summaryrefslogtreecommitdiff
path: root/docs/htmldocs/using_samba/ch12.html
diff options
context:
space:
mode:
authorbubulle <bubulle@alioth.debian.org>2008-05-22 11:51:59 +0000
committerbubulle <bubulle@alioth.debian.org>2008-05-22 11:51:59 +0000
commitad6534cceb7ea682673235810fe28f5b77fabb05 (patch)
treea99e4dd837d1e8f780c9d25bc27b4be287bff9e4 /docs/htmldocs/using_samba/ch12.html
parent7cf30d835f11038aa46900e554670f8f22b841d2 (diff)
downloadsamba-ad6534cceb7ea682673235810fe28f5b77fabb05.tar.gz
Merge upstream 3.0.29 in trunk
git-svn-id: svn://svn.debian.org/svn/pkg-samba/trunk/samba@1886 fc4039ab-9d04-0410-8cac-899223bdd6b0
Diffstat (limited to 'docs/htmldocs/using_samba/ch12.html')
-rw-r--r--docs/htmldocs/using_samba/ch12.html3341
1 files changed, 0 insertions, 3341 deletions
diff --git a/docs/htmldocs/using_samba/ch12.html b/docs/htmldocs/using_samba/ch12.html
deleted file mode 100644
index 6ba643fe73..0000000000
--- a/docs/htmldocs/using_samba/ch12.html
+++ /dev/null
@@ -1,3341 +0,0 @@
-<html>
-<body bgcolor="#ffffff">
-
-<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76"
-hspace="10" align="left" />
-
-<h1 class="head0">Chapter 12. Troubleshooting Samba</h1>
-
-
-<p><a name="INDEX-1"/><a name="INDEX-2"/>Samba is extremely robust. Once you have
-everything set up the way you want, you'll probably
-forget that it is running. When trouble occurs, it's
-typically during installation or when you're trying
-to reconfigure the server. Fortunately, a wide variety of resources
-are available to diagnose these troubles. While we
-can't describe in detail the solution to every
-problem you might encounter, you should be able to get a good start
-at resolving the problem by following the advice given in this
-chapter.</p>
-
-<p>The first section of this chapter lists the tool bag, a collection of
-tools available for troubleshooting Samba; the second section is a
-detailed how-to; the last section lists extra resources to track down
-particularly stubborn problems.</p>
-
-
-
-<div class="sect1"><a name="samba2-CHP-12-SECT-1"/>
-
-<h2 class="head1">The Tool Box</h2>
-
-<p><a name="INDEX-3"/><a name="INDEX-4"/>Sometimes Unix
-seems to be made up of a grab bag of applications and tools. There
-are tools to troubleshoot tools. And of course, there are several
-ways to accomplish the same task. When trying to solve a problem
-related to Samba, a good plan of attack is to use the following:</p>
-
-<ul><li>
-<p>Samba logs</p>
-</li><li>
-<p>Samba test utilities</p>
-</li><li>
-<p>Unix utilities</p>
-</li><li>
-<p>Fault tree</p>
-</li><li>
-<p>Documentation and FAQs</p>
-</li><li>
-<p>Samba newsgroups</p>
-</li><li>
-<p>Searchable mailing list archives</p>
-</li></ul>
-<p>Let's go over each of these one-by-one in the
-following sections.</p>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-1.1"/>
-
-<h3 class="head2">Samba Logs</h3>
-
-<p><a name="INDEX-5"/><a name="INDEX-6"/>Your first line of attack should always
-be to check the log files. The Samba log files can help diagnose the
-vast majority of the problems faced by beginning- to
-intermediate-level Samba administrators. Samba is quite flexible when
-it comes to logging. You can set up the server to log as little or as
-much information as you want. Using substitution variables in the
-Samba configuration file allows you to isolate individual logs for
-each system, share, or combination thereof.</p>
-
-<p>Logs are placed in <em class="filename">/usr/local/samba/var/smbd.log</em>
-and <em class="filename">/usr/local/samba/var/nmbd.log</em> by default.
-You can specify a log directory to use with the
-<em class="emphasis">-l</em> flag on the command line when starting the
-Samba daemons. For example:</p>
-
-<blockquote><pre class="code"># <tt class="userinput"><b>smbd -l /var/log/samba</b></tt>
-# <tt class="userinput"><b>nmbd -l /var/log/samba</b></tt></pre></blockquote>
-
-<p>Alternatively, you can override the location and name using the
-<tt class="literal">log</tt><a name="INDEX-7"/> <tt class="literal">file</tt> configuration
-option in <em class="filename">smb.conf</em>. This option accepts all the
-substitution variables, so you could easily have the server keep a
-separate log for each connecting client system by specifying the
-following:</p>
-
-<blockquote><pre class="code">[global]
- log file = %m.log</pre></blockquote>
-
-<p>Another useful trick is to have the server keep a log for each
-service (share) that is offered, especially if you suspect a
-particular share is causing trouble. To do this, use the
-<tt class="literal">%S</tt> variable, like this:</p>
-
-<blockquote><pre class="code">[global]
- log file = %S.log</pre></blockquote>
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-1.1.1"/>
-
-<h3 class="head3">Log levels</h3>
-
-<p><a name="INDEX-8"/>The level of logging that Samba uses
-can be set in the <em class="filename">smb.conf</em> file using the global
-<tt class="literal">log</tt> <tt class="literal">level</tt> or
-<tt class="literal">debug</tt> <tt class="literal">level</tt> option; they are
-equivalent. The logging level is an integer that can range from 0 to
-10. At level 0, no logging is done. Higher values result in more
-voluminous logging. For example, let's assume that
-we will use a Windows client to browse a directory on a Samba server.
-For a small amount of log information, you can use
-<tt class="literal">log</tt> <tt class="literal">level</tt> <tt class="literal">=</tt>
-<tt class="literal">1</tt>, which instructs Samba to show only cursory
-information, in this case only the connection itself:</p>
-
-<blockquote><pre class="code">05/25/02 22:02:11 server (192.168.236.86) connect to service public as user pcguest
-(uid=503,gid=100) (pid 3377)</pre></blockquote>
-
-<p>Higher debug levels produce more detailed information. Usually, you
-won't need more than level 3, which is fully
-adequate for most Samba administrators. Levels above 3 are used by
-the developers and dump enormous amounts of cryptic information.</p>
-
-<p>Here is an example of output at levels 2 and 3 for the same
-operation. Don't worry if you don't
-understand the intricacies of an SMB connection; the point is simply
-to show you what types of information are shown at the different
-<a name="INDEX-9"/>logging levels:</p>
-
-<blockquote><pre class="code"> /* Level 2 */
-Got SIGHUP
-Processing section &quot;[homes]&quot;
-Processing section &quot;[public]&quot;
-Processing section &quot;[temp]&quot;
-Allowed connection from 192.168.236.86 (192.168.236.86) to IPC$
-Allowed connection from 192.168.236.86 (192.168.236.86) to IPC/
-
-
-/* Level 3 */
-05/25/02 22:15:09 Transaction 63 of length 67
-switch message SMBtconX (pid 3377)
-Allowed connection from 192.168.236.86 (192.168.236.86) to IPC$
-ACCEPTED: guest account and guest ok
-found free connection number 105
-Connect path is /tmp
-chdir to /tmp
-chdir to /
-05/25/02 22:15:09 server (192.168.236.86) connect to service IPC$ as user pcguest
-(uid=503,gid=100) (pid 3377)
-05/25/02 22:15:09 tconX service=ipc$ user=pcguest cnum=105
-05/25/02 22:15:09 Transaction 64 of length 99
-switch message SMBtrans (pid 3377)
-chdir to /tmp
-trans &lt;\PIPE\LANMAN&gt; data=0 params=19 setup=0
-Got API command 0 of form &lt;WrLeh&gt; &lt;B13BWz&gt; (tdscnt=0,tpscnt=19,mdrcnt=4096,mprcnt=8)
-Doing RNetShareEnum
-RNetShareEnum gave 4 entries of 4 (1 4096 126 4096)
-05/25/02 22:15:11 Transaction 65 of length 99
-switch message SMBtrans (pid 3377)
-chdir to /
-chdir to /tmp
-trans &lt;\PIPE\LANMAN&gt; data=0 params=19 setup=0
-Got API command 0 of form &lt;WrLeh&gt; &lt;B13BWz&gt; (tdscnt=0,tpscnt=19,mdrcnt=4096,mprcnt=8)
-Doing RNetShareEnum
-RNetShareEnum gave 4 entries of 4 (1 4096 126 4096)
-05/25/02 22:15:11 Transaction 66 of length 95
-switch message SMBtrans2 (pid 3377)
-chdir to /
-chdir to /pcdisk/public
-call_trans2findfirst: dirtype = 0, maxentries = 6, close_after_first=0, close_if_end
-= 0 requires_resume_key = 0 level = 260, max_data_bytes = 2432
-unix_clean_name [./DESKTOP.INI]
-unix_clean_name [desktop.ini]
-unix_clean_name [./]
-creating new dirptr 1 for path ./, expect_close = 1
-05/25/02 22:15:11 Transaction 67 of length 53
-switch message SMBgetatr (pid 3377)
-chdir to /
-
-<i class="lineannotation">[... deleted ...]</i></pre></blockquote>
-
-<p>We cut off this listing after the first packet because it runs on for
-many pages. However, be aware that log levels above 3 will quickly
-consume disk space with megabytes of excruciating detail concerning
-Samba's internal operations. Log level 3 is
-extremely useful for following exactly what the server is doing, and
-most of the time it will be obvious where an error occurs by glancing
-through the log file.</p>
-
-<p>Using a high log level (3 or above) will
-<em class="emphasis">seriously</em> slow down the Samba server. Remember
-that every log message generated causes a write to disk (an
-inherently slow operation) and log levels greater than 2 produce
-massive amounts of data. Essentially, you should turn on logging
-level 3 only when you're actively tracking a problem
-in the Samba server. <a name="INDEX-10"/></p>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-1.1.2"/>
-
-<h3 class="head3">Activating and deactivating logging</h3>
-
-<p><a name="INDEX-11"/><a name="INDEX-12"/>To turn logging on and off,
-set the appropriate level in the <tt class="literal">[global]</tt> section
-of <em class="filename">smb.conf</em>. Then, you can either restart Samba
-or force the current daemon to reprocess the configuration file by
-sending it a hangup (HUP) signal. You also can send the
-<em class="emphasis">smbd</em> process a SIGUSR1 signal to increase its
-log level by one while it's running, like this:</p>
-
-<blockquote><pre class="code"># <tt class="userinput"><b>kill -SIGUSR1 1234</b></tt></pre></blockquote>
-
-<p>or a SIGUSR2 signal to decrease it by one:</p>
-
-<blockquote><pre class="code"># <tt class="userinput"><b>kill -SIGUSR2 1234</b></tt></pre></blockquote>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-1.1.3"/>
-
-<h3 class="head3">Logging by individual client systems or users</h3>
-
-<p>An effective way to diagnose problems without hampering other users
-is to assign different log levels for different systems in the
-<tt class="literal">[global]</tt> section of the
-<em class="filename">smb.conf</em> file. We can do this by building on the
-strategy we presented earlier:</p>
-
-<blockquote><pre class="code">[global]
- log level = 0
- log file = /usr/local/samba/var/log.%m
- include = /usr/local/samba/lib/smb.conf.%m</pre></blockquote>
-
-<p>These options instruct Samba to use unique configuration and log
-files for each client that connects. Now all you have to do is create
-an <em class="filename">smb.conf</em> file for a specific client system
-with a <tt class="literal">log</tt> <tt class="literal">level</tt>
-<tt class="literal">=</tt> <tt class="literal">3</tt> entry in it (the others
-will pick up the default log level of 0) and use that log file to
-track down the problem.</p>
-
-<p>Similarly, if only particular users are experiencing a
-problem&mdash;and it travels from system to system with
-them&mdash;you can isolate logging to a specific user by adding the
-following to the <em class="filename">smb.conf</em> file:</p>
-
-<blockquote><pre class="code">[global]
- log level = 0
- log file = /usr/local/samba/var/log.%u
- include = /usr/local/samba/lib/smb.conf.%u</pre></blockquote>
-
-<p>Then you can create a unique <em class="filename">smb.conf</em> file for
-each user you wish to monitor (e.g.,
-<em class="filename">/usr/local/samba/lib/smb.conf.tim</em>). Files
-containing the configuration option <tt class="literal">log</tt>
-<tt class="literal">level</tt> <tt class="literal">=</tt> <tt class="literal">3</tt>
-and only those users will get more detailed logging.<a name="INDEX-13"/><a name="INDEX-14"/></p>
-
-
-</div>
-
-
-</div>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-1.2"/>
-
-<h3 class="head2">Samba Test Utilities</h3>
-
-<p><a name="INDEX-15"/><a name="INDEX-16"/>A rigorous set of tests that exercise
-the major parts of Samba are described in various files in the
-<em class="emphasis">/docs/textdocs</em> directory of the Samba
-distribution kit, starting with <em class="emphasis">DIAGNOSIS.txt</em>.
-The fault tree in this chapter is a more detailed version of the
-basic tests suggested by the Samba Team, but it covers only
-installation and reconfiguration diagnosis, such as
-<em class="emphasis">DIAGNOSIS.txt</em>. The other files in the
-<em class="emphasis">/docs</em> subdirectories address specific problems
-and instruct you how to troubleshoot items not included in this book.
-If the fault tree doesn't suffice, be sure to look
-at
-<em class="emphasis">DIAGNOSIS.txt</em><a name="INDEX-17"/>
-and its friends.</p>
-
-
-</div>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-1.3"/>
-
-<h3 class="head2">Unix Utilities</h3>
-
-<p>Sometimes it's useful to use a tool outside the
-Samba suite to examine what's happening inside the
-server. Three diagnostic tools can be of particular help in debugging
-Samba troubles: <em class="emphasis">trace</em>,
-<em class="emphasis">tcpdump</em>, and <em class="emphasis">Ethereal</em>.</p>
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-1.3.1"/>
-
-<h3 class="head3">Using trace</h3>
-
-<p>The <em class="emphasis">trace</em><a name="INDEX-18"/> command masquerades under several
-different names, depending on the operating system you are using. On
-Linux it will be
-<em class="emphasis">strace</em><a name="INDEX-19"/>; on Solaris you'll use
-<em class="emphasis">truss</em><a name="INDEX-20"/>; SGI will have
-<em class="emphasis">padc</em><a name="INDEX-21"/> and
-<em class="emphasis">par</em><a name="INDEX-22"/>; and HP-UX will have
-<em class="emphasis">trace</em> or
-<em class="emphasis">tusc</em><a name="INDEX-23"/>. All have essentially the same
-function, which is to display each operating system function call as
-it is executed. This allows you to follow the execution of a program,
-such as the Samba server, and often pinpoints the exact call that is
-causing the difficulty.</p>
-
-<p>One problem that <em class="emphasis">trace</em> can highlight is an
-incorrect version of a dynamically linked library. This can happen if
-you've downloaded prebuilt binaries of Samba.
-You'll typically see the offending call at the end
-of the <em class="emphasis">trace</em>, just before the program
-terminates.</p>
-
-<p>A sample <em class="emphasis">strace</em> output for the Linux operating
-system follows. This is a small section of a larger file created
-during the opening of a directory on the Samba server. Each line
-lists a system call and includes its parameters and the return value.
