diff options
Diffstat (limited to 'docs/htmldocs/diagnosis.html')
| -rw-r--r-- | docs/htmldocs/diagnosis.html | 311 |
1 files changed, 0 insertions, 311 deletions
diff --git a/docs/htmldocs/diagnosis.html b/docs/htmldocs/diagnosis.html deleted file mode 100644 index 3b76bc41c0..0000000000 --- a/docs/htmldocs/diagnosis.html +++ /dev/null @@ -1,311 +0,0 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 33. The Samba Checklist</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="troubleshooting.html" title="Part V. Troubleshooting"><link rel="previous" href="troubleshooting.html" title="Part V. Troubleshooting"><link rel="next" href="problems.html" title="Chapter 34. Analyzing and Solving Samba Problems"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 33. The Samba Checklist</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="troubleshooting.html">Prev</a> </td><th width="60%" align="center">Part V. Troubleshooting</th><td width="20%" align="right"> <a accesskey="n" href="problems.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="diagnosis"></a>Chapter 33. The Samba Checklist</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Andrew</span> <span class="surname">Tridgell</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:tridge@samba.org">tridge@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>></tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Dan</span> <span class="surname">Shearer</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:dan@samba.org">dan@samba.org</a>></tt></p></div></div></div></div><div><p class="pubdate">Wed Jan 15</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="diagnosis.html#id2969273">Introduction</a></dt><dt><a href="diagnosis.html#id2969311">Assumptions</a></dt><dt><a href="diagnosis.html#id2969546">The Tests</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2969273"></a>Introduction</h2></div></div><div></div></div><p> -This file contains a list of tests you can perform to validate your -Samba server. It also tells you what the likely cause of the problem -is if it fails any one of these steps. If it passes all these tests, -then it is probably working fine. -</p><p> -You should do all the tests, in the order shown. We have tried to -carefully choose them so later tests only use capabilities verified in -the earlier tests. However, do not stop at the first error as there -have been some instances when continuing with the tests has helped -to solve a problem. -</p><p> -If you send one of the Samba mailing lists an email saying, “<span class="quote">it does not work</span>” -and you have not followed this test procedure, you should not be surprised -if your email is ignored. -</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2969311"></a>Assumptions</h2></div></div><div></div></div><p> -In all of the tests, it is assumed you have a Samba server called -BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP. -</p><p> -The procedure is similar for other types of clients. -</p><p> -It is also assumed you know the name of an available share in your -<tt class="filename">smb.conf</tt>. I will assume this share is called <i class="parameter"><tt>tmp</tt></i>. -You can add a <i class="parameter"><tt>tmp</tt></i> share like this by adding the -lines shown in <link linkend="tmpshare">. -</p><div class="example"><a name="tmpshare"></a><p class="title"><b>Example 33.1. smb.conf with [tmp] share</b></p><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><i class="parameter"><tt>[tmp]</tt></i></td></tr><tr><td><i class="parameter"><tt>comment = temporary files </tt></i></td></tr><tr><td><i class="parameter"><tt>path = /tmp</tt></i></td></tr><tr><td><i class="parameter"><tt>read only = yes</tt></i></td></tr></table></div><p> -</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> -These tests assume version 3.0.0 or later of the Samba suite. -Some commands shown did not exist in earlier versions. -</p></div><p> -Please pay attention to the error messages you receive. If any error message -reports that your server is being unfriendly, you should first check that your -IP name resolution is correctly set up. Make sure your <tt class="filename">/etc/resolv.conf</tt> -file points to name servers that really do exist. -</p><p> -Also, if you do not have DNS server access for name resolution, please check -that the settings for your <tt class="filename">smb.conf</tt> file results in <b class="command">dns proxy = no</b>. The -best way to check this is with <b class="command">testparm smb.conf</b>. -</p><p> -<a class="indexterm" name="id2969474"></a> -It is helpful to monitor the log files during testing by using the -<b class="command">tail -F log_file_name</b> in a