Рейтинг@Mail.ru

Наши друзья и партнеры

купить дешевый 
компьютер родом из Dhgate.com






Книги по Linux (с отзывами читателей)

Библиотека сайта rus-linux.net

Chapter 12. Troubleshooting Samba

Samba is extremely robust. Once you have everything set up the way you want, you'll probably forget that it is running. When trouble occurs, it's typically during installation or when you're trying to reconfigure the server. Fortunately, a wide variety of resources are available to diagnose these troubles. While we can't describe in detail the solution to every problem you might encounter, you should be able to get a good start at resolving the problem by following the advice given in this chapter.

The first section of this chapter lists the tool bag, a collection of tools available for troubleshooting Samba; the second section is a detailed how-to; the last section lists extra resources to track down particularly stubborn problems.

The Tool Box

Sometimes Unix seems to be made up of a grab bag of applications and tools. There are tools to troubleshoot tools. And of course, there are several ways to accomplish the same task. When trying to solve a problem related to Samba, a good plan of attack is to use the following:

Let's go over each of these one-by-one in the following sections.

Samba Logs

Your first line of attack should always be to check the log files. The Samba log files can help diagnose the vast majority of the problems faced by beginning- to intermediate-level Samba administrators. Samba is quite flexible when it comes to logging. You can set up the server to log as little or as much information as you want. Using substitution variables in the Samba configuration file allows you to isolate individual logs for each system, share, or combination thereof.

Logs are placed in /usr/local/samba/var/smbd.log and /usr/local/samba/var/nmbd.log by default. You can specify a log directory to use with the -l flag on the command line when starting the Samba daemons. For example:

# smbd -l /var/log/samba
# nmbd -l /var/log/samba

Alternatively, you can override the location and name using the log file configuration option in smb.conf. This option accepts all the substitution variables, so you could easily have the server keep a separate log for each connecting client system by specifying the following:

[global]
    log file = %m.log

Another useful trick is to have the server keep a log for each service (share) that is offered, especially if you suspect a particular share is causing trouble. To do this, use the %S variable, like this:

[global]
    log file = %S.log

Log levels

The level of logging that Samba uses can be set in the smb.conf file using the global log level or debug level option; they are equivalent. The logging level is an integer that can range from 0 to 10. At level 0, no logging is done. Higher values result in more voluminous logging. For example, let's assume that we will use a Windows client to browse a directory on a Samba server. For a small amount of log information, you can use log level = 1, which instructs Samba to show only cursory information, in this case only the connection itself:

05/25/02 22:02:11 server (192.168.236.86) connect to service public as user pcguest 
(uid=503,gid=100) (pid 3377)

Higher debug levels produce more detailed information. Usually, you won't need more than level 3, which is fully adequate for most Samba administrators. Levels above 3 are used by the developers and dump enormous amounts of cryptic information.

Here is an example of output at levels 2 and 3 for the same operation. Don't worry if you don't understand the intricacies of an SMB connection; the point is simply to show you what types of information are shown at the different logging levels:

 /* Level 2 */
Got SIGHUP
Processing section "[homes]"
Processing section "[public]"
Processing section "[temp]"
Allowed connection from 192.168.236.86 (192.168.236.86) to IPC$
Allowed connection from 192.168.236.86 (192.168.236.86) to IPC/