-If there was an error, the error value (e.g.,
-<tt class="literal">ENOENT</tt>) and its explanation are also shown. You
-can look up the parameter types and the errors that can occur in the
-appropriate <em class="emphasis">trace</em> manual page for the operating
-system you are using.</p>
-
-<blockquote><pre class="code">chdir(&quot;/pcdisk/public&quot;) = 0
-stat(&quot;mini/desktop.ini&quot;, 0xbffff7ec) = -1 ENOENT (No such file or directory)
-stat(&quot;mini&quot;, {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
-stat(&quot;mini/desktop.ini&quot;, 0xbffff7ec) = -1 ENOENT (No such file or directory)
-open(&quot;mini&quot;, O_RDONLY) = 5
-fcntl(5, F_SETFD, FD_CLOEXEC) = 0
-fstat(5, {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
-lseek(5, 0, SEEK_CUR) = 0
-SYS_141(0x5, 0xbfffdbbc, 0xedc, 0xbfffdbbc, 0x80ba708) = 196
-lseek(5, 0, SEEK_CUR) = 1024
-SYS_141(0x5, 0xbfffdbbc, 0xedc, 0xbfffdbbc, 0x80ba708) = 0
-close(5) = 0
-stat(&quot;mini/desktop.ini&quot;, 0xbffff86c) = -1 ENOENT (No such file or directory)
-write(3, &quot;\0\0\0#\377SMB\10\1\0\2\0\200\1\0&quot;..., 39) = 39
-SYS_142(0xff, 0xbffffc3c, 0, 0, 0xbffffc08) = 1
-read(3, &quot;\0\0\0?&quot;, 4) = 4
-read(3, &quot;\377SMBu\0\0\0\0\0\0\0\0\0\0\0\0&quot;..., 63) = 63
-time(NULL) = 896143871</pre></blockquote>
-
-<p>This example shows several <em class="emphasis">stat() calls</em> failing
-to find the files they were expecting. You don't
-have to be an expert to see that the file
-<em class="emphasis">desktop.ini</em> is missing from that directory. In
-fact, many difficult problems can be identified by looking for
-obvious, repeatable errors with <em class="emphasis">trace</em>. Often,
-you need not look further than the last message before a crash.</p>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-1.3.2"/>
-
-<h3 class="head3">Using tcpdump</h3>
-
-<p>The <em class="emphasis">tcpdump</em><a name="INDEX-24"/> program, as extended by Andrew
-<a name="INDEX-25"/>Tridgell,
-allows you to monitor SMB <a name="INDEX-26"/>network
-traffic in real time. A variety of output formats are available, and
-you can filter the output to look at only a particular type of
-traffic. You can examine all conversations between client and server,
-including SMB and NMB broadcast messages. While its troubleshooting
-capabilities lie mainly at the OSI network layer, you can still use
-its output to get a general idea of what the server and client are
-attempting to do.</p>
-
-<p>A sample <em class="emphasis">tcpdump</em> log follows. In this instance,
-the client has requested a directory listing, and the server has
-responded appropriately, giving the directory names
-<tt class="literal">homes</tt>, <tt class="literal">public</tt>,
-<tt class="literal">IPC$</tt>, and <tt class="literal">temp</tt>
-(we've added a few explanations on the right):</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>tcpdump -v -s 255 -i eth0 port not telnet</b></tt>
-SMB PACKET: SMBtrans (REQUEST) <i class="lineannotation"> Request packet</i>
-SMB Command = 0x25 <i class="lineannotation">Request was ls or dir</i>
-
-[000] 01 00 00 10 <i class="lineannotation">....</i>
-
-
-&gt;&gt;&gt; NBT Packet <i class="lineannotation">Outer frame of SMB packet</i>
-NBT Session Packet
-Flags=0x0
-Length=226
-[lines skipped]
-
-SMB PACKET: SMBtrans (REPLY) <i class="lineannotation">Beginning of a reply to request</i>
-SMB Command = 0x25 <i class="lineannotation">Command was an ls or dir</i>
-Error class = 0x0
-Error code = 0 <i class="lineannotation">No errors</i>
-Flags1 = 0x80
-Flags2 = 0x1
-Tree ID = 105
-Proc ID = 6075
-UID = 100
-MID = 30337
-Word Count = 10
-TotParamCnt=8
-TotDataCnt=163
-Res1=0
-ParamCnt=8
-ParamOff=55
-Res2=0
-DataCnt=163
-DataOff=63
-Res3=0
-Lsetup=0
-Param Data: (8 bytes)
-[000] 00 00 00 00 05 00 05 00 ........
-
-Data Data: (135 bytes) <i class="lineannotation">Actual directory contents:</i>
-[000] 68 6F 6D 65 73 00 00 00 00 00 00 00 00 00 00 00 homes... ........
-[010] 64 00 00 00 70 75 62 6C 69 63 00 00 00 00 00 00 d...publ ic......
-[020] 00 00 00 00 75 00 00 00 74 65 6D 70 00 00 00 00 ....u... temp....
-[030] 00 00 00 00 00 00 00 00 76 00 00 00 49 50 43 24 ........ v...IPC$
-[040] 00 00 00 00 00 00 00 00 00 00 03 00 77 00 00 00 ........ ....w...
-[050] 64 6F 6E 68 61 6D 00 00 00 00 00 00 00 00 00 00 donham.. ........
-[060] 92 00 00 00 48 6F 6D 65 20 44 69 72 65 63 74 6F ....Home Directo
-[070] 72 69 65 73 00 00 00 49 50 43 20 53 65 72 76 69 ries...I PC Servi
-[080] 63 65 20 28 53 61 6D ce (Sam</pre></blockquote>
-
-<p>This is more of the same debugging session as we saw before with the
-<em class="emphasis">trace</em> command: the listing of a directory. The options
-we used were <em class="emphasis">-v</em> (verbose), <em class="emphasis">-i
-eth0</em> to tell <em class="emphasis">tcpdump</em> on which
-interface to listen (an Ethernet port), and <em class="emphasis">-s
-255</em> to tell it to save the first 255 bytes of each packet
-instead of the default: the first 68. The option
-<tt class="literal">port</tt> <tt class="literal">not</tt>
-<tt class="literal">telnet</tt> is used to avoid screens of telnet traffic,
-because we were logged in to the server remotely. The
-<em class="emphasis">tcpdump</em> program actually has quite a number of
-options to filter just the traffic you want to look at. If
-you've used <em class="emphasis">snoop</em> or
-<em class="emphasis">etherdump</em>, it will look vaguely familiar.</p>
-
-<p>You can download the modified <em class="emphasis">tcpdump</em> from the
-Samba FTP server, located at
-<a href="ftp://samba.anu.edu.au/pub/samba/tcpdump-smb">ftp://samba.anu.edu.au/pub/samba/tcpdump-smb</a>.
-Other versions might not include support for the SMB protocol; if you
-don't see output such as that shown in the example,
-you'll need to use the SMB-enabled version.</p>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-1.3.3"/>
-
-<h3 class="head3">Using Ethereal</h3>
-
-<p><a name="INDEX-27"/>Ethereal (<a href="http://www.ethereal.com">http://www.ethereal.com</a>) is a GUI-based
-utility that performs the same basic function as
-<em class="emphasis">tcpdump</em>. You might prefer Ethereal because it is
-much easier to use. Once you have Ethereal running, just do the
-following:</p>
-
-<ol><li>
-<p>Select Start from the Capture menu.</p>
-</li><li>
-<p>Click the OK button in the dialog box that appears. This will bring
-up a dialog box showing how many packets Ethereal has seen. Perform
-the actions on the system(s) in your network to reproduce the problem
-you are analyzing.</p>
-</li><li>
-<p>Click the Stop button in the Ethereal dialog box to make it finish
-collecting data.</p>
-</li><li>
-<p>In the main Ethereal window, click any item in the upper window to
-view it in the lower window. In the lower window, click any of the
-boxes containing a plus sign (<tt class="literal">+</tt>) to expand the
-view.</p>
-</li></ol>
-<p>Ethereal does a good job of translating the content of the packets it
-encounters into human-readable format, and you should have little
-trouble seeing what happened on the network during the capture
-period. <a name="INDEX-28"/><a name="INDEX-29"/></p>
-
-
-</div>
-
-
-</div>
-
-
-</div>
-
-
-
-<div class="sect1"><a name="samba2-CHP-12-SECT-2"/>
-
-<h2 class="head1">The Fault Tree</h2>
-
-<p><a name="INDEX-30"/><a name="INDEX-31"/><a name="INDEX-32"/><a name="INDEX-33"/>The fault
-tree presented in this section is for diagnosing and fixing problems
-that occur when you're installing and reconfiguring
-Samba. It's an expanded form of the trouble and
-diagnostic document <em class="filename">DIAGNOSIS.txt</em>, which is part
-of the Samba distribution.</p>
-
-<p>Before you set out to troubleshoot any part of the Samba suite, you
-should know the following information:</p>
-
-<ul><li>
-<p>Your client IP address (we use 192.168.236.10)</p>
-</li><li>
-<p>Your server IP address (we use 192.168.236.86)</p>
-</li><li>
-<p>The netmask for your network (typically 255.255.255.0)</p>
-</li><li>
-<p>Whether the systems are all on the same subnet (ours are)</p>
-</li></ul>
-<p>For clarity, we've renamed the server in the
-following examples to <tt class="literal">server.example.com</tt>, and the
-client system to <tt class="literal">client.example.com</tt>.</p>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-2.1"/>
-
-<h3 class="head2">How to Use the Fault Tree</h3>
-
-<p>Start the tests here, without skipping forward; it
-won't take long (about 5 minutes) and might actually
-save you time backtracking. Whenever a test succeeds, you will be
-given a name of a section to which you can safely skip.</p>
-
-
-</div>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-2.2"/>
-
-<h3 class="head2">Troubleshooting Low-Level IP</h3>
-
-<p><a name="INDEX-34"/>The
-first series of tests is that of the low-level services that Samba
-needs to run. The tests in this section verify that:</p>
-
-<ul><li>
-<p>The IP software works</p>
-</li><li>
-<p>The Ethernet hardware works</p>
-</li><li>
-<p>Basic name service is in place</p>
-</li></ul>
-<p>Subsequent sections add TCP software, the Samba daemons
-<em class="emphasis">smbd</em> and <em class="emphasis">nmbd</em>, host-based
-access control, authentication and per-user access control, file
-services, and browsing. The tests are described in considerable
-detail to make them understandable by both technically oriented end
-users and experienced systems and network administrators.</p>
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.2.1"/>
-
-<h3 class="head3">Testing the networking software with ping</h3>
-
-<p><a name="INDEX-35"/>The first command to enter
-on both the server and the client is
-<tt class="literal">ping</tt><a name="INDEX-36"/><a name="INDEX-37"/>
-<tt class="literal">127.0.0.1</tt>. This pings the loopback address and
-indicates whether any networking support is functioning. On Unix, you
-can use <tt class="literal">ping</tt> <tt class="literal">127.0.0.1</tt> with the
-statistics option and interrupt it after a few lines. On Sun
-workstations, the command is typically
-<tt class="literal">/usr/etc/ping</tt> <tt class="literal">-s</tt>
-<tt class="literal">127.0.0.1</tt>; on Linux, just <tt class="literal">ping</tt>
-<tt class="literal">127.0.0.1</tt>. On Windows clients, run
-<tt class="literal">ping</tt> <tt class="literal">127.0.0.1</tt> in an MS-DOS
-(command prompt) window, and it will stop by itself after four lines.</p>
-
-<p>Here is an example on a Linux server:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>ping 127.0.0.1 </b></tt>
-PING localhost: 56 data bytes 64 bytes from localhost (127.0.0.1):
-icmp-seq=0. time=1. ms 64 bytes from localhost (127.0.0.1):
-icmp-seq=1. time=0. ms 64 bytes from localhost (127.0.0.1):
-icmp-seq=2. time=1. ms ^C
-----127.0.0.1 PING Statistics----
-3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms)
-min/avg/max = 0/0/1</pre></blockquote>
-
-<p>If you get &quot;ping: no answer from . . .
-&quot; or &quot;100% packet
-loss,&quot; you have no IP networking installed on the
-system. The address <tt class="literal">127.0.0.1</tt> is the internal
-loopback address and doesn't depend on the computer
-being physically connected to a network. If this test fails, you have
-a serious local problem. TCP/IP either isn't
-installed or is seriously misconfigured. See your operating system
-documentation if it's a Unix server. If
-it's a Windows client, follow the instructions in
-<a href="ch03.html">Chapter 3</a> to install networking support.</p>
-
-<a name="samba2-CHP-12-NOTE-155"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
-<p>If <em class="emphasis">you're</em> the network manager,
-some good references are Craig Hunt's
-<em class="emphasis">TCP/IP Network Administration</em>, Chapter 11, and Craig Hunt and Robert Bruce
-Thompson's <em class="emphasis">Windows NT TCP/IP Network
-Administration</em>, both published by
-O'Reilly.</p>
-</blockquote>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.2.2"/>
-
-<h3 class="head3">Testing local name services with ping</h3>
-
-<p><a name="INDEX-38"/>Next, try to ping
-<tt class="literal">localhost</tt> on the Samba server. The
-<tt class="literal">localhost</tt> hostname is the conventional hostname
-for the <tt class="literal">127.0.0.1</tt> loopback interface, and it
-should resolve to that address. After typing <tt class="literal">ping</tt>
-<tt class="literal">localhost</tt>, you should see output similar to the
-following:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>ping localhost </b></tt>
-PING localhost: 56 data bytes 64 bytes from localhost (127.0.0.1):
-icmp-seq=0. time=0. ms 64 bytes from localhost (127.0.0.1):
-icmp-seq=1. time=0. ms 64 bytes from localhost (127.0.0.1):
-icmp-seq=2. time=0. ms ^C</pre></blockquote>
-
-<p>If this succeeds, try the same test on the client. Otherwise:</p>
-
-<ul><li>
-<p>If you get &quot;unknown host:
-localhost,&quot; there is a problem resolving the
-hostname <em class="filename">localhost</em> into a valid IP address.
-(This might be as simple as a missing entry in a local
-<em class="emphasis">hosts</em> file.) From here, skip down to
-<a href="ch03.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a> later in this chapter.</p>
-</li><li>
-<p>If you get &quot;ping: no answer,&quot; or
-&quot;100% packet loss,&quot; but pinging
-<tt class="literal">127.0.0.1</tt> worked, name services is resolving to an
-address, but it isn't the correct one. Check the
-file or database (typically <em class="filename">/etc/hosts</em> on a Unix
-system) that the name service is using to resolve addresses to ensure
-that the entry is correct.</p>
-</li></ul>
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.2.3"/>
-
-<h3 class="head3">Testing the networking hardware with ping</h3>
-
-<p><a name="INDEX-39"/>Next, ping the
-server's network IP address from itself. This should
-get you exactly the same results as pinging
-<tt class="literal">127.0.0.1</tt>:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>ping 192.168.236.86 </b></tt>
-PING 192.168.236.86: 56 data bytes 64 bytes from 192.168.236.86 (192.168.236.86):
-icmp-seq=0. time=1. ms 64 bytes from 192.168.236.86 (192.168.236.86):
-icmp-seq=1. time=0. ms 64 bytes from 192.168.236.86 (192.168.236.86):
-icmp-seq=2. time=1. ms ^C
-----192.168.236.86 PING Statistics----
-3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms)
-min/avg/max = 0/0/1</pre></blockquote>
-
-<p>If this works on the server, repeat it for the client. Otherwise:</p>
-
-<ul><li>
-<p>If <tt class="literal">ping</tt> <em class="replaceable">network_ip</em>
-fails on either the server or client, but <tt class="literal">ping</tt>
-<tt class="literal">127.0.0.1</tt> works on that system, you have a TCP/IP
-problem that is specific to the Ethernet network interface card on
-the computer. Check with the documentation for the network card or
-host operating system to determine how to configure it correctly.
