1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
5 >Diagnosing your samba server</TITLE
8 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
11 TITLE="SAMBA Project Documentation"
12 HREF="samba-howto-collection.html"><LINK
15 HREF="appendixes.html"><LINK
17 TITLE="Reporting Bugs"
18 HREF="bugreport.html"></HEAD
29 SUMMARY="Header navigation table"
38 >SAMBA Project Documentation</TH
69 NAME="DIAGNOSIS">Chapter 26. Diagnosing your samba server</H1
75 NAME="AEN3378">26.1. Introduction</H1
77 >This file contains a list of tests you can perform to validate your
78 Samba server. It also tells you what the likely cause of the problem
79 is if it fails any one of these steps. If it passes all these tests
80 then it is probably working fine.</P
82 >You should do ALL the tests, in the order shown. We have tried to
83 carefully choose them so later tests only use capabilities verified in
86 >If you send one of the samba mailing lists an email saying "it doesn't work"
87 and you have not followed this test procedure then you should not be surprised
88 your email is ignored.</P
95 NAME="AEN3383">26.2. Assumptions</H1
97 >In all of the tests it is assumed you have a Samba server called
98 BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.</P
100 >The procedure is similar for other types of clients.</P
102 >It is also assumed you know the name of an available share in your
103 smb.conf. I will assume this share is called "tmp". You can add a
104 "tmp" share like by adding the following to smb.conf:</P
107 CLASS="PROGRAMLISTING"
109 comment = temporary files
111 read only = yes </PRE
114 >THESE TESTS ASSUME VERSION 3.0.0 OR LATER OF THE SAMBA SUITE. SOME
115 COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS</P
117 >Please pay attention to the error messages you receive. If any error message
118 reports that your server is being unfriendly you should first check that you
119 IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf
120 file points to name servers that really do exist.</P
122 >Also, if you do not have DNS server access for name resolution please check
123 that the settings for your smb.conf file results in "dns proxy = no". The
124 best way to check this is with "testparm smb.conf"</P
131 NAME="AEN3393">26.3. Tests</H1
137 NAME="AEN3395">26.3.1. Test 1</H2
139 >In the directory in which you store your smb.conf file, run the command
140 "testparm smb.conf". If it reports any errors then your smb.conf
141 configuration file is faulty.</P
143 >Note: Your smb.conf file may be located in: <TT
149 >/usr/local/samba/lib</TT
157 NAME="AEN3401">26.3.2. Test 2</H2
159 >Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
160 the unix box. If you don't get a valid response then your TCP/IP
161 software is not correctly installed. </P
163 >Note that you will need to start a "dos prompt" window on the PC to
166 >If you get a message saying "host not found" or similar then your DNS
167 software or /etc/hosts file is not correctly setup. It is possible to
168 run samba without DNS entries for the server and client, but I assume
169 you do have correct entries for the remainder of these tests. </P
171 >Another reason why ping might fail is if your host is running firewall
172 software. You will need to relax the rules to let in the workstation
173 in question, perhaps by allowing access from another subnet (on Linux
174 this is done via the ipfwadm program.)</P
181 NAME="AEN3407">26.3.3. Test 3</H2
183 >Run the command "smbclient -L BIGSERVER" on the unix box. You
184 should get a list of available shares back. </P
186 >If you get a error message containing the string "Bad password" then
187 you probably have either an incorrect "hosts allow", "hosts deny" or
188 "valid users" line in your smb.conf, or your guest account is not
189 valid. Check what your guest account is using "testparm" and
190 temporarily remove any "hosts allow", "hosts deny", "valid users" or
191 "invalid users" lines.</P
193 >If you get a "connection refused" response then the smbd server may
194 not be running. If you installed it in inetd.conf then you probably edited
195 that file incorrectly. If you installed it as a daemon then check that
196 it is running, and check that the netbios-ssn port is in a LISTEN
197 state using "netstat -a".</P
199 >If you get a "session request failed" then the server refused the
200 connection. If it says "Your server software is being unfriendly" then
201 its probably because you have invalid command line parameters to smbd,
202 or a similar fatal problem with the initial startup of smbd. Also
203 check your config file (smb.conf) for syntax errors with "testparm"
204 and that the various directories where samba keeps its log and lock
207 >There are a number of reasons for which smbd may refuse or decline
208 a session request. The most common of these involve one or more of
209 the following smb.conf file entries:</P
212 CLASS="PROGRAMLISTING"
214 hosts allow = xxx.xxx.xxx.xxx/yy
215 bind interfaces only = Yes</PRE
218 >In the above, no allowance has been made for any session requests that
219 will automatically translate to the loopback adaptor address 127.0.0.1.
