1<!doctype linuxdoc system> <!-- -*- SGML -*- --> 2<!-- 3 v 0.1 23 Aug 1997 Dan Shearer 4 Original Samba-Client-FAQ.sgml from Paul's sambafaq.sgml 5 v 0.2 25 Aug 1997 Dan 6 v 0.3 7 Oct 1997 Paul, changed email address from ictinus@lake... to ictinus@samba.anu 7--> 8 9 10<article> 11 12<title> Samba Server FAQ 13 14<author>Dan Shearer & Paul Blackman, <tt>ictinus@samba.org</tt> 15 16<date>v 0.3, 7 Oct '97 17 18<abstract> This is the <em>Server</em> Frequently Asked Questions (FAQ) 19document for Samba, the free and very popular SMB and CIFS server 20product. A general <url url="Samba-meta-FAQ.html" name="meta FAQ"> 21exists and also a companion <url url="Samba-Client-FAQ.html" 22name="Client FAQ">, together with more detailed HOWTO documents on 23topics to do with Samba software. This is current to Samba version 241.9.17. Please send any corrections to the author. 25 26</abstract> 27 28<toc> 29 30<sect>What is Samba?<p><label id="WhatIsSamba"> 31 32See the <url url="Samba-meta-FAQ.html#introduction" name="meta FAQ 33introduction"> if you don't have any idea what Samba does. 34 35Samba has many features that are not supported in other CIFS and SMB 36implementations, all of which are commercial. It approaches some 37problems from a different angle. 38 39Some of its features include: 40<itemize> 41<item>extremely dynamic runtime configuration 42<item>host as well as username/password security 43<item>scriptable SMB client 44<item>automatic home directory exporting 45<item>automatic printer exporting 46<item>intelligent dead connection timeouts 47<item>guest connections 48</itemize> 49 50Look at the <url url="samba-man-index.html" name="manual pages"> included with the package for a full list of 51features. The components of the suite are (in summary): 52 53<descrip> 54 55<tag/smbd/ the SMB server. This handles actual connections from clients, 56doing all the interfacing with the <url 57url="Samba-meta-FAQ.html#DomainModeSecurity" name="authentication 58database"> for file, permission and username work. 59 60<tag/nmbd/ the NetBIOS name server, which helps clients locate servers, 61maintaining the <url url="Samba-meta-FAQ.html#BrowseAndDomainDefs" 62name="authentication database"> doing the browsing work and managing 63domains as this capability is being built into Samba. 64 65<tag/smbclient/ the scriptable commandline SMB client program. 66Useful for automated work, printer filters and testing purposes. It is 67more CIFS-compliant than most commercial implementations. Note that this 68is not a filesystem. The Samba team does not supply a network filesystem 69driver, although the smbfs filesystem for Linux is derived from 70smbclient code. 71 72<tag/smbrun/ a little 'glue' program to help the server run 73external programs. 74 75<tag/testprns/ a program to test server access to printers 76 77<tag/testparms/ a program to test the Samba configuration file 78for correctness 79 80<tag/smb.conf/ the Samba configuration file 81 82<tag/examples/ many examples have been put together for the different 83operating systems that Samba supports. 84 85<tag/Documentation!/ DON'T neglect to read it - you will save a great 86deal of time! 87 88</descrip> 89 90<sect>How do I get the CIFS, SMB and NetBIOS protocols?<p><label id="ServerProtocols"> 91 92See the <url url="Samba-meta-FAQ.html#CifsSmb" name="meta FAQ 93on CIFS and SMB"> if you don't have any idea what these protocols are. 94 95CIFS and SMB are implemented by the main Samba fileserving daemon, smbd. 96[.....] 97 98nmbd speaks a limited amount of CIFS (...) but is mostly concerned with 99NetBIOS. NetBIOS is [....] 100 101RFC1001, RFC1002 [...] 102 103So, provided you have got Samba correctly installed and running you have 104all three of these protocols. Some operating systems already come with 105stacks for all or some of these, such as SCO Unix, OS/2 and [...] In this 106case you must [...] 107 108<sect1>What server operating systems are supported?<p><label id="PortInfo"> 109 110At the last count, Samba runs on about 40 operating systems! This 111section looks at general questions about running Samba on the different 112platforms. Issues specific to particular operating systems are dealt 113with in elsewhere in this document. 