summaryrefslogtreecommitdiffstats
path: root/docs/docbook/faq/errors.sgml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook/faq/errors.sgml')
-rw-r--r--docs/docbook/faq/errors.sgml170
1 files changed, 170 insertions, 0 deletions
diff --git a/docs/docbook/faq/errors.sgml b/docs/docbook/faq/errors.sgml
new file mode 100644
index 0000000000..2f378a3688
--- /dev/null
+++ b/docs/docbook/faq/errors.sgml
@@ -0,0 +1,170 @@
+<chapter id="errors">
+
+<title>Common errors</title>
+
+<sect1>
+<title>Not listening for calling name</title>
+
+<para>
+<programlisting>
+Session request failed (131,129) with myname=HOBBES destname=CALVIN
+Not listening for calling name
+</programlisting>
+</para>
+
+<para>
+If you get this when talking to a Samba box then it means that your
+global "hosts allow" or "hosts deny" settings are causing the Samba
+server to refuse the connection.
+</para>
+
+<para>
+Look carefully at your "hosts allow" and "hosts deny" lines in the
+global section of smb.conf.
+</para>
+
+<para>
+It can also be a problem with reverse DNS lookups not functioning
+correctly, leading to the remote host identity not being able to
+be confirmed, but that is less likely.
+</para>
+</sect1>
+
+<sect1>
+<title>System Error 1240</title>
+
+<para>
+System error 1240 means that the client is refusing to talk
+to a non-encrypting server. Microsoft changed WinNT in service
+pack 3 to refuse to connect to servers that do not support
+SMB password encryption.
+</para>
+
+<para>There are two main solutions:
+<simplelist>
+<member>enable SMB password encryption in Samba. See the encryption part of
+the samba HOWTO Collection</member>
+
+<member>disable this new behaviour in NT. See the section about
+Windows NT in the chapter "Portability" of the samba HOWTO collection
+</member>
+</simplelist>
+
+</sect1>
+
+<sect1>
+<title>smbclient ignores -N !</title>
+
+<para>
+<quote>When getting the list of shares available on a host using the command
+<command>smbclient -N -L</command>
+the program always prompts for the password if the server is a Samba server.
+It also ignores the "-N" argument when querying some (but not all) of our
+NT servers.
+</quote>
+
+<para>
+No, it does not ignore -N, it is just that your server rejected the
+null password in the connection, so smbclient prompts for a password
+to try again.
+</para>
+
+<para>
+To get the behaviour that you probably want use <command>smbclient -L host -U%</command>
+</para>
+
+<para>
+This will set both the username and password to null, which is
+an anonymous login for SMB. Using -N would only set the password
+to null, and this is not accepted as an anonymous login for most
+SMB servers.
+</para>
+
+</sect1>
+
+<sect1>
+<title>The data on the CD-Drive I've shared seems to be corrupted!</title>
+
+<para>
+Some OSes (notably Linux) default to auto detection of file type on
+cdroms and do cr/lf translation. This is a very bad idea when use with
+Samba. It causes all sorts of stuff ups.
+</para>
+
+<para>
+To overcome this problem use conv=binary when mounting the cdrom
+before exporting it with Samba.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Why can users access home directories of other users?</title>
+
+<para>
+<quote>
+We are unable to keep individual users from mapping to any other user's
+home directory once they have supplied a valid password! They only need
+to enter their own password. I have not found *any* method that I can
+use to configure samba to enforce that only a user may map their own
+home directory.
+</quote>
+</para>
+
+<para><quote>
+User xyzzy can map his home directory. Once mapped user xyzzy can also map
+*anyone* elses home directory!
+</quote></para>
+
+<para>
+This is not a security flaw, it is by design. Samba allows
+users to have *exactly* the same access to the UNIX filesystem
+as they would if they were logged onto the UNIX box, except
+that it only allows such views onto the file system as are
+allowed by the defined shares.
+</para>
+
+<para>
+This means that if your UNIX home directories are set up
+such that one user can happily cd into another users
+directory and do an ls, the UNIX security solution is to
+change the UNIX file permissions on the users home directories
+such that the cd and ls would be denied.
+</para>
+
+<para>
+Samba tries very hard not to second guess the UNIX administrators
+security policies, and trusts the UNIX admin to set
+the policies and permissions he or she desires.
+</para>
+
+<para>
+Samba does allow the setup you require when you have set the
+"only user = yes" option on the share, is that you have not set the
+valid users list for the share.
+</para>
+
+<para>
+Note that only user works in conjunction with the users= list,
+so to get the behavior you require, add the line :
+<programlisting>
+users = %S
+</programlisting>
+this is equivalent to:
+<programlisting>
+valid users = %S
+</programlisting>
+to the definition of the [homes] share, as recommended in
+the smb.conf man page.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Until a few minutes after samba has started, clients get the error "Domain Controller Unavailable"</title>
+<para>
+A domain controller has to announce on the network who it is. This usually takes a while.
+</para>
+</sect1>
+
+</chapter>