the Samba daemons <em class="emphasis">smbd</em> and <em class="emphasis">nmbd</em>, host-based access control, authentication and per-user access control, file services, and browsing. The tests are described in considerable detail to make them understandable by both technically oriented end users and experienced systems and network administrators.</p> <div class="sect3"><a name="samba2-CHP-12-SECT-2.2.1"/> <h3 class="head3">Testing the networking software with ping</h3> <p><a name="INDEX-35"/>The first command to enter on both the server and the client is <tt class="literal">ping</tt><a name="INDEX-36"/><a name="INDEX-37"/> <tt class="literal">127.0.0.1</tt>. This pings the loopback address and indicates whether any networking support is functioning. On Unix, you can use <tt class="literal">ping</tt> <tt class="literal">127.0.0.1</tt> with the statistics option and interrupt it after a few lines. On Sun workstations, the command is typically <tt class="literal">/usr/etc/ping</tt> <tt class="literal">-s</tt> <tt class="literal">127.0.0.1</tt>; on Linux, just <tt class="literal">ping</tt> <tt class="literal">127.0.0.1</tt>. On Windows clients, run <tt class="literal">ping</tt> <tt class="literal">127.0.0.1</tt> in an MS-DOS (command prompt) window, and it will stop by itself after four lines.</p> <p>Here is an example on a Linux server:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>ping 127.0.0.1 </b></tt> PING localhost: 56 data bytes 64 bytes from localhost (127.0.0.1): icmp-seq=0. time=1. ms 64 bytes from localhost (127.0.0.1): icmp-seq=1. time=0. ms 64 bytes from localhost (127.0.0.1): icmp-seq=2. time=1. ms ^C ----127.0.0.1 PING Statistics---- 3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms) min/avg/max = 0/0/1</pre></blockquote> <p>If you get "ping: no answer from . . . " or "100% packet loss," you have no IP networking installed on the system. The address <tt class="literal">127.0.0.1</tt> is the internal loopback address and doesn't depend on the computer being physically connected to a network. If this test fails, you have a serious local problem. TCP/IP either isn't installed or is seriously misconfigured. See your operating system documentation if it's a Unix server. If it's a Windows client, follow the instructions in <a href="ch03.html">Chapter 3</a> to install networking support.</p> <a name="samba2-CHP-12-NOTE-155"/><blockquote class="note"><h4 class="objtitle">TIP</h4> <p>If <em class="emphasis">you're</em> the network manager, some good references are Craig Hunt's <em class="emphasis">TCP/IP Network Administration</em>, Chapter 11, and Craig Hunt and Robert Bruce Thompson's <em class="emphasis">Windows NT TCP/IP Network Administration</em>, both published by O'Reilly.</p> </blockquote> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.2.2"/> <h3 class="head3">Testing local name services with ping</h3> <p><a name="INDEX-38"/>Next, try to ping <tt class="literal">localhost</tt> on the Samba server. The <tt class="literal">localhost</tt> hostname is the conventional hostname for the <tt class="literal">127.0.0.1</tt> loopback interface, and it should resolve to that address. After typing <tt class="literal">ping</tt> <tt class="literal">localhost</tt>, you should see output similar to the following:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>ping localhost </b></tt> PING localhost: 56 data bytes 64 bytes from localhost (127.0.0.1): icmp-seq=0. time=0. ms 64 bytes from localhost (127.0.0.1): icmp-seq=1. time=0. ms 64 bytes from localhost (127.0.0.1): icmp-seq=2. time=0. ms ^C</pre></blockquote> <p>If this succeeds, try the same test on the client. Otherwise:</p> <ul><li> <p>If you get "unknown host: localhost," there is a problem resolving the hostname <em class="filename">localhost</em> into a valid IP address. (This might be as simple as a missing entry in a local <em class="emphasis">hosts</em> file.) From here, skip down to <a href="ch03.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a> later in this chapter.</p> </li><li> <p>If you get "ping: no answer," or "100% packet loss," but pinging <tt class="literal">127.0.0.1</tt> worked, name services is resolving to an address, but it isn't the correct one. Check the file or database (typically <em class="filename">/etc/hosts</em> on a Unix system) that the name service is using to resolve addresses to ensure that the entry is correct.</p> </li></ul> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.2.3"/> <h3 class="head3">Testing the networking hardware with ping</h3> <p><a name="INDEX-39"/>Next, ping the server's network IP address from itself. This should get you exactly the same results as pinging <tt class="literal">127.0.0.1</tt>:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>ping 192.168.236.86 </b></tt> PING 192.168.236.86: 56 data bytes 64 bytes from 192.168.236.86 (192.168.236.86): icmp-seq=0. time=1. ms 64 bytes from 192.168.236.86 (192.168.236.86): icmp-seq=1. time=0. ms 64 bytes from 192.168.236.86 (192.168.236.86): icmp-seq=2. time=1. ms ^C ----192.168.236.86 PING Statistics---- 3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms) min/avg/max = 0/0/1</pre></blockquote> <p>If this works on the server, repeat it for the client. Otherwise:</p> <ul><li> <p>If <tt class="literal">ping</tt> <em class="replaceable">network_ip</em> fails on either the server or client, but <tt class="literal">ping</tt> <tt class="literal">127.0.0.1</tt> works on that system, you have a TCP/IP problem that is specific to the Ethernet network interface card on the computer. Check with the documentation for the network card or host operating system to determine how to configure it correctly. However, be aware that on some operating systems, the <em class="emphasis">ping</em> command appears to work even if the network is disconnected, so this test doesn't always diagnose all hardware problems.</p> </li></ul> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.2.4"/> <h3 class="head3">Testing connections with ping</h3> <p><a name="INDEX-40"/>Now, ping the server by name (instead of its IP address)—once from the server and once from the client. This is the general test for working network hardware:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>ping server </b></tt> PING server.example.com: 56 data bytes 64 bytes from server.example.com (192.168.236.86): icmp-seq=0. time=1. ms 64 bytes from server.example.com (192.168.236.86): icmp-seq=1. time=0. ms 64 bytes from server.example.com (192.168.236.86): icmp-seq=2. time=1. ms ^C ----server.example.com PING Statistics---- 3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms) min/avg/max = 0/0/1</pre></blockquote> <p>If successful, this test tells us five things:</p> <ul><li> <p>The hostname (e.g., <tt class="literal">server</tt>) is being found by your local name server.</p> </li><li> <p>The hostname has been expanded to the full name (e.g., <tt class="literal">server.example.com</tt>).</p> </li><li> <p>Its address is being returned (<tt class="literal">192.168.236.86</tt>).</p> </li><li> <p>The client has sent the Samba server four 56-byte UDP/IP packets.</p> </li><li> <p>The Samba server has replied to all four packets.</p> </li></ul> <p>If this test isn't successful, one of several things can be wrong with the network:</p> <ul><li> <p>First, if you get <tt class="literal">ping</tt>: <tt class="literal">no</tt> <tt class="literal">answer</tt>, or <tt class="literal">100%</tt> <tt class="literal">packet</tt> <tt class="literal">loss</tt>, you're not connecting to the network, the other system isn't connecting, or one of the addresses is incorrect. Check the addresses that the <em class="emphasis">ping</em> command reports on each system, and ensure that they match the ones you set up initially.</p> <p>If not, there is at least one mismatched address between the two systems. Try entering the command <tt class="literal">arp</tt> <tt class="literal">-a</tt>, and see if there is an entry for the other system. (The <em class="emphasis">arp</em> command stands for the Address Resolution Protocol. The <tt class="literal">arp</tt> <tt class="literal">-a</tt> command lists all the addresses known on the local system.) Here are some things to try:</p> <ul><li> <p>If you receive a message like <tt class="literal">192.168.236.86</tt> <tt class="literal">at</tt> <tt class="literal">(incomplete)</tt>, the Ethernet address of 192.168.236.86 is unknown. This indicates a complete lack of connectivity, and you're likely having a problem at the very bottom of the TCP/IP protocol stack—the Ethernet interface layer. This is discussed in Chapters 5 and 6 of <em class="citetitle">TCP/IP Network Administration </em>(O'Reilly).</p> </li><li> <p>If you receive a response similar to server <tt class="literal">(192.168.236.86)</tt> <tt class="literal">at</tt> <tt class="literal">8:0:20:12:7c:94</tt>, the server has been reached at some time, or another system is answering on its behalf. However, this means that <em class="emphasis">ping</em> should have worked: you may have an intermittent networking or ARP problem.</p> </li><li> <p>If the IP address from ARP doesn't match the addresses you expected, investigate and correct the addresses manually.</p> </li> </ul> </li> <li> <p>If each system can ping itself but not another, something is wrong on the network between them.</p> </li><li> <p>If you get <tt class="literal">ping</tt>: <tt class="literal">network</tt> <tt class="literal">unreachable</tt> or <tt class="literal">ICMP</tt> <tt class="literal">Host</tt> <tt class="literal">Unreachable</tt>, you're not receiving an answer, and more than one network is probably involved.</p> <p>In principle, you shouldn't try to troubleshoot SMB clients and servers on different networks. Try to test a server and client that are on the same network:</p> <ol><li> <p>First, perform the tests for <tt class="literal">ping</tt>: <tt class="literal">no</tt> <tt class="literal">answer</tt> described earlier in this section. If this doesn't identify the problem, the remaining possibilities are the following: an address is wrong, your netmask is wrong, a network is down, or the packets have been stopped by a firewall.</p> </li> <li> <p>Check both the address and the netmasks on source and destination systems to see if something is obviously wrong. Assuming both systems really are on the same network, they both should have the same netmasks, and <em class="emphasis">ping</em> should report the correct addresses. If the addresses are wrong, you'll need to correct them. If they are correct, the programs might be confused by an incorrect netmask. See <a href="ch12.html#samba2-CHP-12-SECT-2.8.1">Section 12.2.8.1</a>, later in this chapter.</p> </li> <li> <p>If the commands are still reporting that the network is unreachable and neither of the previous two conditions are in error, one network really might be unreachable from the other. This, too, is an issue for the network manager.</p> </li></ol> </li><li> <p>If you get <tt class="literal">ICMP</tt> <tt class="literal">Administratively</tt> <tt class="literal">Prohibited</tt>, you've struck a firewall of some sort or a misconfigured router. You will need to speak to your network security officer.</p> </li><li> <p>If you get <tt class="literal">ICMP</tt> <tt class="literal">Host</tt> <tt class="literal">redirect</tt> and <em class="emphasis">ping</em> reports packets getting through, this is generally harmless: you're simply being rerouted over the network.</p> </li><li> <p>If you get a host redirect and no <em class="emphasis">ping</em> responses, you are being redirected, but no one is responding. Treat this just like the <tt class="literal">Network</tt> <tt class="literal">unreachable</tt> response, and check your addresses and netmasks.</p> </li><li> <p>If you get <tt class="literal">ICMP</tt> <tt class="literal">Host</tt> <tt class="literal">Unreachable</tt> <tt class="literal">from</tt> <tt class="literal">gateway</tt> <tt class="literal">gateway</tt> <tt class="literal">name</tt>, ping packets are being routed to another network, but the other system isn't responding and the router is reporting the problem on its behalf. Again, treat this like a <tt class="literal">Network</tt> <tt class="literal">unreachable</tt> response, and start checking addresses and netmasks.</p> </li><li> <p>If you get <tt class="literal">ping</tt>: <tt class="literal">unknown</tt> <tt class="literal">host</tt> <tt class="literal">hostname</tt>, your system's name is not known. This tends to indicate a name service problem, which didn't affect <tt class="literal">localhost</tt>. Have a look at <a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>, later in this chapter.</p> </li><li> <p>If you get a partial success—with some pings failing but others succeeding—you have either an intermittent problem between the systems or an overloaded network. Ping a bit longer, and see if more than about three percent of the packets fail. If so, check it with your network manager: a problem might just be starting. However, if only a few fail, or if you happen to know some massive network program is running, don't worry unduly. The ICMP (and UDP) protocols used by <em class="emphasis">ping</em> are allowed to drop occasional packets.