114 115Many of the ports have been done by people outside the Samba team keen 116to get the advantages of Samba. The Samba team is currently trying to 117bring as many of these ports as possible into the main source tree and 118integrate the documentation. Samba is an integration tool, and so it has 119been made as easy as possible to port. The platforms most widely used 120and thus best tested are Linux and SunOS. 121 122This migration has not been completed yet. This means that some 123documentation is on web sites [...] 124 125There are two main families of Samba ports, Unix and other. The Unix 126ports cover anything that remotely resembles Unix and includes some 127extremely old products as well as best-sellers, tiny PCs to massive 128multiprocessor machines supporting hundreds of thousands of users. Samba 129has been run on more than 30 Unix and Unix-like operating systems. 130 131<sect2>Running Samba on a Unix or Unix-like system<p><label id="OnUnix"> 132 133<url url="../UNIX-SMB.txt"> describes some of the issues that confront a 134SMB implementation on unix, and how Samba copes with them. They may help 135people who are looking at unix<->PC interoperability. 136 137There is great variation between Unix implementations, especially those 138not adhering to the Common Unix Specification agreed to in 1996. Things 139that can be quite tricky are [.....] 140 141There are also some considerable advantages conferred on Samba running 142under Unix compared to, say, Windows NT or LAN Server. Unix has [...] 143 144At time of writing, the Makefile claimed support for: 145<itemize> 146<item> A/UX 3.0 147<item> AIX 148<item> Altos Series 386/1000 149<item> Amiga 150<item> Apollo Domain/OS sr10.3 151<item> BSDI 152<item> B.O.S. (Bull Operating System) 153<item> Cray, Unicos 8.0 154<item> Convex 155<item> DGUX. 156<item> DNIX. 157<item> FreeBSD 158<item> HP-UX 159<item> Intergraph. 160<item> Linux with/without shadow passwords and quota 161<item> LYNX 2.3.0 162<item> MachTen (a unix like system for Macintoshes) 163<item> Motorola 88xxx/9xx range of machines 164<item> NetBSD 165<item> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach). 166<item> OS/2 using EMX 0.9b 167<item> OSF1 168<item> QNX 4.22 169<item> RiscIX. 170<item> RISCOs 5.0B 171<item> SEQUENT. 172<item> SCO (including: 3.2v2, European dist., OpenServer 5) 173<item> SGI. 174<item> SMP_DC.OSx v1.1-94c079 on Pyramid S series 175<item> SONY NEWS, NEWS-OS (4.2.x and 6.1.x) 176<item> SUNOS 4 177<item> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later') 178<item> Sunsoft ISC SVR3V4 179<item> SVR4 180<item> System V with some berkely extensions (Motorola 88k R32V3.2). 181<item> ULTRIX. 182<item> UNIXWARE 183<item> UXP/DS 184</itemize> 185 186 187<sect2>Running Samba on systems unlike Unix<p><label id="OnUnlikeUnix"> 188 189More recently Samba has been ported to a number of operating systems 190which can provide a BSD Unix-like implementation of TCP/IP sockets. 191These include OS/2, Netware, VMS, StratOS, Amiga and MVS. BeOS, 192Windows NT and several others are being worked on but not yet available 193for use. 194 195Home pages for these ports are: 196 197[... ] 198 199<sect1>Exporting server resources with Samba<p><label id="Exporting"> 200 201Files, printers, CD ROMs and other local devices. Network devices, 202including networked filesystems and remote printer queues. Other devices 203such as [....] 204 205 1.4) Configuring SHARES 206 1.4.1) Homes service 207 1.4.2) Public services 208 1.4.3) Application serving 209 1.4.4) Team sharing a Samba resource 210 211 1.5) Printer configuration 212 1.5.1) Berkeley LPR/LPD systems 213 1.5.2) ATT SysV lp systems 214 1.5.3) Using a private printcap file 215 1.5.4) Use of the smbprint utility 216 1.5.5) Printing from Windows to Unix 217 1.5.6) Printing from Unix to Windows 218 219<sect1>Name Resolution and Browsing<p><label id="NameBrowsing"> 220 221See also <url url="../BROWSING.txt"> 222 223 1.6) Name resolution issues 224 1.6.1) LMHOSTS file and when to use it 225 1.6.2) configuring WINS (support, server, proxy) 226 1.6.3) configuring DNS proxy 227 228 1.7) Problem Diagnosis 229 1.8) What NOT to do!!!! 230 231 3.2) Browse list managment 232 3.3) Name resolution mangement 233 234 235<sect1>Handling SMB Encryption<p><label id="SMBEncryptionSteps"> 236 237SMB encryption is ... 