220 To solve this problem change these lines to:</P
223 CLASS="PROGRAMLISTING"
225 hosts allow = xxx.xxx.xxx.xxx/yy 127.</PRE
228 >Do NOT use the "bind interfaces only" parameter where you may wish to
229 use the samba password change facility, or where smbclient may need to
230 access local service for name resolution or for local resource
231 connections. (Note: the "bind interfaces only" parameter deficiency
232 where it will not allow connections to the loopback address will be
235 >Another common cause of these two errors is having something already running
236 on port 139, such as Samba (ie: smbd is running from inetd already) or
237 something like Digital's Pathworks. Check your inetd.conf file before trying
238 to start smbd as a daemon, it can avoid a lot of frustration!</P
240 >And yet another possible cause for failure of TEST 3 is when the subnet mask
241 and / or broadcast address settings are incorrect. Please check that the
242 network interface IP Address / Broadcast Address / Subnet Mask settings are
243 correct and that Samba has correctly noted these in the log.nmb file.</P
250 NAME="AEN3422">26.3.4. Test 4</H2
252 >Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
253 IP address of your Samba server back.</P
255 >If you don't then nmbd is incorrectly installed. Check your inetd.conf
256 if you run it from there, or that the daemon is running and listening
259 >One common problem is that many inetd implementations can't take many
260 parameters on the command line. If this is the case then create a
261 one-line script that contains the right parameters and run that from
269 NAME="AEN3427">26.3.5. Test 5</H2
273 >nmblookup -B ACLIENT '*'</B
276 >You should get the PCs IP address back. If you don't then the client
277 software on the PC isn't installed correctly, or isn't started, or you
278 got the name of the PC wrong. </P
280 >If ACLIENT doesn't resolve via DNS then use the IP address of the
281 client in the above test.</P
288 NAME="AEN3433">26.3.6. Test 6</H2
292 >nmblookup -d 2 '*'</B
295 >This time we are trying the same as the previous test but are trying
296 it via a broadcast to the default broadcast address. A number of
297 Netbios/TCPIP hosts on the network should respond, although Samba may
298 not catch all of the responses in the short time it listens. You
299 should see "got a positive name query response" messages from several
302 >If this doesn't give a similar result to the previous test then
303 nmblookup isn't correctly getting your broadcast address through its
304 automatic mechanism. In this case you should experiment use the
305 "interfaces" option in smb.conf to manually configure your IP
306 address, broadcast and netmask. </P
308 >If your PC and server aren't on the same subnet then you will need to
309 use the -B option to set the broadcast address to the that of the PCs
312 >This test will probably fail if your subnet mask and broadcast address are
313 not correct. (Refer to TEST 3 notes above).</P
320 NAME="AEN3441">26.3.7. Test 7</H2
324 >smbclient //BIGSERVER/TMP</B
326 then be prompted for a password. You should use the password of the account
327 you are logged into the unix box with. If you want to test with
328 another account then add the -U >accountname< option to the end of
329 the command line. eg:
332 >smbclient //bigserver/tmp -Ujohndoe</B
335 >Note: It is possible to specify the password along with the username
339 >smbclient //bigserver/tmp -Ujohndoe%secret</B
342 >Once you enter the password you should get the "smb>" prompt. If you
343 don't then look at the error message. If it says "invalid network
344 name" then the service "tmp" is not correctly setup in your smb.conf.</P
346 >If it says "bad password" then the likely causes are:</P
353 > you have shadow passords (or some other password system) but didn't
354 compile in support for them in smbd
359 > your "valid users" configuration is incorrect
364 > you have a mixed case password and you haven't enabled the "password
365 level" option at a high enough level
370 > the "path =" line in smb.conf is incorrect. Check it with testparm
375 > you enabled password encryption but didn't create the SMB encrypted
381 >Once connected you should be able to use the commands
394 >help >command<</B
395 > for instructions. You should
396 especially check that the amount of free disk space shown is correct