</p> </li><li> <p>If you get a response such as <tt class="literal">smtsvr.antares.net</tt> <tt class="literal">is</tt> <tt class="literal">alive</tt> when you actually pinged <tt class="literal">client.example.com</tt>, either you're using someone else's address or the system has multiple names and addresses. If the address is wrong, the name service is clearly the culprit; you'll need to change the address in the name service database to refer to the correct system. This is discussed in <a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>, later in this chapter.</p> <p>Servers are often <em class="emphasis">multihomed</em> —i.e., connected to more than one network, with different names on each net. If you are getting a response from an unexpected name on a multihomed server, look at the address and see if it's on your network (see <a href="ch12.html#samba2-CHP-12-SECT-2.8.1">Section 12.2.8.1</a>, later in this chapter). If so, you should use that address, rather than one on a different network, for both performance and reliability reasons.</p> <p>Servers can also have multiple names for a single Ethernet address, especially if they are web servers. This is harmless, albeit startling. You probably will want to use the official (and permanent) name, rather than an alias that might change.</p> </li><li> <p>If everything works but the IP address reported is <tt class="literal">127.0.0.1</tt>, you have a name service error. This typically occurs when an operating-system installation program generates an <em class="filename">/etc/hosts</em> line similar to <tt class="literal">127.0.0.1</tt> <tt class="literal">localhost</tt> <em class="emphasis">hostname.domainname</em>. The localhost line should say <tt class="literal">127.0.0.1</tt> <tt class="literal">localhost</tt> or <tt class="literal">127.0.0.1</tt> <tt class="literal">localhost</tt> <tt class="literal">loghost</tt>. Correct it, lest it cause failures to negotiate who is the master browse list holder and who is the master browser. It can also cause (ambiguous) errors in later tests.</p> </li></ul> <p>If this worked from the server, repeat it from the client. <a name="INDEX-41"/> <a name="INDEX-42"/><a name="INDEX-43"/></p> </div> </div> <div class="sect2"><a name="samba2-CHP-12-SECT-2.3"/> <h3 class="head2">Troubleshooting TCP</h3> <p><a name="INDEX-44"/><a name="INDEX-45"/>Now that you've tested IP, UDP, and a name service with <em class="emphasis">ping</em>, it's time to test TCP. Browsing and <em class="emphasis">ping</em> use ICMP and UDP; file and print services (shares) use TCP. Both depend on IP as a lower layer, and all four depend on name services. Testing TCP is most conveniently done using the FTP program.</p> <div class="sect3"><a name="samba2-CHP-12-SECT-2.3.1"/> <h3 class="head3">Testing TCP with FTP</h3> <p>Try connecting via FTP, once from the server to itself, and once from the client to the server:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>ftp server</b></tt> Connected to server.example.com. 220 server.example.com FTP server (Version 6.2/OpenBSD/Linux-0.10) ready. Name (server:davecb): 331 Password required for davecb. Password: 230 User davecb logged in. ftp><tt class="userinput"><b> quit </b></tt> 221 Goodbye.</pre></blockquote> <p>If this worked, skip to the next section, <a href="ch12.html#samba2-CHP-12-SECT-2.4">Section 12.2.4</a>. Otherwise:</p> <ul><li> <p>If you received the message <tt class="literal">server</tt>: <tt class="literal">unknown</tt> <tt class="literal">host</tt>, name service has failed. Go back to the corresponding <em class="emphasis">ping</em> step, <a href="ch12.html#samba2-CHP-12-SECT-2.2.2">Section 12.2.2.2</a>, and rerun those tests to see why name lookup failed.</p> </li><li> <p>If you received <tt class="literal">ftp</tt>: <tt class="literal">connect</tt>: <tt class="literal">Connection</tt> <tt class="literal">refused</tt>, the system isn't running an FTP daemon. This is mildly unusual on Unix servers. Optionally, you might try this test by connecting to the system using <em class="emphasis">telnet</em> instead of <em class="emphasis">ftp</em>; the messages are very similar, and <em class="emphasis">telnet</em> uses TCP as well.</p> </li><li> <p>If there was a long pause, and then <tt class="literal">ftp</tt>: <tt class="literal">connect</tt>: <tt class="literal">Connection</tt> <tt class="literal">timed</tt> <tt class="literal">out</tt>, the system isn't reachable. Return to <a href="ch12.html#samba2-CHP-12-SECT-2.2.4">Section 12.2.2.4</a>.</p> </li><li> <p>If you received <tt class="literal">530</tt> <tt class="literal">Logon</tt> <tt class="literal">Incorrect</tt>, you connected successfully, but you've just found a different problem. You likely provided an incorrect username or password. Try again, making sure you use your username from the Unix server and type your password correctly.</p> </li></ul> </div> </div> <div class="sect2"><a name="samba2-CHP-12-SECT-2.4"/> <h3 class="head2">Troubleshooting Server Daemons</h3> <p><a name="INDEX-46"/>Once you've confirmed that TCP networking is working properly, the next step is to make sure the daemons are running on the server. This takes three separate tests because no single one of the following will decisively prove that they're working correctly.</p> <p>To be sure they're running, you need to find out whether the daemons:</p> <ol><li> <p>Have started</p> </li><li> <p>Are registered or bound to a TCP/IP port by the operating system</p> </li><li> <p>Are actually paying attention</p> </li></ol> <div class="sect3"><a name="samba2-CHP-12-SECT-2.4.1"/> <h3 class="head3">Tracking daemon startup</h3> <p><a name="INDEX-47"/>First, check the Samba logs. If you've started the daemons, the message <tt class="literal">smbd</tt> <tt class="literal">version</tt> <tt class="literal">number</tt> <tt class="literal">started</tt> should appear. If it doesn't, you need to restart the Samba daemons.</p> <p>If the daemon reports that it has indeed started, look out for <tt class="literal">bind</tt> <tt class="literal">failed</tt> <tt class="literal">on</tt> <tt class="literal">port</tt> <tt class="literal">139</tt> <tt class="literal">socket_addr=0</tt> <tt class="literal">(Address</tt> <tt class="literal">already</tt> <tt class="literal">in</tt> <tt class="literal">use)</tt>. This means another daemon has been started on port 139 (<em class="emphasis">smbd</em> ). Also, <em class="emphasis">nmbd</em> will report a similar failure if it cannot bind to port 137. Either you've started them twice, or the <em class="emphasis">inetd</em> server has tried to provide a daemon for you. If it's the latter, we'll diagnose that in a moment.</p> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.4.2"/> <h3 class="head3">Looking for daemon processes with ps</h3> <p><a name="INDEX-48"/>Another way to make sure the daemons are running is to check their processes on the system. Use the <em class="emphasis">ps</em><a name="INDEX-49"/> command on the server with the "long" option for your system type (commonly <tt class="literal">ps</tt> <tt class="literal">ax</tt> or <tt class="literal">ps</tt> <tt class="literal">-ef</tt>), and see whether <em class="emphasis">smbd</em> and <em class="emphasis">nmbd</em> are already running. This often looks like the following:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>ps ax</b></tt> PID TTY STAT TIME COMMAND 1 ? S 0:03 init [2] 2 ? SW 0:00 (kflushd) <i class="lineannotation">(...many lines of processes...) </i> 234 ? S 0:14 nmbd -D3 237 ? S 0:11 smbd -D3 <i class="lineannotation">(...more lines, possibly including more smbd lines...)</i></pre></blockquote> <p>This example illustrates that <em class="emphasis">smbd</em> and <em class="emphasis">nmbd</em> have already started as standalone daemons (the <em class="emphasis">-D</em> option) at log level 3.</p> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.4.3"/> <h3 class="head3">Looking for daemons bound to ports</h3> <p><a name="INDEX-50"/>Next, the daemons have to be registered with the operating system so that they can get access to TCP/IP ports. The <em class="emphasis">netstat</em> command will tell you if this has been done. Run the command <tt class="literal">netstat</tt> <tt class="literal">-a</tt> on the server, and look for lines mentioning <tt class="literal">netbios</tt>, <tt class="literal">137</tt>, or <tt class="literal">139</tt>:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>netstat -a </b></tt> Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) udp 0 0 *.137 *.* tcp 0 0 *.139 *.* LISTEN tcp 8370 8760 server.139 client.1439 ESTABLISHED</pre></blockquote> <p>Among similar lines, there should be at least one UDP line for <tt class="literal">*.netbios-</tt> or <tt class="literal">*.137</tt>. This indicates that the <em class="emphasis">nmbd</em> server is registered and (we hope) is waiting to answer requests. There should also be at least one TCP line mentioning <tt class="literal">*.netbios-</tt> or <tt class="literal">*.139</tt>, and it will probably be in the LISTEN state. This means that <em class="emphasis">smbd</em> is up and listening for connections.</p> <p>There might be other TCP lines indicating connections from <em class="emphasis">smbd</em> to clients, one for each client. These are usually in the ESTABLISHED state. If there are <em class="emphasis">smbd</em> lines in the ESTABLISHED state, <em class="emphasis">smbd</em> is definitely running. If there is only one line in the LISTEN state, we're not sure yet. If both of the lines are missing, a daemon has not succeeded in starting, so it's time to check the logs and then go back to <a href="ch02.html">Chapter 2</a>.</p> <p>If there is a line for each client, it might be coming either from a Samba daemon or from the master IP daemon, <em class="emphasis">inetd</em>. It's quite possible that your <em class="emphasis">inetd</em> startup file contains lines that start Samba daemons without your realizing it; for instance, the lines might have been placed there if you installed Samba as part of a Linux distribution. The daemons started by <em class="emphasis">inetd</em> prevent ours from running. This problem typically produces log messages such as <tt class="literal">bind</tt> <tt class="literal">failed</tt> <tt class="literal">on</tt> <tt class="literal">port</tt> <tt class="literal">139</tt> <tt class="literal">socket</tt> <tt class="literal">addr=0</tt> <tt class="literal">(Address</tt> <tt class="literal">already</tt> <tt class="literal">in</tt> <tt class="literal">use)</tt>.</p> <p>Check your <em class="filename">/etc/inetd.conf</em> ; unless you're intentionally starting the daemons from there, <tt class="literal">netbios-ns</tt> (UDP port 137) or <tt class="literal">netbios-ssn</tt> (tcp port 139) servers should be mentioned there. If your system is providing an SMB daemon via <em class="emphasis">inetd</em>, lines such as the following will appear in the <em class="filename">inetd.conf</em> file:</p> <blockquote><pre class="code">netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd</pre></blockquote> <p>If your system uses <em class="emphasis">xinetd</em> instead of <em class="emphasis">inetd</em>, see <a href="ch02.html">Chapter 2</a> for details concerning its configuration.</p> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.4.4"/> <h3 class="head3">Checking smbd with telnet</h3> <p><a name="INDEX-51"/><a name="INDEX-52"/><a name="INDEX-53"/>Ironically, the easiest way to test that the <em class="emphasis">smbd</em> server is actually working is to send it a meaningless message and see if it is rejected. Try something such as the following:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>echo "hello" | telnet localhost 139 </b></tt> Trying Trying 192.168.236.86 ... Connected to localhost. Escape character is '^]'. Connection closed by foreign host.</pre></blockquote> <p>This sends an erroneous but harmless message to <em class="emphasis">smbd</em>. If you get a <tt class="literal">Connected</tt> message followed by a <tt class="literal">Connection</tt> <tt class="literal">closed</tt> message, the test was a success. You have an <em class="emphasis">smbd</em> daemon listening on the port and rejecting improper connection messages. On the other hand, if you get <tt class="literal">telnet</tt>: <tt class="literal">connect</tt>: <tt class="literal">Connection</tt> <tt class="literal">refused</tt>, most likely no daemon is present. Check the logs and go back to <a href="ch02.html">Chapter 2</a>.</p> <p>Regrettably, there isn't an easy test for <em class="emphasis">nmbd</em>. If the <em class="emphasis">telnet</em> test and the <em class="emphasis">netstat</em> test both say that an <em class="emphasis">smbd</em> is running, there is a good chance that <em class="emphasis">netstat</em> will also be correct about <em class="emphasis">nmbd</em> running.</p> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.4.5"/> <h3 class="head3">Testing daemons with testparm</h3> <p><a name="INDEX-54"/><a name="INDEX-55"/>Once you know there's a daemon, you should always run <em class="emphasis">testparm</em>, in hopes of getting something such as the following:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>testparm </b></tt> Load smb config files from /opt/samba/lib/smb.conf Processing section "[homes]" Processing section "[printers]" ... Processing section "[tmp]" Loaded services file OK. ...