/* Level 3 */
05/25/02 22:15:09 Transaction 63 of length 67
switch message SMBtconX (pid 3377)
Allowed connection from 192.168.236.86 (192.168.236.86) to IPC$
ACCEPTED: guest account and guest ok
found free connection number 105
Connect path is /tmp
chdir to /tmp
chdir to /
05/25/02 22:15:09 server (192.168.236.86) connect to service IPC$ as user pcguest 
(uid=503,gid=100) (pid 3377)
05/25/02 22:15:09 tconX service=ipc$ user=pcguest cnum=105
05/25/02 22:15:09 Transaction 64 of length 99
switch message SMBtrans (pid 3377)
chdir to /tmp
trans <\PIPE\LANMAN> data=0 params=19 setup=0
Got API command 0 of form <WrLeh> <B13BWz> (tdscnt=0,tpscnt=19,mdrcnt=4096,mprcnt=8)
Doing RNetShareEnum
RNetShareEnum gave 4 entries of 4 (1 4096 126 4096)
05/25/02 22:15:11 Transaction 65 of length 99
switch message SMBtrans (pid 3377)
chdir to /
chdir to /tmp
trans <\PIPE\LANMAN> data=0 params=19 setup=0
Got API command 0 of form <WrLeh> <B13BWz> (tdscnt=0,tpscnt=19,mdrcnt=4096,mprcnt=8)
Doing RNetShareEnum
RNetShareEnum gave 4 entries of 4 (1 4096 126 4096)
05/25/02 22:15:11 Transaction 66 of length 95
switch message SMBtrans2 (pid 3377)
chdir to /
chdir to /pcdisk/public
call_trans2findfirst: dirtype = 0, maxentries = 6, close_after_first=0, close_if_end 
= 0 requires_resume_key = 0 level = 260, max_data_bytes = 2432
unix_clean_name [./DESKTOP.INI]
unix_clean_name [desktop.ini]
unix_clean_name [./]
creating new dirptr 1 for path ./, expect_close = 1
05/25/02 22:15:11 Transaction 67 of length 53
switch message SMBgetatr (pid 3377)
chdir to /

[... deleted ...]

We cut off this listing after the first packet because it runs on for many pages. However, be aware that log levels above 3 will quickly consume disk space with megabytes of excruciating detail concerning Samba's internal operations. Log level 3 is extremely useful for following exactly what the server is doing, and most of the time it will be obvious where an error occurs by glancing through the log file.

Using a high log level (3 or above) will seriously slow down the Samba server. Remember that every log message generated causes a write to disk (an inherently slow operation) and log levels greater than 2 produce massive amounts of data. Essentially, you should turn on logging level 3 only when you're actively tracking a problem in the Samba server.

Unix Utilities

Sometimes it's useful to use a tool outside the Samba suite to examine what's happening inside the server. Three diagnostic tools can be of particular help in debugging Samba troubles: trace, tcpdump, and Ethereal.

Using trace

The trace command masquerades under several different names, depending on the operating system you are using. On Linux it will be strace; on Solaris you'll use truss; SGI will have padc and par; and HP-UX will have trace or tusc. All have essentially the same function, which is to display each operating system function call as it is executed. This allows you to follow the execution of a program, such as the Samba server, and often pinpoints the exact call that is causing the difficulty.

One problem that trace can highlight is an incorrect version of a dynamically linked library. This can happen if you've downloaded prebuilt binaries of Samba. You'll typically see the offending call at the end of the trace, just before the program terminates.

A sample strace output for the Linux operating system follows. This is a small section of a larger file created during the opening of a directory on the Samba server. Each line lists a system call and includes its parameters and the return value. If there was an error, the error value (e.g., ENOENT) and its explanation are also shown. You can look up the parameter types and the errors that can occur in the appropriate trace manual page for the operating system you are using.

chdir("/pcdisk/public")                 = 0
stat("mini/desktop.ini", 0xbffff7ec)    = -1 ENOENT (No such file or directory)
stat("mini", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
stat("mini/desktop.ini", 0xbffff7ec)    = -1 ENOENT (No such file or directory)
open("mini", O_RDONLY)                  = 5
fcntl(5, F_SETFD, FD_CLOEXEC)           = 0
fstat(5, {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
lseek(5, 0, SEEK_CUR)                   = 0
SYS_141(0x5, 0xbfffdbbc, 0xedc, 0xbfffdbbc, 0x80ba708) = 196
lseek(5, 0, SEEK_CUR)                   = 1024
SYS_141(0x5, 0xbfffdbbc, 0xedc, 0xbfffdbbc, 0x80ba708) = 0
close(5)                                = 0
stat("mini/desktop.ini", 0xbffff86c)    = -1 ENOENT (No such file or directory)
write(3, "\0\0\0#\377SMB\10\1\0\2\0\200\1\0"..., 39) = 39
SYS_142(0xff, 0xbffffc3c, 0, 0, 0xbffffc08) = 1
read(3, "\0\0\0?", 4)                   = 4
read(3, "\377SMBu\0\0\0\0\0\0\0\0\0\0\0\0"..., 63) = 63
time(NULL)                              = 896143871