separate -terminal console (use ctrl-alt-F1 through F6 or multiple terminals in X). -Relevant log files can be found (for default installations) in -<tt class="filename">/usr/local/samba/var</tt>. Also, connection logs from -machines can be found here or possibly in <tt class="filename">/var/log/samba</tt>, -depending on how or if you specified logging in your <tt class="filename">smb.conf</tt> file. -</p><p> -If you make changes to your <tt class="filename">smb.conf</tt> file while going through these test, -remember to restart <span class="application">smbd</span> and <span class="application">nmbd</span>. -</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2969546"></a>The Tests</h2></div></div><div></div></div><div class="procedure"><p class="title"><b>Procedure 33.1. Diagnosing your Samba server</b></p><ol type="1"><li><p> -<a class="indexterm" name="id2969570"></a> -In the directory in which you store your <tt class="filename">smb.conf</tt> file, run the command -<b class="command">testparm smb.conf</b>. If it reports any errors, then your <tt class="filename">smb.conf</tt> -configuration file is faulty. -</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> -Your <tt class="filename">smb.conf</tt> file may be located in: <tt class="filename">/etc/samba</tt> -or in <tt class="filename">/usr/local/samba/lib</tt>. -</p></div></li><li><p> -Run the command <b class="command">ping BIGSERVER</b> from the PC and -<b class="command">ping ACLIENT</b> from the UNIX box. If you do not get a valid response, -then your TCP/IP software is not correctly installed. -</p><p> -You will need to start a “<span class="quote">dos prompt</span>” window on the PC to run ping. -</p><p> -If you get a message saying “<span class="quote"><span class="errorname">host not found</span></span>” or similar, then your DNS -software or <tt class="filename">/etc/hosts</tt> file is not correctly setup. -It is possible to run Samba without DNS entries for the server and client, but it is assumed -you do have correct entries for the remainder of these tests. -</p><p> -Another reason why ping might fail is if your host is running firewall -software. You will need to relax the rules to let in the workstation -in question, perhaps by allowing access from another subnet (on Linux -this is done via the appropriate firewall maintenance commands <b class="command">ipchains</b> -or <b class="command">iptables</b>). -</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> -Modern Linux distributions install ipchains/iptables by default. -This is a common problem that is often overlooked. -</p></div><p> -If you wish to check what firewall rules may be present in a system under test, simply run -<b class="command">iptables -L -v</b> or if <i class="parameter"><tt>ipchains</tt></i>-based firewall rules are in use, -<b class="command">ipchains -L -v</b>. -</p><p> -Here is a sample listing from a system that has an external ethernet interface (eth1) on which Samba -is not active, and an internal (private network) interface (eth0) on which Samba is active: -</p><pre class="screen"> -frodo:~ # iptables -L -v -Chain INPUT (policy DROP 98496 packets, 12M bytes) - pkts bytes target prot opt in out source destination - 187K 109M ACCEPT all -- lo any anywhere anywhere - 892K 125M ACCEPT all -- eth0 any anywhere anywhere -1399K 1380M ACCEPT all -- eth1 any anywhere anywhere \ - state RELATED,ESTABLISHED - -Chain FORWARD (policy DROP 0 packets, 0 bytes) - pkts bytes target prot opt in out source destination - 978K 1177M ACCEPT all -- eth1 eth0 anywhere anywhere \ - state RELATED,ESTABLISHED - 658K 40M ACCEPT all -- eth0 eth1 anywhere anywhere - 0 0 LOG all -- any any anywhere anywhere \ - LOG level warning - -Chain OUTPUT (policy ACCEPT 2875K packets, 1508M bytes) - pkts bytes target prot opt in out source destination - -Chain reject_func (0 references) - pkts bytes target prot opt in out source destinat -</pre><p> -</p></li><li><p> -Run the command: <b class="command">smbclient -L BIGSERVER</b> -on the UNIX box. You should get back a list of available shares. -</p><p> -If you get an error message containing the string “<span class="quote">Bad password</span>”, then -you probably have either an incorrect <i class="parameter"><tt>hosts allow</tt></i>, -<i class="parameter"><tt>hosts deny</tt></i> or <i class="parameter"><tt>valid users</tt></i> line in your -<tt class="filename">smb.conf</tt>, or your guest account is not valid. Check what your guest account is using <span class="application">testparm</span> and -temporarily remove any <i class="parameter"><tt>hosts allow</tt></i>, <i class="parameter"><tt>hosts deny</tt></i>, -<i class="parameter"><tt>valid users</tt></i> or <i