-However, be aware that on some operating systems, the
-<em class="emphasis">ping</em> command appears to work even if the network
-is disconnected, so this test doesn't always
-diagnose all hardware problems.</p>
-</li></ul>
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.2.4"/>
-
-<h3 class="head3">Testing connections with ping</h3>
-
-<p><a name="INDEX-40"/>Now, ping the server by name (instead
-of its IP address)&mdash;once from the server and once from the
-client. This is the general test for working network hardware:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>ping server </b></tt>
-PING server.example.com: 56 data bytes 64 bytes from server.example.com (192.168.236.86):
-icmp-seq=0. time=1. ms 64 bytes from server.example.com (192.168.236.86):
-icmp-seq=1. time=0. ms 64 bytes from server.example.com (192.168.236.86):
-icmp-seq=2. time=1. ms ^C
-----server.example.com PING Statistics----
-3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms)
-min/avg/max = 0/0/1</pre></blockquote>
-
-<p>If successful, this test tells us five things:</p>
-
-<ul><li>
-<p>The hostname (e.g., <tt class="literal">server</tt>) is being found by your
-local name server.</p>
-</li><li>
-<p>The hostname has been expanded to the full name (e.g.,
-<tt class="literal">server.example.com</tt>).</p>
-</li><li>
-<p>Its address is being returned (<tt class="literal">192.168.236.86</tt>).</p>
-</li><li>
-<p>The client has sent the Samba server four 56-byte UDP/IP packets.</p>
-</li><li>
-<p>The Samba server has replied to all four packets.</p>
-</li></ul>
-<p>If this test isn't successful, one of several things
-can be wrong with the network:</p>
-
-<ul><li>
-<p>First, if you get <tt class="literal">ping</tt>: <tt class="literal">no</tt>
-<tt class="literal">answer</tt>, or <tt class="literal">100%</tt>
-<tt class="literal">packet</tt> <tt class="literal">loss</tt>,
-you're not connecting to the network, the other
-system isn't connecting, or one of the addresses is
-incorrect. Check the addresses that the <em class="emphasis">ping</em>
-command reports on each system, and ensure that they match the ones
-you set up initially.</p>
-
-<p>If not, there is at least one mismatched address between the two
-systems. Try entering the command <tt class="literal">arp</tt>
-<tt class="literal">-a</tt>, and see if there is an entry for the other
-system. (The <em class="emphasis">arp</em> command stands for the Address
-Resolution Protocol. The <tt class="literal">arp</tt> <tt class="literal">-a</tt>
-command lists all the addresses known on the local system.) Here are
-some things to try:</p>
-<ul><li>
-<p>If you receive a message like <tt class="literal">192.168.236.86</tt>
-<tt class="literal">at</tt> <tt class="literal">(incomplete)</tt>, the Ethernet
-address of 192.168.236.86 is unknown. This indicates a complete lack
-of connectivity, and you're likely having a problem
-at the very bottom of the TCP/IP protocol stack&mdash;the Ethernet
-interface layer. This is discussed in Chapters 5 and 6 of
-<em class="citetitle">TCP/IP Network Administration
-</em>(O'Reilly).</p>
-</li><li>
-<p>If you receive a response similar to server
-<tt class="literal">(192.168.236.86)</tt> <tt class="literal">at</tt>
-<tt class="literal">8:0:20:12:7c:94</tt>, the server has been reached at
-some time, or another system is answering on its behalf. However,
-this means that <em class="emphasis">ping</em> should have worked: you may
-have an intermittent networking or ARP problem.</p>
-</li><li>
-<p>If the IP address from ARP doesn't match the
-addresses you expected, investigate and correct the addresses
-manually.</p>
-</li>
-</ul>
-</li>
-
-<li>
-<p>If each system can ping itself but not another, something is wrong on
-the network between them.</p>
-</li><li>
-<p>If you get <tt class="literal">ping</tt>: <tt class="literal">network</tt>
-<tt class="literal">unreachable</tt> or <tt class="literal">ICMP</tt>
-<tt class="literal">Host</tt> <tt class="literal">Unreachable</tt>,
-you're not receiving an answer, and more than one
-network is probably involved.</p>
-
-<p>In principle, you shouldn't try to troubleshoot SMB
-clients and servers on different networks. Try to test a server and
-client that are on the same network:</p>
-
-<ol><li>
-<p>First, perform the tests for <tt class="literal">ping</tt>:
-<tt class="literal">no</tt> <tt class="literal">answer</tt> described earlier in
-this section. If this doesn't identify the problem,
-the remaining possibilities are the following: an address is wrong,
-your netmask is wrong, a network is down, or the packets have been
-stopped by a firewall.</p>
-</li>
-<li>
-<p>Check both the address and the netmasks on source and destination
-systems to see if something is obviously wrong. Assuming both systems
-really are on the same network, they both should have the same
-netmasks, and <em class="emphasis">ping</em> should report the correct
-addresses. If the addresses are wrong, you'll need
-to correct them. If they are correct, the programs might be confused
-by an incorrect netmask. See <a href="ch12.html#samba2-CHP-12-SECT-2.8.1">Section 12.2.8.1</a>, later in this chapter.</p>
-</li>
-<li>
-<p>If the commands are still reporting that the network is unreachable
-and neither of the previous two conditions are in error, one network
-really might be unreachable from the other. This, too, is an issue
-for the network manager.</p>
-</li></ol>
-</li><li>
-<p>If you get <tt class="literal">ICMP</tt>
-<tt class="literal">Administratively</tt> <tt class="literal">Prohibited</tt>,
-you've struck a firewall of some sort or a
-misconfigured router. You will need to speak to your network security
-officer.</p>
-</li><li>
-<p>If you get <tt class="literal">ICMP</tt> <tt class="literal">Host</tt>
-<tt class="literal">redirect</tt> and <em class="emphasis">ping</em> reports
-packets getting through, this is generally harmless:
-you're simply being rerouted over the network.</p>
-</li><li>
-<p>If you get a host redirect and no <em class="emphasis">ping</em>
-responses, you are being redirected, but no one is responding. Treat
-this just like the <tt class="literal">Network</tt>
-<tt class="literal">unreachable</tt> response, and check your addresses and
-netmasks.</p>
-</li><li>
-<p>If you get <tt class="literal">ICMP</tt> <tt class="literal">Host</tt>
-<tt class="literal">Unreachable</tt> <tt class="literal">from</tt>
-<tt class="literal">gateway</tt> <tt class="literal">gateway</tt>
-<tt class="literal">name</tt>, ping packets are being routed to another
-network, but the other system isn't responding and
-the router is reporting the problem on its behalf. Again, treat this
-like a <tt class="literal">Network</tt> <tt class="literal">unreachable</tt>
-response, and start checking addresses and netmasks.</p>
-</li><li>
-<p>If you get <tt class="literal">ping</tt>: <tt class="literal">unknown</tt>
-<tt class="literal">host</tt> <tt class="literal">hostname</tt>, your
-system's name is not known. This tends to indicate a
-name service problem, which didn't affect
-<tt class="literal">localhost</tt>. Have a look at <a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>, later in this chapter.</p>
-</li><li>
-<p>If you get a partial success&mdash;with some pings failing but others
-succeeding&mdash;you have either an intermittent problem between the
-systems or an overloaded network. Ping a bit longer, and see if more
-than about three percent of the packets fail. If so, check it with
-your network manager: a problem might just be starting. However, if
-only a few fail, or if you happen to know some massive network
-program is running, don't worry unduly. The ICMP
-(and UDP) protocols used by <em class="emphasis">ping</em> are allowed to
-drop occasional packets.</p>
-</li><li>
-<p>If you get a response such as <tt class="literal">smtsvr.antares.net</tt>
-<tt class="literal">is</tt> <tt class="literal">alive</tt> when you actually
-pinged <tt class="literal">client.example.com</tt>, either
-you're using someone else's address
-or the system has multiple names and addresses. If the address is
-wrong, the name service is clearly the culprit;
-you'll need to change the address in the name
-service database to refer to the correct system. This is discussed in
-<a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>, later in this
-chapter.</p>
-
-<p>Servers are often <em class="emphasis">multihomed</em> &mdash;i.e.,
-connected to more than one network, with different names on each net.
-If you are getting a response from an unexpected name on a multihomed
-server, look at the address and see if it's on your
-network (see <a href="ch12.html#samba2-CHP-12-SECT-2.8.1">Section 12.2.8.1</a>, later in this chapter). If
-so, you should use that address, rather than one on a different
-network, for both performance and reliability reasons.</p>
-
-<p>Servers can also have multiple names for a single Ethernet address,
-especially if they are web servers. This is harmless, albeit
-startling. You probably will want to use the official (and permanent)
-name, rather than an alias that might change.</p>
-</li><li>
-<p>If everything works but the IP address reported is
-<tt class="literal">127.0.0.1</tt>, you have a name service error. This
-typically occurs when an operating-system installation program
-generates an <em class="filename">/etc/hosts</em> line similar to
-<tt class="literal">127.0.0.1</tt> <tt class="literal">localhost</tt>
-<em class="emphasis">hostname.domainname</em>. The localhost line should
-say <tt class="literal">127.0.0.1</tt> <tt class="literal">localhost</tt> or
-<tt class="literal">127.0.0.1</tt> <tt class="literal">localhost</tt>
-<tt class="literal">loghost</tt>. Correct it, lest it cause failures to
-negotiate who is the master browse list holder and who is the master
-browser. It can also cause (ambiguous) errors in later tests.</p>
-</li></ul>
-<p>If this worked from the server, repeat it from the client. <a name="INDEX-41"/>
-<a name="INDEX-42"/><a name="INDEX-43"/></p>
-
-
-</div>
-
-
-</div>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-2.3"/>
-
-<h3 class="head2">Troubleshooting TCP</h3>
-
-<p><a name="INDEX-44"/><a name="INDEX-45"/>Now that
-you've tested IP, UDP, and a name service with
-<em class="emphasis">ping</em>, it's time to test TCP.
-Browsing and <em class="emphasis">ping</em> use ICMP and UDP; file and
-print services (shares) use TCP. Both depend on IP as a lower layer,
-and all four depend on name services. Testing TCP is most
-conveniently done using the FTP program.</p>
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.3.1"/>
-
-<h3 class="head3">Testing TCP with FTP</h3>
-
-<p>Try connecting via FTP, once from the server to itself, and once from
-the client to the server:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>ftp server</b></tt>
-Connected to server.example.com.
-220 server.example.com FTP server (Version 6.2/OpenBSD/Linux-0.10) ready.
- Name (server:davecb):
-331 Password required for davecb.
-Password:
-230 User davecb logged in.
- ftp&gt;<tt class="userinput"><b> quit </b></tt>
-221 Goodbye.</pre></blockquote>
-
-<p>If this worked, skip to the next section, <a href="ch12.html#samba2-CHP-12-SECT-2.4">Section 12.2.4</a>. Otherwise:</p>
-
-<ul><li>
-<p>If you received the message <tt class="literal">server</tt>:
-<tt class="literal">unknown</tt> <tt class="literal">host</tt>, name service has
-failed. Go back to the corresponding <em class="emphasis">ping</em> step,
-<a href="ch12.html#samba2-CHP-12-SECT-2.2.2">Section 12.2.2.2</a>, and rerun those tests
-to see why name lookup failed.</p>
-</li><li>
-<p>If you received <tt class="literal">ftp</tt>: <tt class="literal">connect</tt>:
-<tt class="literal">Connection</tt> <tt class="literal">refused</tt>, the system
-isn't running an FTP daemon. This is mildly unusual
-on Unix servers. Optionally, you might try this test by connecting to
-the system using <em class="emphasis">telnet</em> instead of
-<em class="emphasis">ftp</em>; the messages are very similar, and
-<em class="emphasis">telnet</em> uses TCP as well.</p>
-</li><li>
-<p>If there was a long pause, and then <tt class="literal">ftp</tt>:
-<tt class="literal">connect</tt>: <tt class="literal">Connection</tt>
-<tt class="literal">timed</tt> <tt class="literal">out</tt>, the system
-isn't reachable. Return to <a href="ch12.html#samba2-CHP-12-SECT-2.2.4">Section 12.2.2.4</a>.</p>
-</li><li>
-<p>If you received <tt class="literal">530</tt> <tt class="literal">Logon</tt>
-<tt class="literal">Incorrect</tt>, you connected successfully, but
-you've just found a different problem. You likely
-provided an incorrect username or password. Try again, making sure
-you use your username from the Unix server and type your password
-correctly.</p>
-</li></ul>
-
-</div>
-
-
-</div>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-2.4"/>
-
-<h3 class="head2">Troubleshooting Server Daemons</h3>
-
-<p><a name="INDEX-46"/>Once
-you've confirmed that TCP networking is working
-properly, the next step is to make sure the daemons are running on
-the server. This takes three separate tests because no single one of
-the following will decisively prove that they're
-working correctly.</p>
-
-<p>To be sure they're running, you need to find out
-whether the daemons:</p>
-
-<ol><li>
-<p>Have started</p>
-</li><li>
-<p>Are registered or bound to a TCP/IP port by the operating system</p>
-</li><li>
-<p>Are actually paying attention</p>
-</li></ol>
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.4.1"/>
-
-<h3 class="head3">Tracking daemon startup</h3>
-
-<p><a name="INDEX-47"/>First, check the Samba logs. If
-you've started the daemons, the message
-<tt class="literal">smbd</tt> <tt class="literal">version</tt>
-<tt class="literal">number</tt> <tt class="literal">started</tt> should appear.
-If it doesn't, you need to restart the Samba
-daemons.</p>
-
-<p>If the daemon reports that it has indeed started, look out for
-<tt class="literal">bind</tt> <tt class="literal">failed</tt>
-<tt class="literal">on</tt> <tt class="literal">port</tt> <tt class="literal">139</tt>
-<tt class="literal">socket_addr=0</tt> <tt class="literal">(Address</tt>
-<tt class="literal">already</tt> <tt class="literal">in</tt>
-<tt class="literal">use)</tt>. This means another daemon has been started
-on port 139 (<em class="emphasis">smbd</em> ). Also,
-<em class="emphasis">nmbd</em> will report a similar failure if it cannot
-bind to port 137. Either you've started them twice,
-or the <em class="emphasis">inetd</em> server has tried to provide a
-daemon for you. If it's the latter,
-we'll diagnose that in a moment.</p>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.4.2"/>
-
-<h3 class="head3">Looking for daemon processes with ps</h3>
-
-<p><a name="INDEX-48"/>Another way to make sure the daemons are
-running is to check their processes on the system. Use the
-<em class="emphasis">ps</em><a name="INDEX-49"/> command on the server with the
-&quot;long&quot; option for your system type
-(commonly <tt class="literal">ps</tt> <tt class="literal">ax</tt> or
-<tt class="literal">ps</tt> <tt class="literal">-ef</tt>), and see whether
-<em class="emphasis">smbd</em> and <em class="emphasis">nmbd</em> are already
-running. This often looks like the following:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>ps ax</b></tt>
- PID TTY STAT TIME COMMAND
- 1 ? S 0:03 init [2]
- 2 ? SW 0:00 (kflushd)
-<i class="lineannotation">(...many lines of processes...) </i>
- 234 ? S 0:14 nmbd -D3
- 237 ? S 0:11 smbd -D3
-<i class="lineannotation">(...more lines, possibly including more smbd lines...)</i></pre></blockquote>
-
-<p>This example illustrates that <em class="emphasis">smbd</em> and
-<em class="emphasis">nmbd</em> have already started as standalone daemons
-(the <em class="emphasis">-D</em> option) at log level 3.</p>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.4.3"/>
-
-<h3 class="head3">Looking for daemons bound to ports</h3>
-
-<p><a name="INDEX-50"/>Next, the daemons have to be registered
-with the operating system so that they can get access to TCP/IP
-ports. The <em class="emphasis">netstat</em> command will tell you if this
-has been done. Run the command <tt class="literal">netstat</tt>
-<tt class="literal">-a</tt> on the server, and look for lines mentioning
-<tt class="literal">netbios</tt>, <tt class="literal">137</tt>, or
-<tt class="literal">139</tt>:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>netstat -a </b></tt>
-Active Internet connections (including servers)
-Proto Recv-Q Send-Q Local Address Foreign Address (state)
-udp 0 0 *.137 *.*
-tcp 0 0 *.139 *.* LISTEN
-tcp 8370 8760 server.139 client.1439 ESTABLISHED</pre></blockquote>
-
-<p>Among similar lines, there should be at least one UDP line for
-<tt class="literal">*.netbios-</tt> or <tt class="literal">*.137</tt>. This
-indicates that the <em class="emphasis">nmbd</em> server is registered and
-(we hope) is waiting to answer requests. There should also be at
-least one TCP line mentioning <tt class="literal">*.netbios-</tt> or
-<tt class="literal">*.139</tt>, and it will probably be in the LISTEN
-state. This means that <em class="emphasis">smbd</em> is up and listening
-for connections.</p>
-
-<p>There might be other TCP lines indicating connections from
-<em class="emphasis">smbd</em> to clients, one for each client. These are
-usually in the ESTABLISHED state. If there are
-<em class="emphasis">smbd</em> lines in the ESTABLISHED state,
-<em class="emphasis">smbd</em> is definitely running. If there is only one
-line in the LISTEN state, we're not sure yet. If
-both of the lines are missing, a daemon has not succeeded in
-starting, so it's time to check the logs and then go
-back to <a href="ch02.html">Chapter 2</a>.</p>
-
-<p>If there is a line for each client, it might be coming either from a
-Samba daemon or from the master IP daemon,
-<em class="emphasis">inetd</em>. It's quite possible that
-your <em class="emphasis">inetd</em> startup file contains lines that
-start Samba daemons without your realizing it; for instance, the
-lines might have been placed there if you installed Samba as part of
-a Linux distribution. The daemons started by
-<em class="emphasis">inetd</em> prevent ours from running. This problem
-typically produces log messages such as <tt class="literal">bind</tt>
-<tt class="literal">failed</tt> <tt class="literal">on</tt>
-<tt class="literal">port</tt> <tt class="literal">139</tt>
-<tt class="literal">socket</tt> <tt class="literal">addr=0</tt>
-<tt class="literal">(Address</tt> <tt class="literal">already</tt>
-<tt class="literal">in</tt> <tt class="literal">use)</tt>.</p>
-
-<p>Check your <em class="filename">/etc/inetd.conf</em> ; unless
-you're intentionally starting the daemons from
-there, <tt class="literal">netbios-ns</tt> (UDP port 137) or
-<tt class="literal">netbios-ssn</tt> (tcp port 139) servers should be
-mentioned there. If your system is providing an SMB daemon via
-<em class="emphasis">inetd</em>, lines such as the following will appear
-in the <em class="filename">inetd.conf</em> file:</p>
-
-<blockquote><pre class="code">netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd
-netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd</pre></blockquote>
-
-<p>If your system uses <em class="emphasis">xinetd</em> instead of
-<em class="emphasis">inetd</em>, see <a href="ch02.html">Chapter 2</a> for
-details concerning its configuration.</p>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.4.4"/>
-
-<h3 class="head3">Checking smbd with telnet</h3>
-
-<p><a name="INDEX-51"/><a name="INDEX-52"/><a name="INDEX-53"/>Ironically, the easiest way to test that
-the <em class="emphasis">smbd</em> server is actually working is to send
-it a meaningless message and see if it is rejected. Try something
-such as the following:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>echo &quot;hello&quot; | telnet localhost 139 </b></tt>
-Trying
-Trying 192.168.236.86 ...
-Connected to localhost. Escape character is '^]'.
-Connection closed by foreign host.</pre></blockquote>
-
-<p>This sends an erroneous but harmless message to
-<em class="emphasis">smbd</em>. If you get a <tt class="literal">Connected</tt>
-message followed by a <tt class="literal">Connection</tt>
-<tt class="literal">closed</tt> message, the test was a success. You have
-an <em class="emphasis">smbd</em> daemon listening on the port and
-rejecting improper connection messages. On the other hand, if you get
-<tt class="literal">telnet</tt>: <tt class="literal">connect</tt>:
-<tt class="literal">Connection</tt> <tt class="literal">refused</tt>, most likely
-no daemon is present. Check the logs and go back to <a href="ch02.html">Chapter 2</a>.</p>
-
-<p>Regrettably, there isn't an easy test for
-<em class="emphasis">nmbd</em>. If the <em class="emphasis">telnet</em> test
-and the <em class="emphasis">netstat</em> test both say that an
-<em class="emphasis">smbd</em> is running, there is a good chance that
-<em class="emphasis">netstat</em> will also be correct about
-<em class="emphasis">nmbd</em> running.</p>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.4.5"/>
-
-<h3 class="head3">Testing daemons with testparm</h3>
-
-<p><a name="INDEX-54"/><a name="INDEX-55"/>Once you know
-there's a daemon, you should always run
-<em class="emphasis">testparm</em>, in hopes of getting something such as
-the following:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>testparm </b></tt>
-Load smb config files from /opt/samba/lib/smb.conf
-Processing section &quot;[homes]&quot;
-Processing section &quot;[printers]&quot; ...