This example shows several stat() calls failing to find the files they were expecting. You don't have to be an expert to see that the file desktop.ini is missing from that directory. In fact, many difficult problems can be identified by looking for obvious, repeatable errors with trace. Often, you need not look further than the last message before a crash.

Using tcpdump

The tcpdump program, as extended by Andrew Tridgell, allows you to monitor SMB network traffic in real time. A variety of output formats are available, and you can filter the output to look at only a particular type of traffic. You can examine all conversations between client and server, including SMB and NMB broadcast messages. While its troubleshooting capabilities lie mainly at the OSI network layer, you can still use its output to get a general idea of what the server and client are attempting to do.

A sample tcpdump log follows. In this instance, the client has requested a directory listing, and the server has responded appropriately, giving the directory names homes, public, IPC$, and temp (we've added a few explanations on the right):

$ tcpdump -v -s 255 -i eth0 port not telnet
SMB PACKET: SMBtrans (REQUEST)                 Request packet
SMB Command   =  0x25                         Request was ls or dir

[000] 01 00 00 10                             ....


>>> NBT Packet                                Outer frame of SMB packet
NBT Session Packet
Flags=0x0
Length=226
[lines skipped]
                         
SMB PACKET: SMBtrans (REPLY)                  Beginning of a reply to  request
SMB Command   =  0x25                         Command was an ls or dir
Error class   =  0x0             
Error code    =  0                            No errors
Flags1        =  0x80
Flags2        =  0x1
Tree ID       =  105
Proc ID       =  6075
UID           =  100
MID           =  30337
Word Count    =  10
TotParamCnt=8 
TotDataCnt=163 
Res1=0
ParamCnt=8 
ParamOff=55 
Res2=0 
DataCnt=163 
DataOff=63 
Res3=0
Lsetup=0
Param Data: (8 bytes)
[000] 00 00 00 00 05 00 05 00                           ........ 

Data Data: (135 bytes)                        Actual directory contents:
[000] 68 6F 6D 65 73 00 00 00  00 00 00 00 00 00 00 00  homes... ........
[010] 64 00 00 00 70 75 62 6C  69 63 00 00 00 00 00 00  d...publ ic......
[020] 00 00 00 00 75 00 00 00  74 65 6D 70 00 00 00 00  ....u... temp....
[030] 00 00 00 00 00 00 00 00  76 00 00 00 49 50 43 24  ........ v...IPC$
[040] 00 00 00 00 00 00 00 00  00 00 03 00 77 00 00 00  ........ ....w...
[050] 64 6F 6E 68 61 6D 00 00  00 00 00 00 00 00 00 00  donham.. ........
[060] 92 00 00 00 48 6F 6D 65  20 44 69 72 65 63 74 6F  ....Home  Directo
[070] 72 69 65 73 00 00 00 49  50 43 20 53 65 72 76 69  ries...I PC Servi
[080] 63 65 20 28 53 61 6D                              ce (Sam

This is more of the same debugging session as we saw before with the trace command: the listing of a directory. The options we used were -v (verbose), -i eth0 to tell tcpdump on which interface to listen (an Ethernet port), and -s 255 to tell it to save the first 255 bytes of each packet instead of the default: the first 68. The option port not telnet is used to avoid screens of telnet traffic, because we were logged in to the server remotely. The tcpdump program actually has quite a number of options to filter just the traffic you want to look at. If you've used snoop or etherdump, it will look vaguely familiar.