</pre></blockquote> <p>The <em class="emphasis">testparm</em> program normally reports the processing of a series of sections and responds with <tt class="literal">Loaded</tt> <tt class="literal">services</tt> <tt class="literal">file</tt> <tt class="literal">OK</tt> if it succeeds. If not, it reports one or more of the following messages, which also appear in the logs as noted:</p> <dl> <dt><b>Allow/Deny connection from account (n) to service</b></dt> <dd> <p>A <em class="emphasis">testparm</em>-only message produced if you have <tt class="literal">valid</tt> <tt class="literal">user</tt> or <tt class="literal">invalid</tt> <tt class="literal">user</tt> options set in your <em class="emphasis">smb.conf</em>. You will want to make sure that you are on the valid user list, and that <tt class="literal">root</tt>, <tt class="literal">bin</tt>, etc., are on the invalid user list. If you don't, you will not be able to connect, or users who shouldn't <em class="emphasis">will</em> be able to.</p> </dd> <dt><b>Warning: You have some share names that are longer than eight chars</b></dt> <dd> <p>For anyone using Windows for Workgroups and older clients. They fail to connect to shares with long names, producing an overflow message that sounds confusingly like a memory overflow.</p> </dd> <dt><b>Warning: [name] service MUST be printable!</b></dt> <dd> <p>A printer share lacks a <tt class="literal">printable</tt> <tt class="literal">=</tt> <tt class="literal">yes</tt> option.</p> </dd> <dt><b>No path in service name using [name]</b></dt> <dd> <p>A file share doesn't know which directory to provide to the user, or a print share doesn't know which directory to use for spooling. If no path is specified, the service will try to run with a path of <em class="emphasis">/tmp</em>, which might not be what you want.</p> </dd> <dt><b>Note: Servicename is flagged unavailable</b></dt> <dd> <p>Just a reminder that you have used the <tt class="literal">available</tt> <tt class="literal">=</tt> <tt class="literal">no</tt> option in a share.</p> </dd> <dt><b>Can't find include file [name] </b></dt> <dd> <p>A configuration file referred to by an <tt class="literal">include</tt> option did not exist. If you were including the file unconditionally, this is an error and probably a serious one: the share will not have the configuration you intended. If you were including it based on one of the <tt class="literal">%</tt> variables, such as <tt class="literal">%a</tt> (architecture), you will need to decide whether, for example, a missing Windows for Workgroups configuration file is a problem. It often isn't.</p> </dd> <dt><b>Can't copy service name, unable to copy to itself</b></dt> <dd> <p>You tried to copy an <em class="filename">smb.conf</em> section into itself.</p> </dd> <dt><b>Unable to copy service—source not found: [name]</b></dt> <dd> <p>Indicates a missing or misspelled section in a <tt class="literal">copy</tt> <tt class="literal">=</tt> option.</p> </dd> <dt><b>Ignoring unknown parameter name </b></dt> <dd> <p>Typically indicates an obsolete, misspelled, or unsupported option.</p> </dd> <dt><b>Global parameter name found in service section </b></dt> <dd> <p>Indicates that a global-only parameter has been used in an individual share. Samba ignores the parameter.</p> </dd> </dl> <p>After the <em class="emphasis">testparm</em> test, repeat it with (exactly) three parameters: the name of your <em class="filename">smb.conf</em> file, the name of your client, and its IP address:</p> <blockquote><pre class="code"># <tt class="userinput"><b>testparm /usr/local/samba/lib/smb.conf client 192.168.236.10</b></tt></pre></blockquote> <p>This will run one more test that checks the hostname and address against <tt class="literal">hosts</tt> <tt class="literal">allow</tt> and <tt class="literal">hosts</tt> <tt class="literal">deny</tt> options and might produce the <tt class="literal">Allow</tt> <tt class="literal">connection</tt> <tt class="literal">from</tt> <tt class="literal">hostname</tt> <tt class="literal">to</tt> <tt class="literal">service</tt> and/or <tt class="literal">Deny</tt> <tt class="literal">connection</tt> <tt class="literal">from</tt> <tt class="literal">hostname</tt> <tt class="literal">to</tt> <tt class="literal">service</tt> messages for the client system. These messages indicate that you have <tt class="literal">hosts</tt> <tt class="literal">allow</tt> and/or <tt class="literal">hosts</tt> <tt class="literal">deny</tt> options in your <em class="filename">smb.conf</em>, and they prohibit access from the client system. <a name="INDEX-56"/></p> </div> </div> <div class="sect2"><a name="samba2-CHP-12-SECT-2.5"/> <h3 class="head2">Troubleshooting SMB Connections</h3> <p><a name="INDEX-57"/><a name="INDEX-58"/>Now that you know the servers are up, you need to make sure they're running properly. We start by placing a simple <em class="filename">smb.conf</em> file in the <em class="filename">/usr/local/samba/lib</em> directory.</p> <div class="sect3"><a name="samba2-CHP-12-SECT-2.5.1"/> <h3 class="head3">A minimal smb.conf file</h3> <p>In the following tests, we assume you have a <tt class="literal">[temp]</tt> share suitable for testing, plus at least one account. An <em class="filename">smb.conf</em> file that includes just these is as follows:</p> <blockquote><pre class="code">[global] workgroup = <em class="replaceable">EXAMPLE</em> security = user browsable = yes local master = yes [homes] guest ok = no browsable = no [temp] path = /tmp public = yes</pre></blockquote> <a name="samba2-CHP-12-NOTE-156"/><blockquote class="note"><h4 class="objtitle">WARNING</h4> <p>The <tt class="literal">public</tt> <tt class="literal">=</tt> <tt class="literal">yes</tt> option in the <tt class="literal">[temp]</tt> share is just for testing. You probably don't want people without accounts storing things on your Samba server, so you should comment it out when you're done.</p> </blockquote> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.5.2"/> <h3 class="head3">Testing locally with smbclient</h3> <p><a name="INDEX-59"/><a name="INDEX-60"/>The first test is to ensure that the server can list its own services (shares). Run the command <tt class="literal">smbclient</tt> <em class="emphasis">-L</em> <tt class="literal">localhost</tt> <tt class="literal">-U%</tt> to connect to the server from itself, and specify the guest user. You should see the following:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L localhost -U% </b></tt> Server time is Wed May 27 17:57:40 2002 Timezone is UTC-4.0 Server=[localhost] User=[davecb] Workgroup=[EXAMPLE] Domain=[EXAMPLE] Sharename Type Comment --------- ----- ---------- temp Disk IPC$ IPC IPC Service (Samba 1.9.18) homes Disk Home directories This machine does not have a browse list</pre></blockquote> <p>If you received this output, move on to the next section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.3">Section 12.2.5.3</a>. On the other hand, if you receive an error, check the following:</p> <ul><li> <p>If you get <tt class="literal">Get_hostbyname</tt>: <tt class="literal">unknown</tt> <tt class="literal">host</tt> <tt class="literal">localhost</tt>, either you've spelled its name wrong or there actually is a problem (which should have been seen back in <a href="ch12.html#samba2-CHP-12-SECT-2.2.2">Section 12.2.2.2</a>). In the latter case, move on to <a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>, later in this chapter.</p> </li><li> <p>If you get <tt class="literal">Connect</tt> <tt class="literal">error</tt>: <tt class="literal">Connection</tt> <tt class="literal">refused</tt>, the server was found, but it wasn't running an <em class="emphasis">nmbd</em> daemon. Skip back to <a href="ch12.html#samba2-CHP-12-SECT-2.4">Section 12.2.4</a>, earlier in this chapter, and retest the daemons.</p> </li><li> <p>If you get the message <tt class="literal">Your</tt> <tt class="literal">server</tt> <tt class="literal">software</tt> <tt class="literal">is</tt> <tt class="literal">being</tt> <tt class="literal">unfriendly</tt>, the initial session request packet got a garbage response from the server. The server might have crashed or started improperly. The common causes of this can be discovered by scanning the logs for the following:</p> <ul><li> <p>Invalid command-line parameters to <em class="emphasis">smbd</em> ; see the <em class="emphasis">smbd</em> manual page.</p> </li><li> <p>A fatal problem with the <em class="filename">smb.conf</em> file that prevents the startup of <em class="emphasis">smbd</em>. Always check your changes with <em class="emphasis">testparm</em>, as was done in <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>, earlier in this chapter.</p> </li><li> <p>Missing directories where Samba is supposed to keep its log and lock files.</p> </li><li> <p>The presence of a server already on the port (139 for <em class="emphasis">smbd</em>, 137 for <em class="emphasis">nmbd</em> ), preventing the daemon from starting.</p> </li></ul> </li> <li> <p>If you're using <em class="emphasis">inetd</em> (or xinetd ) instead of standalone daemons, be sure to check your <em class="filename">/etc/inetd.conf</em> (or xinetd configuration files) and <em class="filename">/etc/services</em> entries against their manual pages for errors as well.</p> </li><li> <p>If you get a <tt class="literal">Password</tt>: prompt, your guest account is not set up properly. The <em class="emphasis">-U%</em> option tells <em class="emphasis">smbclient</em> to do a "null login," which requires that the guest account be present but does not require it to have any privileges.</p> </li><li> <p>If you get the message <tt class="literal">SMBtconX</tt> <tt class="literal">failed</tt>. <tt class="literal">ERRSRV--ERRaccess</tt>, you aren't permitted access to the server. This normally means you have a <tt class="literal">hosts</tt> <tt class="literal">allow</tt> option that doesn't include the server or a <tt class="literal">hosts</tt> <tt class="literal">deny</tt> option that does. Recheck with the command <tt class="literal">testparm</tt> <tt class="literal">smb.conf</tt> <em class="replaceable">your_hostname</em> <em class="replaceable">your_ip_address</em> (see <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>), and correct any unintended prohibitions.</p> </li></ul> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.5.3"/> <h3 class="head3">Testing connections with smbclient</h3> <p><a name="INDEX-61"/><a name="INDEX-62"/>Run the command <tt class="literal">smbclient</tt> <tt class="literal">\\</tt><em class="replaceable">server</em><tt class="literal">\temp</tt> to connect to the server's <tt class="literal">[temp]</tt> share and to see if you can connect to a file service. You should get the following response:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>smbclient '\\server\temp' </b></tt> Server time is Tue May 5 09:49:32 2002 Timezone is UTC-4.0 Password: <b class="emphasis-bold">smb: \> quit</b></pre></blockquote> <p>You might receive the following errors:</p> <ul><li> <p>If you get <tt class="literal">Get_Hostbyname</tt>: <tt class="literal">Unknown</tt> <tt class="literal">host</tt> <tt class="literal">name</tt>, <tt class="literal">Connect</tt> <tt class="literal">error</tt>: <tt class="literal">Connection</tt> <tt class="literal">refused</tt>, or <tt class="literal">Your</tt> <tt class="literal">server</tt> <tt class="literal">software</tt> <tt class="literal">is</tt> <tt class="literal">being</tt> <tt class="literal">unfriendly</tt>, see the previous section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>, for the diagnoses.</p> </li><li> <p>If you get the message <tt class="literal">servertemp</tt>: <tt class="literal">Not</tt> <tt class="literal">enough</tt> <tt class="literal">`\</tt>' <tt class="literal">characters</tt> <tt class="literal">in</tt> <tt class="literal">service</tt>, you likely didn't quote the address, so Unix stripped off backslashes. You can also write the command:</p> <blockquote><pre class="code">smbclient \\\\<em class="replaceable">server</em>\\temp</pre></blockquote> <p>or:</p> <blockquote><pre class="code">smbclient //<em class="replaceable">server</em>/temp</pre></blockquote> </li> </ul> <p>Now, provide your Unix account password to the <tt class="literal">Password</tt>: prompt. If you then get an <tt class="literal">smb</tt>: <tt class="literal">\></tt> prompt, it worked. Enter <tt class="literal">quit</tt> and continue on to the next section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.4">Section 12.2.5.4</a>. If you got <tt class="literal">SMBtconX</tt> <tt class="literal">failed</tt>. <tt class="literal">ERRSRV--ERRinvnetname</tt>, the problem can be any of the following:</p> <ul><li> <p>A wrong share name: you might have spelled it wrong, it might be too long, it might be in mixed case, or it might not be available. Check that it's what you expect with <em class="emphasis">testparm</em> (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>).</p> </li><li> <p>A <tt class="literal">security</tt> <tt class="literal">=</tt> <tt class="literal">share</tt> parameter in your Samba configuration file, in which case you might have to add <tt class="literal">-U</tt> <em class="replaceable">your_account</em> to the <em class="emphasis">smbclient</em> command.</p> </li><li> <p>An erroneous username.</p> </li><li> <p>An erroneous password.</p> </li><li> <p>An <tt class="literal">invalid</tt> <tt class="literal">users</tt> or <tt class="literal">valid</tt> <tt class="literal">users</tt> option in your <em class="emphasis">smb.conf</em> file that doesn't allow your account to connect. Recheck using <tt class="literal">testparm</tt> <tt class="literal">smb.conf</tt> <em class="replaceable">your_hostname your_ip_address</em> (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>).