-Processing section &quot;[tmp]&quot;
-Loaded services file OK. ...</pre></blockquote>
-
-<p>The <em class="emphasis">testparm</em> program normally reports the
-processing of a series of sections and responds with
-<tt class="literal">Loaded</tt> <tt class="literal">services</tt>
-<tt class="literal">file</tt> <tt class="literal">OK</tt> if it succeeds. If not,
-it reports one or more of the following messages, which also appear
-in the logs as noted:</p>
-
-<dl>
-<dt><b>Allow/Deny connection from account (n) to service</b></dt>
-<dd>
-<p>A <em class="emphasis">testparm</em>-only message produced if you have
-<tt class="literal">valid</tt> <tt class="literal">user</tt> or
-<tt class="literal">invalid</tt> <tt class="literal">user</tt> options set in
-your <em class="emphasis">smb.conf</em>. You will want to make sure that
-you are on the valid user list, and that <tt class="literal">root</tt>,
-<tt class="literal">bin</tt>, etc., are on the invalid user list. If you
-don't, you will not be able to connect, or users who
-shouldn't <em class="emphasis">will</em> be able to.</p>
-</dd>
-
-
-
-<dt><b>Warning: You have some share names that are longer than eight chars</b></dt>
-<dd>
-<p>For anyone using Windows for Workgroups and older clients. They fail
-to connect to shares with long names, producing an overflow message
-that sounds confusingly like a memory overflow.</p>
-</dd>
-
-
-
-<dt><b>Warning: [name] service MUST be printable!</b></dt>
-<dd>
-<p>A printer share lacks a <tt class="literal">printable</tt>
-<tt class="literal">=</tt> <tt class="literal">yes</tt> option.</p>
-</dd>
-
-
-
-<dt><b>No path in service name using [name]</b></dt>
-<dd>
-<p>A file share doesn't know which directory to provide
-to the user, or a print share doesn't know which
-directory to use for spooling. If no path is specified, the service
-will try to run with a path of <em class="emphasis">/tmp</em>, which might
-not be what you want.</p>
-</dd>
-
-
-
-<dt><b>Note: Servicename is flagged unavailable</b></dt>
-<dd>
-<p>Just a reminder that you have used the <tt class="literal">available</tt>
-<tt class="literal">=</tt> <tt class="literal">no</tt> option in a share.</p>
-</dd>
-
-
-
-<dt><b>Can't find include file [name] </b></dt>
-<dd>
-<p>A configuration file referred to by an <tt class="literal">include</tt>
-option did not exist. If you were including the file unconditionally,
-this is an error and probably a serious one: the share will not have
-the configuration you intended. If you were including it based on one
-of the <tt class="literal">%</tt> variables, such as <tt class="literal">%a</tt>
-(architecture), you will need to decide whether, for example, a
-missing Windows for Workgroups configuration file is a problem. It
-often isn't.</p>
-</dd>
-
-
-
-<dt><b>Can't copy service name, unable to copy to itself</b></dt>
-<dd>
-<p>You tried to copy an <em class="filename">smb.conf</em> section into
-itself.</p>
-</dd>
-
-
-
-<dt><b>Unable to copy service&mdash;source not found: [name]</b></dt>
-<dd>
-<p>Indicates a missing or misspelled section in a
-<tt class="literal">copy</tt> <tt class="literal">=</tt> option.</p>
-</dd>
-
-
-
-<dt><b>Ignoring unknown parameter name </b></dt>
-<dd>
-<p>Typically indicates an obsolete, misspelled, or unsupported option.</p>
-</dd>
-
-
-
-<dt><b>Global parameter name found in service section </b></dt>
-<dd>
-<p>Indicates that a global-only parameter has been used in an individual
-share. Samba ignores the parameter.</p>
-</dd>
-
-</dl>
-
-<p>After the <em class="emphasis">testparm</em> test, repeat it with
-(exactly) three parameters: the name of your
-<em class="filename">smb.conf</em> file, the name of your client, and its
-IP address:</p>
-
-<blockquote><pre class="code"># <tt class="userinput"><b>testparm /usr/local/samba/lib/smb.conf client 192.168.236.10</b></tt></pre></blockquote>
-
-<p>This will run one more test that checks the hostname and address
-against <tt class="literal">hosts</tt> <tt class="literal">allow</tt> and
-<tt class="literal">hosts</tt> <tt class="literal">deny</tt> options and might
-produce the <tt class="literal">Allow</tt> <tt class="literal">connection</tt>
-<tt class="literal">from</tt> <tt class="literal">hostname</tt>
-<tt class="literal">to</tt> <tt class="literal">service</tt> and/or
-<tt class="literal">Deny</tt> <tt class="literal">connection</tt>
-<tt class="literal">from</tt> <tt class="literal">hostname</tt>
-<tt class="literal">to</tt> <tt class="literal">service</tt> messages for the
-client system. These messages indicate that you have
-<tt class="literal">hosts</tt> <tt class="literal">allow</tt> and/or
-<tt class="literal">hosts</tt> <tt class="literal">deny</tt> options in your
-<em class="filename">smb.conf</em>, and they prohibit access from the
-client system. <a name="INDEX-56"/></p>
-
-
-</div>
-
-
-</div>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-2.5"/>
-
-<h3 class="head2">Troubleshooting SMB Connections</h3>
-
-<p><a name="INDEX-57"/><a name="INDEX-58"/>Now
-that you know the servers are up, you need to make sure
-they're running properly. We start by placing a
-simple <em class="filename">smb.conf</em> file in the
-<em class="filename">/usr/local/samba/lib</em> directory.</p>
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.5.1"/>
-
-<h3 class="head3">A minimal smb.conf file</h3>
-
-<p>In the following tests, we assume you have a
-<tt class="literal">[temp]</tt> share suitable for testing, plus at least
-one account. An <em class="filename">smb.conf</em> file that includes just
-these is as follows:</p>
-
-<blockquote><pre class="code">[global]
- workgroup = <em class="replaceable">EXAMPLE</em>
- security = user
- browsable = yes
- local master = yes
-[homes]
- guest ok = no
- browsable = no
-[temp]
- path = /tmp
- public = yes</pre></blockquote>
-<a name="samba2-CHP-12-NOTE-156"/><blockquote class="note"><h4 class="objtitle">WARNING</h4>
-<p>The <tt class="literal">public</tt> <tt class="literal">=</tt>
-<tt class="literal">yes</tt> option in the <tt class="literal">[temp]</tt> share
-is just for testing. You probably don't want people
-without accounts storing things on your Samba server, so you should
-comment it out when you're done.</p>
-</blockquote>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.5.2"/>
-
-<h3 class="head3">Testing locally with smbclient</h3>
-
-<p><a name="INDEX-59"/><a name="INDEX-60"/>The first test is to ensure that the
-server can list its own services (shares). Run the command
-<tt class="literal">smbclient</tt> <em class="emphasis">-L</em>
-<tt class="literal">localhost</tt> <tt class="literal">-U%</tt> to connect to the
-server from itself, and specify the guest user. You should see the
-following:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L localhost -U% </b></tt>
-Server time is Wed May 27 17:57:40 2002 Timezone is UTC-4.0
-Server=[localhost]
-User=[davecb]
-Workgroup=[EXAMPLE]
-Domain=[EXAMPLE]
- Sharename Type Comment
- --------- ----- ----------
- temp Disk
- IPC$ IPC IPC Service (Samba 1.9.18)
- homes Disk Home directories
-This machine does not have a browse list</pre></blockquote>
-
-<p>If you received this output, move on to the next section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.3">Section 12.2.5.3</a>. On the other hand, if you
-receive an error, check the following:</p>
-
-<ul><li>
-<p>If you get <tt class="literal">Get_hostbyname</tt>:
-<tt class="literal">unknown</tt> <tt class="literal">host</tt>
-<tt class="literal">localhost</tt>, either you've spelled
-its name wrong or there actually is a problem (which should have been
-seen back in <a href="ch12.html#samba2-CHP-12-SECT-2.2.2">Section 12.2.2.2</a>). In the
-latter case, move on to <a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>, later in this chapter.</p>
-</li><li>
-<p>If you get <tt class="literal">Connect</tt> <tt class="literal">error</tt>:
-<tt class="literal">Connection</tt> <tt class="literal">refused</tt>, the server
-was found, but it wasn't running an
-<em class="emphasis">nmbd</em> daemon. Skip back to
-<a href="ch12.html#samba2-CHP-12-SECT-2.4">Section 12.2.4</a>,
-earlier in this chapter, and retest the daemons.</p>
-</li><li>
-<p>If you get the message <tt class="literal">Your</tt>
-<tt class="literal">server</tt> <tt class="literal">software</tt>
-<tt class="literal">is</tt> <tt class="literal">being</tt>
-<tt class="literal">unfriendly</tt>, the initial session request packet got
-a garbage response from the server. The server might have crashed or
-started improperly. The common causes of this can be discovered by
-scanning the logs for the following:</p>
-<ul><li>
-<p>Invalid command-line parameters to <em class="emphasis">smbd</em> ; see
-the <em class="emphasis">smbd</em> manual page.</p>
-</li><li>
-<p>A fatal problem with the <em class="filename">smb.conf</em> file that
-prevents the startup of <em class="emphasis">smbd</em>. Always check your
-changes with <em class="emphasis">testparm</em>, as was done in <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>, earlier in this chapter.</p>
-</li><li>
-<p>Missing directories where Samba is supposed to keep its log and lock
-files.</p>
-</li><li>
-<p>The presence of a server already on the port (139 for
-<em class="emphasis">smbd</em>, 137 for <em class="emphasis">nmbd</em> ),
-preventing the daemon from starting.</p>
-</li></ul>
-</li>
-<li>
-<p>If you're using <em class="emphasis">inetd</em> (or
-xinetd ) instead of standalone daemons, be sure to check your
-<em class="filename">/etc/inetd.conf</em> (or xinetd configuration files)
-and <em class="filename">/etc/services</em> entries against their manual
-pages for errors as well.</p>
-</li><li>
-<p>If you get a <tt class="literal">Password</tt>: prompt, your guest account
-is not set up properly. The <em class="emphasis">-U%</em> option tells
-<em class="emphasis">smbclient</em> to do a &quot;null
-login,&quot; which requires that the guest account be
-present but does not require it to have any privileges.</p>
-</li><li>
-<p>If you get the message <tt class="literal">SMBtconX</tt>
-<tt class="literal">failed</tt>. <tt class="literal">ERRSRV--ERRaccess</tt>, you
-aren't permitted access to the server. This normally
-means you have a <tt class="literal">hosts</tt> <tt class="literal">allow</tt>
-option that doesn't include the server or a
-<tt class="literal">hosts</tt> <tt class="literal">deny</tt> option that does.
-Recheck with the command <tt class="literal">testparm</tt>
-<tt class="literal">smb.conf</tt> <em class="replaceable">your_hostname</em>
-<em class="replaceable">your_ip_address</em> (see
-<a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>),
-and correct any unintended prohibitions.</p>
-</li></ul>
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.5.3"/>
-
-<h3 class="head3">Testing connections with smbclient</h3>
-
-<p><a name="INDEX-61"/><a name="INDEX-62"/>Run the command
-<tt class="literal">smbclient</tt>
-<tt class="literal">\\</tt><em class="replaceable">server</em><tt class="literal">\temp</tt>
-to connect to the server's <tt class="literal">[temp]</tt>
-share and to see if you can connect to a file service. You should get
-the following response:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient '\\server\temp' </b></tt>
-Server time is Tue May 5 09:49:32 2002 Timezone is UTC-4.0 Password:
-<b class="emphasis-bold">smb: \&gt; quit</b></pre></blockquote>
-<p>You might receive the following errors:</p>
-
-<ul><li>
-<p>If you get <tt class="literal">Get_Hostbyname</tt>:
-<tt class="literal">Unknown</tt> <tt class="literal">host</tt>
-<tt class="literal">name</tt>, <tt class="literal">Connect</tt>
-<tt class="literal">error</tt>: <tt class="literal">Connection</tt>
-<tt class="literal">refused</tt>, or <tt class="literal">Your</tt>
-<tt class="literal">server</tt> <tt class="literal">software</tt>
-<tt class="literal">is</tt> <tt class="literal">being</tt>
-<tt class="literal">unfriendly</tt>, see the previous section,
-<a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>, for
-the diagnoses.</p>
-</li><li>
-<p>If you get the message <tt class="literal">servertemp</tt>:
-<tt class="literal">Not</tt> <tt class="literal">enough</tt>
-<tt class="literal">`\</tt>'
-<tt class="literal">characters</tt> <tt class="literal">in</tt>
-<tt class="literal">service</tt>, you likely didn't quote
-the address, so Unix stripped off backslashes. You can also write the
-command:</p>
-
-<blockquote><pre class="code">smbclient \\\\<em class="replaceable">server</em>\\temp</pre></blockquote>
-
-<p>or:</p>
-<blockquote><pre class="code">smbclient //<em class="replaceable">server</em>/temp</pre></blockquote>
-</li>
-</ul>
-<p>Now, provide your Unix account password to the
-<tt class="literal">Password</tt>: prompt. If you then get an
-<tt class="literal">smb</tt>: <tt class="literal">\&gt;</tt> prompt, it worked.
-Enter <tt class="literal">quit</tt> and continue on to the next section,
-<a href="ch12.html#samba2-CHP-12-SECT-2.5.4">Section 12.2.5.4</a>. If
-you got <tt class="literal">SMBtconX</tt> <tt class="literal">failed</tt>.
-<tt class="literal">ERRSRV--ERRinvnetname</tt>, the problem can be any of
-the following:</p>
-
-<ul><li>
-<p>A wrong share name: you might have spelled it wrong, it might be too
-long, it might be in mixed case, or it might not be available. Check
-that it's what you expect with
-<em class="emphasis">testparm</em> (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>).</p>
-</li><li>
-<p>A <tt class="literal">security</tt> <tt class="literal">=</tt>
-<tt class="literal">share</tt> parameter in your Samba configuration file,
-in which case you might have to add <tt class="literal">-U</tt>
-<em class="replaceable">your_account</em> to the
-<em class="emphasis">smbclient</em> command.</p>
-</li><li>
-<p>An erroneous username.</p>
-</li><li>
-<p>An erroneous password.</p>
-</li><li>
-<p>An <tt class="literal">invalid</tt> <tt class="literal">users</tt> or
-<tt class="literal">valid</tt> <tt class="literal">users</tt> option in your
-<em class="emphasis">smb.conf</em> file that doesn't
-allow your account to connect. Recheck using
-<tt class="literal">testparm</tt> <tt class="literal">smb.conf</tt>
-<em class="replaceable">your_hostname your_ip_address</em> (see the
-earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>).</p>
-</li><li>
-<p>A <tt class="literal">valid</tt> <tt class="literal">hosts</tt> option that
-doesn't include the server, or an
-<tt class="literal">invalid</tt> <tt class="literal">hosts</tt> option that does.