You can download the modified tcpdump from the Samba FTP server, located at ftp://samba.anu.edu.au/pub/samba/tcpdump-smb. Other versions might not include support for the SMB protocol; if you don't see output such as that shown in the example, you'll need to use the SMB-enabled version.

Using Ethereal

Ethereal (http://www.ethereal.com) is a GUI-based utility that performs the same basic function as tcpdump. You might prefer Ethereal because it is much easier to use. Once you have Ethereal running, just do the following:

  1. Select Start from the Capture menu.

  2. Click the OK button in the dialog box that appears. This will bring up a dialog box showing how many packets Ethereal has seen. Perform the actions on the system(s) in your network to reproduce the problem you are analyzing.

  3. Click the Stop button in the Ethereal dialog box to make it finish collecting data.

  4. In the main Ethereal window, click any item in the upper window to view it in the lower window. In the lower window, click any of the boxes containing a plus sign (+) to expand the view.

Ethereal does a good job of translating the content of the packets it encounters into human-readable format, and you should have little trouble seeing what happened on the network during the capture period.

The Fault Tree

The fault tree presented in this section is for diagnosing and fixing problems that occur when you're installing and reconfiguring Samba. It's an expanded form of the trouble and diagnostic document DIAGNOSIS.txt, which is part of the Samba distribution.

Before you set out to troubleshoot any part of the Samba suite, you should know the following information:

For clarity, we've renamed the server in the following examples to server.example.com, and the client system to client.example.com.

Troubleshooting Low-Level IP

The first series of tests is that of the low-level services that Samba needs to run. The tests in this section verify that:

Subsequent sections add TCP software, the Samba daemons smbd and nmbd, host-based access control, authentication and per-user access control, file services, and browsing. The tests are described in considerable detail to make them understandable by both technically oriented end users and experienced systems and network administrators.

Testing the networking software with ping

The first command to enter on both the server and the client is ping 127.0.0.1. This pings the loopback address and indicates whether any networking support is functioning. On Unix, you can use ping 127.0.0.1 with the statistics option and interrupt it after a few lines. On Sun workstations, the command is typically /usr/etc/ping -s 127.0.0.1; on Linux, just ping 127.0.0.1. On Windows clients, run ping 127.0.0.1 in an MS-DOS (command prompt) window, and it will stop by itself after four lines.

Here is an example on a Linux server:

$ ping 127.0.0.1 
PING localhost: 56 data bytes 64 bytes from localhost (127.0.0.1): 
icmp-seq=0. time=1. ms 64 bytes from localhost (127.0.0.1): 
icmp-seq=1. time=0. ms 64 bytes from localhost (127.0.0.1): 
icmp-seq=2. time=1. ms ^C 
----127.0.0.1 PING Statistics---- 
3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms)  
min/avg/max = 0/0/1

If you get "ping: no answer from . . . " or "100% packet loss," you have no IP networking installed on the system. The address 127.0.0.1 is the internal loopback address and doesn't depend on the computer being physically connected to a network. If this test fails, you have a serious local problem. TCP/IP either isn't installed or is seriously misconfigured. See your operating system documentation if it's a Unix server. If it's a Windows client, follow the instructions in Chapter 3 to install networking support.

TIP

If you're the network manager, some good references are Craig Hunt's TCP/IP Network Administration, Chapter 11, and Craig Hunt and Robert Bruce Thompson's Windows NT TCP/IP Network Administration, both published by O'Reilly.

Testing connections with ping

Now, ping the server by name (instead of its IP address)—once from the server and once from the client. This is the general test for working network hardware:

$ ping server 
PING server.example.com: 56 data bytes 64 bytes from server.example.com (192.168.236.86): 
icmp-seq=0. time=1. ms 64 bytes from server.example.com (192.168.236.86): 
icmp-seq=1. time=0. ms 64 bytes from server.example.com (192.168.236.86): 
icmp-seq=2. time=1. ms ^C 
----server.example.com PING Statistics---- 
3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms)  
min/avg/max = 0/0/1

If successful, this test tells us five things:

If this test isn't successful, one of several things can be wrong with the network:

If this worked from the server, repeat it from the client.