407 NAME="AEN3467">26.3.8. Test 8</H2
409 >On the PC type the command <B
411 >net view \\BIGSERVER</B
413 need to do this from within a "dos prompt" window. You should get back a
414 list of available shares on the server.</P
416 >If you get a "network name not found" or similar error then netbios
417 name resolution is not working. This is usually caused by a problem in
418 nmbd. To overcome it you could do one of the following (you only need
419 to choose one of them):</P
426 > fixup the nmbd installation</P
430 > add the IP address of BIGSERVER to the "wins server" box in the
431 advanced tcp/ip setup on the PC.</P
435 > enable windows name resolution via DNS in the advanced section of
440 > add BIGSERVER to your lmhosts file on the PC.</P
444 >If you get a "invalid network name" or "bad password error" then the
445 same fixes apply as they did for the "smbclient -L" test above. In
446 particular, make sure your "hosts allow" line is correct (see the man
449 >Also, do not overlook that fact that when the workstation requests the
450 connection to the samba server it will attempt to connect using the
451 name with which you logged onto your Windows machine. You need to make
452 sure that an account exists on your Samba server with that exact same
453 name and password.</P
455 >If you get "specified computer is not receiving requests" or similar
456 it probably means that the host is not contactable via tcp services.
457 Check to see if the host is running tcp wrappers, and if so add an entry in
458 the hosts.allow file for your client (or subnet, etc.)</P
465 NAME="AEN3484">26.3.9. Test 9</H2
469 >net use x: \\BIGSERVER\TMP</B
471 be prompted for a password then you should get a "command completed
472 successfully" message. If not then your PC software is incorrectly
473 installed or your smb.conf is incorrect. make sure your "hosts allow"
474 and other config lines in smb.conf are correct.</P
476 >It's also possible that the server can't work out what user name to
477 connect you as. To see if this is the problem add the line "user =
478 USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the
479 username corresponding to the password you typed. If you find this
480 fixes things you may need the username mapping option. </P
482 >It might also be the case that your client only sends encrypted passwords
485 >encrypt passwords = no</B
490 Turn it back on to fix.</P
497 NAME="AEN3492">26.3.10. Test 10</H2
501 >nmblookup -M TESTGROUP</B
503 TESTGROUP is the name of the workgroup that your Samba server and
504 Windows PCs belong to. You should get back the IP address of the
505 master browser for that workgroup.</P
507 >If you don't then the election process has failed. Wait a minute to
508 see if it is just being slow then try again. If it still fails after
509 that then look at the browsing options you have set in smb.conf. Make
512 >preferred master = yes</B
514 an election is held at startup.</P
521 NAME="AEN3498">26.3.11. Test 11</H2
523 >From file manager try to browse the server. Your samba server should
524 appear in the browse list of your local workgroup (or the one you
525 specified in smb.conf). You should be able to double click on the name
526 of the server and get a list of shares. If you get a "invalid
527 password" error when you do then you are probably running WinNT and it
528 is refusing to browse a server that has no encrypted password
529 capability and is in user level security mode. In this case either set
532 >security = server</B
536 >password server = Windows_NT_Machine</B
538 smb.conf file, or enable encrypted passwords AFTER compiling in support
539 for encrypted passwords (refer to the Makefile).</P
547 NAME="AEN3503">26.4. Still having troubles?</H1
549 >Try the mailing list or newsgroup, or use the ethereal utility to
550 sniff the problem. The official samba mailing list can be reached at
552 HREF="mailto:samba@samba.org"
556 out more about samba and how to subscribe to the mailing list check
557 out the samba web page at
559 HREF="http://samba.org/samba"
561 >http://samba.org/samba</A
564 >Also look at the other docs in the Samba package!</P
572 SUMMARY="Footer navigation table"
583 HREF="bugreport.html"
592 HREF="samba-howto-collection.html"
613 HREF="appendixes.html"
git.samba.org / kai / samba.git / blob