238 239...in <url url="../ENCRYPTION.txt"> there is... 240 241Samba compiled with libdes - enabling encrypted passwords 242 243 244<sect2>Laws in different countries affecting Samba<p><label id="CryptoLaws"> 245 246<sect2>Relationship between encryption and Domain Authentication<p> 247 248<sect1> Files and record locking 249 250 3.1.1) Old DOS clients 251 3.1.2) Opportunistic locking and the consequences 252 3.1.3) Files caching under Windows for Workgroups, Win95 and NT 253 254 Some of the foregoing links into Client-FAQ 255 256<sect1>Managing Samba Log files<p><label id="LogFiles"> 257 258<sect1>I can't see the Samba server in any browse lists!<p><label id="no_browse"> 259 See <url url="ftp://samba.org/pub/samba/BROWSING.txt" name="BROWSING.txt"> 260 for more information on browsing. Browsing.txt can also be found 261 in the docs directory of the Samba source. 262 263If your GUI client does not permit you to select non-browsable 264servers, you may need to do so on the command line. For example, under 265Lan Manager you might connect to the above service as disk drive M: 266thusly: 267<tscreen><verb> 268 net use M: \\mary\fred 269</verb></tscreen> 270The details of how to do this and the specific syntax varies from 271client to client - check your client's documentation. 272 273<sect1>Some files that I KNOW are on the server doesn't show up when I view the files from my client! <p> <label id="missing_files"> 274See the next question. 275 276<sect1>Some files on the server show up with really wierd filenames when I view the files from my client! <p> <label id="strange_filenames"> 277If you check what files are not showing up, you will note that they 278are files which contain upper case letters or which are otherwise not 279DOS-compatible (ie, they are not legal DOS filenames for some reason). 280 281The Samba server can be configured either to ignore such files 282completely, or to present them to the client in "mangled" form. If you 283are not seeing the files at all, the Samba server has most likely been 284configured to ignore them. Consult the man page smb.conf(5) for 285details of how to change this - the parameter you need to set is 286"mangled names = yes". 287 288<sect1>My client reports "cannot locate specified computer" or similar<p><label id="cant_see_server"> 289This indicates one of three things: You supplied an incorrect server 290name, the underlying TCP/IP layer is not working correctly, or the 291name you specified cannot be resolved. 292 293After carefully checking that the name you typed is the name you 294should have typed, try doing things like pinging a host or telnetting 295to somewhere on your network to see if TCP/IP is functioning OK. If it 296is, the problem is most likely name resolution. 297 298If your client has a facility to do so, hardcode a mapping between the 299hosts IP and the name you want to use. For example, with Man Manager 300or Windows for Workgroups you would put a suitable entry in the file 301LMHOSTS. If this works, the problem is in the communication between 302your client and the netbios name server. If it does not work, then 303there is something fundamental wrong with your naming and the solution 304is beyond the scope of this document. 305 306If you do not have any server on your subnet supplying netbios name 307resolution, hardcoded mappings are your only option. If you DO have a 308netbios name server running (such as the Samba suite's nmbd program), 309the problem probably lies in the way it is set up. Refer to Section 310Two of this FAQ for more ideas. 311 312By the way, remember to REMOVE the hardcoded mapping before further 313tests :-) 314 315<sect1>My client reports "cannot locate specified share name" or similar<p> <label id="cant_see_share"> 316This message indicates that your client CAN locate the specified 317server, which is a good start, but that it cannot find a service of 318the name you gave. 319 320The first step is to check the exact name of the service you are 321trying to connect to (consult your system administrator). Assuming it 322exists and you specified it correctly (read your client's doco on how 323to specify a service name correctly), read on: 324 325<itemize> 326<item> Many clients cannot accept or use service names longer than eight characters. 