Troubleshooting TCP

Now that you've tested IP, UDP, and a name service with ping, it's time to test TCP. Browsing and ping use ICMP and UDP; file and print services (shares) use TCP. Both depend on IP as a lower layer, and all four depend on name services. Testing TCP is most conveniently done using the FTP program.

Testing TCP with FTP

Try connecting via FTP, once from the server to itself, and once from the client to the server:

$ ftp server
Connected to server.example.com. 
220 server.example.com FTP server (Version 6.2/OpenBSD/Linux-0.10) ready.
 Name (server:davecb): 
331 Password required for davecb. 
Password: 
230 User davecb logged in.
 ftp> quit 
221 Goodbye.

If this worked, skip to the next section, Section 12.2.4. Otherwise:

  • If you received the message server: unknown host, name service has failed. Go back to the corresponding ping step, Section 12.2.2.2, and rerun those tests to see why name lookup failed.

  • If you received ftp: connect: Connection refused, the system isn't running an FTP daemon. This is mildly unusual on Unix servers. Optionally, you might try this test by connecting to the system using telnet instead of ftp; the messages are very similar, and telnet uses TCP as well.

  • If there was a long pause, and then ftp: connect: Connection timed out, the system isn't reachable. Return to Section 12.2.2.4.

  • If you received 530 Logon Incorrect, you connected successfully, but you've just found a different problem. You likely provided an incorrect username or password. Try again, making sure you use your username from the Unix server and type your password correctly.

Troubleshooting Server Daemons

Once you've confirmed that TCP networking is working properly, the next step is to make sure the daemons are running on the server. This takes three separate tests because no single one of the following will decisively prove that they're working correctly.

To be sure they're running, you need to find out whether the daemons:

  1. Have started

  2. Are registered or bound to a TCP/IP port by the operating system

  3. Are actually paying attention

Looking for daemons bound to ports

Next, the daemons have to be registered with the operating system so that they can get access to TCP/IP ports. The netstat command will tell you if this has been done. Run the command netstat -a on the server, and look for lines mentioning netbios, 137, or 139:

$ netstat -a 
Active Internet connections (including servers) 
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state) 
udp   0      0       *.137                  *.* 
tcp   0      0       *.139                  *.*                    LISTEN 
tcp   8370   8760    server.139             client.1439            ESTABLISHED

Among similar lines, there should be at least one UDP line for *.netbios- or *.137. This indicates that the nmbd server is registered and (we hope) is waiting to answer requests. There should also be at least one TCP line mentioning *.netbios- or *.139, and it will probably be in the LISTEN state. This means that smbd is up and listening for connections.

There might be other TCP lines indicating connections from smbd to clients, one for each client. These are usually in the ESTABLISHED state. If there are smbd lines in the ESTABLISHED state, smbd is definitely running. If there is only one line in the LISTEN state, we're not sure yet. If both of the lines are missing, a daemon has not succeeded in starting, so it's time to check the logs and then go back to Chapter 2.

If there is a line for each client, it might be coming either from a Samba daemon or from the master IP daemon, inetd. It's quite possible that your inetd startup file contains lines that start Samba daemons without your realizing it; for instance, the lines might have been placed there if you installed Samba as part of a Linux distribution. The daemons started by inetd prevent ours from running. This problem typically produces log messages such as bind failed on port 139 socket addr=0 (Address already in use).

Check your /etc/inetd.conf ; unless you're intentionally starting the daemons from there, netbios-ns (UDP port 137) or netbios-ssn (tcp port 139) servers should be mentioned there. If your system is providing an SMB daemon via inetd, lines such as the following will appear in the inetd.conf file:

netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd
netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd

If your system uses xinetd instead of inetd, see Chapter 2 for details concerning its configuration.