</p> </li><li> <p>A <tt class="literal">valid</tt> <tt class="literal">hosts</tt> option that doesn't include the server, or an <tt class="literal">invalid</tt> <tt class="literal">hosts</tt> option that does. Also test this with <em class="emphasis">testparm</em>.</p> </li><li> <p>A problem in authentication, such as if shadow passwords or the Password Authentication Module (PAM) is used on the server, but Samba is not compiled to use it. This is rare, but it occasionally happens when a SunOS 4 Samba binary (with no shadow passwords) is run without recompilation on a Solaris system (with shadow passwords).</p> </li><li> <p>The <tt class="literal">encrypted</tt> <tt class="literal">passwords</tt> <tt class="literal">=</tt> <tt class="literal">yes</tt> option is in the configuration file, but no password for your account is in the <em class="emphasis">smbpasswd</em> file.</p> </li><li> <p>You have a null password entry, either in Unix <em class="filename">/etc/passwd</em> or in the <em class="emphasis">smbpasswd</em> file.</p> </li><li> <p>You are connecting to <tt class="literal">[temp]</tt>, and you do not have the <tt class="literal">guest</tt> <tt class="literal">ok</tt> <tt class="literal">=</tt> <tt class="literal">yes</tt> option in the <tt class="literal">[temp]</tt> section of the <em class="emphasis">smb.conf</em> file.</p> </li><li> <p>You are connecting to <tt class="literal">[temp]</tt> before connecting to your home directory, and your guest account isn't set up correctly. If you can connect to your home directory and then connect to <tt class="literal">[temp]</tt>, that's the problem. See <a href="ch02.html">Chapter 2</a> for more information on creating a basic Samba configuration file.</p> <p>A bad guest account will also prevent you from printing or browsing until after you've logged in to your home directory.</p> </li></ul> <p>There is one more reason for this failure that has nothing at all to do with passwords: the <tt class="literal">path</tt> parameter in your <em class="filename">smb.conf</em> file might point somewhere that doesn't exist. This will not be diagnosed by <em class="emphasis">testparm</em>, and most SMB clients can't distinguish it from other types of bad user accounts. You will have to check it manually.</p> <p>Once you have connected to <tt class="literal">[temp]</tt> successfully, repeat the test, this time logging in to your home directory (e.g., map network drive <em class="replaceable">server</em><tt class="literal">\davecb</tt>). If you have to change anything to get that to work, retest <tt class="literal">[temp]</tt> again afterward.</p> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.5.4"/> <h3 class="head3">Testing connections with net use</h3> <p><a name="INDEX-63"/><a name="INDEX-64"/>Run the command <tt class="literal">net</tt> <tt class="literal">use</tt> <tt class="literal">*</tt> <tt class="literal">\</tt><em class="replaceable">server</em><tt class="literal">\temp</tt> on the Windows client to see if it can connect to the server. You should be prompted for a password, then receive the response <tt class="literal">The</tt> <tt class="literal">command</tt> <tt class="literal">was</tt> <tt class="literal">completed</tt> <tt class="literal">successfully</tt>.</p> <p>If that worked, continue with the steps in the next section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.5">Section 12.2.5.5</a>. Otherwise:</p> <ul><li> <p>If you get <tt class="literal">The</tt> <tt class="literal">specified</tt> <tt class="literal">shared</tt> <tt class="literal">directory</tt> <tt class="literal">cannot</tt> <tt class="literal">be</tt> <tt class="literal">found</tt>, or <tt class="literal">Cannot</tt> <tt class="literal">locate</tt> <tt class="literal">specified</tt> <tt class="literal">share</tt> <tt class="literal">name</tt>, the directory name is either misspelled or not in the <em class="emphasis">smb.conf</em> file. This message can also warn of a name that is in mixed case, including spaces, or that is longer than eight characters.</p> </li><li> <p>If you get <tt class="literal">The</tt> <tt class="literal">computer</tt> <tt class="literal">name</tt> <tt class="literal">specified</tt> <tt class="literal">in</tt> <tt class="literal">the</tt> <tt class="literal">network</tt> <tt class="literal">path</tt> <tt class="literal">cannot</tt> <tt class="literal">be</tt> <tt class="literal">located</tt> or <tt class="literal">Cannot</tt> <tt class="literal">locate</tt> <tt class="literal">specified</tt> <tt class="literal">computer</tt>, the directory name has been misspelled, the name service has failed, there is a networking problem, or the <tt class="literal">hosts</tt> <tt class="literal">deny</tt> option includes your host.</p> <ul><li> <p>If it is not a spelling mistake, you need to double back at least to <a href="ch12.html#samba2-CHP-12-SECT-2.5.3">Section 12.2.5.3</a> to investigate why it doesn't connect.</p> </li><li> <p>If <em class="emphasis">smbclient</em> does work, there is a name service problem with the client name service, and you need to go forward to <a href="ch12.html#samba2-CHP-12-SECT-2.6.2">Section 12.2.6.2</a> and see if you can look up both the client and server with <em class="emphasis">nmblookup</em>.</p> </li> </ul> </li> <li> <p>If you get <tt class="literal">The</tt> <tt class="literal">password</tt> <tt class="literal">is</tt> <tt class="literal">invalid</tt> <tt class="literal">for</tt> <tt class="literal">\server\username</tt>, your locally cached copy on the client doesn't match the one on the server. You will be prompted for a replacement.</p> <a name="samba2-CHP-12-NOTE-157"/><blockquote class="note"><h4 class="objtitle">TIP</h4> <p>Each Windows 95/98/Me client keeps a local <em class="emphasis">password</em> file, but it's really just a cached copy of the password it sends to Samba and NT/2000/XP servers to authenticate you. That's what is being prompted for here. You can still log on to a Windows system without a password (but not to NT/2000/XP).</p> </blockquote> <p>If you provide your password and it still fails, your password is not being matched on the server, you have a <tt class="literal">valid</tt> <tt class="literal">users</tt> or <tt class="literal">invalid</tt> <tt class="literal">users</tt> list denying you permission, NetBEUI is interfering, or the encrypted password problem described in the next paragraph exists.</p> </li><li> <p>If your client is Windows NT 4.0, NT 3.5 with Patch 3, Windows 95 with Patch 3, Windows 98, any of these with Internet Explorer 4.0, or any subsequent version of Windows, the system will default to Microsoft encryption for passwords. In general, if you have installed a major Microsoft product on any of the older Windows versions, you might have applied an update and turned on encrypted passwords. If the client is defaulting to encrypted passwords, you will need to specify <tt class="literal">encrypt</tt> <tt class="literal">passwords</tt> <tt class="literal">=</tt> <tt class="literal">yes</tt> in your Samba configuration file if you are using a version of Samba prior to Samba 3.0.</p> <a name="samba2-CHP-12-NOTE-158"/><blockquote class="note"><h4 class="objtitle">TIP</h4> <p>Because of Internet Explorer's willingness to honor URLs such as <em class="filename">file://somehost/somefile</em> by making SMB connections, clients up to and including Windows 95 Patch Level 2 would happily send your password, in plain text, to SMB servers anywhere on the Internet. This was considered a bad idea, and Microsoft switched to using only encrypted passwords in the SMB protocol. All subsequent releases of Microsoft's products have included this correction.</p> </blockquote> </li> <li> <p>If you have a mixed-case password on Unix, the client is probably sending it in all one case. If changing your password to all one case works, this was the problem. Regrettably, all but the oldest clients support uppercase passwords, so Samba will try once with the password in uppercase and once in lowercase. If you wish to use mixed-case passwords, see the <tt class="literal">password</tt> <tt class="literal">level</tt> option in <a href="ch09.html">Chapter 9</a> for a workaround.</p> </li><li> <p>You might have a <tt class="literal">valid</tt> <tt class="literal">users</tt> problem, as tested with <em class="emphasis">smbclient</em> (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.3">Section 12.2.5.3</a>).</p> </li><li> <p>You might have the NetBEUI protocol bound to the Microsoft client. This often produces long timeouts and erratic failures and is known to have caused failures to accept passwords in the past. Unless you absolutely need the NetBEUI protocol, remove it.</p> </li></ul> <a name="samba2-CHP-12-NOTE-159"/><blockquote class="note"><h4 class="objtitle">TIP</h4> <p>The term "bind" is used here to mean connecting one piece of software to another. When configured correctly, the Microsoft SMB client is "bound to" TCP/IP in the bindings section of the TCP/IP properties panel under the Windows 95/98/Me Network icon in the Control Panel. TCP/IP in turn is bound to an Ethernet card. This is not the same sense of the word as binding an SMB daemon to a TCP/IP port.</p> </blockquote> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.5.5"/> <h3 class="head3">Testing connections with Windows Explorer</h3> <p><a name="INDEX-65"/><a name="INDEX-66"/>Start Windows Explorer (not Internet Explorer), select Map Network Drive from the Tools menu, and specify the UNC for one of your shares on the Samba server to see if you can make Explorer connect to it. If so, you've succeeded and can skip to the next section, <a href="ch12.html#samba2-CHP-12-SECT-2.6">Section 12.2.6</a>.</p> <p>Windows Explorer is a rather poor diagnostic tool: it tells you that something's wrong, but rarely what it is. If you get a failure, you'll need to track it down with the Windows <em class="emphasis">net use</em> command, which has far superior error reporting:</p> <ul><li> <p>If you get <tt class="literal">The</tt> <tt class="literal">password</tt> <tt class="literal">for</tt> <tt class="literal">this</tt> <tt class="literal">connection</tt> <tt class="literal">that</tt> <tt class="literal">is</tt> <tt class="literal">in</tt> <tt class="literal">your</tt> <tt class="literal">password</tt> <tt class="literal">file</tt> <tt class="literal">is</tt> <tt class="literal">no</tt> <tt class="literal">longer</tt> <tt class="literal">correct</tt>, you might have any of the following:</p> <ul><li> <p>Your locally cached copy on the client doesn't match the one on the server.</p> </li><li> <p>You didn't provide a username and password when logging on to the client. Some versions of Explorer will continue to send a null username and password, even if you provide a password.</p> </li><li> <p>You have misspelled the password.</p> </li><li> <p>You have an <tt class="literal">invalid</tt> <tt class="literal">users</tt> or <tt class="literal">valid</tt> <tt class="literal">users</tt> list denying permission.</p> </li><li> <p>Your client is defaulting to encrypted passwords, but Samba is configured with the <tt class="literal">encrypt</tt> <tt class="literal">passwords</tt> <tt class="literal">=</tt> <tt class="literal">no</tt> configuration file parameter.</p> </li><li> <p>You have a mixed-case password, which the client is supplying in all one case.</p> </li> </ul> </li> <li> <p>If you get <tt class="literal">The</tt> <tt class="literal">network</tt> <tt class="literal">name</tt> <tt class="literal">is</tt> <tt class="literal">either</tt> <tt class="literal">incorrect</tt>, <tt class="literal">or</tt> <tt class="literal">a</tt> <tt class="literal">network</tt> <tt class="literal">to</tt> <tt class="literal">which</tt> <tt class="literal">you</tt> <tt class="literal">do</tt> <tt class="literal">not</tt> <tt class="literal">have</tt> <tt class="literal">full</tt> <tt class="literal">access</tt>, or <tt class="literal">Cannot</tt> <tt class="literal">locate</tt> <tt class="literal">specified</tt> <tt class="literal">computer</tt>, you might have any of the following:</p> <ul><li> <p>Misspelled name</p> </li><li> <p>Malfunctioning service</p> </li><li> <p>Failed share</p> </li><li> <p>Networking problem</p> </li><li> <p>Bad <tt class="literal">path</tt> parameter in <em class="filename">smb.conf</em></p> </li><li> <p><tt class="literal">hosts</tt> <tt class="literal">deny</tt> line that excludes you</p> </li> </ul> </li> <li> <p>If you get <tt class="literal">You</tt> <tt class="literal">must</tt> <tt class="literal">supply</tt> <tt class="literal">a</tt> <tt class="literal">password</tt> <tt class="literal">to</tt> <tt class="literal">make</tt> <tt class="literal">this</tt> <tt class="literal">connection</tt>, the password on the client is out of synchronization with the server, or this is the first time you've tried from this client system and the client hasn't cached it locally yet.</p> </li><li> <p>If you get <tt class="literal">Cannot</tt> <tt class="literal">locate</tt> <tt class="literal">specified</tt> <tt class="literal">share</tt> <tt class="literal">name</tt>, you have a wrong share name or a syntax error in specifying it, a share name longer than eight characters, or one containing spaces or in mixed case.