-Also test this with <em class="emphasis">testparm</em>.</p>
-</li><li>
-<p>A problem in authentication, such as if shadow passwords or the
-Password Authentication Module (PAM) is used on the server, but Samba
-is not compiled to use it. This is rare, but it occasionally happens
-when a SunOS 4 Samba binary (with no shadow passwords) is run without
-recompilation on a Solaris system (with shadow passwords).</p>
-</li><li>
-<p>The <tt class="literal">encrypted</tt> <tt class="literal">passwords</tt>
-<tt class="literal">=</tt> <tt class="literal">yes</tt> option is in the
-configuration file, but no password for your account is in the
-<em class="emphasis">smbpasswd</em> file.</p>
-</li><li>
-<p>You have a null password entry, either in Unix
-<em class="filename">/etc/passwd</em> or in the
-<em class="emphasis">smbpasswd</em> file.</p>
-</li><li>
-<p>You are connecting to <tt class="literal">[temp]</tt>, and you do not have
-the <tt class="literal">guest</tt> <tt class="literal">ok</tt>
-<tt class="literal">=</tt> <tt class="literal">yes</tt> option in the
-<tt class="literal">[temp]</tt> section of the
-<em class="emphasis">smb.conf</em> file.</p>
-</li><li>
-<p>You are connecting to <tt class="literal">[temp]</tt> before connecting to
-your home directory, and your guest account isn't
-set up correctly. If you can connect to your home directory and then
-connect to <tt class="literal">[temp]</tt>, that's the
-problem. See <a href="ch02.html">Chapter 2</a> for more information on
-creating a basic Samba configuration file.</p>
-
-<p>A bad guest account will also prevent you from printing or browsing
-until after you've logged in to your home directory.</p>
-</li></ul>
-<p>There is one more reason for this failure that has nothing at all to
-do with passwords: the <tt class="literal">path</tt> parameter in your
-<em class="filename">smb.conf</em> file might point somewhere that
-doesn't exist. This will not be diagnosed by
-<em class="emphasis">testparm</em>, and most SMB clients
-can't distinguish it from other types of bad user
-accounts. You will have to check it manually.</p>
-
-<p>Once you have connected to <tt class="literal">[temp]</tt> successfully,
-repeat the test, this time logging in to your home directory (e.g.,
-map network drive
-<em class="replaceable">server</em><tt class="literal">\davecb</tt>). If you
-have to change anything to get that to work, retest
-<tt class="literal">[temp]</tt> again afterward.</p>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.5.4"/>
-
-<h3 class="head3">Testing connections with net use</h3>
-
-<p><a name="INDEX-63"/><a name="INDEX-64"/>Run the command
-<tt class="literal">net</tt> <tt class="literal">use</tt> <tt class="literal">*</tt>
-<tt class="literal">\</tt><em class="replaceable">server</em><tt class="literal">\temp</tt>
-on the Windows client to see if it can connect to the server. You
-should be prompted for a password, then receive the response
-<tt class="literal">The</tt> <tt class="literal">command</tt>
-<tt class="literal">was</tt> <tt class="literal">completed</tt>
-<tt class="literal">successfully</tt>.</p>
-
-<p>If that worked, continue with the steps in the next section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.5">Section 12.2.5.5</a>. Otherwise:</p>
-
-<ul><li>
-<p>If you get <tt class="literal">The</tt> <tt class="literal">specified</tt>
-<tt class="literal">shared</tt> <tt class="literal">directory</tt>
-<tt class="literal">cannot</tt> <tt class="literal">be</tt>
-<tt class="literal">found</tt>, or <tt class="literal">Cannot</tt>
-<tt class="literal">locate</tt> <tt class="literal">specified</tt>
-<tt class="literal">share</tt> <tt class="literal">name</tt>, the directory name
-is either misspelled or not in the <em class="emphasis">smb.conf</em>
-file. This message can also warn of a name that is in mixed case,
-including spaces, or that is longer than eight characters.</p>
-</li><li>
-<p>If you get <tt class="literal">The</tt> <tt class="literal">computer</tt>
-<tt class="literal">name</tt> <tt class="literal">specified</tt>
-<tt class="literal">in</tt> <tt class="literal">the</tt>
-<tt class="literal">network</tt> <tt class="literal">path</tt>
-<tt class="literal">cannot</tt> <tt class="literal">be</tt>
-<tt class="literal">located</tt> or <tt class="literal">Cannot</tt>
-<tt class="literal">locate</tt> <tt class="literal">specified</tt>
-<tt class="literal">computer</tt>, the directory name has been misspelled,
-the name service has failed, there is a networking problem, or the
-<tt class="literal">hosts</tt> <tt class="literal">deny</tt> option includes your
-host.</p>
-<ul><li>
-<p>If it is not a spelling mistake, you need to double back at least to
-<a href="ch12.html#samba2-CHP-12-SECT-2.5.3">Section 12.2.5.3</a> to
-investigate why it doesn't connect.</p>
-</li><li>
-<p>If <em class="emphasis">smbclient</em> does work, there is a name service
-problem with the client name service, and you need to go forward to
-<a href="ch12.html#samba2-CHP-12-SECT-2.6.2">Section 12.2.6.2</a> and see if
-you can look up both the client and server with
-<em class="emphasis">nmblookup</em>.</p>
-</li>
-</ul>
-</li>
-
-<li>
-<p>If you get <tt class="literal">The</tt> <tt class="literal">password</tt>
-<tt class="literal">is</tt> <tt class="literal">invalid</tt>
-<tt class="literal">for</tt> <tt class="literal">\server\username</tt>, your
-locally cached copy on the client doesn't match the
-one on the server. You will be prompted for a replacement.</p>
-
-<a name="samba2-CHP-12-NOTE-157"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
-<p>Each Windows 95/98/Me client keeps a local
-<em class="emphasis">password</em> file, but it's really
-just a cached copy of the password it sends to Samba and NT/2000/XP
-servers to authenticate you. That's what is being
-prompted for here. You can still log on to a Windows system without a
-password (but not to NT/2000/XP).</p>
-</blockquote>
-
-<p>If you provide your password and it still fails, your password is not
-being matched on the server, you have a <tt class="literal">valid</tt>
-<tt class="literal">users</tt> or <tt class="literal">invalid</tt>
-<tt class="literal">users</tt> list denying you permission, NetBEUI is
-interfering, or the encrypted password problem described in the next
-paragraph exists.</p>
-</li><li>
-<p>If your client is Windows NT 4.0, NT 3.5 with Patch 3, Windows 95
-with Patch 3, Windows 98, any of these with Internet Explorer 4.0, or
-any subsequent version of Windows, the system will default to
-Microsoft encryption for passwords. In general, if you have installed
-a major Microsoft product on any of the older Windows versions, you
-might have applied an update and turned on encrypted passwords. If
-the client is defaulting to encrypted passwords, you will need to
-specify <tt class="literal">encrypt</tt> <tt class="literal">passwords</tt>
-<tt class="literal">=</tt> <tt class="literal">yes</tt> in your Samba
-configuration file if you are using a version of Samba prior to Samba
-3.0.</p>
-
-<a name="samba2-CHP-12-NOTE-158"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
-<p>Because of Internet Explorer's willingness to honor
-URLs such as <em class="filename">file://somehost/somefile</em> by making
-SMB connections, clients up to and including Windows 95 Patch Level 2
-would happily send your password, in plain text, to SMB servers
-anywhere on the Internet. This was considered a bad idea, and
-Microsoft switched to using only encrypted passwords in the SMB
-protocol. All subsequent releases of Microsoft's
-products have included this correction.</p>
-</blockquote>
-</li>
-
-<li>
-<p>If you have a mixed-case password on Unix, the client is probably
-sending it in all one case. If changing your password to all one case
-works, this was the problem. Regrettably, all but the oldest clients
-support uppercase passwords, so Samba will try once with the password
-in uppercase and once in lowercase. If you wish to use mixed-case
-passwords, see the <tt class="literal">password</tt>
-<tt class="literal">level</tt> option in <a href="ch09.html">Chapter 9</a> for a
-workaround.</p>
-</li><li>
-<p>You might have a <tt class="literal">valid</tt> <tt class="literal">users</tt>
-problem, as tested with <em class="emphasis">smbclient</em> (see the
-earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.3">Section 12.2.5.3</a>).</p>
-</li><li>
-<p>You might have the NetBEUI protocol bound to the Microsoft client.
-This often produces long timeouts and erratic failures and is known
-to have caused failures to accept passwords in the past. Unless you
-absolutely need the NetBEUI protocol, remove it.</p>
-</li></ul>
-<a name="samba2-CHP-12-NOTE-159"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
-<p>The term &quot;bind&quot; is used here to
-mean connecting one piece of software to another. When configured
-correctly, the Microsoft SMB client is &quot;bound
-to&quot; TCP/IP in the bindings section of the TCP/IP
-properties panel under the Windows 95/98/Me Network icon in the
-Control Panel. TCP/IP in turn is bound to an Ethernet card. This is
-not the same sense of the word as binding an SMB daemon to a TCP/IP
-port.</p>
-</blockquote>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.5.5"/>
-
-<h3 class="head3">Testing connections with Windows Explorer</h3>
-
-<p><a name="INDEX-65"/><a name="INDEX-66"/>Start Windows Explorer
-(not Internet Explorer), select Map Network Drive from the Tools
-menu, and specify the UNC for one of your shares on the Samba server
-to see if you can make Explorer connect to it. If so,
-you've succeeded and can skip to the next section,
-<a href="ch12.html#samba2-CHP-12-SECT-2.6">Section 12.2.6</a>.</p>
-
-<p>Windows Explorer is a rather poor diagnostic tool: it tells you that
-something's wrong, but rarely what it is. If you get
-a failure, you'll need to track it down with the
-Windows <em class="emphasis">net use</em> command, which has far superior
-error reporting:</p>
-
-<ul><li>
-<p>If you get <tt class="literal">The</tt> <tt class="literal">password</tt>
-<tt class="literal">for</tt> <tt class="literal">this</tt>
-<tt class="literal">connection</tt> <tt class="literal">that</tt>
-<tt class="literal">is</tt> <tt class="literal">in</tt> <tt class="literal">your</tt>
-<tt class="literal">password</tt> <tt class="literal">file</tt>
-<tt class="literal">is</tt> <tt class="literal">no</tt> <tt class="literal">longer</tt>
-<tt class="literal">correct</tt>, you might have any of the following:</p>
-<ul><li>
-<p>Your locally cached copy on the client doesn't match
-the one on the server.</p>
-</li><li>
-<p>You didn't provide a username and password when
-logging on to the client. Some versions of Explorer will continue to
-send a null username and password, even if you provide a password.</p>
-</li><li>
-<p>You have misspelled the password.</p>
-</li><li>
-<p>You have an <tt class="literal">invalid</tt> <tt class="literal">users</tt> or
-<tt class="literal">valid</tt> <tt class="literal">users</tt> list denying
-permission.</p>
-</li><li>
-<p>Your client is defaulting to encrypted passwords, but Samba is
-configured with the <tt class="literal">encrypt</tt>
-<tt class="literal">passwords</tt> <tt class="literal">=</tt>
-<tt class="literal">no</tt> configuration file parameter.</p>
-</li><li>
-<p>You have a mixed-case password, which the client is supplying in all
-one case.</p>
-</li>
-</ul>
-</li>
-<li>
-<p>If you get <tt class="literal">The</tt> <tt class="literal">network</tt>
-<tt class="literal">name</tt> <tt class="literal">is</tt>
-<tt class="literal">either</tt> <tt class="literal">incorrect</tt>,
-<tt class="literal">or</tt> <tt class="literal">a</tt> <tt class="literal">network</tt>
-<tt class="literal">to</tt> <tt class="literal">which</tt> <tt class="literal">you</tt>
-<tt class="literal">do</tt> <tt class="literal">not</tt> <tt class="literal">have</tt>
-<tt class="literal">full</tt> <tt class="literal">access</tt>, or
-<tt class="literal">Cannot</tt> <tt class="literal">locate</tt>
-<tt class="literal">specified</tt> <tt class="literal">computer</tt>, you might
-have any of the following:</p>
-<ul><li>
-<p>Misspelled name</p>
-</li><li>
-<p>Malfunctioning service</p>
-</li><li>
-<p>Failed share</p>
-</li><li>
-<p>Networking problem</p>
-</li><li>
-<p>Bad <tt class="literal">path</tt> parameter in
-<em class="filename">smb.conf</em></p>
-</li><li>
-<p><tt class="literal">hosts</tt> <tt class="literal">deny</tt> line that excludes
-you</p>
-</li>
-</ul>
-</li>
-<li>
-<p>If you get <tt class="literal">You</tt> <tt class="literal">must</tt>
-<tt class="literal">supply</tt> <tt class="literal">a</tt>
-<tt class="literal">password</tt> <tt class="literal">to</tt>
-<tt class="literal">make</tt> <tt class="literal">this</tt>
-<tt class="literal">connection</tt>, the password on the client is out of
-synchronization with the server, or this is the first time
-you've tried from this client system and the client
-hasn't cached it locally yet.</p>
-</li><li>
-<p>If you get <tt class="literal">Cannot</tt> <tt class="literal">locate</tt>
-<tt class="literal">specified</tt> <tt class="literal">share</tt>
-<tt class="literal">name</tt>, you have a wrong share name or a syntax
-error in specifying it, a share name longer than eight characters, or
-one containing spaces or in mixed case.</p>
-</li></ul>
-<p>Once you can reliably connect to the share, try again, this time
-using your home directory. If you have to change something to get
-home directories working, retest with the first share, and vice
-versa, as we showed in the earlier section, &quot;Testing
-connections with net use.&quot; As always, if Explorer
-fails, drop back to that section and debug the connection there.
-<a name="INDEX-67"/><a name="INDEX-68"/></p>
-
-
-</div>
-
-
-</div>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-2.6"/>
-
-<h3 class="head2">Troubleshooting Browsing</h3>
-
-<p><a name="INDEX-69"/><a name="INDEX-70"/>Finally, we
-come to browsing. We've left this for last, not
-because it is the most difficult, but because it's
-both optional and partially dependent on a protocol that
-doesn't guarantee delivery of a packet. Browsing is
-hard to diagnose if you don't already know that all
-the other services are running.</p>
-
-<p>Browsing is purely optional: it's just a way to find
-the servers on your network and the shares that they provide. Unix
-has nothing of the sort and happily does without. Browsing also
-assumes all your systems are on a local area network (LAN) where
-broadcasts are allowable.</p>
-
-<p>First, the browsing mechanism identifies a system using the
-unreliable UDP protocol; it then makes a normal (reliable) TCP/IP
-connection to list the shares the system provides.</p>
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.6.1"/>
-
-<h3 class="head3">Testing browsing with smbclient</h3>
-
-<p><a name="INDEX-71"/><a name="INDEX-72"/>We'll start with
-testing the reliable connection first. From the server, try listing
-its own shares using <em class="emphasis">smbclient</em> with a
-<tt class="literal">-L</tt> option and your server's name.
-You should get something resembling the following:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L server</b></tt>
-Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0 Server
-time is Tue Apr 28 09:57:28 2002 Timezone is UTC-4.0
-Password:
-Domain=[EXAMPLE] OS=[Unix] Server=[Samba 2.2.5]
-
- Sharename Type Comment
- --------- ---- -------
- cdrom Disk CD-ROM
- cl Printer Color Printer 1
- davecb Disk Home Directories
-
- Server Comment
- --------- -------
- SERVER Samba 2.2.5
-
- Workgroup Master
- --------- -------
- EXAMPLE SERVER</pre></blockquote>
-
-<ul><li>
-<p>If you didn't get a Sharename list, the server is
-not allowing you to browse any shares. This should not be the case if
-you've tested any of the shares with Windows
-Explorer or the <em class="emphasis">net use</em> command. If you
-haven't done the <tt class="literal">smbclient</tt>
-<tt class="literal">-L</tt> <tt class="literal">localhost</tt>
-<tt class="literal">-U%</tt> test yet (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>), do it now. An erroneous
-guest account can prevent the shares from being seen. Also, check the
-<em class="filename">smb.conf</em> file to make sure you do not have the
-option <tt class="literal">browsable</tt> <tt class="literal">=</tt>
-<tt class="literal">no</tt> anywhere in it: we suggest using a minimal
-<em class="filename">smb.conf</em> file (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.1">Section 12.2.5.1</a>). You need to have
-<tt class="literal">browsable</tt> enabled (which is the default) to see
-the share.</p>
-</li><li>
-<p>If you didn't get a browse list, the server is not
-providing information about the systems on the network. At least one
-system on the net must support browse lists. Make sure you have
-<tt class="literal">local</tt> <tt class="literal">master</tt>
-<tt class="literal">=</tt> <tt class="literal">yes</tt> in the
-<em class="filename">smb.conf</em> file if you want Samba to be the local
-master browser.</p>
-</li><li>
-<p>If you got a browse list but didn't get
-<em class="emphasis">/tmp</em>, you probably have a
-<em class="filename">smb.conf</em> problem. Go back to <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>.</p>
-</li><li>
-<p>If you didn't get a workgroup list with your
-workgroup name in it, it is possible that your workgroup is set
-incorrectly in the <em class="filename">smb.conf</em> file.</p>
-</li><li>
-<p>If you didn't get a workgroup list at all, ensure
-that <tt class="literal">workgroup</tt> <tt class="literal">=</tt>
-<tt class="literal">EXAMPLE</tt> is present in the
-<em class="filename">smb.conf</em> file.</p>
-</li><li>
-<p>If you get nothing, try once more with the options
-<tt class="literal">-I</tt> <em class="emphasis">ip_address</em>
-<tt class="literal">-n</tt> <em class="emphasis">netbios_name</em>
-<tt class="literal">-W</tt> <em class="emphasis">workgroup</em>
-<tt class="literal">-d3</tt> with the NetBIOS and workgroup name in
-uppercase. (The <tt class="literal">-d3</tt> option sets the log /debugging
-level to 3.) Then check the Samba logs for clues.</p>
-</li></ul>
-<p>If you're still getting nothing, you
-shouldn't have gotten this far; double back to at
-least <a href="ch12.html#samba2-CHP-12-SECT-2.3.1">Section 12.2.3.1</a>, or perhaps
-<a href="ch12.html#samba2-CHP-12-SECT-2.2.4">Section 12.2.2.4</a>. On the other hand:</p>
-
-<ul><li>
-<p>If you get <tt class="literal">SMBtconX</tt> <tt class="literal">failed</tt>.
-<tt class="literal">ERRSRV--ERRaccess</tt>, you aren't
-permitted access to the server. This normally means you have a
-<tt class="literal">hosts</tt> <tt class="literal">allow</tt> option that
-doesn't include the server or a
-<tt class="literal">hosts</tt> <tt class="literal">deny</tt> option that does.</p>
-</li><li>
-<p>If you get <tt class="literal">Bad</tt> <tt class="literal">password</tt>, you
-presumably have one of the following:</p>
-<ul><li>
-<p>An incorrect <tt class="literal">hosts</tt> <tt class="literal">allow</tt> or
-<tt class="literal">hosts</tt> <tt class="literal">deny</tt> line</p>
-</li><li>
-<p>An incorrect <tt class="literal">invalid</tt> <tt class="literal">users</tt> or
-<tt class="literal">valid</tt> <tt class="literal">users</tt> line</p>
-</li><li>
-<p>A lowercase password and OS/2 or Windows for Workgroups clients</p>
-</li><li>
-<p>A missing or invalid guest account</p>
-</li></ul>
-<p>Check what your guest account is (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>), change or comment out any
-<tt class="literal">hosts</tt> <tt class="literal">allow</tt>,
-<tt class="literal">hosts</tt> <tt class="literal">deny</tt>,
-<tt class="literal">valid</tt> <tt class="literal">users</tt>, or
-<tt class="literal">invalid</tt> <tt class="literal">users</tt> lines, and verify
-your <em class="filename">smb.conf</em> file with
-<tt class="literal">testparm</tt> <tt class="literal">smb.conf</tt>
-<em class="replaceable">your_hostname your_ip_address</em> (see the
-earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.4.5">Section 12.2.4.5</a>).</p>
-</li><li>
-<p>If you get <tt class="literal">Connection</tt> <tt class="literal">refused</tt>,
-the <em class="emphasis">smbd</em> server is not running or has crashed.