327<item> Many clients cannot accept or use service names containing spaces. 328<item> Some servers (not Samba though) are case sensitive with service names. 329<item> Some clients force service names into upper case. 330</itemize> 331 332<sect1>My client reports "cannot find domain controller", "cannot log on to the network" or similar <p> <label id="cant_see_net"> 333Nothing is wrong - Samba does not implement the primary domain name 334controller stuff for several reasons, including the fact that the 335whole concept of a primary domain controller and "logging in to a 336network" doesn't fit well with clients possibly running on multiuser 337machines (such as users of smbclient under Unix). Having said that, 338several developers are working hard on building it in to the next 339major version of Samba. If you can contribute, send a message to 340<htmlurl url="mailto:samba@samba.org" name="samba@samba.org"> ! 341 342Seeing this message should not affect your ability to mount redirected 343disks and printers, which is really what all this is about. 344 345For many clients (including Windows for Workgroups and Lan Manager), 346setting the domain to STANDALONE at least gets rid of the message. 347 348<sect1>Printing doesn't work :-(<p> <label id="no_printing"> 349 350Make sure that the specified print command for the service you are 351connecting to is correct and that it has a fully-qualified path (eg., 352use "/usr/bin/lpr" rather than just "lpr", if you happen to be using 353Unix). 354 355Make sure that the spool directory specified for the service is 356writable by the user connected to the service. 357 358Make sure that the user specified in the service is permitted to use 359the printer. 360 361Check the debug log produced by smbd. Search for the printer name and 362see if the log turns up any clues. Note that error messages to do with 363a service ipc$ are meaningless - they relate to the way the client 364attempts to retrieve status information when using the LANMAN1 365protocol. 366 367If using WfWg then you need to set the default protocol to TCP/IP, not 368Netbeui. This is a WfWg bug. 369 370If using the Lanman1 protocol (the default) then try switching to 371coreplus. Also not that print status error messages don't mean 372printing won't work. The print status is received by a different 373mechanism. 374 375<sect1>My programs install on the server OK, but refuse to work properly<p><label id="programs_wont_run"> 376There are numerous possible reasons for this, but one MAJOR 377possibility is that your software uses locking. Make sure you are 378using Samba 1.6.11 or later. It may also be possible to work around 379the problem by setting "locking=no" in the Samba configuration file 380for the service the software is installed on. This should be regarded 381as a strictly temporary solution. 382 383In earlier Samba versions there were some difficulties with the very 384latest Microsoft products, particularly Excel 5 and Word for Windows 3856. These should have all been solved. If not then please let Andrew 386Tridgell know via email at <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">. 387 388<sect1>My "server string" doesn't seem to be recognised<p><label id="bad_server_string"> 389OR My client reports the default setting, eg. "Samba 1.9.15p4", instead 390of what I have changed it to in the smb.conf file. 391 392You need to use the -C option in nmbd. The "server string" affects 393what smbd puts out and -C affects what nmbd puts out. 394 395Current versions of Samba (1.9.16 +) have combined these options into 396the "server string" field of smb.conf, -C for nmbd is now obsolete. 397 398<sect1>My client reports "This server is not configured to list shared resources" <p> <label id="cant_list_shares"> 399Your guest account is probably invalid for some reason. Samba uses the 400guest account for browsing in smbd. Check that your guest account is 401valid. 