Testing daemons with testparm

Once you know there's a daemon, you should always run testparm, in hopes of getting something such as the following:

$ testparm 
Load smb config files from /opt/samba/lib/smb.conf
Processing section "[homes]" 
Processing section "[printers]" ... 
Processing section "[tmp]" 
Loaded services file OK. ...

The testparm program normally reports the processing of a series of sections and responds with Loaded services file OK if it succeeds. If not, it reports one or more of the following messages, which also appear in the logs as noted:

Allow/Deny connection from account (n) to service

A testparm-only message produced if you have valid user or invalid user options set in your smb.conf. You will want to make sure that you are on the valid user list, and that root, bin, etc., are on the invalid user list. If you don't, you will not be able to connect, or users who shouldn't will be able to.

Warning: You have some share names that are longer than eight chars

For anyone using Windows for Workgroups and older clients. They fail to connect to shares with long names, producing an overflow message that sounds confusingly like a memory overflow.

Warning: [name] service MUST be printable!

A printer share lacks a printable = yes option.

No path in service name using [name]

A file share doesn't know which directory to provide to the user, or a print share doesn't know which directory to use for spooling. If no path is specified, the service will try to run with a path of /tmp, which might not be what you want.

Note: Servicename is flagged unavailable

Just a reminder that you have used the available = no option in a share.

Can't find include file [name]

A configuration file referred to by an include option did not exist. If you were including the file unconditionally, this is an error and probably a serious one: the share will not have the configuration you intended. If you were including it based on one of the % variables, such as %a (architecture), you will need to decide whether, for example, a missing Windows for Workgroups configuration file is a problem. It often isn't.

Can't copy service name, unable to copy to itself

You tried to copy an smb.conf section into itself.

Unable to copy service—source not found: [name]

Indicates a missing or misspelled section in a copy = option.

Ignoring unknown parameter name

Typically indicates an obsolete, misspelled, or unsupported option.

Global parameter name found in service section

Indicates that a global-only parameter has been used in an individual share. Samba ignores the parameter.

After the testparm test, repeat it with (exactly) three parameters: the name of your smb.conf file, the name of your client, and its IP address:

# testparm /usr/local/samba/lib/smb.conf client 192.168.236.10

This will run one more test that checks the hostname and address against hosts allow and hosts deny options and might produce the Allow connection from hostname to service and/or Deny connection from hostname to service messages for the client system. These messages indicate that you have hosts allow and/or hosts deny options in your smb.conf, and they prohibit access from the client system.

Troubleshooting SMB Connections

Now that you know the servers are up, you need to make sure they're running properly. We start by placing a simple smb.conf file in the /usr/local/samba/lib directory.

Testing locally with smbclient

The first test is to ensure that the server can list its own services (shares). Run the command smbclient -L localhost -U% to connect to the server from itself, and specify the guest user. You should see the following:

$ smbclient -L localhost -U% 
Server time is Wed May 27 17:57:40 2002 Timezone is UTC-4.0
Server=[localhost] 
User=[davecb] 
Workgroup=[EXAMPLE] 
Domain=[EXAMPLE]
    Sharename      Type      Comment 
    ---------      -----     ----------
    temp           Disk
    IPC$           IPC       IPC Service (Samba 1.9.18) 
    homes          Disk      Home directories
This machine does not have a browse list

If you received this output, move on to the next section, Section 12.2.5.3. On the other hand, if you receive an error, check the following:

  • If you get Get_hostbyname: unknown host localhost, either you've spelled its name wrong or there actually is a problem (which should have been seen back in Section 12.2.2.2). In the latter case, move on to Section 12.2.7, later in this chapter.

  • If you get Connect error: Connection refused, the server was found, but it wasn't running an nmbd daemon. Skip back to Section 12.2.4, earlier in this chapter, and retest the daemons.

  • If you get the message Your server software is being unfriendly, the initial session request packet got a garbage response from the server. The server might have crashed or started improperly. The common causes of this can be discovered by scanning the logs for the following:

    • Invalid command-line parameters to smbd ; see the smbd manual page.