class="parameter"><tt>invalid users</tt></i> lines. -</p><p> -If you get a message “<span class="quote"><span class="errorname">connection refused</span></span>” response, then the <b class="command">smbd</b> server may -not be running. If you installed it in <tt class="filename">inetd.conf</tt>, then you probably edited -that file incorrectly. If you installed it as a daemon, then check that -it is running, and check that the netbios-ssn port is in a LISTEN -state using <b class="command">netstat -a</b>. -</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> -<a class="indexterm" name="id2969931"></a> -<a class="indexterm" name="id2969939"></a> -Some UNIX/Linux systems use <b class="command">xinetd</b> in place of -<b class="command">inetd</b>. Check your system documentation for the location -of the control files for your particular system implementation of -the network super daemon. -</p></div><p> -If you get a message saying “<span class="quote"><span class="errorname">session request failed</span></span>”, the server refused the -connection. If it says “<span class="quote">Your server software is being unfriendly</span>”, then -it's probably because you have invalid command line parameters to <span class="application">smbd</span>, -or a similar fatal problem with the initial startup of <span class="application">smbd</span>. Also -check your config file (<tt class="filename">smb.conf</tt>) for syntax errors with <span class="application">testparm</span> -and that the various directories where Samba keeps its log and lock -files exist. -</p><p> -There are a number of reasons for which smbd may refuse or decline -a session request. The most common of these involve one or more of -the <tt class="filename">smb.conf</tt> file entries as shown in <link linkend="modif1">. -</p><p> -</p><div class="example"><a name="modif1"></a><p class="title"><b>Example 33.2. Configuration for only allowing connections from a certain subnet</b></p><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><i class="parameter"><tt>[globals]</tt></i></td></tr><tr><td>...</td></tr><tr><td><i class="parameter"><tt>hosts deny = ALL</tt></i></td></tr><tr><td><i class="parameter"><tt>hosts allow = xxx.xxx.xxx.xxx/yy</tt></i></td></tr><tr><td><i class="parameter"><tt>interfaces = eth0</tt></i></td></tr><tr><td><i class="parameter"><tt>bind interfaces only = Yes</tt></i></td></tr><tr><td>...</td></tr></table></div><p> -</p><p> -In the above, no allowance has been made for any session requests that -will automatically translate to the loopback adapter address 127.0.0.1. -To solve this problem, change these lines as shown in <link linkend="modif2">. -</p><p> -</p><div class="example"><a name="modif2"></a><p class="title"><b>Example 33.3. Configuration for allowing connections from a certain subnet and localhost</b></p><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><i class="parameter"><tt>[globals]</tt></i></td></tr><tr><td>...</td></tr><tr><td><i class="parameter"><tt>hosts deny = ALL</tt></i></td></tr><tr><td><i class="parameter"><tt>hosts allow = xxx.xxx.xxx.xxx/yy 127.</tt></i></td></tr><tr><td><i class="parameter"><tt>interfaces = eth0 lo</tt></i></td></tr><tr><td>...</td></tr></table></div><p> -</p><p> -<a class="indexterm" name="id2970193"></a> -Another common cause of these two errors is having something already running -<a class="indexterm" name="id2970203"></a> -on port <tt class="constant">139</tt>, such as Samba (<span class="application">smbd</span> is running from <span class="application">inetd</span> already) or -something like Digital's Pathworks. Check your <tt class="filename">inetd.conf</tt> file before trying -to start <span class="application">smbd</span> as a daemon it can avoid a lot of frustration! -</p><p> -And yet another possible cause for failure of this test is when the subnet mask -and/or broadcast address settings are incorrect. Please check that the -network interface IP Address/Broadcast Address/Subnet Mask settings are -correct and that Samba has correctly noted these in the <tt class="filename">log.nmbd</tt> file. -</p></li><li><p> -Run the command: <b class="command">nmblookup -B BIGSERVER __SAMBA__</b>. -You should get back the IP address of your Samba server. -</p><p> -If you do not, then nmbd is incorrectly installed. Check your <tt class="filename">inetd.conf</tt> -if you run it from there, or that the daemon is running and listening to udp port 137. -</p><p> -One common problem is that many inetd implementations can't take many -parameters on the command line. If this is the case, then create a -one-line script that contains the right parameters and run that from -inetd. -</p></li><li><p> -Run the command: <b