-Check that it's up, running, and listening to the
-network with <em class="emphasis">netstat</em>. See the earlier section,
-<a href="ch12.html#samba2-CHP-12-SECT-2.4">Section 12.2.4</a>.</p>
-</li><li>
-<p>If you get <tt class="literal">Get_Hostbyname</tt>:
-<tt class="literal">Unknown</tt> <tt class="literal">host</tt>
-<tt class="literal">name</tt>, you've made a spelling
-error, there is a mismatch between the Unix and NetBIOS hostname, or
-there is a name service problem. Start name service debugging as
-discussed in the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.4">Section 12.2.5.4</a>. If this works, suspect a
-name mismatch, and go to the later section, <a href="ch12.html#samba2-CHP-12-SECT-2.9">Section 12.2.9</a>.</p>
-</li><li>
-<p>If you get <tt class="literal">Session</tt> <tt class="literal">request</tt>
-<tt class="literal">failed</tt>, the server refused the connection. This
-usually indicates an internal error, such as insufficient memory to
-fork a process.</p>
-</li><li>
-<p>If you get <tt class="literal">Your</tt> <tt class="literal">server</tt>
-<tt class="literal">software</tt> <tt class="literal">is</tt>
-<tt class="literal">being</tt> <tt class="literal">unfriendly</tt>, the initial
-session request packet received a garbage response from the server.
-The server might have crashed or started improperly. Go back to <a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>, where the
-problem is first analyzed.</p>
-</li><li>
-<p>If you suspect the server is not running, go back to
-<a href="ch12.html#samba2-CHP-12-SECT-2.4.2">Section 12.2.4.2</a> to see why the server
-daemon isn't responding.</p>
-</li></ul>
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.6.2"/>
-
-<h3 class="head3">Testing the server with nmblookup</h3>
-
-<p><a name="INDEX-73"/><a name="INDEX-74"/>This will test the
-&quot;advertising&quot; system used for
-Windows name services and browsing. Advertising works by broadcasting
-one's presence or willingness to provide services.
-It is the part of browsing that uses an unreliable protocol (UDP) and
-works only on broadcast networks such as Ethernets. The
-<em class="emphasis">nmblookup</em> program broadcasts name queries for
-the hostname you provide and returns its IP address and the name of
-the system, much as <em class="emphasis">nslookup</em> does with DNS.
-Here, the <em class="emphasis">-d</em> (debug or log-level) and
-<em class="emphasis">-B</em> (broadcast address) options direct queries to
-specific systems.</p>
-
-<p>First, we check the server from itself. Run
-<em class="emphasis">nmblookup</em> with a <em class="emphasis">-B</em> option
-of your server's name (to tell it to send the query
-to the Samba server) and a parameter of <tt class="literal">_ _SAMBA_
-_</tt> as the symbolic name to look up. You should get:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>nmblookup -B server _ _SAMBA_ _</b></tt>
-Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0
-Sending queries to 192.168.236.86 192.168.236.86 _ _SAMBA_ _</pre></blockquote>
-
-<p>You should get the IP address of the server, followed by the name
-<tt class="literal">_ _SAMBA_ _</tt> , which means that the server has
-successfully advertised that it has a service called <tt class="literal">_
-_SAMBA_ _</tt> , and therefore at least part of NetBIOS name
-service works.</p>
-
-<ul><li>
-<p>If you get <tt class="literal">Name_query</tt> <tt class="literal">failed</tt>
-<tt class="literal">to</tt> <tt class="literal">find</tt> <tt class="literal">name</tt>
-<tt class="literal">_ _SAMBA_ _</tt>, you might have specified the server
-name to the <em class="emphasis">-B</em> option, or
-<em class="emphasis">nmbd</em> is not running. The <em class="emphasis">-B</em>
-option actually takes a broadcast address: we're
-using a computer name to get a unicast address and to ask the server
-if it has claimed <tt class="literal">_ _SAMBA_ _</tt>. Try again with
-<tt class="literal">nmblookup</tt> <tt class="literal">-B</tt>
-<em class="replaceable">ip_address</em>, and if that fails too,
-<em class="emphasis">nmbd</em> isn't claiming the name.
-Go back briefly to the earlier section, &quot;Testing
-daemons with testparm,&quot; to see if
-<em class="emphasis">nmbd</em> is running. If so, it might not be claiming
-names; this means that Samba is not providing the browsing
-service&mdash;a configuration problem. If that is the case, make sure
-that <em class="filename">smb.conf</em> doesn't contain
-the option <tt class="literal">browsing</tt> <tt class="literal">=</tt>
-<tt class="literal">no</tt>.</p>
-</li></ul>
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.6.3"/>
-
-<h3 class="head3">Testing the client with nmblookup</h3>
-
-<p><a name="INDEX-75"/><a name="INDEX-76"/>Next, check the IP address of the
-client from the server with <em class="emphasis">nmblookup</em> using the
-<tt class="literal">-B</tt> option for the client's name
-and a parameter of '<tt class="literal">*</tt>' meaning
-&quot;anything,&quot; as shown here:</p>
-
-<blockquote><pre class="code">$ <b class="emphasis-bold">nmblookup -B client '*</b>'
-Sending queries to 192.168.236.10 192.168.236.10 *
-Got a positive name query response from 192.168.236.10 (192.168.236.10)</pre></blockquote>
-
-<p>You might get the following error:</p>
-
-<ul><li>
-<p>If you receive <tt class="literal">Name-query</tt>
-<tt class="literal">failed</tt> <tt class="literal">to</tt>
-<tt class="literal">find</tt> <tt class="literal">name</tt> <tt class="literal">*</tt>,
-you have made a spelling mistake, or the client software on the PC
-isn't installed, started, or bound to TCP/IP. Double
-back to <a href="ch03.html">Chapter 3</a> and ensure that you have a
-client installed that is listening to the network.</p>
-</li></ul>
-<p>Repeat the command with the following options if you had any failures:</p>
-
-<ul><li>
-<p>If <tt class="literal">nmblookup</tt> <tt class="literal">-B</tt>
-<em class="replaceable">client_IP_address</em> succeeds but
-<tt class="literal">nmblookup</tt> <tt class="literal">-B</tt>
-<em class="replaceable">client_name</em> fails, there is a name service
-problem with the client's name; go to <a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>, later in this chapter.</p>
-</li><li>
-<p>If <tt class="literal">nmblookup</tt> <tt class="literal">-B</tt>
-<tt class="literal">127.0.0.1</tt> '<tt class="literal">*</tt>' succeeds, but
-<tt class="literal">nmblookup</tt> <tt class="literal">-B</tt>
-<em class="replaceable">client_IP_address</em> fails, there is a
-hardware problem, and <em class="emphasis">ping</em> should have failed.
-See your network manager.</p>
-</li></ul>
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.6.4"/>
-
-<h3 class="head3">Testing the network with nmblookup</h3>
-
-<p><a name="INDEX-77"/><a name="INDEX-78"/>Run the command
-<em class="emphasis">nmblookup</em> again with a <em class="emphasis">-d2</em>
-option (for a debug level of 2) and a parameter of
-'<tt class="literal">*</tt>'. This time we are testing the ability of
-programs (such as <em class="emphasis">nmbd</em> ) to use broadcast.
-It's essentially a connectivity test, done via a
-broadcast to the default broadcast address.</p>
-
-<p>A number of NetBIOS over TCP/IP hosts on the network should respond
-with <tt class="literal">got</tt> <tt class="literal">a</tt>
-<tt class="literal">positive</tt> <tt class="literal">name</tt>
-<tt class="literal">query</tt> <tt class="literal">response</tt> messages. Samba
-might not catch all the responses in the short time it listens, so
-you won't always see all the SMB clients on the
-network. However, you should see most of them:</p>
-
-<blockquote><pre class="code">$ <b class="emphasis-bold">nmblookup -d 2 '*</b>'
-Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0 Sending
-queries to 192.168.236.255
-Got a positive name query response from 192.168.236.191 (192.168.236.191)
-Got a positive name query response from 192.168.236.228 (192.168.236.228)
-Got a positive name query response from 192.168.236.75 (192.168.236.75)
-Got a positive name query response from 192.168.236.79 (192.168.236.79)
-Got a positive name query response from 192.168.236.206 (192.168.236.206)
-Got a positive name query response from 192.168.236.207 (192.168.236.207)
-Got a positive name query response from 192.168.236.217 (192.168.236.217)
-Got a positive name query response from 192.168.236.72 (192.168.236.72) 192.168.236.86 *</pre></blockquote>
-
-<p>However:</p>
-
-<ul><li>
-<p>If this doesn't give at least the client address you
-previously tested, the default broadcast address is wrong. Try
-<tt class="literal">nmblookup</tt> <tt class="literal">-B</tt>
-<tt class="literal">255.255.255.255</tt> <tt class="literal">-d</tt>
-<tt class="literal">2</tt> '<tt class="literal">*</tt>', which is a last-ditch
-variant (using a broadcast address of all 1s). If this draws
-responses, the broadcast address you've been using
-before is wrong. Troubleshooting these is discussed in <a href="ch12.html#samba2-CHP-12-SECT-2.8.2">Section 12.2.8.2</a>, later in this
-chapter.</p>
-</li><li>
-<p>If the address 255.255.255.255 fails too, check your notes to see if
-your PC and server are on different subnets, as discovered in the
-earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.2.4">Section 12.2.2.4</a>. You
-should try to diagnose this step with a server and client on the same
-subnet, but if you can't, you can try specifying the
-remote subnet's broadcast address with
-<em class="emphasis">-B</em>. Finding that address is discussed in <a href="ch12.html#samba2-CHP-12-SECT-2.8.2">Section 12.2.8.2</a>, later in this
-chapter. The <em class="emphasis">-B</em> option will work if your router
-supports directed broadcasts; if it doesn't, you
-might be forced to test with a client on the same network.</p>
-</li></ul>
-<p>As usual, you can check the Samba log files for additional clues.</p>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.6.5"/>
-
-<h3 class="head3">Testing client browsing with net view</h3>
-
-<p><a name="INDEX-79"/><a name="INDEX-80"/>On the client, run the
-command <em class="replaceable">net view \\server</em> in an MS-DOS
-(command prompt) window to see if you can connect to the client and
-ask what shares it provides. You should get back a list of available
-shares on the server.</p>
-
-<p>If this works, continue with the later section <a href="ch12.html#samba2-CHP-12-SECT-3.1">Section 12.3.1</a>. Otherwise:</p>
-
-<ul><li>
-<p>If you get <tt class="literal">Network</tt> <tt class="literal">name</tt>
-<tt class="literal">not</tt> <tt class="literal">found</tt> for the name you just
-tested in the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.6.3">Section 12.2.6.3</a>, there is a problem with the
-client software itself. Double-check this by running
-<em class="emphasis">nmblookup</em> on the client; if it works and
-<em class="emphasis">net view</em> doesn't, the client is
-at fault.</p>
-</li><li>
-<p>If <em class="emphasis">nmblookup</em> fails, there is a NetBIOS name
-service problem, as discussed in the later section, <a href="ch12.html#samba2-CHP-12-SECT-2.9">Section 12.2.9</a>.</p>
-</li><li>
-<p>If you get <tt class="literal">You</tt> <tt class="literal">do</tt>
-<tt class="literal">not</tt> <tt class="literal">have</tt> <tt class="literal">the</tt>
-<tt class="literal">necessary</tt> <tt class="literal">access</tt>
-<tt class="literal">rights</tt>, or <tt class="literal">This</tt>
-<tt class="literal">server</tt> <tt class="literal">is</tt>
-<tt class="literal">not</tt> <tt class="literal">configured</tt>
-<tt class="literal">to</tt> <tt class="literal">list</tt>
-<tt class="literal">shared</tt> <tt class="literal">resources</tt>, either your
-guest account is misconfigured (see the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.5.2">Section 12.2.5.2</a>) or you have a
-<tt class="literal">hosts</tt> <tt class="literal">allow</tt> or
-<tt class="literal">hosts</tt> <tt class="literal">deny</tt> line that prohibits
-connections from your system. These problems should have been
-detected by the <em class="emphasis">smbclient</em> tests starting in the
-earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.6.1">Section 12.2.6.1</a>.</p>
-</li><li>
-<p>If you get <tt class="literal">The</tt> <tt class="literal">specified</tt>
-<tt class="literal">computer</tt> <tt class="literal">is</tt>
-<tt class="literal">not</tt> <tt class="literal">receiving</tt>
-<tt class="literal">requests</tt>, you have misspelled the name, the system
-is unreachable by broadcast (tested in the earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.6.4">Section 12.2.6.4</a>), or it's
-not running <em class="emphasis">nmbd</em>.</p>
-</li><li>
-<p>If you get <tt class="literal">Bad</tt> <tt class="literal">password</tt>
-<tt class="literal">error</tt>, you're probably
-encountering the Microsoft-encrypted password problem, as discussed
-earlier in this chapter and in <a href="ch09.html">Chapter 9</a>, with its
-corrections.</p>
-</li></ul>
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.6.6"/>
-
-<h3 class="head3">Browsing the server from the client</h3>
-
-<p><a name="INDEX-81"/><a name="INDEX-82"/>From the Windows Network
-Neighborhood (or My Network Places in newer releases), try to browse
-the server. Your Samba server should appear in the browse list of
-your local workgroup. You should be able to double-click the name of
-the server to get a list of shares.</p>
-
-<ul><li>
-<p>If you get an <tt class="literal">Invalid</tt> <tt class="literal">password</tt>
-error, it's most likely the encryption problem
-again.</p>
-</li><li>
-<p>If you receive an <tt class="literal">Unable</tt> <tt class="literal">to</tt>
-<tt class="literal">browse</tt> <tt class="literal">the</tt>
-<tt class="literal">network</tt> error, one of the following has occurred:</p>
-<ul><li>
-<p>You have looked too soon, before the broadcasts and updates have
-completed. Wait 30 seconds and try again.</p>
-</li><li>
-<p>There is a network problem you've not yet diagnosed.</p>
-</li><li>
-<p>There is no browse master. Add the configuration option
-<tt class="literal">local</tt> <tt class="literal">master</tt>
-<tt class="literal">=</tt> <tt class="literal">yes</tt> to your
-<em class="emphasis">smb.conf</em> file.</p>
-</li><li>
-<p>No shares are made browsable in the <em class="emphasis">smb.conf</em>
-file.</p>
-</li></ul>
-</li>
-<li>
-<p>If you receive the message <tt class="literal">\\server</tt>
-<tt class="literal">is</tt> <tt class="literal">not</tt>
-<tt class="literal">accessible</tt> then:</p>
-<ul><li>
-<p>You have the encrypted password problem.</p>
-</li><li>
-<p>The system really isn't accessible.</p>
-</li><li>
-<p>The system doesn't support browsing.</p>
-</li></ul>
-</li>
-</ul>
-
-<p>If you've made it this far and the problem is not
-yet solved, either the problem is one we've not yet
-seen, or it is a problem related to a topic we have already covered,
-and further analysis is required. Name resolution is often related to
-difficulties with Samba, so we cover it in more detail in the next
-sections. If you know your problem is not related to name resolution,
-skip to the <a href="ch12.html#samba2-CHP-12-SECT-3">Section 12.3</a> at the end of the chapter. <a name="INDEX-83"/><a name="INDEX-84"/></p>
-
-
-</div>
-
-
-</div>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-2.7"/>
-
-<h3 class="head2">Troubleshooting Name Services</h3>
-
-<p><a name="INDEX-85"/><a name="INDEX-86"/>This
-section looks at simple troubleshooting of all the name services
-you'll encounter, but only for the common problems
-that affect Samba.</p>
-
-<p>There are several good references for troubleshooting particular name
-services: Paul <a name="INDEX-87"/>Albitz and Cricket <a name="INDEX-88"/>Liu's <em class="emphasis">DNS and
-Bind</em> (O'Reilly) covers the DNS, Hal
-<a name="INDEX-89"/>Stern's <em class="emphasis">NFS and
-NIS</em> (O'Reilly) covers NIS
-(&quot;Yellow pages&quot;), while Windows
-Internet Name Service (WINS), <em class="filename">hosts/LMHOSTS</em>
-files, and NIS+ are best covered by their respective
-vendors' manuals.</p>
-
-<p>The problems addressed in this section are as follows:</p>
-
-<ul><li>
-<p>Name services are identified.</p>
-</li><li>
-<p>A hostname can't be looked up.</p>
-</li><li>
-<p>The long (FQDN) form of a hostname works but the short form
-doesn't.</p>
-</li><li>
-<p>The short form of the name works, but the long form
-doesn't.</p>
-</li><li>
-<p>A long delay occurs before the expected result.</p>
-</li></ul>
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.7.1"/>
-
-<h3 class="head3">Identifying what's in use</h3>
-
-<p><a name="INDEX-90"/>First, see if both the
-server and the client are using DNS, WINS, NIS, or
-<em class="filename">hosts</em> files to look up IP addresses when you
-give them a name. Each kind of system has a different preference:</p>
-
-<ul><li>
-<p>Windows 95/98/Me tries WINS and the <em class="filename">LMHOSTS</em> file
-first, then broadcast, and finally DNS and <em class="filename">HOSTS</em>
-files.</p>
-</li><li>
-<p>Windows NT/2000/XP tries WINS, then broadcast, then the
-<em class="filename">LMHOSTS</em> file, and finally
-<em class="filename">HOSTS</em> and DNS.</p>
-</li><li>
-<p>Windows programs using the WINSOCK standard use the HOSTS file, DNS,
-WINS, and then broadcast. Don't assume that if a
-different program's name service works, the SMB
-client program's name service will!</p>
-</li><li>
-<p>Samba daemons use <em class="filename">lmhosts</em>, WINS, the Unix
-system's name resolution, and then broadcast.</p>
-</li><li>
-<p>Unix systems can be configured to use any combination of DNS,
-<em class="filename">HOSTS</em> files, NIS or NIS+, and winbind, generally
-in any order.</p>
-</li></ul>
-<p>We recommend that the client systems be configured to use WINS and
-DNS, the Samba daemons to use WINS and DNS, and the Unix server to
-use DNS, <em class="filename">hosts</em> files, and perhaps NIS+.
