Added fixes for become_user braindamage.

[kai/samba.git] / docs / faq / Samba-Server-FAQ-2.html

<HTML>
<HEAD>
<TITLE> Samba Server FAQ: How do I get the CIFS, SMB and NetBIOS protocols?</TITLE>
</HEAD>
<BODY>
<A HREF="Samba-Server-FAQ-1.html">Previous</A>
Next
<A HREF="Samba-Server-FAQ.html#toc2">Table of Contents</A>
<HR>
<H2><A NAME="s2">2. How do I get the CIFS, SMB and NetBIOS protocols?</A></H2>

<P>
<A NAME="ServerProtocols"></A> 
</P>
<P>See the 
<A HREF="Samba-meta-FAQ.html#CifsSmb">meta FAQ on CIFS and SMB</A> if you don't have any idea what these protocols are.</P>
<P>CIFS and SMB are implemented by the main Samba fileserving daemon, smbd.
<F>.....</F></P>
<P>nmbd speaks a limited amount of CIFS (...) but is mostly concerned with
NetBIOS. NetBIOS is <F>....</F></P>
<P>RFC1001, RFC1002 <F>...</F></P>
<P>So, provided you have got Samba correctly installed and running you have
all three of these protocols. Some operating systems already come with
stacks for all or some of these, such as SCO Unix, OS/2 and <F>...</F> In this
case you must <F>...</F></P>

<H2><A NAME="ss2.1">2.1 What server operating systems are supported?</A></H2>

<P>
<A NAME="PortInfo"></A> 
</P>
<P>At the last count, Samba runs on about 40 operating systems! This
section looks at general questions about running Samba on the different
platforms. Issues specific to particular operating systems are dealt
with in elsewhere in this document.</P>
<P>Many of the ports have been done by people outside the Samba team keen
to get the advantages of Samba. The Samba team is currently trying to
bring as many of these ports as possible into the main source tree and
integrate the documentation. Samba is an integration tool, and so it has
been made as easy as possible to port. The platforms most widely used
and thus best tested are Linux and SunOS.</P>
<P>This migration has not been completed yet. This means that some
documentation is on web sites <F>...</F></P>
<P>There are two main families of Samba ports, Unix and other. The Unix
ports cover anything that remotely resembles Unix and includes some
extremely old products as well as best-sellers, tiny PCs to massive
multiprocessor machines supporting hundreds of thousands of users. Samba
has been run on more than 30 Unix and Unix-like operating systems.</P>

<H3>Running Samba on a Unix or Unix-like system</H3>

<P>
<A NAME="OnUnix"></A> 
</P>
<P>
<A HREF="../UNIX-SMB.txt">../UNIX-SMB.txt</A> describes some of the issues that confront a
SMB implementation on unix, and how Samba copes with them. They may help
people who are looking at unix<->PC interoperability.</P>
<P>There is great variation between Unix implementations, especially those
not adhering to the Common Unix Specification agreed to in 1996. Things
that can be quite tricky are <F>.....</F></P>
<P>There are also some considerable advantages conferred on Samba running
under Unix compared to, say, Windows NT or LAN Server. Unix has <F>...</F></P>
<P>At time of writing, the Makefile claimed support for:
<UL>
<LI> A/UX 3.0</LI>
<LI> AIX</LI>
<LI> Altos Series 386/1000</LI>
<LI> Amiga</LI>
<LI> Apollo Domain/OS sr10.3</LI>
<LI> BSDI </LI>
<LI> B.O.S. (Bull Operating System)</LI>
<LI> Cray, Unicos 8.0</LI>
<LI> Convex</LI>
<LI> DGUX. </LI>
<LI> DNIX.</LI>
<LI> FreeBSD</LI>
<LI> HP-UX</LI>
<LI> Intergraph. </LI>
<LI> Linux with/without shadow passwords and quota</LI>
<LI> LYNX 2.3.0</LI>
<LI> MachTen (a unix like system for Macintoshes)</LI>
<LI> Motorola 88xxx/9xx range of machines</LI>
<LI> NetBSD</LI>
<LI> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).</LI>
<LI> OS/2 using EMX 0.9b</LI>
<LI> OSF1</LI>
<LI> QNX 4.22</LI>
<LI> RiscIX. </LI>
<LI> RISCOs 5.0B</LI>
<LI> SEQUENT. </LI>
<LI> SCO (including: 3.2v2, European dist., OpenServer 5)</LI>
<LI> SGI.</LI>
<LI> SMP_DC.OSx v1.1-94c079 on Pyramid S series</LI>
<LI> SONY NEWS, NEWS-OS (4.2.x and 6.1.x)</LI>
<LI> SUNOS 4</LI>
<LI> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')</LI>
<LI> Sunsoft ISC SVR3V4</LI>
<LI> SVR4</LI>
<LI> System V with some berkely extensions (Motorola 88k R32V3.2).</LI>
<LI> ULTRIX.</LI>
<LI> UNIXWARE</LI>
<LI> UXP/DS</LI>
</UL>
</P>