    • A fatal problem with the smb.conf file that prevents the startup of smbd. Always check your changes with testparm, as was done in Section 12.2.4.5, earlier in this chapter.

    • Missing directories where Samba is supposed to keep its log and lock files.

    • The presence of a server already on the port (139 for smbd, 137 for nmbd ), preventing the daemon from starting.

  • If you're using inetd (or xinetd ) instead of standalone daemons, be sure to check your /etc/inetd.conf (or xinetd configuration files) and /etc/services entries against their manual pages for errors as well.

  • If you get a Password: prompt, your guest account is not set up properly. The -U% option tells smbclient to do a "null login," which requires that the guest account be present but does not require it to have any privileges.

  • If you get the message SMBtconX failed. ERRSRV--ERRaccess, you aren't permitted access to the server. This normally means you have a hosts allow option that doesn't include the server or a hosts deny option that does. Recheck with the command testparm smb.conf your_hostname your_ip_address (see Section 12.2.4.5), and correct any unintended prohibitions.

Testing connections with smbclient

Run the command smbclient \\server\temp to connect to the server's [temp] share and to see if you can connect to a file service. You should get the following response:

$ smbclient '\\server\temp' 
Server time is Tue May  5 09:49:32 2002 Timezone is UTC-4.0 Password:
smb: \> quit

You might receive the following errors:

Now, provide your Unix account password to the Password: prompt. If you then get an smb: \> prompt, it worked. Enter quit and continue on to the next section, Section 12.2.5.4. If you got SMBtconX failed. ERRSRV--ERRinvnetname, the problem can be any of the following:

  • A wrong share name: you might have spelled it wrong, it might be too long, it might be in mixed case, or it might not be available. Check that it's what you expect with testparm (see the earlier section, Section 12.2.4.5).

  • A security = share parameter in your Samba configuration file, in which case you might have to add -U your_account to the smbclient command.

  • An erroneous username.

  • An erroneous password.

  • An invalid users or valid users option in your smb.conf file that doesn't allow your account to connect. Recheck using testparm smb.conf your_hostname your_ip_address (see the earlier section, Section 12.2.4.5).

  • A valid hosts option that doesn't include the server, or an invalid hosts option that does. Also test this with testparm.

  • A problem in authentication, such as if shadow passwords or the Password Authentication Module (PAM) is used on the server, but Samba is not compiled to use it. This is rare, but it occasionally happens when a SunOS 4 Samba binary (with no shadow passwords) is run without recompilation on a Solaris system (with shadow passwords).

  • The encrypted passwords = yes option is in the configuration file, but no password for your account is in the smbpasswd file.

  • You have a null password entry, either in Unix /etc/passwd or in the smbpasswd file.

  • You are connecting to [temp], and you do not have the guest ok = yes option in the [temp] section of the smb.conf file.

  • You are connecting to [temp] before connecting to your home directory, and your guest account isn't set up correctly. If you can connect to your home directory and then connect to [temp], that's the problem. See Chapter 2 for more information on creating a basic Samba configuration file.

    A bad guest account will also prevent you from printing or browsing until after you've logged in to your home directory.

There is one more reason for this failure that has nothing at all to do with passwords: the path parameter in your smb.conf file might point somewhere that doesn't exist. This will not be diagnosed by testparm, and most SMB clients can't distinguish it from other types of bad user accounts. You will have to check it manually.

Once you have connected to [temp] successfully, repeat the test, this time logging in to your home directory (e.g., map network drive server\davecb). If you have to change anything to get that to work, retest [temp] again afterward.

Testing connections with net use

Run the command net use * \server\temp on the Windows client to see if it can connect to the server. You should be prompted for a password, then receive the response The command was completed successfully.

If that worked, continue with the steps in the next section, Section 12.2.5.5. Otherwise:

TIP

The term "bind" is used here to mean connecting one piece of software to another. When configured correctly, the Microsoft SMB client is "bound to" TCP/IP in the bindings section of the TCP/IP properties panel under the Windows 95/98/Me Network icon in the Control Panel. TCP/IP in turn is bound to an Ethernet card. This is not the same sense of the word as binding an SMB daemon to a TCP/IP port.