402 403See also 'guest account' in smb.conf man page. 404 405<sect1>Issues specific to Unix and Unix-like systems<p><label id="UnixIssues"> 406 407<sect2>Printing doesn't work with my Unix Samba server<p> <label id="no_printing"> 408 409The user "nobody" often has problems with printing, even if it worked 410with an earlier version of Samba. Try creating another guest user other 411than "nobody". 412 413<sect2>Log message "you appear to have a trapdoor uid system" <p><label id="trapdoor_uid"> 414This can have several causes. It might be because you are using a uid 415or gid of 65535 or -1. This is a VERY bad idea, and is a big security 416hole. Check carefully in your /etc/passwd file and make sure that no 417user has uid 65535 or -1. Especially check the "nobody" user, as many 418broken systems are shipped with nobody setup with a uid of 65535. 419 420It might also mean that your OS has a trapdoor uid/gid system :-) 421 422This means that once a process changes effective uid from root to 423another user it can't go back to root. Unfortunately Samba relies on 424being able to change effective uid from root to non-root and back 425again to implement its security policy. If your OS has a trapdoor uid 426system this won't work, and several things in Samba may break. Less 427things will break if you use user or server level security instead of 428the default share level security, but you may still strike 429problems. 430 431The problems don't give rise to any security holes, so don't panic, 432but it does mean some of Samba's capabilities will be unavailable. 433In particular you will not be able to connect to the Samba server as 434two different uids at once. This may happen if you try to print as a 435"guest" while accessing a share as a normal user. It may also affect 436your ability to list the available shares as this is normally done as 437the guest user. 438 439Complain to your OS vendor and ask them to fix their system. 440 441Note: the reason why 65535 is a VERY bad choice of uid and gid is that 442it casts to -1 as a uid, and the setreuid() system call ignores (with 443no error) uid changes to -1. This means any daemon attempting to run 444as uid 65535 will actually run as root. This is not good! 445 446<sect1>Issues specific to IBM OS/2 systems<p><label id="OS2Issues"> 447 448<url url="http://carol.wins.uva.nl/~leeuw/samba/samba2.html" name="Samba for OS/2"> 449 450<sect1>Issues specific to IBM MVS systems<p><label id="MVSIssues"> 451 452<url url="ftp://ftp.mks.com/pub/samba/" name="Samba for OS/390 MVS"> 453 454<sect1>Issues specific to Digital VMS systems<p><label id="VMSIssues"> 455 456<sect1>Issues specific to Amiga systems<p><label id="AmigaIssues"> 457 458<url url="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/" name="Samba for Amiga"> 459 460There is a mailing list for Samba on the Amiga. 461 462 Subscribing. 463 464 Send an email to rask-samba-request@kampsax.dtu.dk with the word subscribe 465in the message. The list server will use the address in the Reply-To: or 466From: header field, in that order. 467 468 Unsubscribing. 469 470 Send an email to rask-samba-request@kampsax.dtu.dk with the word 471unsubscribe in the message. The list server will use the address in the 472Reply-To: or From: header field, in that order. If you are unsure which 473address you are subscribed with, look at the headers. You should see a 474"From " (no colon) or Return-Path: header looking something like 475 476 rask-samba-owner-myname=my.domain@kampsax.dtu.dk 477 478where myname=my.domain gives you the address myname@my.domain. This also 479means that I will always be able to find out which address is causing 480bounces, for example. 481 List archive. 482 483 Messages sent to the list are archived in HTML. See the mailing list home 484page at <URL url="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/"> 485 486<sect1>Issues specific to Novell IntraNetware systems<p><label id="NetwareIssues"> 487 488<sect1>Issues specific to Stratos VOS systems<p><label id="NetwareIssues"> 489 490<url url="ftp://ftp.stratus.com/pub/vos/tools/" name="Samba for Stratus VOS"> 491 492</article> 493