<H3>Running Samba on systems unlike Unix</H3>

<P>
<A NAME="OnUnlikeUnix"></A> 
</P>
<P>More recently Samba has been ported to a number of operating systems
which can provide a BSD Unix-like implementation of TCP/IP sockets.
These include OS/2, Netware, VMS, StratOS, Amiga and MVS. BeOS,
Windows NT and several others are being worked on but not yet available
for use.</P>
<P>Home pages for these ports are:</P>
<P><F>...  </F></P>


<H2><A NAME="ss2.2">2.2 Exporting server resources with Samba</A></H2>

<P>
<A NAME="Exporting"></A> 
</P>
<P>Files, printers, CD ROMs and other local devices. Network devices,
including networked filesystems and remote printer queues. Other devices
such as <F>....</F></P>
<P>1.4) Configuring SHARES
1.4.1) Homes service
1.4.2) Public services
1.4.3) Application serving
1.4.4) Team sharing a Samba resource</P>
<P>1.5) Printer configuration
1.5.1) Berkeley LPR/LPD systems
1.5.2) ATT SysV lp systems
1.5.3) Using a private printcap file
1.5.4) Use of the smbprint utility
1.5.5) Printing from Windows to Unix
1.5.6) Printing from Unix to Windows</P>


<H2><A NAME="ss2.3">2.3 Name Resolution and Browsing</A></H2>

<P>
<A NAME="NameBrowsing"></A> 
</P>
<P>See also 
<A HREF="../BROWSING.txt">../BROWSING.txt</A></P>
<P>1.6) Name resolution issues
1.6.1) LMHOSTS file and when to use it
1.6.2) configuring WINS (support, server, proxy)
1.6.3) configuring DNS proxy</P>
<P>1.7) Problem Diagnosis
1.8) What NOT to do!!!!</P>
<P>3.2) Browse list managment
3.3) Name resolution mangement</P>



<H2><A NAME="ss2.4">2.4 Handling SMB Encryption</A></H2>

<P>
<A NAME="SMBEncryptionSteps"></A> 
</P>
<P>SMB encryption is ...</P>
<P>...in 
<A HREF="../ENCRYPTION.txt">../ENCRYPTION.txt</A> there is...</P>
<P>Samba compiled with libdes - enabling encrypted passwords</P>


<H3>Laws in different countries affecting Samba</H3>

<P>
<A NAME="CryptoLaws"></A> 
</P>

<H3>Relationship between encryption and Domain Authentication</H3>




<H2><A NAME="ss2.5">2.5 Files and record locking</A>                3.1.1) Old DOS clients                3.1.2) Opportunistic locking and the consequences                3.1.3) Files caching under Windows for Workgroups, Win95 and NT    Some of the foregoing links into Client-FAQ</H2>


<H2><A NAME="ss2.6">2.6 Managing Samba Log files</A></H2>

<P>
<A NAME="LogFiles"></A> 
</P>


<H2><A NAME="ss2.7">2.7 I can't see the Samba server in any browse lists!</A></H2>