</p> </li></ul> <p>Once you can reliably connect to the share, try again, this time using your home directory. If you have to change something to get home directories working, retest with the first share, and vice versa, as we showed in the earlier section, "Testing connections with net use." As always, if Explorer fails, drop back to that section and debug the connection there. <a name="INDEX-67"/><a name="INDEX-68"/></p> </div> </div> <div class="sect2"><a name="samba2-CHP-12-SECT-2.6"/> <h3 class="head2">Troubleshooting Browsing</h3> <p><a name="INDEX-69"/><a name="INDEX-70"/>Finally, we come to browsing. We've left this for last, not because it is the most difficult, but because it's both optional and partially dependent on a protocol that doesn't guarantee delivery of a packet. Browsing is hard to diagnose if you don't already know that all the other services are running.</p> <p>Browsing is purely optional: it's just a way to find the servers on your network and the shares that they provide. Unix has nothing of the sort and happily does without. Browsing also assumes all your systems are on a local area network (LAN) where broadcasts are allowable.</p> <p>First, the browsing mechanism identifies a system using the unreliable UDP protocol; it then makes a normal (reliable) TCP/IP connection to list the shares the system provides.</p> <div class="sect3"><a name="samba2-CHP-12-SECT-2.6.1"/> <h3 class="head3">Testing browsing with smbclient</h3> <p><a name="INDEX-71"/><a name="INDEX-72"/>We'll start with testing the reliable connection first. From the server, try listing its own shares using <em class="emphasis">smbclient</em> with a <tt class="literal">-L</tt> option and your server's name. You should get something resembling the following:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L server</b></tt> Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0 Server time is Tue Apr 28 09:57:28 2002 Timezone is UTC-4.0 Password: Domain=[EXAMPLE] OS=[Unix] Server=[Samba 2.2.5] Sharename Type Comment --------- ---- ------- cdrom Disk CD-ROM cl Printer Color Printer 1 davecb Disk Home Directories Server Comment --------- ------- SERVER Samba 2.2.5 Workgroup Master --------- ------- EXAMPLE SERVER</pre></blockquote> <ul><li> <p>If you didn't get a Sharename list, the server is not allowing you to browse any shares. This should not be the case if you've tested any of the shares with Windows Explorer or the <em class="emphasis">net use</em> command. If you haven't done the <tt class="literal">smbclient</tt> <tt class="literal">-L</tt> <tt class="literal">localhost</tt> <tt class="literal">-U%</tt> test yet (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>), do it now. An erroneous guest account can prevent the shares from being seen. Also, check the <em class="filename">smb.conf</em> file to make sure you do not have the option <tt class="literal">browsable</tt> <tt class="literal">=</tt> <tt class="literal">no</tt> anywhere in it: we suggest using a minimal <em class="filename">smb.conf</em> file (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.1">Section 12.2.5.1</a>). You need to have <tt class="literal">browsable</tt> enabled (which is the default) to see the share.</p> </li><li> <p>If you didn't get a browse list, the server is not providing information about the systems on the network. At least one system on the net must support browse lists. Make sure you have <tt class="literal">local</tt> <tt class="literal">master</tt> <tt class="literal">=</tt> <tt class="literal">yes</tt> in the <em class="filename">smb.conf</em> file if you want Samba to be the local master browser.</p> </li><li> <p>If you got a browse list but didn't get <em class="emphasis">/tmp</em>, you probably have a <em class="filename">smb.conf</em> problem. Go back to <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>.</p> </li><li> <p>If you didn't get a workgroup list with your workgroup name in it, it is possible that your workgroup is set incorrectly in the <em class="filename">smb.conf</em> file.</p> </li><li> <p>If you didn't get a workgroup list at all, ensure that <tt class="literal">workgroup</tt> <tt class="literal">=</tt> <tt class="literal">EXAMPLE</tt> is present in the <em class="filename">smb.conf</em> file.</p> </li><li> <p>If you get nothing, try once more with the options <tt class="literal">-I</tt> <em class="emphasis">ip_address</em> <tt class="literal">-n</tt> <em class="emphasis">netbios_name</em> <tt class="literal">-W</tt> <em class="emphasis">workgroup</em> <tt class="literal">-d3</tt> with the NetBIOS and workgroup name in uppercase. (The <tt class="literal">-d3</tt> option sets the log /debugging level to 3.) Then check the Samba logs for clues.</p> </li></ul> <p>If you're still getting nothing, you shouldn't have gotten this far; double back to at least <a href="ch12.html#samba2-CHP-12-SECT-2.3.1">Section 12.2.3.1</a>, or perhaps <a href="ch12.html#samba2-CHP-12-SECT-2.2.4">Section 12.2.2.4</a>. On the other hand:</p> <ul><li> <p>If you get <tt class="literal">SMBtconX</tt> <tt class="literal">failed</tt>. <tt class="literal">ERRSRV--ERRaccess</tt>, you aren't permitted access to the server. This normally means you have a <tt class="literal">hosts</tt> <tt class="literal">allow</tt> option that doesn't include the server or a <tt class="literal">hosts</tt> <tt class="literal">deny</tt> option that does.</p> </li><li> <p>If you get <tt class="literal">Bad</tt> <tt class="literal">password</tt>, you presumably have one of the following:</p> <ul><li> <p>An incorrect <tt class="literal">hosts</tt> <tt class="literal">allow</tt> or <tt class="literal">hosts</tt> <tt class="literal">deny</tt> line</p> </li><li> <p>An incorrect <tt class="literal">invalid</tt> <tt class="literal">users</tt> or <tt class="literal">valid</tt> <tt class="literal">users</tt> line</p> </li><li> <p>A lowercase password and OS/2 or Windows for Workgroups clients</p> </li><li> <p>A missing or invalid guest account</p> </li></ul> <p>Check what your guest account is (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>), change or comment out any <tt class="literal">hosts</tt> <tt class="literal">allow</tt>, <tt class="literal">hosts</tt> <tt class="literal">deny</tt>, <tt class="literal">valid</tt> <tt class="literal">users</tt>, or <tt class="literal">invalid</tt> <tt class="literal">users</tt> lines, and verify your <em class="filename">smb.conf</em> file with <tt class="literal">testparm</tt> <tt class="literal">smb.conf</tt> <em class="replaceable">your_hostname your_ip_address</em> (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>).</p> </li><li> <p>If you get <tt class="literal">Connection</tt> <tt class="literal">refused</tt>, the <em class="emphasis">smbd</em> server is not running or has crashed. Check that it's up, running, and listening to the network with <em class="emphasis">netstat</em>. See the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.4">Section 12.2.4</a>.</p> </li><li> <p>If you get <tt class="literal">Get_Hostbyname</tt>: <tt class="literal">Unknown</tt> <tt class="literal">host</tt> <tt class="literal">name</tt>, you've made a spelling error, there is a mismatch between the Unix and NetBIOS hostname, or there is a name service problem. Start name service debugging as discussed in the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.4">Section 12.2.5.4</a>. If this works, suspect a name mismatch, and go to the later section, <a href="ch12.html#samba2-CHP-12-SECT-2.9">Section 12.2.9</a>.</p> </li><li> <p>If you get <tt class="literal">Session</tt> <tt class="literal">request</tt> <tt class="literal">failed</tt>, the server refused the connection. This usually indicates an internal error, such as insufficient memory to fork a process.</p> </li><li> <p>If you get <tt class="literal">Your</tt> <tt class="literal">server</tt> <tt class="literal">software</tt> <tt class="literal">is</tt> <tt class="literal">being</tt> <tt class="literal">unfriendly</tt>, the initial session request packet received a garbage response from the server. The server might have crashed or started improperly. Go back to <a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>, where the problem is first analyzed.</p> </li><li> <p>If you suspect the server is not running, go back to <a href="ch12.html#samba2-CHP-12-SECT-2.4.2">Section 12.2.4.2</a> to see why the server daemon isn't responding.</p> </li></ul> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.6.2"/> <h3 class="head3">Testing the server with nmblookup</h3> <p><a name="INDEX-73"/><a name="INDEX-74"/>This will test the "advertising" system used for Windows name services and browsing. Advertising works by broadcasting one's presence or willingness to provide services. It is the part of browsing that uses an unreliable protocol (UDP) and works only on broadcast networks such as Ethernets. The <em class="emphasis">nmblookup</em> program broadcasts name queries for the hostname you provide and returns its IP address and the name of the system, much as <em class="emphasis">nslookup</em> does with DNS. Here, the <em class="emphasis">-d</em> (debug or log-level) and <em class="emphasis">-B</em> (broadcast address) options direct queries to specific systems.</p> <p>First, we check the server from itself. Run <em class="emphasis">nmblookup</em> with a <em class="emphasis">-B</em> option of your server's name (to tell it to send the query to the Samba server) and a parameter of <tt class="literal">_ _SAMBA_ _</tt> as the symbolic name to look up. You should get:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>nmblookup -B server _ _SAMBA_ _</b></tt> Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0 Sending queries to 192.168.236.86 192.168.236.86 _ _SAMBA_ _</pre></blockquote> <p>You should get the IP address of the server, followed by the name <tt class="literal">_ _SAMBA_ _</tt> , which means that the server has successfully advertised that it has a service called <tt class="literal">_ _SAMBA_ _</tt> , and therefore at least part of NetBIOS name service works.</p> <ul><li> <p>If you get <tt class="literal">Name_query</tt> <tt class="literal">failed</tt> <tt class="literal">to</tt> <tt class="literal">find</tt> <tt class="literal">name</tt> <tt class="literal">_ _SAMBA_ _</tt>, you might have specified the server name to the <em class="emphasis">-B</em> option, or <em class="emphasis">nmbd</em> is not running. The <em class="emphasis">-B</em> option actually takes a broadcast address: we're using a computer name to get a unicast address and to ask the server if it has claimed <tt class="literal">_ _SAMBA_ _</tt>. Try again with <tt class="literal">nmblookup</tt> <tt class="literal">-B</tt> <em class="replaceable">ip_address</em>, and if that fails too, <em class="emphasis">nmbd</em> isn't claiming the name. Go back briefly to the earlier section, "Testing daemons with testparm," to see if <em class="emphasis">nmbd</em> is running. If so, it might not be claiming names; this means that Samba is not providing the browsing service—a configuration problem. If that is the case, make sure that <em class="filename">smb.conf</em> doesn't contain the option <tt class="literal">browsing</tt> <tt class="literal">=</tt> <tt class="literal">no</tt>.</p> </li></ul> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.6.3"/> <h3 class="head3">Testing the client with nmblookup</h3> <p><a name="INDEX-75"/><a name="INDEX-76"/>Next, check the IP address of the client from the server with <em class="emphasis">nmblookup</em> using the <tt class="literal">-B</tt> option for the client's name and a parameter of '<tt class="literal">*</tt>' meaning "anything," as shown here:</p> <blockquote><pre class="code">$ <b class="emphasis-bold">nmblookup -B client '*</b>' Sending queries to 192.168.236.10 192.168.236.10 * Got a positive name query response from 192.168.236.10 (192.168.236.10)</pre></blockquote> <p>You might get the following error:</p> <ul><li> <p>If you receive <tt class="literal">Name-query</tt> <tt class="literal">failed</tt> <tt class="literal">to</tt> <tt class="literal">find</tt> <tt class="literal">name</tt> <tt class="literal">*</tt>, you have made a spelling mistake, or the client software on the PC isn't installed, started, or bound to TCP/IP. Double back to <a href="ch03.html">Chapter 3</a> and ensure that you have a client installed that is listening to the network.</p> </li></ul> <p>Repeat the command with the following options if you had any failures:</p> <ul><li> <p>If <tt class="literal">nmblookup</tt> <tt class="literal">-B</tt> <em class="replaceable">client_IP_address</em> succeeds but <tt class="literal">nmblookup</tt> <tt class="literal">-B</tt> <em class="replaceable">client_name</em> fails, there is a name service problem with the client's name; go to <a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>, later in this chapter.</p> </li><li> <p>If <tt class="literal">nmblookup</tt> <tt class="literal">-B</tt> <tt class="literal">127.0.0.1</tt> '<tt class="literal">*</tt>' succeeds, but <tt class="literal">nmblookup</tt> <tt class="literal">-B</tt> <em class="replaceable">client_IP_address</em> fails, there is a hardware problem, and <em class="emphasis">ping</em> should have failed. See your network manager.</p> </li></ul> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.6.4"/> <h3 class="head3">Testing the network with nmblookup</h3> <p><a name="INDEX-77"/><a name="INDEX-78"/>Run the command <em class="emphasis">nmblookup</em> again with a <em class="emphasis">-d2</em> option (for a debug level of 2) and a parameter of '<tt class="literal">*</tt>'. This time we are testing the ability of programs (such as <em class="emphasis">nmbd</em> ) to use broadcast. It's essentially a connectivity test, done via a broadcast to the default broadcast address.