class="command">nmblookup -B ACLIENT `*'</b> -</p><p> -You should get the PC's IP address back. If you do not then the client -software on the PC isn't installed correctly, or isn't started, or you -got the name of the PC wrong. -</p><p> -If ACLIENT does not resolve via DNS then use the IP address of the -client in the above test. -</p></li><li><p> -Run the command: <b class="command">nmblookup -d 2 '*'</b> -</p><p> -This time we are trying the same as the previous test but are trying -it via a broadcast to the default broadcast address. A number of -NetBIOS/TCP/IP hosts on the network should respond, although Samba may -not catch all of the responses in the short time it listens. You -should see the “<span class="quote"><span class="errorname">got a positive name query response</span></span>” -messages from several hosts. -</p><p> -If this does not give a similar result to the previous test, then -nmblookup isn't correctly getting your broadcast address through its -automatic mechanism. In this case you should experiment with the -<a class="indexterm" name="id2970377"></a><i class="parameter"><tt>interfaces</tt></i> option in <tt class="filename">smb.conf</tt> to manually configure your IP -address, broadcast and netmask. -</p><p> -If your PC and server aren't on the same subnet, then you will need to use the -<tt class="option">-B</tt> option to set the broadcast address to that of the PCs subnet. -</p><p> -This test will probably fail if your subnet mask and broadcast address are -not correct. (Refer to TEST 3 notes above). -</p></li><li><p> -<a class="indexterm" name="id2970428"></a> -Run the command: <b class="command">smbclient //BIGSERVER/TMP</b>. You should -then be prompted for a password. You should use the password of the account -with which you are logged into the UNIX box. If you want to test with -another account, then add the <tt class="option">-U accountname</tt> option to the end of -the command line. For example, <b class="command">smbclient //bigserver/tmp -Ujohndoe</b>. -</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> -It is possible to specify the password along with the username as follows: -<b class="command">smbclient //bigserver/tmp -Ujohndoe%secret</b>. -</p></div><p> -Once you enter the password, you should get the <tt class="prompt">smb></tt> prompt. If you -do not, then look at the error message. If it says “<span class="quote"><span class="errorname">invalid network -name</span></span>”, then the service <i class="parameter"><tt>tmp</tt></i> is not correctly setup in your <tt class="filename">smb.conf</tt>. -</p><p> -If it says “<span class="quote"><span class="errorname">bad password</span></span>”, then the likely causes are: -</p><div class="orderedlist"><ol type="1"><li><p> - You have shadow passwords (or some other password system) but didn't - compile in support for them in <span class="application">smbd</span>. - </p></li><li><p> - Your <a class="indexterm" name="id2970549"></a><i class="parameter"><tt>valid users</tt></i> configuration is incorrect. - </p></li><li><p> - You have a mixed case password and you haven't enabled the <a class="indexterm" name="id2970572"></a><i class="parameter"><tt>password level</tt></i> option at a high enough level. - </p></li><li><p> - The <a class="indexterm" name="id2970595"></a><i class="parameter"><tt>path</tt></i> line in <tt class="filename">smb.conf</tt> is incorrect. Check it with <span class="application">testparm</span>. - </p></li><li><p> - You enabled password encryption but didn't map UNIX to Samba users. Run: - <b class="command">smbpasswd -a username</b> - </p></li></ol></div><p> -Once connected, you should be able to use the commands <b class="command">dir</b>, <b class="command">get</b>, -<b class="command">put</b> and so on. Type <b class="command">help command</b> for instructions. You should -especially check that the amount of free disk space shown is correct when you type <b class="command">dir</b>. -</p></li><li><p> -On the PC, type the command <b class="command">net view \\BIGSERVER</b>. You will -need to do this from within a dos prompt window. You should get back a -list of shares available on the server. -</p><p> -If you get a message “<span class="quote"><span class="errorname">network name not found</span></span>” or similar error, then netbios -name resolution is not working. This is usually caused by a problem in <b class="command">nmbd</b>. -To overcome it, you could do one of the following (you only need to choose one of them): -</p><div class="orderedlist"><ol type="1"><li><p> - Fixup the <span class="application">nmbd</span> installation. -</p></li><li><p> - Add the IP address of BIGSERVER to the <b class="command">wins