<P>
<A NAME="no_browse"></A> 

See 
<A HREF="ftp://samba.anu.edu.au/pub/samba/BROWSING.txt">BROWSING.txt</A>
for more information on browsing.  Browsing.txt can also be found
in the docs directory of the Samba source.</P>
<P>If your GUI client does not permit you to select non-browsable
servers, you may need to do so on the command line. For example, under
Lan Manager you might connect to the above service as disk drive M:
thusly:
<BLOCKQUOTE><CODE>
<PRE>
   net use M: \\mary\fred
</PRE>
</CODE></BLOCKQUOTE>

The details of how to do this and the specific syntax varies from
client to client - check your client's documentation.</P>


<H2><A NAME="ss2.8">2.8 Some files that I KNOW are on the server doesn't show up when I view the files from my client! </A></H2>

<P> 
<A NAME="missing_files"></A> 

See the next question.</P>


<H2><A NAME="ss2.9">2.9 Some files on the server show up with really wierd filenames when I view the files from my client! </A></H2>

<P> 
<A NAME="strange_filenames"></A> 

If you check what files are not showing up, you will note that they
are files which contain upper case letters or which are otherwise not
DOS-compatible (ie, they are not legal DOS filenames for some reason).</P>
<P>The Samba server can be configured either to ignore such files
completely, or to present them to the client in "mangled" form. If you
are not seeing the files at all, the Samba server has most likely been
configured to ignore them.  Consult the man page smb.conf(5) for
details of how to change this - the parameter you need to set is
"mangled names = yes".</P>


<H2><A NAME="ss2.10">2.10 My client reports "cannot locate specified computer" or similar</A></H2>

<P>
<A NAME="cant_see_server"></A> 

This indicates one of three things: You supplied an incorrect server
name, the underlying TCP/IP layer is not working correctly, or the
name you specified cannot be resolved.</P>
<P>After carefully checking that the name you typed is the name you
should have typed, try doing things like pinging a host or telnetting
to somewhere on your network to see if TCP/IP is functioning OK. If it
is, the problem is most likely name resolution.</P>
<P>If your client has a facility to do so, hardcode a mapping between the
hosts IP and the name you want to use. For example, with Man Manager
or Windows for Workgroups you would put a suitable entry in the file
LMHOSTS. If this works, the problem is in the communication between
your client and the netbios name server. If it does not work, then
there is something fundamental wrong with your naming and the solution
is beyond the scope of this document.</P>
<P>If you do not have any server on your subnet supplying netbios name
resolution, hardcoded mappings are your only option. If you DO have a
netbios name server running (such as the Samba suite's nmbd program),
the problem probably lies in the way it is set up. Refer to Section
Two of this FAQ for more ideas.</P>
<P>By the way, remember to REMOVE the hardcoded mapping before further
tests :-)     </P>


<H2><A NAME="ss2.11">2.11 My client reports "cannot locate specified share name" or similar</A></H2>

<P> 
<A NAME="cant_see_share"></A> 

This message indicates that your client CAN locate the specified
server, which is a good start, but that it cannot find a service of
the name you gave.</P>
<P>The first step is to check the exact name of the service you are
trying to connect to (consult your system administrator). Assuming it
exists and you specified it correctly (read your client's doco on how
to specify a service name correctly), read on:</P>
<P>
<UL>
<LI> Many clients cannot accept or use service names longer than eight characters.</LI>
<LI> Many clients cannot accept or use service names containing spaces.</LI>
<LI> Some servers (not Samba though) are case sensitive with service names.</LI>
<LI> Some clients force service names into upper case.</LI>
</UL>
</P>


<H2><A NAME="ss2.12">2.12 My client reports "cannot find domain controller", "cannot log on to the network" or similar </A></H2>