</p> <p>A number of NetBIOS over TCP/IP hosts on the network should respond with <tt class="literal">got</tt> <tt class="literal">a</tt> <tt class="literal">positive</tt> <tt class="literal">name</tt> <tt class="literal">query</tt> <tt class="literal">response</tt> messages. Samba might not catch all the responses in the short time it listens, so you won't always see all the SMB clients on the network. However, you should see most of them:</p> <blockquote><pre class="code">$ <b class="emphasis-bold">nmblookup -d 2 '*</b>' Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0 Sending queries to 192.168.236.255 Got a positive name query response from 192.168.236.191 (192.168.236.191) Got a positive name query response from 192.168.236.228 (192.168.236.228) Got a positive name query response from 192.168.236.75 (192.168.236.75) Got a positive name query response from 192.168.236.79 (192.168.236.79) Got a positive name query response from 192.168.236.206 (192.168.236.206) Got a positive name query response from 192.168.236.207 (192.168.236.207) Got a positive name query response from 192.168.236.217 (192.168.236.217) Got a positive name query response from 192.168.236.72 (192.168.236.72) 192.168.236.86 *</pre></blockquote> <p>However:</p> <ul><li> <p>If this doesn't give at least the client address you previously tested, the default broadcast address is wrong. Try <tt class="literal">nmblookup</tt> <tt class="literal">-B</tt> <tt class="literal">255.255.255.255</tt> <tt class="literal">-d</tt> <tt class="literal">2</tt> '<tt class="literal">*</tt>', which is a last-ditch variant (using a broadcast address of all 1s). If this draws responses, the broadcast address you've been using before is wrong. Troubleshooting these is discussed in <a href="ch12.html#samba2-CHP-12-SECT-2.8.2">Section 12.2.8.2</a>, later in this chapter.</p> </li><li> <p>If the address 255.255.255.255 fails too, check your notes to see if your PC and server are on different subnets, as discovered in the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.2.4">Section 12.2.2.4</a>. You should try to diagnose this step with a server and client on the same subnet, but if you can't, you can try specifying the remote subnet's broadcast address with <em class="emphasis">-B</em>. Finding that address is discussed in <a href="ch12.html#samba2-CHP-12-SECT-2.8.2">Section 12.2.8.2</a>, later in this chapter. The <em class="emphasis">-B</em> option will work if your router supports directed broadcasts; if it doesn't, you might be forced to test with a client on the same network.</p> </li></ul> <p>As usual, you can check the Samba log files for additional clues.</p> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.6.5"/> <h3 class="head3">Testing client browsing with net view</h3> <p><a name="INDEX-79"/><a name="INDEX-80"/>On the client, run the command <em class="replaceable">net view \\server</em> in an MS-DOS (command prompt) window to see if you can connect to the client and ask what shares it provides. You should get back a list of available shares on the server.</p> <p>If this works, continue with the later section <a href="ch12.html#samba2-CHP-12-SECT-3.1">Section 12.3.1</a>. Otherwise:</p> <ul><li> <p>If you get <tt class="literal">Network</tt> <tt class="literal">name</tt> <tt class="literal">not</tt> <tt class="literal">found</tt> for the name you just tested in the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.6.3">Section 12.2.6.3</a>, there is a problem with the client software itself. Double-check this by running <em class="emphasis">nmblookup</em> on the client; if it works and <em class="emphasis">net view</em> doesn't, the client is at fault.</p> </li><li> <p>If <em class="emphasis">nmblookup</em> fails, there is a NetBIOS name service problem, as discussed in the later section, <a href="ch12.html#samba2-CHP-12-SECT-2.9">Section 12.2.9</a>.</p> </li><li> <p>If you get <tt class="literal">You</tt> <tt class="literal">do</tt> <tt class="literal">not</tt> <tt class="literal">have</tt> <tt class="literal">the</tt> <tt class="literal">necessary</tt> <tt class="literal">access</tt> <tt class="literal">rights</tt>, or <tt class="literal">This</tt> <tt class="literal">server</tt> <tt class="literal">is</tt> <tt class="literal">not</tt> <tt class="literal">configured</tt> <tt class="literal">to</tt> <tt class="literal">list</tt> <tt class="literal">shared</tt> <tt class="literal">resources</tt>, either your guest account is misconfigured (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>) or you have a <tt class="literal">hosts</tt> <tt class="literal">allow</tt> or <tt class="literal">hosts</tt> <tt class="literal">deny</tt> line that prohibits connections from your system. These problems should have been detected by the <em class="emphasis">smbclient</em> tests starting in the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.6.1">Section 12.2.6.1</a>.</p> </li><li> <p>If you get <tt class="literal">The</tt> <tt class="literal">specified</tt> <tt class="literal">computer</tt> <tt class="literal">is</tt> <tt class="literal">not</tt> <tt class="literal">receiving</tt> <tt class="literal">requests</tt>, you have misspelled the name, the system is unreachable by broadcast (tested in the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.6.4">Section 12.2.6.4</a>), or it's not running <em class="emphasis">nmbd</em>.</p> </li><li> <p>If you get <tt class="literal">Bad</tt> <tt class="literal">password</tt> <tt class="literal">error</tt>, you're probably encountering the Microsoft-encrypted password problem, as discussed earlier in this chapter and in <a href="ch09.html">Chapter 9</a>, with its corrections.</p> </li></ul> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.6.6"/> <h3 class="head3">Browsing the server from the client</h3> <p><a name="INDEX-81"/><a name="INDEX-82"/>From the Windows Network Neighborhood (or My Network Places in newer releases), try to browse the server. Your Samba server should appear in the browse list of your local workgroup. You should be able to double-click the name of the server to get a list of shares.</p> <ul><li> <p>If you get an <tt class="literal">Invalid</tt> <tt class="literal">password</tt> error, it's most likely the encryption problem again.</p> </li><li> <p>If you receive an <tt class="literal">Unable</tt> <tt class="literal">to</tt> <tt class="literal">browse</tt> <tt class="literal">the</tt> <tt class="literal">network</tt> error, one of the following has occurred:</p> <ul><li> <p>You have looked too soon, before the broadcasts and updates have completed. Wait 30 seconds and try again.</p> </li><li> <p>There is a network problem you've not yet diagnosed.</p> </li><li> <p>There is no browse master. Add the configuration option <tt class="literal">local</tt> <tt class="literal">master</tt> <tt class="literal">=</tt> <tt class="literal">yes</tt> to your <em class="emphasis">smb.conf</em> file.</p> </li><li> <p>No shares are made browsable in the <em class="emphasis">smb.conf</em> file.</p> </li></ul> </li> <li> <p>If you receive the message <tt class="literal">\\server</tt> <tt class="literal">is</tt> <tt class="literal">not</tt> <tt class="literal">accessible</tt> then:</p> <ul><li> <p>You have the encrypted password problem.</p> </li><li> <p>The system really isn't accessible.</p> </li><li> <p>The system doesn't support browsing.</p> </li></ul> </li> </ul> <p>If you've made it this far and the problem is not yet solved, either the problem is one we've not yet seen, or it is a problem related to a topic we have already covered, and further analysis is required. Name resolution is often related to difficulties with Samba, so we cover it in more detail in the next sections. If you know your problem is not related to name resolution, skip to the <a href="ch12.html#samba2-CHP-12-SECT-3">Section 12.3</a> at the end of the chapter. <a name="INDEX-83"/><a name="INDEX-84"/></p> </div> </div> <div class="sect2"><a name="samba2-CHP-12-SECT-2.7"/> <h3 class="head2">Troubleshooting Name Services</h3> <p><a name="INDEX-85"/><a name="INDEX-86"/>This section looks at simple troubleshooting of all the name services you'll encounter, but only for the common problems that affect Samba.</p> <p>There are several good references for troubleshooting particular name services: Paul <a name="INDEX-87"/>Albitz and Cricket <a name="INDEX-88"/>Liu's <em class="emphasis">DNS and Bind</em> (O'Reilly) covers the DNS, Hal <a name="INDEX-89"/>Stern's <em class="emphasis">NFS and NIS</em> (O'Reilly) covers NIS ("Yellow pages"), while Windows Internet Name Service (WINS), <em class="filename">hosts/LMHOSTS</em> files, and NIS+ are best covered by their respective vendors' manuals.</p> <p>The problems addressed in this section are as follows:</p> <ul><li> <p>Name services are identified.</p> </li><li> <p>A hostname can't be looked up.</p> </li><li> <p>The long (FQDN) form of a hostname works but the short form doesn't.</p> </li><li> <p>The short form of the name works, but the long form doesn't.</p> </li><li> <p>A long delay occurs before the expected result.</p> </li></ul> <div class="sect3"><a name="samba2-CHP-12-SECT-2.7.1"/> <h3 class="head3">Identifying what's in use</h3> <p><a name="INDEX-90"/>First, see if both the server and the client are using DNS, WINS, NIS, or <em class="filename">hosts</em> files to look up IP addresses when you give them a name. Each kind of system has a different preference:</p> <ul><li> <p>Windows 95/98/Me tries WINS and the <em class="filename">LMHOSTS</em> file first, then broadcast, and finally DNS and <em class="filename">HOSTS</em> files.</p> </li><li> <p>Windows NT/2000/XP tries WINS, then broadcast, then the <em class="filename">LMHOSTS</em> file, and finally <em class="filename">HOSTS</em> and DNS.</p> </li><li> <p>Windows programs using the WINSOCK standard use the HOSTS file, DNS, WINS, and then broadcast. Don't assume that if a different program's name service works, the SMB client program's name service will!</p> </li><li> <p>Samba daemons use <em class="filename">lmhosts</em>, WINS, the Unix system's name resolution, and then broadcast.</p> </li><li> <p>Unix systems can be configured to use any combination of DNS, <em class="filename">HOSTS</em> files, NIS or NIS+, and winbind, generally in any order.</p> </li></ul> <p>We recommend that the client systems be configured to use WINS and DNS, the Samba daemons to use WINS and DNS, and the Unix server to use DNS, <em class="filename">hosts</em> files, and perhaps NIS+. You'll have to look at your notes and the actual systems to see which is in use.</p> <p>On the clients, the name services are all set in the TCP/IP Properties panel of the Networking Control Panel, as discussed in <a href="ch03.html">Chapter 3</a>. You might need to check there to see what you've actually turned on. On the server, see if a <em class="filename">/etc/resolv.conf</em> file exists. If it does, you're using DNS. You might be using the others as well, though. You'll need to check for NIS and combinations of services.</p> <p>Check for a <em class="filename">/etc/nsswitch.conf</em> file on Solaris and other System V Unix operating systems. If you have one, look for a line that begins with <tt class="literal">host</tt>: followed by one or more of <tt class="literal">files</tt>, <tt class="literal">bind</tt>, <tt class="literal">nis</tt>, or <tt class="literal">nis+</tt>. These are the name services to use, in order, with optional extra material in square brackets. The <tt class="literal">files</tt> keyword is for using <em class="emphasis">HOSTS</em> files, while <tt class="literal">bind</tt> (the Berkeley Internet Name Daemon) refers to using DNS.</p> <p>If the client and server differ, the first thing to do is to get them in sync. Clients can use DNS, WINS, <em class="emphasis">HOSTS</em>, and <em class="emphasis">LMHOSTS</em> files, but not NIS or NIS+. Servers can use <em class="emphasis">HOSTS</em> and <em class="filename">LMHOSTS</em> files, DNS, NIS or NIS+, and winbind, but not WINS—even if your Samba server provides WINS services. If you can't get all the systems to use the same services, you'll have to check the server and the client carefully for the same data.</p> <p>You can also make use of the <em class="emphasis">-R</em> (resolve order) option for <em class="emphasis">smbclient</em>. If you want to troubleshoot WINS, for example, you'd say:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L </b></tt><em class="replaceable">server</em> <tt class="userinput"><b>-R wins</b></tt></pre></blockquote> <p>The possible settings are <tt class="literal">hosts</tt> (which means whatever the Unix system is using, not just<em class="filename"> /etc/hosts</em> files), <tt class="literal">lmhosts</tt>, <tt class="literal">wins</tt>, and <tt class="literal">bcast</tt> (broadcast).</p> <p>In the following sections, we use the term <em class="emphasis">long name</em> for a fully qualified domain name (FQDN), such as <tt class="literal">server.example.com</tt> , and the term <em class="emphasis">short name</em> for the host part of an FQDN, such as <tt class="literal">server</tt>.