server</b> box in the - advanced TCP/IP setup on the PC. -</p></li><li><p> - Enable Windows name resolution via DNS in the advanced section of the TCP/IP setup. -</p></li><li><p> - Add BIGSERVER to your lmhosts file on the PC. -</p></li></ol></div><p> -If you get a message “<span class="quote"><span class="errorname">invalid network name</span></span>” or -“<span class="quote"><span class="errorname">bad password error</span></span>”, then apply the -same fixes as for the <b class="command">smbclient -L</b> test above. In -particular, make sure your <b class="command">hosts allow</b> line is correct (see the man pages). -</p><p> -Also, do not overlook that fact that when the workstation requests the -connection to the Samba server, it will attempt to connect using the -name with which you logged onto your Windows machine. You need to make -sure that an account exists on your Samba server with that exact same -name and password. -</p><p> -If you get a message “<span class="quote"><span class="errorname">specified computer is not receiving requests</span></span>” or similar, -it probably means that the host is not contactable via TCP services. -Check to see if the host is running TCP wrappers, and if so add an entry in -the <tt class="filename">hosts.allow</tt> file for your client (or subnet, and so on.) -</p></li><li><p> -Run the command <b class="command">net use x: \\BIGSERVER\TMP</b>. You should -be prompted for a password, then you should get a <tt class="computeroutput">command completed -successfully</tt> message. If not, then your PC software is incorrectly -installed or your <tt class="filename">smb.conf</tt> is incorrect. Make sure your <i class="parameter"><tt>hosts allow</tt></i> -and other config lines in <tt class="filename">smb.conf</tt> are correct. -</p><p> -It's also possible that the server can't work out what user name to connect you as. -To see if this is the problem, add the line -<a class="indexterm" name="id2970891"></a><i class="parameter"><tt>user</tt></i> = username to the -<i class="parameter"><tt>[tmp]</tt></i> section of -<tt class="filename">smb.conf</tt> where <i class="parameter"><tt>username</tt></i> is the -username corresponding to the password you typed. If you find this -fixes things, you may need the username mapping option. -</p><p> -It might also be the case that your client only sends encrypted passwords -and you have <a class="indexterm" name="id2970934"></a><i class="parameter"><tt>encrypt passwords</tt></i> = no in <tt class="filename">smb.conf</tt>. -Change this to "yes" to fix this. -</p></li><li><p> -Run the command <b class="command">nmblookup -M <i class="parameter"><tt>testgroup</tt></i></b> where -<i class="parameter"><tt>testgroup</tt></i> is the name of the workgroup that your Samba server and -Windows PCs belong to. You should get back the IP address of the -master browser for that workgroup. -</p><p> -If you do not, then the election process has failed. Wait a minute to -see if it is just being slow, then try again. If it still fails after -that, then look at the browsing options you have set in <tt class="filename">smb.conf</tt>. Make -sure you have <a class="indexterm" name="id2971004"></a><i class="parameter"><tt>preferred master</tt></i> = yes to ensure that -an election is held at startup. -</p></li><li><p> ->From file manager, try to browse the server. Your Samba server should -appear in the browse list of your local workgroup (or the one you -specified in <tt class="filename">smb.conf</tt>). You should be able to double click on the name -of the server and get a list of shares. If you get the error message “<span class="quote">invalid password</span>”, - you are probably running Windows NT and it -is refusing to browse a server that has no encrypted password -capability and is in User Level Security mode. In this case, either set -<a class="indexterm" name="id2971052"></a><i class="parameter"><tt>security</tt></i> = server and -<a class="indexterm" name="id2971066"></a><i class="parameter"><tt>password server</tt></i> = Windows_NT_Machine in your -<tt class="filename">smb.conf</tt> file, or make sure <a class="indexterm" name="id2971087"></a><i class="parameter"><tt>encrypt passwords</tt></i> is -set to “<span class="quote">yes</span>”. -</p></li></ol></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="troubleshooting.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="troubleshooting.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="problems.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Part V. Troubleshooting </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 34. Analyzing and Solving Samba Problems</td></tr></table></div></body></html> |