<P> 
<A NAME="cant_see_net"></A> 

Nothing is wrong - Samba does not implement the primary domain name
controller stuff for several reasons, including the fact that the
whole concept of a primary domain controller and "logging in to a
network" doesn't fit well with clients possibly running on multiuser
machines (such as users of smbclient under Unix). Having said that,
several developers are working hard on building it in to the next
major version of Samba. If you can contribute, send a message to
<A HREF="mailto:samba-bugs@anu.edu.au">samba-bugs@anu.edu.au</A> !</P>
<P>Seeing this message should not affect your ability to mount redirected
disks and printers, which is really what all this is about.</P>
<P>For many clients (including Windows for Workgroups and Lan Manager),
setting the domain to STANDALONE at least gets rid of the message.</P>


<H2><A NAME="ss2.13">2.13 Printing doesn't work :-(</A></H2>

<P> 
<A NAME="no_printing"></A> 
 </P>
<P>Make sure that the specified print command for the service you are
connecting to is correct and that it has a fully-qualified path (eg.,
use "/usr/bin/lpr" rather than just "lpr", if you happen to be using
Unix).</P>
<P>Make sure that the spool directory specified for the service is
writable by the user connected to the service. </P>
<P>Make sure that the user specified in the service is permitted to use
the printer.</P>
<P>Check the debug log produced by smbd. Search for the printer name and
see if the log turns up any clues. Note that error messages to do with
a service ipc$ are meaningless - they relate to the way the client
attempts to retrieve status information when using the LANMAN1
protocol.</P>
<P>If using WfWg then you need to set the default protocol to TCP/IP, not
Netbeui. This is a WfWg bug.</P>
<P>If using the Lanman1 protocol (the default) then try switching to
coreplus.  Also not that print status error messages don't mean
printing won't work. The print status is received by a different
mechanism.</P>


<H2><A NAME="ss2.14">2.14 My programs install on the server OK, but refuse to work properly</A></H2>

<P>
<A NAME="programs_wont_run"></A> 

There are numerous possible reasons for this, but one MAJOR
possibility is that your software uses locking. Make sure you are
using Samba 1.6.11 or later. It may also be possible to work around
the problem by setting "locking=no" in the Samba configuration file
for the service the software is installed on. This should be regarded
as a strictly temporary solution.</P>
<P>In earlier Samba versions there were some difficulties with the very
latest Microsoft products, particularly Excel 5 and Word for Windows
6. These should have all been solved. If not then please let Andrew
Tridgell know via email at 
<A HREF="mailto:samba-bugs@anu.edu.au">samba-bugs@anu.edu.au</A>.</P>


<H2><A NAME="ss2.15">2.15 My "server string" doesn't seem to be recognised</A></H2>

<P>
<A NAME="bad_server_string"></A> 

OR My client reports the default setting, eg. "Samba 1.9.15p4", instead
of what I have changed it to in the smb.conf file.</P>
<P>You need to use the -C option in nmbd. The "server string" affects
what smbd puts out and -C affects what nmbd puts out.</P>
<P>Current versions of Samba (1.9.16 +) have combined these options into
the "server string" field of smb.conf, -C for nmbd is now obsolete.</P>


<H2><A NAME="ss2.16">2.16 My client reports "This server is not configured to list shared resources" </A></H2>

<P> 
<A NAME="cant_list_shares"></A> 

Your guest account is probably invalid for some reason. Samba uses the
guest account for browsing in smbd.  Check that your guest account is
valid.</P>
<P>See also 'guest account' in smb.conf man page.</P>


<H2><A NAME="ss2.17">2.17 Issues specific to Unix and Unix-like systems</A></H2>

<P>
<A NAME="UnixIssues"></A> 
</P>

<H3>Printing doesn't work with my Unix Samba server</H3>

<P> 
<A NAME="no_printing"></A> 
 </P>
<P>The user "nobody" often has problems with printing, even if it worked
with an earlier version of Samba. Try creating another guest user other
than "nobody".</P>

<H3>Log message "you appear to have a trapdoor uid system" </H3>

<P>
<A NAME="trapdoor_uid"></A> 

This can have several causes. It might be because you are using a uid
or gid of 65535 or -1. This is a VERY bad idea, and is a big security
hole. Check carefully in your /etc/passwd file and make sure that no
user has uid 65535 or -1. Especially check the "nobody" user, as many
broken systems are shipped with nobody setup with a uid of 65535.</P>
<P>It might also mean that your OS has a trapdoor uid/gid system :-)</P>
<P>This means that once a process changes effective uid from root to
another user it can't go back to root. Unfortunately Samba relies on
being able to change effective uid from root to non-root and back
again to implement its security policy. If your OS has a trapdoor uid
system this won't work, and several things in Samba may break. Less
things will break if you use user or server level security instead of
the default share level security, but you may still strike
problems.</P>
<P>The problems don't give rise to any security holes, so don't panic,
but it does mean some of Samba's capabilities will be unavailable.
In particular you will not be able to connect to the Samba server as
two different uids at once. This may happen if you try to print as a
"guest" while accessing a share as a normal user. It may also affect
your ability to list the available shares as this is normally done as
the guest user.</P>
<P>Complain to your OS vendor and ask them to fix their system.</P>
<P>Note: the reason why 65535 is a VERY bad choice of uid and gid is that
it casts to -1 as a uid, and the setreuid() system call ignores (with
no error) uid changes to -1. This means any daemon attempting to run
as uid 65535 will actually run as root. This is not good!</P>


<H2><A NAME="ss2.18">2.18 Issues specific to IBM OS/2 systems</A></H2>

<P>
<A NAME="OS2Issues"></A> 
</P>
<P>
<A HREF="http://carol.wins.uva.nl/~leeuw/samba/samba2.html">Samba for OS/2</A></P>


<H2><A NAME="ss2.19">2.19 Issues specific to IBM MVS systems</A></H2>

<P>
<A NAME="MVSIssues"></A> 
</P>
<P>
<A HREF="ftp://ftp.mks.com/pub/samba/">Samba for OS/390 MVS</A></P>


<H2><A NAME="ss2.20">2.20 Issues specific to Digital VMS systems</A></H2>

<P>
<A NAME="VMSIssues"></A> 
</P>


<H2><A NAME="ss2.21">2.21 Issues specific to Amiga systems</A></H2>

<P>
<A NAME="AmigaIssues"></A> 
</P>
<P>
<A HREF="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/">Samba for Amiga</A></P>
<P>There is a mailing list for Samba on the Amiga.</P>
<P>Subscribing.</P>
<P>Send an email to rask-samba-request@kampsax.dtu.dk with the word subscribe
in the message. The list server will use the address in the Reply-To: or
From: header field, in that order.</P>
<P>Unsubscribing.</P>
<P>Send an email to rask-samba-request@kampsax.dtu.dk with the word
unsubscribe in the message. The list server will use the address in the
Reply-To: or From: header field, in that order. If you are unsure which
address you are subscribed with, look at the headers. You should see a
"From " (no colon) or Return-Path: header looking something like</P>
<P>rask-samba-owner-myname=my.domain@kampsax.dtu.dk</P>
<P>where myname=my.domain gives you the address myname@my.domain. This also
means that I will always be able to find out which address is causing
bounces, for example.
List archive.</P>
<P>Messages sent to the list are archived in HTML. See the mailing list home
page at 
<A HREF="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/">http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/</A></P>


<H2><A NAME="ss2.22">2.22 Issues specific to Novell IntraNetware systems</A></H2>

<P>
<A NAME="NetwareIssues"></A> 
</P>


<H2><A NAME="ss2.23">2.23 Issues specific to Stratos VOS systems</A></H2>

<P>
<A NAME="NetwareIssues"></A> 
</P>
<P>
<A HREF="ftp://ftp.stratus.com/pub/vos/tools/">Samba for Stratus VOS</A></P>


<HR>
<A HREF="Samba-Server-FAQ-1.html">Previous</A>
Next
<A HREF="Samba-Server-FAQ.html#toc2">Table of Contents</A>
</BODY>
</HTML>