</p> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.7.2"/> <h3 class="head3">Cannot look up hostnames</h3> <p><a name="INDEX-91"/>Try the following:</p> <dl> <dt><b>DNS</b></dt> <dd> <p>Run <tt class="literal">nslookup</tt> <em class="replaceable">name</em>. If this fails, look for a <em class="filename">resolv.conf</em> error, a downed DNS server, or a short/long name problem (see the next section). Try the following:</p> <ul><li> <p>Your <em class="filename">/etc/resolv.conf</em> file should contain one or more <tt class="literal">nameserver</tt> lines, each with an IP address. These are the addresses of your DNS servers.</p> </li><li> <p>Ping each server address you find. If this fails for one, suspect the system. If it fails for each, suspect your network.</p> </li><li> <p>Retry the lookup using the full domain name (e.g., <tt class="literal">server.example.com</tt>) if you tried the short name first, or the short name if you tried the long name first. If results differ, skip to the next section.</p> </li></ul> </dd> <dt><b>Broadcast/ WINS</b></dt> <dd> <p>Broadcast/ WINS does only short names such as <tt class="literal">server</tt>, and not long ones, such as <tt class="literal">server.example.com</tt>. Run <tt class="literal">nmblookup</tt> <tt class="literal">-S</tt> <em class="replaceable">server</em>. This reports everything broadcast has registered for the name. In our example, it looks like this:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>nmblookup -S server</b></tt> Looking up status of 192.168.236.86 received 10 names SERVER <00> - M <ACTIVE> SERVER <03> - M <ACTIVE> SERVER <1f> - M <ACTIVE> SERVER <20> - M <ACTIVE> ..__MSBROWSE__. <01> - <GROUP> M <ACTIVE> MYGROUP <00> - <GROUP> M <ACTIVE> MYGROUP <1b> - M <ACTIVE> MYGROUP <1c> - <GROUP> M <ACTIVE> MYGROUP <1d> - M <ACTIVE> MYGROUP <1e> - <GROUP> M <ACTIVE></pre></blockquote> <p>The required entry is <tt class="literal">SERVER</tt> <tt class="literal"><00></tt>, which identifies <em class="replaceable">server</em> as being this system's NetBIOS name. You should also see your workgroup mentioned one or more times. If these lines are missing, Broadcast/WINS cannot look up names and will need attention.</p> <a name="samba2-CHP-12-NOTE-160"/><blockquote class="note"><h4 class="objtitle">TIP</h4> <p>The numbers in angle brackets in the previous output identify NetBIOS names as being workgroups, workstations, and file users of the messenger service, master browsers, domain master browsers, domain controllers, and a plethora of others. We primarily use <tt class="literal"><00></tt> to identify system and workgroup names and <tt class="literal"><20></tt> to identify systems as servers. The complete list is available at <a href="http://support.microsoft.com/support/kb/articles/q163/4/09.asp">http://support.microsoft.com/support/kb/articles/q163/4/09.asp</a>.</p> </blockquote> </dd> <dt><b>NIS</b></dt> <dd> <p>Try <tt class="literal">ypmatch</tt> <tt class="literal">name</tt> <tt class="literal">hosts</tt>. If this fails, NIS is down. Find out the NIS server's name by running <em class="emphasis">ypwhich</em>, and ping the system to see if it's accessible.</p> </dd> <dt><b>NIS+</b></dt> <dd> <p>If you're running NIS+, try <tt class="literal">nismatch</tt> <tt class="literal">name</tt> <tt class="literal">hosts</tt>. If this fails, NIS is down. Find out the NIS+ server's name by running <em class="emphasis">niswhich</em>, and ping that system to see if it's accessible.</p> </dd> <dt><b>hosts and HOSTS files</b></dt> <dd> <p>Inspect the <em class="filename">HOSTS</em> file on the client (<em class="filename">C:\Windows\ Hosts</em> on Windows 95/98/Me, and <em class="filename">C:\WINNT \system32\drivers\etc\hosts</em> on Windows NT/2000/XP). Each line should have an IP number and one or more names, the primary name first, then any optional aliases. An example follows:</p> <blockquote><pre class="code">127.0.0.1 localhost 192.168.236.1 dns.svc.example.com 192.168.236.10 client.example.com client 192.168.236.11 backup.example.com loghost 192.168.236.86 server.example.com server 192.168.236.254 router.svc.example.com</pre></blockquote> <p>On Unix, <tt class="literal">localhost</tt> should always be 127.0.0.1, although it might be just an alias for a hostname on the PC. On the client, check that there are no <tt class="literal">#XXX</tt> directives at the ends of the lines; these are LAN Manager/NetBIOS directives and should appear only in <em class="emphasis">LMHOSTS</em> files.</p> </dd> <dt><b>LMHOSTS files</b></dt> <dd> <p>This file is a local source for LAN Manager (NetBIOS) names. It has a format similar to <em class="filename">hosts</em> files, but it does not support long-form domain names (e.g., <tt class="literal">server.example.com</tt>) and can have a number of optional <tt class="literal">#XXX</tt> directives following the NetBIOS names. There is usually an <em class="emphasis">lmhosts.sam</em> (for sample) file located in <em class="filename">C:\Windows</em> on Windows 95/98/Me, and in <em class="filename">C:\WINNT\system32\drivers\etc</em> on Windows NT/2000/XP, but it's not used unless it is renamed to <em class="emphasis">Lmhosts</em> in the same directory.</p> </dd> </dl> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.7.3"/> <h3 class="head3">Long and short hostnames</h3> <p><a name="INDEX-92"/>Where the long (FQDN) form of a hostname works but the short name doesn't (for example, <tt class="literal">client.example.com</tt> works but <tt class="literal">client</tt> doesn't), consider the following:</p> <dl> <dt><b>DNS </b></dt> <dd> <p>This usually indicates that there is no default domain in which to look up the short names. Look for a <tt class="literal">default</tt> line in <em class="filename">/etc/resolv.conf</em> on the Samba server with your domain in it, or look for a <tt class="literal">search</tt> line with one or more domains in it. One or the other might need to be present to make short names usable; which one depends on the vendor and version of the DNS resolver. Try adding <tt class="literal">domain</tt> <em class="replaceable">your_domain</em> to <em class="filename">resolv.conf</em>, and ask your network or DNS administrator what should be in the file.</p> </dd> <dt><b>Broadcast/WINS </b></dt> <dd> <p>Broadcast/WINS doesn't support long names; it won't suffer from this problem.</p> </dd> <dt><b>NIS </b></dt> <dd> <p>Try the command <tt class="literal">ypmatch</tt> <em class="replaceable">hostname</em> <tt class="literal">hosts</tt>. If you don't get a match, your tables don't include short names. Speak to your network manager; short names might be missing by accident or might be unsupported as a matter of policy. Some sites don't ever use (ambiguous) short names.</p> </dd> <dt><b>NIS+</b></dt> <dd> <p>Try <tt class="literal">nismatch</tt> <em class="replaceable">hostname</em> <tt class="literal">hosts</tt>, and treat failure exactly as with NIS.</p> </dd> <dt><b>hosts </b></dt> <dd> <p>If the short name is not in <em class="filename">/etc/hosts</em>, consider adding it as an alias. Avoid, if you can, short names as primary names (the first one on a line). Have them as aliases if your system permits.</p> </dd> <dt><b>LMHOSTS </b></dt> <dd> <p>LAN Manager doesn't support long names, so it won't suffer from this problem.</p> </dd> </dl> <p>On the other hand, if the short form of the name works and the long form doesn't, consider the following:</p> <dl> <dt><b>DNS </b></dt> <dd> <p>This is bizarre; see your network or DNS administrator, as this is probably a DNS setup error.</p> </dd> <dt><b>Broadcast/WINS </b></dt> <dd> <p>This is normal; Broadcast/WINS can't use the long form. Optionally, consider DNS. (Be aware that Microsoft has stated that it will eventually switch entirely to DNS, even though DNS does not provide name types such as <00>.)</p> </dd> <dt><b>NIS</b></dt> <dd> <p>If you can use <em class="emphasis">ypmatch</em> to look up the short form but not the long, consider adding the long form to the table as at least an alias.</p> </dd> <dt><b>NIS+ </b></dt> <dd> <p>Same as NIS, except you use <em class="emphasis">nismatch</em> instead of <em class="emphasis">ypmatch</em> to look up names.</p> </dd> <dt><b>hosts and HOSTS</b></dt> <dd> <p>Add the long name as at least an alias, and preferably as the primary form. Also consider using DNS if it's practical.</p> </dd> <dt><b>LMHOSTS </b></dt> <dd> <p>This is normal. LAN Manager can't use the long form; consider switching to DNS or <em class="filename">hosts</em>.</p> </dd> </dl> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.7.4"/> <h3 class="head3">Unusual delays</h3> <p><a name="INDEX-93"/>When there is a long delay before the expected result:</p> <dl> <dt><b>DNS </b></dt> <dd> <p>Test the same name with the <em class="emphasis">nslookup</em> command on the system that is slow (client or server). If <em class="emphasis">nslookup</em> is also slow, you have a DNS problem. If it's slower on a client, you might have too many protocols bound to the Ethernet card. Eliminate NetBEUI, which is infamously slow, and, optionally, Novell—assuming you don't need them. This is especially important on Windows 95, which is particularly sensitive to excess protocols.</p> </dd> <dt><b>Broadcast/ WINS</b></dt> <dd> <p>Test the client using <em class="emphasis">nmblookup</em>; if it's faster, you probably have the protocols problem as mentioned in the previous item.</p> </dd> <dt><b>NIS</b></dt> <dd> <p>Try <em class="emphasis">ypmatch</em>; if it's slow, report the problem to your network manager.</p> </dd> <dt><b>NIS+ </b></dt> <dd> <p>Try <em class="emphasis">nismatch</em>, similarly.</p> </dd> <dt><b>hosts and HOSTS</b></dt> <dd> <p>The <em class="emphasis">hosts</em> files, if of reasonable size, are always fast. You probably have the protocols problem mentioned previously under DNS.</p> </dd> <dt><b>lmhosts and LMHOSTS</b></dt> <dd> <p>This is not a name lookup problem; <em class="emphasis">LMHOSTS</em> files are as fast as <em class="emphasis">hosts</em> and <em class="filename">HOSTS</em> files.</p> </dd> </dl> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.7.5"/> <h3 class="head3">Localhost issues</h3> <p><a name="INDEX-94"/>When a localhost isn't 127.0.0.1, try the following:</p> <dl> <dt><b>DNS</b></dt> <dd> <p>There is probably no record for <tt class="literal">localhost</tt>. <tt class="literal">A</tt> <tt class="literal">127.0.0.1</tt>. Arrange to add one, as well as a reverse entry, <tt class="literal">1.0.0.127.IN-ADDR.ARPA</tt> <tt class="literal">PTR</tt> <tt class="literal">127.0.0.1</tt>.</p> </dd> <dt><b>Broadcast/WINS</b></dt> <dd> <p>Not applicable.</p> </dd> <dt><b>NIS</b></dt> <dd> <p>If <tt class="literal">localhost</tt> isn't in the table, add it.</p> </dd> <dt><b>NIS+ </b></dt> <dd> <p>If <tt class="literal">localhost</tt> isn't in the table, add it.</p> </dd> <dt><b>hosts and HOSTS</b></dt> <dd> <p>Add a line that says <tt class="literal">127.0.0.1</tt> <tt class="literal">localhost</tt>.</p> </dd> <dt><b>LMHOSTS</b></dt> <dd> <p>Not applicable. <a name="INDEX-95"/><a name="INDEX-96"/></p> </dd> </dl> </div> </div> <div class="sect2"><a name="samba2-CHP-12-SECT-2.8"/> <h3 class="head2">Troubleshooting Network Addresses</h3> <p><a name="INDEX-97"/><a name="INDEX-98"/>A number of common problems are caused by incorrect routing of Internet addresses or by the incorrect assignment of addresses. This section helps you determine what your addresses are.</p> <div class="sect3"><a name="samba2-CHP-12-SECT-2.8.1"/> <h3 class="head3">Netmasks</h3> <p>Using the <a name="INDEX-99"/>netmask, it is possible to determine which addresses can be reached directly (i.e., which are on the local network) and which addresses require forwarding packets through a router. If the netmask is wrong, the systems will make one of two mistakes. One is to route local packets via a router, which is an expensive waste of time—it might work reasonably fast, it might run slowly, or it might fail utterly. The second mistake is to fail to send packets from a remote system to the router, which will prevent them from being forwarded to the remote system.</p> <p>The netmask is a number like an IP address, with one-bits for the network part of an address and zero-bits for the host portion. It is used as a bitmask to mask off parts of the address inside the TCP/IP code. If the mask is 255.255.0.0, the first 2 bytes are the network part and the last 2 are the host part. More common is 255.255.255.0, in which the first 3 bytes are the network part and the last one is the host part.</p> <p>For example, let's say your IP address is 192.168.0.10 and the Samba server is 192.168.236.86. If your netmask happens to be 255.255.255.0, the network part of the address is the first 3 bytes, and the host part is the last byte. In this case, the network parts are different, and the systems are on different networks:</p> <a name="ch12-37-fm2xml"/><table border="1"> <tr> <th> <p>Network part</p> </th> <th> <p>Host part</p> </th> </tr> <tr> <td> <p>192 168 000</p> </td> <td> <p>10</p> </td> </tr> <tr> <td> <p>192 168 235</p> </td> <td> <p>86</p> </td> </tr> </table> <p>If your netmask happens to be 255.255.0.0, the network part is just the first 2 bytes. In this case, the network parts match, and so the two systems are on the same network:</p> <a name="ch12-38-fm2xml"/><table border="1"> <tr> <th> <p>Network part</p> </th> <th> <p>Host part</p> </th> </tr> <tr> <td> <p>192 168</p> </td> <td> <p>000 10</p> </td> </tr> <tr> <td> <p>192 168</p> </td> <td> <p>236 86</p> </td> </tr> </table> <p>Make sure the netmask in use on each system matches the structure of your network. On every subnet, the netmask should be identical on each system.