-You'll have to look at your notes and the actual
-systems to see which is in use.</p>
-
-<p>On the clients, the name services are all set in the TCP/IP
-Properties panel of the Networking Control Panel, as discussed in
-<a href="ch03.html">Chapter 3</a>. You might need to check there to see
-what you've actually turned on. On the server, see
-if a <em class="filename">/etc/resolv.conf</em> file exists. If it does,
-you're using DNS. You might be using the others as
-well, though. You'll need to check for NIS and
-combinations of services.</p>
-
-<p>Check for a <em class="filename">/etc/nsswitch.conf</em> file on Solaris
-and other System V Unix operating systems. If you have one, look for
-a line that begins with <tt class="literal">host</tt>: followed by one or
-more of <tt class="literal">files</tt>, <tt class="literal">bind</tt>,
-<tt class="literal">nis</tt>, or <tt class="literal">nis+</tt>. These are the
-name services to use, in order, with optional extra material in
-square brackets. The <tt class="literal">files</tt> keyword is for
-using <em class="emphasis">HOSTS</em> files, while <tt class="literal">bind</tt>
-(the Berkeley Internet Name Daemon) refers to using DNS.</p>
-
-<p>If the client and server differ, the first thing to do is to get them
-in sync. Clients can use DNS, WINS, <em class="emphasis">HOSTS</em>, and
-<em class="emphasis">LMHOSTS</em> files, but not NIS or NIS+. Servers can
-use <em class="emphasis">HOSTS</em> and <em class="filename">LMHOSTS</em>
-files, DNS, NIS or NIS+, and winbind, but not WINS&mdash;even if your
-Samba server provides WINS services. If you can't
-get all the systems to use the same services, you'll
-have to check the server and the client carefully for the same data.</p>
-
-<p>You can also make use of the <em class="emphasis">-R</em> (resolve order)
-option for <em class="emphasis">smbclient</em>. If you want to
-troubleshoot WINS, for example, you'd say:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L </b></tt><em class="replaceable">server</em> <tt class="userinput"><b>-R wins</b></tt></pre></blockquote>
-
-<p>The possible settings are <tt class="literal">hosts</tt> (which means
-whatever the Unix system is using, not just<em class="filename">
-/etc/hosts</em> files), <tt class="literal">lmhosts</tt>,
-<tt class="literal">wins</tt>, and <tt class="literal">bcast</tt> (broadcast).</p>
-
-<p>In the following sections, we use the term <em class="emphasis">long
-name</em> for a fully qualified domain name (FQDN), such as
-<tt class="literal">server.example.com</tt> , and the term <em class="emphasis">short
-name</em> for the host part of an FQDN, such as
-<tt class="literal">server</tt>.</p>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.7.2"/>
-
-<h3 class="head3">Cannot look up hostnames</h3>
-
-<p><a name="INDEX-91"/>Try the
-following:</p>
-
-<dl>
-<dt><b>DNS</b></dt>
-<dd>
-<p>Run <tt class="literal">nslookup</tt> <em class="replaceable">name</em>. If
-this fails, look for a <em class="filename">resolv.conf</em> error, a
-downed DNS server, or a short/long name problem (see the next
-section). Try the following:</p>
-
-
-<ul><li>
-<p>Your <em class="filename">/etc/resolv.conf</em> file should contain one or
-more <tt class="literal">nameserver</tt> lines, each with an IP address.
-These are the addresses of your DNS servers.</p>
-</li><li>
-<p>Ping each server address you find. If this fails for one, suspect the
-system. If it fails for each, suspect your network.</p>
-</li><li>
-<p>Retry the lookup using the full domain name (e.g.,
-<tt class="literal">server.example.com</tt>) if you tried the short name
-first, or the short name if you tried the long name first. If results
-differ, skip to the next section.</p>
-</li></ul>
-</dd>
-
-
-
-<dt><b>Broadcast/ WINS</b></dt>
-<dd>
-<p>Broadcast/ WINS does only short names such as
-<tt class="literal">server</tt>, and not long ones, such as
-<tt class="literal">server.example.com</tt>. Run
-<tt class="literal">nmblookup</tt> <tt class="literal">-S</tt>
-<em class="replaceable">server</em>. This reports everything broadcast
-has registered for the name. In our example, it looks like this:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>nmblookup -S server</b></tt>
-Looking up status of 192.168.236.86
-received 10 names
- SERVER &lt;00&gt; - M &lt;ACTIVE&gt;
- SERVER &lt;03&gt; - M &lt;ACTIVE&gt;
- SERVER &lt;1f&gt; - M &lt;ACTIVE&gt;
- SERVER &lt;20&gt; - M &lt;ACTIVE&gt;
- ..__MSBROWSE__. &lt;01&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt;
- MYGROUP &lt;00&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt;
- MYGROUP &lt;1b&gt; - M &lt;ACTIVE&gt;
- MYGROUP &lt;1c&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt;
- MYGROUP &lt;1d&gt; - M &lt;ACTIVE&gt;
- MYGROUP &lt;1e&gt; - &lt;GROUP&gt; M &lt;ACTIVE&gt;</pre></blockquote>
-
-<p>The required entry is <tt class="literal">SERVER</tt>
-<tt class="literal">&lt;00&gt;</tt>, which identifies
-<em class="replaceable">server</em> as being this
-system's NetBIOS name. You should also see your
-workgroup mentioned one or more times. If these lines are missing,
-Broadcast/WINS cannot look up names and will need attention.</p>
-
-<a name="samba2-CHP-12-NOTE-160"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
-<p>The numbers in angle brackets in the previous output identify NetBIOS
-names as being workgroups, workstations, and file users of the
-messenger service, master browsers, domain master browsers, domain
-controllers, and a plethora of others. We primarily use
-<tt class="literal">&lt;00&gt;</tt> to identify system and workgroup names
-and <tt class="literal">&lt;20&gt;</tt> to identify systems as servers. The
-complete list is available at <a href="http://support.microsoft.com/support/kb/articles/q163/4/09.asp">http://support.microsoft.com/support/kb/articles/q163/4/09.asp</a>.</p>
-</blockquote>
-</dd>
-
-
-
-<dt><b>NIS</b></dt>
-<dd>
-<p>Try <tt class="literal">ypmatch</tt> <tt class="literal">name</tt>
-<tt class="literal">hosts</tt>. If this fails, NIS is down. Find out the
-NIS server's name by running
-<em class="emphasis">ypwhich</em>, and ping the system to see if
-it's accessible.</p>
-</dd>
-
-
-
-<dt><b>NIS+</b></dt>
-<dd>
-<p>If you're running NIS+, try
-<tt class="literal">nismatch</tt> <tt class="literal">name</tt>
-<tt class="literal">hosts</tt>. If this fails, NIS is down. Find out the
-NIS+ server's name by running
-<em class="emphasis">niswhich</em>, and ping that system to see if
-it's accessible.</p>
-</dd>
-
-
-
-<dt><b>hosts and HOSTS files</b></dt>
-<dd>
-<p>Inspect the <em class="filename">HOSTS</em> file on the client
-(<em class="filename">C:\Windows\ Hosts</em> on Windows 95/98/Me, and
-<em class="filename">C:\WINNT \system32\drivers\etc\hosts</em> on Windows
-NT/2000/XP). Each line should have an IP number and one or more
-names, the primary name first, then any optional aliases. An example
-follows:</p>
-
-
-<blockquote><pre class="code">127.0.0.1 localhost
-192.168.236.1 dns.svc.example.com
-192.168.236.10 client.example.com client
-192.168.236.11 backup.example.com loghost
-192.168.236.86 server.example.com server
-192.168.236.254 router.svc.example.com</pre></blockquote>
-
-<p>On Unix, <tt class="literal">localhost</tt> should always be 127.0.0.1,
-although it might be just an alias for a hostname on the PC. On the
-client, check that there are no <tt class="literal">#XXX</tt> directives at
-the ends of the lines; these are LAN Manager/NetBIOS directives and
-should appear only in <em class="emphasis">LMHOSTS</em> files.</p>
-</dd>
-
-
-
-<dt><b>LMHOSTS files</b></dt>
-<dd>
-<p>This file is a local source for LAN Manager (NetBIOS) names. It has a
-format similar to <em class="filename">hosts</em> files, but it does not
-support long-form domain names (e.g.,
-<tt class="literal">server.example.com</tt>) and can have a number of
-optional <tt class="literal">#XXX</tt> directives following the NetBIOS
-names. There is usually an <em class="emphasis">lmhosts.sam</em> (for
-sample) file located in <em class="filename">C:\Windows</em> on Windows
-95/98/Me, and in <em class="filename">C:\WINNT\system32\drivers\etc</em>
-on Windows NT/2000/XP, but it's not used unless it
-is renamed to <em class="emphasis">Lmhosts</em> in the same directory.</p>
-</dd>
-
-</dl>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.7.3"/>
-
-<h3 class="head3">Long and short hostnames</h3>
-
-<p><a name="INDEX-92"/>Where the long (FQDN) form of a hostname
-works but the short name doesn't (for example,
-<tt class="literal">client.example.com</tt> works but
-<tt class="literal">client</tt> doesn't), consider the
-following:</p>
-
-<dl>
-<dt><b>DNS </b></dt>
-<dd>
-<p>This usually indicates that there is no default domain in which to
-look up the short names. Look for a <tt class="literal">default</tt> line
-in <em class="filename">/etc/resolv.conf</em> on the Samba server with
-your domain in it, or look for a <tt class="literal">search</tt> line with
-one or more domains in it. One or the other might need to be present
-to make short names usable; which one depends on the vendor and
-version of the DNS resolver. Try adding <tt class="literal">domain</tt>
-<em class="replaceable">your_domain</em> to
-<em class="filename">resolv.conf</em>, and ask your network or DNS
-administrator what should be in the file.</p>
-</dd>
-
-
-
-<dt><b>Broadcast/WINS </b></dt>
-<dd>
-<p>Broadcast/WINS doesn't support long names; it
-won't suffer from this problem.</p>
-</dd>
-
-
-
-<dt><b>NIS </b></dt>
-<dd>
-<p>Try the command <tt class="literal">ypmatch</tt>
-<em class="replaceable">hostname</em> <tt class="literal">hosts</tt>. If you
-don't get a match, your tables
-don't include short names. Speak to your network
-manager; short names might be missing by accident or might be
-unsupported as a matter of policy. Some sites don't
-ever use (ambiguous) short names.</p>
-</dd>
-
-
-
-<dt><b>NIS+</b></dt>
-<dd>
-<p>Try <tt class="literal">nismatch</tt> <em class="replaceable">hostname</em>
-<tt class="literal">hosts</tt>, and treat failure exactly as with NIS.</p>
-</dd>
-
-
-
-<dt><b>hosts </b></dt>
-<dd>
-<p>If the short name is not in <em class="filename">/etc/hosts</em>, consider
-adding it as an alias. Avoid, if you can, short names as primary
-names (the first one on a line). Have them as aliases if your system
-permits.</p>
-</dd>
-
-
-
-<dt><b>LMHOSTS </b></dt>
-<dd>
-<p>LAN Manager doesn't support long names, so it
-won't suffer from this problem.</p>
-</dd>
-
-</dl>
-
-<p>On the other hand, if the short form of the name works and the long
-form doesn't, consider the following:</p>
-
-<dl>
-<dt><b>DNS </b></dt>
-<dd>
-<p>This is bizarre; see your network or DNS administrator, as this is
-probably a DNS setup error.</p>
-</dd>
-
-
-
-<dt><b>Broadcast/WINS </b></dt>
-<dd>
-<p>This is normal; Broadcast/WINS can't use the long
-form. Optionally, consider DNS. (Be aware that Microsoft has stated
-that it will eventually switch entirely to DNS, even though DNS does
-not provide name types such as &lt;00&gt;.)</p>
-</dd>
-
-
-
-<dt><b>NIS</b></dt>
-<dd>
-<p>If you can use <em class="emphasis">ypmatch</em> to look up the short form
-but not the long, consider adding the long form to the table as at
-least an alias.</p>
-</dd>
-
-
-
-<dt><b>NIS+ </b></dt>
-<dd>
-<p>Same as NIS, except you use <em class="emphasis">nismatch</em> instead of
-<em class="emphasis">ypmatch</em> to look up names.</p>
-</dd>
-
-
-
-<dt><b>hosts and HOSTS</b></dt>
-<dd>
-<p>Add the long name as at least an alias, and preferably as the primary
-form. Also consider using DNS if it's practical.</p>
-</dd>
-
-
-
-<dt><b>LMHOSTS </b></dt>
-<dd>
-<p>This is normal. LAN Manager can't use the long form;
-consider switching to DNS or <em class="filename">hosts</em>.</p>
-</dd>
-
-</dl>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.7.4"/>
-
-<h3 class="head3">Unusual delays</h3>
-
-<p><a name="INDEX-93"/>When there is a long delay before the
-expected result:</p>
-
-<dl>
-<dt><b>DNS </b></dt>
-<dd>
-<p>Test the same name with the <em class="emphasis">nslookup</em> command on
-the system that is slow (client or server). If
-<em class="emphasis">nslookup</em> is also slow, you have a DNS problem.
-If it's slower on a client, you might have too many
-protocols bound to the Ethernet card. Eliminate NetBEUI, which is
-infamously slow, and, optionally, Novell&mdash;assuming you
-don't need them. This is especially important on
-Windows 95, which is particularly sensitive to excess protocols.</p>
-</dd>
-
-
-
-<dt><b>Broadcast/ WINS</b></dt>
-<dd>
-<p>Test the client using <em class="emphasis">nmblookup</em>; if
-it's faster, you probably have the protocols problem
-as mentioned in the previous item.</p>
-</dd>
-
-
-
-<dt><b>NIS</b></dt>
-<dd>
-<p>Try <em class="emphasis">ypmatch</em>; if it's slow,
-report the problem to your network manager.</p>
-</dd>
-
-
-
-<dt><b>NIS+ </b></dt>
-<dd>
-<p>Try <em class="emphasis">nismatch</em>, similarly.</p>
-</dd>
-
-
-
-<dt><b>hosts and HOSTS</b></dt>
-<dd>
-<p>The <em class="emphasis">hosts</em> files, if of reasonable size, are
-always fast. You probably have the protocols problem mentioned
-previously under DNS.</p>
-</dd>
-
-
-
-<dt><b>lmhosts and LMHOSTS</b></dt>
-<dd>
-<p>This is not a name lookup problem; <em class="emphasis">LMHOSTS</em> files
-are as fast as <em class="emphasis">hosts</em> and
-<em class="filename">HOSTS</em> files.</p>
-</dd>
-
-</dl>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.7.5"/>
-
-<h3 class="head3">Localhost issues</h3>
-
-<p><a name="INDEX-94"/>When a localhost isn't
-127.0.0.1, try the following:</p>
-
-<dl>
-<dt><b>DNS</b></dt>
-<dd>
-<p>There is probably no record for <tt class="literal">localhost</tt>.