Testing connections with Windows Explorer

Start Windows Explorer (not Internet Explorer), select Map Network Drive from the Tools menu, and specify the UNC for one of your shares on the Samba server to see if you can make Explorer connect to it. If so, you've succeeded and can skip to the next section, Section 12.2.6.

Windows Explorer is a rather poor diagnostic tool: it tells you that something's wrong, but rarely what it is. If you get a failure, you'll need to track it down with the Windows net use command, which has far superior error reporting:

  • If you get The password for this connection that is in your password file is no longer correct, you might have any of the following:

    • Your locally cached copy on the client doesn't match the one on the server.

    • You didn't provide a username and password when logging on to the client. Some versions of Explorer will continue to send a null username and password, even if you provide a password.

    • You have misspelled the password.

    • You have an invalid users or valid users list denying permission.

    • Your client is defaulting to encrypted passwords, but Samba is configured with the encrypt passwords = no configuration file parameter.

    • You have a mixed-case password, which the client is supplying in all one case.

  • If you get The network name is either incorrect, or a network to which you do not have full access, or Cannot locate specified computer, you might have any of the following:

    • Misspelled name

    • Malfunctioning service

    • Failed share

    • Networking problem

    • Bad path parameter in smb.conf

    • hosts deny line that excludes you

  • If you get You must supply a password to make this connection, the password on the client is out of synchronization with the server, or this is the first time you've tried from this client system and the client hasn't cached it locally yet.

  • If you get Cannot locate specified share name, you have a wrong share name or a syntax error in specifying it, a share name longer than eight characters, or one containing spaces or in mixed case.

Once you can reliably connect to the share, try again, this time using your home directory. If you have to change something to get home directories working, retest with the first share, and vice versa, as we showed in the earlier section, "Testing connections with net use." As always, if Explorer fails, drop back to that section and debug the connection there.

Troubleshooting Browsing

Finally, we come to browsing. We've left this for last, not because it is the most difficult, but because it's both optional and partially dependent on a protocol that doesn't guarantee delivery of a packet. Browsing is hard to diagnose if you don't already know that all the other services are running.

Browsing is purely optional: it's just a way to find the servers on your network and the shares that they provide. Unix has nothing of the sort and happily does without. Browsing also assumes all your systems are on a local area network (LAN) where broadcasts are allowable.

First, the browsing mechanism identifies a system using the unreliable UDP protocol; it then makes a normal (reliable) TCP/IP connection to list the shares the system provides.

Testing browsing with smbclient

We'll start with testing the reliable connection first. From the server, try listing its own shares using smbclient with a -L option and your server's name. You should get something resembling the following:

$ smbclient -L server 
Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0 Server 
time is Tue Apr 28 09:57:28 2002 Timezone is UTC-4.0 
Password: 
Domain=[EXAMPLE] OS=[Unix] Server=[Samba 2.2.5]

   Sharename      Type      Comment    
   ---------      ----      -------    
    cdrom          Disk      CD-ROM    
    cl             Printer   Color Printer 1    
    davecb         Disk      Home Directories

   Server         Comment    
   ---------      -------    
   SERVER         Samba 2.2.5

   Workgroup      Master    
   ---------      -------    
   EXAMPLE        SERVER

If you're still getting nothing, you shouldn't have gotten this far; double back to at least Section 12.2.3.1, or perhaps Section 12.2.2.4. On the other hand:

  • If you get SMBtconX failed. ERRSRV--ERRaccess, you aren't permitted access to the server. This normally means you have a hosts allow option that doesn't include the server or a hosts deny option that does.

  • If you get Bad password, you presumably have one of the following:

    • An incorrect hosts allow or hosts deny line

    • An incorrect invalid users or valid users lin

Если вам понравилась статья, поделитесь ею с друзьями: