1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
8 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"><LINK
11 HREF="samba-faq.html"><LINK
13 TITLE="Specific client application problems"
14 HREF="clientapp.html"><LINK
17 HREF="features.html"></HEAD
28 SUMMARY="Header navigation table"
74 >Chapter 4. Common errors</H1
82 >4.1. Not listening for calling name</H1
85 CLASS="PROGRAMLISTING"
86 >Session request failed (131,129) with myname=HOBBES destname=CALVIN
87 Not listening for calling name</PRE
90 >If you get this when talking to a Samba box then it means that your
91 global "hosts allow" or "hosts deny" settings are causing the Samba
92 server to refuse the connection. </P
94 >Look carefully at your "hosts allow" and "hosts deny" lines in the
95 global section of smb.conf. </P
97 >It can also be a problem with reverse DNS lookups not functioning
98 correctly, leading to the remote host identity not being able to
99 be confirmed, but that is less likely.</P
108 >4.2. System Error 1240</H1
110 >System error 1240 means that the client is refusing to talk
111 to a non-encrypting server. Microsoft changed WinNT in service
112 pack 3 to refuse to connect to servers that do not support
113 SMB password encryption.</P
115 >There are two main solutions:
123 >enable SMB password encryption in Samba. See the encryption part of
124 the samba HOWTO Collection</TD
128 >disable this new behaviour in NT. See the section about
129 Windows NT in the chapter "Portability" of the samba HOWTO collection</TD
144 >4.3. smbclient ignores -N !</H1
148 >"When getting the list of shares available on a host using the command
153 the program always prompts for the password if the server is a Samba server.
154 It also ignores the "-N" argument when querying some (but not all) of our
158 >No, it does not ignore -N, it is just that your server rejected the
159 null password in the connection, so smbclient prompts for a password
162 >To get the behaviour that you probably want use <B
164 >smbclient -L host -U%</B
167 >This will set both the username and password to null, which is
168 an anonymous login for SMB. Using -N would only set the password
169 to null, and this is not accepted as an anonymous login for most
179 >4.4. The data on the CD-Drive I've shared seems to be corrupted!</H1
181 >Some OSes (notably Linux) default to auto detection of file type on
182 cdroms and do cr/lf translation. This is a very bad idea when use with
183 Samba. It causes all sorts of stuff ups.</P
185 >To overcome this problem use conv=binary when mounting the cdrom
186 before exporting it with Samba.</P
195 >4.5. Why can users access home directories of other users?</H1
199 >"We are unable to keep individual users from mapping to any other user's
200 home directory once they have supplied a valid password! They only need
201 to enter their own password. I have not found *any* method that I can
202 use to configure samba to enforce that only a user may map their own
203 home directory."</SPAN
208 >"User xyzzy can map his home directory. Once mapped user xyzzy can also map
209 *anyone* elses home directory!"</SPAN
212 >This is not a security flaw, it is by design. Samba allows
213 users to have *exactly* the same access to the UNIX filesystem
214 as they would if they were logged onto the UNIX box, except
215 that it only allows such views onto the file system as are
216 allowed by the defined shares.</P
218 >This means that if your UNIX home directories are set up
219 such that one user can happily cd into another users
220 directory and do an ls, the UNIX security solution is to
221 change the UNIX file permissions on the users home directories
222 such that the cd and ls would be denied.</P
224 >Samba tries very hard not to second guess the UNIX administrators
225 security policies, and trusts the UNIX admin to set
226 the policies and permissions he or she desires.</P
228 >Samba does allow the setup you require when you have set the
229 "only user = yes" option on the share, is that you have not set the
230 valid users list for the share.</P
232 >Note that only user works in conjunction with the users= list,
233 so to get the behavior you require, add the line :
235 CLASS="PROGRAMLISTING"
238 this is equivalent to:
240 CLASS="PROGRAMLISTING"
241 >valid users = %S</PRE
243 to the definition of the [homes] share, as recommended in
244 the smb.conf man page.</P
252 SUMMARY="Footer navigation table"
263 HREF="clientapp.html"
272 HREF="samba-faq.html"
291 >Specific client application problems</TD