-<tt class="literal">A</tt> <tt class="literal">127.0.0.1</tt>. Arrange to add
-one, as well as a reverse entry,
-<tt class="literal">1.0.0.127.IN-ADDR.ARPA</tt> <tt class="literal">PTR</tt>
-<tt class="literal">127.0.0.1</tt>.</p>
-</dd>
-
-
-
-<dt><b>Broadcast/WINS</b></dt>
-<dd>
-<p>Not applicable.</p>
-</dd>
-
-
-
-<dt><b>NIS</b></dt>
-<dd>
-<p>If <tt class="literal">localhost</tt> isn't in the table,
-add it.</p>
-</dd>
-
-
-
-<dt><b>NIS+ </b></dt>
-<dd>
-<p>If <tt class="literal">localhost</tt> isn't in the table,
-add it.</p>
-</dd>
-
-
-
-<dt><b>hosts and HOSTS</b></dt>
-<dd>
-<p>Add a line that says <tt class="literal">127.0.0.1</tt>
-<tt class="literal">localhost</tt>.</p>
-</dd>
-
-
-
-<dt><b>LMHOSTS</b></dt>
-<dd>
-<p>Not applicable. <a name="INDEX-95"/><a name="INDEX-96"/></p>
-</dd>
-
-</dl>
-
-
-</div>
-
-
-</div>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-2.8"/>
-
-<h3 class="head2">Troubleshooting Network Addresses</h3>
-
-<p><a name="INDEX-97"/><a name="INDEX-98"/>A
-number of common problems are caused by incorrect routing of Internet
-addresses or by the incorrect assignment of addresses. This section
-helps you determine what your addresses are.</p>
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.8.1"/>
-
-<h3 class="head3">Netmasks</h3>
-
-<p>Using the <a name="INDEX-99"/>netmask, it is possible to
-determine which addresses can be reached directly (i.e., which are on
-the local network) and which addresses require forwarding packets
-through a router. If the netmask is wrong, the systems will make one
-of two mistakes. One is to route local packets via a router, which is
-an expensive waste of time&mdash;it might work reasonably fast, it
-might run slowly, or it might fail utterly. The second mistake is to
-fail to send packets from a remote system to the router, which will
-prevent them from being forwarded to the remote system.</p>
-
-<p>The netmask is a number like an IP address, with one-bits for the
-network part of an address and zero-bits for the host portion. It is
-used as a bitmask to mask off parts of the address inside the TCP/IP
-code. If the mask is 255.255.0.0, the first 2 bytes are the network
-part and the last 2 are the host part. More common is 255.255.255.0,
-in which the first 3 bytes are the network part and the last one is
-the host part.</p>
-
-<p>For example, let's say your IP address is
-192.168.0.10 and the Samba server is 192.168.236.86. If your netmask
-happens to be 255.255.255.0, the network part of the address is the
-first 3 bytes, and the host part is the last byte. In this case, the
-network parts are different, and the systems are on different
-networks:</p>
-
-<a name="ch12-37-fm2xml"/><table border="1">
-
-
-
-<tr>
-<th>
-<p>Network part</p>
-</th>
-<th>
-<p>Host part</p>
-</th>
-</tr>
-
-
-<tr>
-<td>
-<p>192 168 000</p>
-</td>
-<td>
-<p>10</p>
-</td>
-</tr>
-<tr>
-<td>
-<p>192 168 235</p>
-</td>
-<td>
-<p>86</p>
-</td>
-</tr>
-
-</table>
-
-<p>If your netmask happens to be 255.255.0.0, the network part is just
-the first 2 bytes. In this case, the network parts match, and so the
-two systems are on the same network:</p>
-
-<a name="ch12-38-fm2xml"/><table border="1">
-
-
-
-<tr>
-<th>
-<p>Network part</p>
-</th>
-<th>
-<p>Host part</p>
-</th>
-</tr>
-
-
-<tr>
-<td>
-<p>192 168</p>
-</td>
-<td>
-<p>000 10</p>
-</td>
-</tr>
-<tr>
-<td>
-<p>192 168</p>
-</td>
-<td>
-<p>236 86</p>
-</td>
-</tr>
-
-</table>
-
-<p>Make sure the netmask in use on each system matches the structure of
-your network. On every subnet, the netmask should be identical on
-each system.</p>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.8.2"/>
-
-<h3 class="head3">Broadcast addresses</h3>
-
-<p>The <a name="INDEX-100"/>broadcast address is a normal address,
-with the hosts part all one-bits. It means &quot;all
-hosts on your network.&quot; You can compute it easily
-from your netmask and address: take the address and put one-bits in
-it for all the bits that are zero at the end of the netmask (the host
-part). The following table illustrates this:</p>
-
-<a name="ch12-39-fm2xml"/><table border="1">
-
-
-
-
-<tr>
-<th>
-</th>
-<th>
-<p>Network part</p>
-</th>
-<th>
-<p>Host part</p>
-</th>
-</tr>
-
-
-<tr>
-<td>
-<p>IP address</p>
-</td>
-<td>
-<p>192 168 236</p>
-</td>
-<td>
-<p>86</p>
-</td>
-</tr>
-<tr>
-<td>
-<p>Netmask</p>
-</td>
-<td>
-<p>255 255 255</p>
-</td>
-<td>
-<p>000</p>
-</td>
-</tr>
-<tr>
-<td>
-<p>Broadcast</p>
-</td>
-<td>
-<p>192 168 236</p>
-</td>
-<td>
-<p>255</p>
-</td>
-</tr>
-
-</table>
-
-<p>In this example, the broadcast address on the 192.168.236 network is
-192.168.236.255. There is also an old
-&quot;universal&quot; broadcast address,
-255.255.255.255. Routers are prohibited from forwarding these, but
-most systems on your local network will respond to broadcasts to this
-address.</p>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.8.3"/>
-
-<h3 class="head3">Network address ranges</h3>
-
-<p>A <a name="INDEX-101"/>number of address ranges have been
-reserved for testing and for nonconnected networks; we use these for
-the examples in this book. If you don't have an
-address yet, feel free to use one of these to start. They include one
-class A network, 10.*.*.*, a range of class B network addresses,
-172.16.*.* through 172.31.*.*, and 254 class C networks, 192.168.1.*
-through 192.168.254.*. The domain <tt class="literal">example.com</tt> is
-also reserved for unconnected networks, explanatory examples, and
-books.</p>
-
-<p>If you're actually connecting to the Internet,
-you'll need to get an appropriate IP address and a
-domain name, probably through the same company that provides your
-connection.</p>
-
-
-</div>
-
-
-
-<div class="sect3"><a name="samba2-CHP-12-SECT-2.8.4"/>
-
-<h3 class="head3">Finding your network address</h3>
-
-<p><a name="INDEX-102"/>If you
-haven't recorded your IP address, you can learn it
-through the <em class="emphasis">ifconfig</em><a name="INDEX-103"/> command on Unix or the
-<em class="emphasis">ipconfig</em> <a name="INDEX-104"/>command on Windows. (Check your manual
-pages for any options required by your brand of Unix. For example,
-<tt class="literal">ifconfig</tt> <tt class="literal">-a</tt> works on Solaris.)
-You should see output similar to the following:</p>
-
-<blockquote><pre class="code">$ <tt class="userinput"><b>ifconfig -a</b></tt>
-le0: flags=63&lt;UP,BROADCAST,NOTRAILERS,RUNNING &gt;
- inet 192.168.236.11 netmask ffffff00 broadcast 192.168.236.255
-lo0: flags=49&lt;&amp;lt&gt;UP,LOOPBACK,RUNNING&lt;&amp;gt&gt;
- inet 127.0.0.1 netmask ff000000</pre></blockquote>
-
-<p>One of the interfaces will be loopback (in our examples,
-<tt class="literal">lo0</tt>), and the other will be the regular IP
-interface. The flags should show that the interface is running, and
-Ethernet interfaces will also say they support broadcasts (PPP
-interfaces don't). The other places to look for IP
-addresses are <em class="filename">/etc/hosts</em> files, Windows
-<em class="emphasis">HOSTS</em> files, Windows
-<em class="emphasis">LMHOSTS</em> files, NIS, NIS+, and DNS. <a name="INDEX-105"/><a name="INDEX-106"/></p>
-
-
-</div>
-
-
-</div>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-2.9"/>
-
-<h3 class="head2">Troubleshooting NetBIOS Names</h3>
-
-<p><a name="INDEX-107"/><a name="INDEX-108"/>Historically, SMB protocols have
-depended on the NetBIOS name system, also called the LAN Manager name
-system. This was a simple scheme where each system had a unique
-20-character name and broadcast it on the LAN for everyone to know.
-With TCP/IP, we tend to use names such as
-<tt class="literal">client.example.com</tt>, stored in
-<em class="filename">/etc/hosts</em> files through DNS or WINS.</p>
-
-<p>The usual mapping of domain names such as
-<tt class="literal">server.example.com</tt> to NetBIOS names simply uses
-the <tt class="literal">server</tt> part as the NetBIOS name and converts
-it to uppercase. Alas, this doesn't always work,
-especially if you have a system with a 21-character name; not
-everyone uses the same NetBIOS and DNS names. For example,
-<tt class="literal">corpvm1</tt> along with <tt class="literal">vm1.corp.com</tt>
-is not unusual.</p>
-
-<p>A system with a different NetBIOS name and domain name is confusing
-when you're troubleshooting; we recommend that you
-try to avoid this wherever possible. NetBIOS names are discoverable
-with <em class="emphasis">smbclient</em> :</p>
-
-<ul><li>
-<p>If you can list shares on your Samba server with
-<tt class="literal">smbclient</tt> <tt class="literal">-L</tt>
-<tt class="literal">short_name</tt>, the short name is the NetBIOS name.</p>
-</li><li>
-<p>If you get <tt class="literal">Get_Hostbyname</tt>:
-<tt class="literal">Unknown</tt> <tt class="literal">host</tt>
-<tt class="literal">name</tt>, there is probably a mismatch. Check in the
-<em class="filename">smb.conf</em> file to see if the NetBIOS name is
-explicitly set.</p>
-</li><li>
-<p>Try to list shares again, specifying <tt class="literal">-I</tt> and the IP
-address of the Samba server (e.g., <tt class="literal">smbclient</tt>
-<tt class="literal">-L</tt> <tt class="literal">server</tt> <tt class="literal">-I</tt>
-<tt class="literal">192.168.236.86</tt>). This overrides the name lookup
-and forces the packets to go to the IP address. If this works, there
-was a mismatch.</p>
-</li><li>
-<p>Try with <tt class="literal">-I</tt> and the full domain name of the server
-(e.g., <tt class="literal">smbclient</tt> <tt class="literal">-L</tt>
-<tt class="literal">server</tt> <tt class="literal">-I</tt>
-<tt class="literal">server.example.com</tt>). This tests the lookup of the
-domain name, using whatever scheme the Samba server uses (e.g., DNS).
-If it fails, you have a name service problem. You should reread the
-earlier section, <a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>,
-after you finish troubleshooting the NetBIOS names.</p>
-</li><li>
-<p>Try with the <tt class="literal">-n</tt> (NetBIOS name) option, giving it
-the name you expect to work (e.g., <tt class="literal">smbclient</tt>
-<tt class="literal">-n</tt> <tt class="literal">server</tt> <tt class="literal">-L</tt>
-<tt class="literal">server-12</tt>), but without overriding the IP address
-through <tt class="literal">-I</tt>. If this works, the name you specified
-with <tt class="literal">-n</tt> is the actual NetBIOS name of the server.
-If you receive <tt class="literal">Get-Hostbyname</tt>:
-<tt class="literal">Unknown</tt> <tt class="literal">host</tt>
-<tt class="literal">SERVER</tt>, it's not the right server
-yet.</p>
-</li><li>
-<p>If nothing is working so far, repeat the tests specifying
-<tt class="literal">-U</tt> <em class="emphasis">username</em> and
-<tt class="literal">-W</tt> <em class="emphasis">workgroup</em>, with the
-username and workgroup in uppercase, to make sure
-you're not being derailed by a user or workgroup
-mismatch.</p>
-</li><li>
-<p>If still nothing works and you had evidence of a name service
-problem, troubleshoot the name service (see the earlier section,
-<a href="ch12.html#samba2-CHP-12-SECT-2.7">Section 12.2.7</a>) and then return to
-the NetBIOS name service. <a name="INDEX-109"/><a name="INDEX-110"/></p>
-</li></ul>
-
-</div>
-
-
-</div>
-
-
-
-<div class="sect1"><a name="samba2-CHP-12-SECT-3"/>
-
-<h2 class="head1">Extra Resources</h2>
-
-<p>At some point during your work with Samba, you'll
-want to turn to online or printed resources for news, updates, and
-aid.</p>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-3.1"/>
-
-<h3 class="head2">Documentation and FAQs</h3>
-
-<p>It's OK to read the <a name="INDEX-111"/><a name="INDEX-112"/>documentation. Really. Nobody can see you,
-and we won't tell. In fact, Samba ships with a large
-set of documentation files, and it is well worth the effort to at
-least browse through them, either in the distribution directory on
-your computer under <em class="filename">/docs</em> or online at the Samba
-web site: <a href="http://www.samba.org">http://www.samba.org</a>. The most current
-FAQ list, bug information, and distribution locations are located at
-the web site, with links to all the Samba manual pages and HOWTOs.</p>
-
-
-</div>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-3.2"/>
-
-<h3 class="head2">Samba Newsgroups</h3>
-
-<p><a name="INDEX-113"/>Usenet
-newsgroups have always been a great place to get advice on just about
-any topic. In the past few years, though, this vast pool of knowledge
-has developed something that has made it into an invaluable resource:
-a memory. Archival and search sites such as the one at
-<a name="INDEX-114"/>Google (<a href="http://groups.google.com/advanced_group_search">http://groups.google.com/advanced_group_search</a>)
-have made sifting through years of valuable solutions as simple as a
-few mouse clicks.</p>
-
-<p>The primary newsgroup for Samba is
-<em class="emphasis">comp.protocols.smb</em><a name="INDEX-115"/>. This should always be your first
-stop when there's a problem. More often than not,
-spending 5 minutes researching an error here will save hours of
-frustration while trying to debug something yourself.</p>
-
-<p>When searching a newsgroup, try to be as specific as possible, but
-not too wordy. Searching on actual error messages is best. If you
-don't find an answer immediately in the newsgroup,
-resist the temptation to post a request for help until
-you've done a bit more work on the problem. You
-might find that the answer is in a FAQ or one of the many
-documentation files that ship with Samba, or a solution might become
-evident when you run one of Samba's diagnostic
-tools. If nothing works, post a request in
-<em class="emphasis">comp.protocols.smb</em>, and be as specific as
-possible about what you have tried and what you are seeing. Include
-any error messages that appear. It might be days before you receive
-help, so be patient and keep trying things while you wait.</p>
-
-<a name="samba2-CHP-12-NOTE-161"/><blockquote class="note"><h4 class="objtitle">TIP</h4>
-<p>Once you post a request for help, keep poking at the problem
-yourself. Most of us have had the experience of posting a Usenet
-article containing hundreds of lines of intricate detail, only to
-solve the problem an hour later after the article has blazed its way
-across several continents. The rule of thumb goes something like
-this: the more folks who have read your request, the simpler the
-solution. Usually this means that once everyone in the Unix community
-has seen your article, the solution will be something simple such as,
-&quot;Plug the power cord into the wall
-socket.&quot;</p>
-</blockquote>
-
-
-</div>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-3.3"/>
-
-<h3 class="head2">Samba Mailing Lists</h3>
-
-<p>The following are <a name="INDEX-116"/>mailing lists for support with Samba. See
-the Samba home page, <a href="http://www.samba.org/">http://www.samba.org/</a>, for
-information on subscribing and unsubscribing to these mailing lists:</p>
-
-<dl>
-<dt><b>samba@samba.org</b></dt>
-<dd>
-<p>This is the primary mailing list for general questions and discussion
-regarding Samba.</p>
-</dd>
-
-
-
-<dt><b>samba-announce@samba.org</b></dt>
-<dd>
-<p>This list is for receiving news regarding Samba, such as
-announcements of new releases.</p>
-</dd>
-
-
-
-<dt><b>samba-cvs@samba.org</b></dt>
-<dd>
-<p>By subscribing to this list, you can automatically receive a message
-every time one of the Samba developers updates the Samba source code
-in the CVS repository. You might want to do this if you are waiting
-for a specific bug fix or feature to be applied. To avoid congesting
-your email inbox, we suggest using the digest feature, which
-consolidates messages into a smaller number of emails.</p>
-</dd>
-
-
-
-<dt><b>samba-docs@samba.org</b></dt>
-<dd>
-<p>This list is for discussing Samba documentation.</p>
-</dd>
-
-
-
-<dt><b>samba-vms@samba.org</b></dt>
-<dd>
-<p>This mailing list is for people who are running Samba on the VMS
-operating system.</p>
-</dd>
-
-
-
-<dt><b>samba-binaries@samba.org</b></dt>
-<dd>
-<p>This is a list for developers to use when discussing precompiled
-Samba distributions.</p>
-</dd>
-
-
-
-<dt><b>samba-technical@samba.org</b></dt>
-<dd>
-<p>This mailing list is for developer discussion of the Samba code.</p>
-</dd>
-
-</dl>
-
-<p>Searchable versions of the Samba mailing list archives can be found
-at <a href="http://marc.theaimsgroup.com">http://marc.theaimsgroup.com</a>.</p>
-
-<p>When posting messages to the Samba mailing lists, keep in mind that
-you are sending your message to a large audience. The notes in the
-previous section regarding Usenet postings also apply here. A
-well-formulated question or comment is more likely to be answered,
-and a poorly conceived message is <em class="emphasis">very</em> likely to
-be ignored!</p>
-
-
-</div>
-
-
-<div class="sect2"><a name="samba2-CHP-12-SECT-3.4"/>
-
-<h3 class="head2">Further Reading</h3>
-
-<ol><li>
-<p>Hunt, Craig. <em class="emphasis">TCP/IP Network Administration</em>,
-Third Edition. Sebastopol, CA: O'Reilly
-&amp; Associates, 1997.</p>
-</li>
-<li>
-<p>Hunt, Craig, and Robert Bruce Thompson. <em class="emphasis">Windows NT TCP/IP
-Network Administration</em>. Sebastopol, CA:
-O'Reilly &amp; Associates, 1998.</p>
-</li>
-<li>
-<p>Albitz, Paul, and Cricket Liu. <em class="emphasis">DNS and Bind</em>,
-Fourth Edition. Sebastopol, CA: O'Reilly
-&amp; Associates, 1998.</p>
-</li>
-<li>
-<p>Stern, Hal. <em class="emphasis">Managing NFS and NIS</em>, Second
-Edition. Sebastopol, CA: O'Reilly &amp; Associates,
-1991.<a name="INDEX-117"/></p>
-</li></ol>
-
-</div>
-
-
-</div>
-
-<hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html>
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-04 08:37:54 +0000