</p> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.8.2"/> <h3 class="head3">Broadcast addresses</h3> <p>The <a name="INDEX-100"/>broadcast address is a normal address, with the hosts part all one-bits. It means "all hosts on your network." You can compute it easily from your netmask and address: take the address and put one-bits in it for all the bits that are zero at the end of the netmask (the host part). The following table illustrates this:</p> <a name="ch12-39-fm2xml"/><table border="1"> <tr> <th> </th> <th> <p>Network part</p> </th> <th> <p>Host part</p> </th> </tr> <tr> <td> <p>IP address</p> </td> <td> <p>192 168 236</p> </td> <td> <p>86</p> </td> </tr> <tr> <td> <p>Netmask</p> </td> <td> <p>255 255 255</p> </td> <td> <p>000</p> </td> </tr> <tr> <td> <p>Broadcast</p> </td> <td> <p>192 168 236</p> </td> <td> <p>255</p> </td> </tr> </table> <p>In this example, the broadcast address on the 192.168.236 network is 192.168.236.255. There is also an old "universal" broadcast address, 255.255.255.255. Routers are prohibited from forwarding these, but most systems on your local network will respond to broadcasts to this address.</p> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.8.3"/> <h3 class="head3">Network address ranges</h3> <p>A <a name="INDEX-101"/>number of address ranges have been reserved for testing and for nonconnected networks; we use these for the examples in this book. If you don't have an address yet, feel free to use one of these to start. They include one class A network, 10.*.*.*, a range of class B network addresses, 172.16.*.* through 172.31.*.*, and 254 class C networks, 192.168.1.* through 192.168.254.*. The domain <tt class="literal">example.com</tt> is also reserved for unconnected networks, explanatory examples, and books.</p> <p>If you're actually connecting to the Internet, you'll need to get an appropriate IP address and a domain name, probably through the same company that provides your connection.</p> </div> <div class="sect3"><a name="samba2-CHP-12-SECT-2.8.4"/> <h3 class="head3">Finding your network address</h3> <p><a name="INDEX-102"/>If you haven't recorded your IP address, you can learn it through the <em class="emphasis">ifconfig</em><a name="INDEX-103"/> command on Unix or the <em class="emphasis">ipconfig</em> <a name="INDEX-104"/>command on Windows. (Check your manual pages for any options required by your brand of Unix. For example, <tt class="literal">ifconfig</tt> <tt class="literal">-a</tt> works on Solaris.) You should see output similar to the following:</p> <blockquote><pre class="code">$ <tt class="userinput"><b>ifconfig -a</b></tt> le0: flags=63<UP,BROADCAST,NOTRAILERS,RUNNING > inet 192.168.236.11 netmask ffffff00 broadcast 192.168.236.255 lo0: flags=49<&lt>UP,LOOPBACK,RUNNING<&gt> inet 127.0.0.1 netmask ff000000</pre></blockquote> <p>One of the interfaces will be loopback (in our examples, <tt class="literal">lo0</tt>), and the other will be the regular IP interface. The flags should show that the interface is running, and Ethernet interfaces will also say they support broadcasts (PPP interfaces don't). The other places to look for IP addresses are <em class="filename">/etc/hosts</em> files, Windows <em class="emphasis">HOSTS</em> files, Windows <em class="emphasis">LMHOSTS</em> files, NIS, NIS+, and DNS. <a name="INDEX-105"/><a name="INDEX-106"/></p> </div> </div> <div class="sect2"><a name="samba2-CHP-12-SECT-2.9"/> <h3 class="head2">Troubleshooting NetBIOS Names</h3> <p><a name="INDEX-107"/><a name="INDEX-108"/>Historically, SMB protocols have depended on the NetBIOS name system, also called the LAN Manager name system. This was a simple scheme where each system had a unique 20-character name and broadcast it on the LAN for everyone to know. With TCP/IP, we tend to use names such as <tt class="literal">client.example.com</tt>, stored in <em class="filename">/etc/hosts</em> files through DNS or WINS.</p> <p>The usual mapping of domain names such as <tt class="literal">server.example.com</tt> to NetBIOS names simply uses the <tt class="literal">server</tt> part as the NetBIOS name and converts it to uppercase. Alas, this doesn't always work, especially if you have a system with a 21-character name; not everyone uses the same NetBIOS and DNS names. For example, <tt class="literal">corpvm1</tt> along with <tt class="literal">vm1.corp.com</tt> is not unusual.</p> <p>A system with a different NetBIOS name and domain name is confusing when you're troubleshooting; we recommend that you try to avoid this wherever possible. NetBIOS names are discoverable with <em class="emphasis">smbclient</em> :</p> <ul><li> <p>If you can list shares on your Samba server with <tt class="literal">smbclient</tt> <tt class="literal">-L</tt> <tt class="literal">short_name</tt>, the short name is the NetBIOS name.</p> </li><li> <p>If you get <tt class="literal">Get_Hostbyname</tt>: <tt class="literal">Unknown</tt> <tt class="literal">host</tt> <tt class="literal">name</tt>, there is probably a mismatch. Check in the <em class="filename">smb.conf</em> file to see if the NetBIOS name is explicitly set.</p> </li><li> <p>Try to list shares again, specifying <tt class="literal">-I</tt> and the IP address of the Samba server (e.g., <tt class="literal">smbclient</tt> <tt class="literal">-L</tt> <tt class="literal">server</tt> <tt class="literal">-I</tt> <tt class="literal">192.168.236.86</tt>). This overrides the name lookup and forces the packets to go to the IP address. If this works, there was a mismatch.</p> </li><li> <p>Try with <tt class="literal">-I</tt> and the full domain name of the server (e.g., <tt class="literal">smbclient</tt> <tt class="literal">-L</tt> <tt class="literal">server</tt> <tt class="literal">-I</tt> <tt class="literal">server.example.com</tt>). This tests the lookup of the domain name, using whatever scheme the Samba server uses (e.g., DNS). If it fails, you have a name service problem. You should reread the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>, after you finish troubleshooting the NetBIOS names.</p> </li><li> <p>Try with the <tt class="literal">-n</tt> (NetBIOS name) option, giving it the name you expect to work (e.g., <tt class="literal">smbclient</tt> <tt class="literal">-n</tt> <tt class="literal">server</tt> <tt class="literal">-L</tt> <tt class="literal">server-12</tt>), but without overriding the IP address through <tt class="literal">-I</tt>. If this works, the name you specified with <tt class="literal">-n</tt> is the actual NetBIOS name of the server. If you receive <tt class="literal">Get-Hostbyname</tt>: <tt class="literal">Unknown</tt> <tt class="literal">host</tt> <tt class="literal">SERVER</tt>, it's not the right server yet.</p> </li><li> <p>If nothing is working so far, repeat the tests specifying <tt class="literal">-U</tt> <em class="emphasis">username</em> and <tt class="literal">-W</tt> <em class="emphasis">workgroup</em>, with the username and workgroup in uppercase, to make sure you're not being derailed by a user or workgroup mismatch.</p> </li><li> <p>If still nothing works and you had evidence of a name service problem, troubleshoot the name service (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>) and then return to the NetBIOS name service. <a name="INDEX-109"/><a name="INDEX-110"/></p> </li></ul> </div> </div> <div class="sect1"><a name="samba2-CHP-12-SECT-3"/> <h2 class="head1">Extra Resources</h2> <p>At some point during your work with Samba, you'll want to turn to online or printed resources for news, updates, and aid.</p> <div class="sect2"><a name="samba2-CHP-12-SECT-3.1"/> <h3 class="head2">Documentation and FAQs</h3> <p>It's OK to read the <a name="INDEX-111"/><a name="INDEX-112"/>documentation. Really. Nobody can see you, and we won't tell. In fact, Samba ships with a large set of documentation files, and it is well worth the effort to at least browse through them, either in the distribution directory on your computer under <em class="filename">/docs</em> or online at the Samba web site: <a href="http://www.samba.org">http://www.samba.org</a>. The most current FAQ list, bug information, and distribution locations are located at the web site, with links to all the Samba manual pages and HOWTOs.</p> </div> <div class="sect2"><a name="samba2-CHP-12-SECT-3.2"/> <h3 class="head2">Samba Newsgroups</h3> <p><a name="INDEX-113"/>Usenet newsgroups have always been a great place to get advice on just about any topic. In the past few years, though, this vast pool of knowledge has developed something that has made it into an invaluable resource: a memory. Archival and search sites such as the one at <a name="INDEX-114"/>Google (<a href="http://groups.google.com/advanced_group_search">http://groups.google.com/advanced_group_search</a>) have made sifting through years of valuable solutions as simple as a few mouse clicks.</p> <p>The primary newsgroup for Samba is <em class="emphasis">comp.protocols.smb</em><a name="INDEX-115"/>. This should always be your first stop when there's a problem. More often than not, spending 5 minutes researching an error here will save hours of frustration while trying to debug something yourself.</p> <p>When searching a newsgroup, try to be as specific as possible, but not too wordy. Searching on actual error messages is best. If you don't find an answer immediately in the newsgroup, resist the temptation to post a request for help until you've done a bit more work on the problem. You might find that the answer is in a FAQ or one of the many documentation files that ship with Samba, or a solution might become evident when you run one of Samba's diagnostic tools. If nothing works, post a request in <em class="emphasis">comp.protocols.smb</em>, and be as specific as possible about what you have tried and what you are seeing. Include any error messages that appear. It might be days before you receive help, so be patient and keep trying things while you wait.</p> <a name="samba2-CHP-12-NOTE-161"/><blockquote class="note"><h4 class="objtitle">TIP</h4> <p>Once you post a request for help, keep poking at the problem yourself. Most of us have had the experience of posting a Usenet article containing hundreds of lines of intricate detail, only to solve the problem an hour later after the article has blazed its way across several continents. The rule of thumb goes something like this: the more folks who have read your request, the simpler the solution. Usually this means that once everyone in the Unix community has seen your article, the solution will be something simple such as, "Plug the power cord into the wall socket."</p> </blockquote> </div> <div class="sect2"><a name="samba2-CHP-12-SECT-3.3"/> <h3 class="head2">Samba Mailing Lists</h3> <p>The following are <a name="INDEX-116"/>mailing lists for support with Samba. See the Samba home page, <a href="http://www.samba.org/">http://www.samba.org/</a>, for information on subscribing and unsubscribing to these mailing lists:</p> <dl> <dt><b>samba@samba.org</b></dt> <dd> <p>This is the primary mailing list for general questions and discussion regarding Samba.</p> </dd> <dt><b>samba-announce@samba.org</b></dt> <dd> <p>This list is for receiving news regarding Samba, such as announcements of new releases.</p> </dd> <dt><b>samba-cvs@samba.org</b></dt> <dd> <p>By subscribing to this list, you can automatically receive a message every time one of the Samba developers updates the Samba source code in the CVS repository. You might want to do this if you are waiting for a specific bug fix or feature to be applied. To avoid congesting your email inbox, we suggest using the digest feature, which consolidates messages into a smaller number of emails.</p> </dd> <dt><b>samba-docs@samba.org</b></dt> <dd> <p>This list is for discussing Samba documentation.</p> </dd> <dt><b>samba-vms@samba.org</b></dt> <dd> <p>This mailing list is for people who are running Samba on the VMS operating system.</p> </dd> <dt><b>samba-binaries@samba.org</b></dt> <dd> <p>This is a list for developers to use when discussing precompiled Samba distributions.</p> </dd> <dt><b>samba-technical@samba.org</b></dt> <dd> <p>This mailing list is for developer discussion of the Samba code.</p> </dd> </dl> <p>Searchable versions of the Samba mailing list archives can be found at <a href="http://marc.theaimsgroup.com">http://marc.theaimsgroup.com</a>.</p> <p>When posting messages to the Samba mailing lists, keep in mind that you are sending your message to a large audience. The notes in the previous section regarding Usenet postings also apply here. A well-formulated question or comment is more likely to be answered, and a poorly conceived message is <em class="emphasis">very</em> likely to be ignored!</p> </div> <div class="sect2"><a name="samba2-CHP-12-SECT-3.4"/> <h3 class="head2">Further Reading</h3> <ol><li> <p>Hunt, Craig. <em class="emphasis">TCP/IP Network Administration</em>, Third Edition. Sebastopol, CA: O'Reilly & Associates, 1997.</p> </li> <li> <p>Hunt, Craig, and Robert Bruce Thompson. <em class="emphasis">Windows NT TCP/IP Network Administration</em>. Sebastopol, CA: O'Reilly & Associates, 1998.</p> </li> <li> <p>Albitz, Paul, and Cricket Liu. <em class="emphasis">DNS and Bind</em>, Fourth Edition. Sebastopol, CA: O'Reilly & Associates, 1998.</p> </li> <li> <p>Stern, Hal. <em class="emphasis">Managing NFS and NIS</em>, Second Edition. Sebastopol, CA: O'Reilly & Associates, 1991.<a name="INDEX-117"/></p> </li></ol> </div> </div> <hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html>