Solved

Difficulties using Samba v3 with Windows 2k

Posted on 2003-10-23
25
5,760 Views
Last Modified: 2010-04-11
Hi all,
I'm really pulling my hair out about this, and I need to get this working ASAP, hence the number of points I've allocated to this question.

I'm trying to get Samba filesharing working with a Windows 2K server box, and it's just not working for me...

Configuration / tests I've done / symptoms follow:

I'm using a really simple smb.conf, in an attempt to get this working:

[global]
workgroup = MIDDLEEARTH
netbios name = FRODO

[tmp]
comment = Temp Directory
path = /tmp

I've tried adding 'wins support = yes' into the [global] section, but it seems to make no difference.
I've also added the entry 192.168.0.2  SMAUG into lmhosts, and I've tried 192.168.0.2   SMAUG   #PRE as well.

The server IP address is: 192.168.0.2.
My Win2K server is in the workgroup: MIDDLEEARTH, and is called SMAUG (ip: 192.168.0.14).

smbclient -L FRODO gives:
        Sharename      Type      Comment
        ---------      ----      -------
        tmp            Disk      Temp Directory
        IPC$           IPC       IPC Service (Samba 3.0.0)
        ADMIN$         IPC       IPC Service (Samba 3.0.0)

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------
        MIDDLEEARTH          FRODO

nmblookup -U FRODO __SAMBA__ produces:
querying __SAMBA__ on 0.0.0.0
192.168.0.2 __SAMBA__<00>

nmblookup -B SMAUG '*' produces these results (which I'm not convinced are as they should be):

querying * on 0.0.0.0
192.168.0.2 *<00>

nmblookup -d 2 '*' produces this:

added interface ip=192.168.0.2 bcast=192.168.0.255 nmask=255.255.255.0
querying * on 192.168.0.255
Got a positive name query response from 192.168.0.2 ( 192.168.0.2 )
Got a positive name query response from 192.168.0.14 ( 192.168.0.14 )
192.168.0.2 *<00>
192.168.0.14 *<00>

smbclient //FRODO/tmp works fine.

When I try to run something like: net view \\FRODO, it returns (after a reasonable amount of time):
System error 53 has occured.
The network path was not found.

The same error occurs if I try a net view \\192.168.0.2.

Finally, if Samba is running, when I d-click on 'Computers near me', I get the error:
'Middleearth is not accessible'    # I rather like this error message in some way...:)
'The network path was not found'.

If Samba is not running, when I d-click on 'Computers near me', it opens the workgroup
with no problems, displaying just the one machine - SMAUG (as I'd expect).

Once I've got this working, I'll be adding some XP machines onto the workgroup, so if this is a client
side issue, please answer with this in mind (if relevant).
0
Comment
Question by:j_dyer
  • 12
  • 7
  • 6
25 Comments
 
LVL 5

Expert Comment

by:koquito
Comment Utility
SO you have Linux box?
Do you want to share folders on the Linux box?
Did you try using localhost:901 in your browser to use the admin tool for samba?
You will probably find some advanced settings using it, like host alllow, etc.
0
 
LVL 2

Author Comment

by:j_dyer
Comment Utility
> SO you have Linux box?
Yes, I am running Samba on a Linux box. Redhat 9, kernel v. 2.4.20-20-9.
As normal, I recompiled the kernel when I built the box, with support for what I needed at the time.
At the time, I didn't need samba, so if there are any settings in the kernel configure which Samba needs,
there is a good chance they would have been missed out - anyone got any ideas if this is the case?

> Do you want to share folders on the Linux box?
Yes, I'm planning on two private areas for each user (home dir and client backup dir), and a public area
where all users (with an account on the server) will be able to share files.

> Did you try using localhost:901 in your browser to use the admin tool for samba?
> You will probably find some advanced settings using it, like host alllow, etc.
I've tried using SWAT whilst trying to get this to work - didn't affect the problems I'm seeing.

I don't think that it's a problem with access; my understanding is that Samba should allow access to everyone
at the moment, since there is no access control specified in the smb.conf file.
0
 
LVL 5

Expert Comment

by:koquito
Comment Utility
Whats the workgroup of your linux box? IS it the same as you said in your smb.conf?
You'r right about the host allow.
did you try restart  nmbd?
0
 
LVL 2

Author Comment

by:j_dyer
Comment Utility
The workgroup on the linux box is MIDDLEEARTH, the same as the Win 2K box.
Yes, I've tried restarting nmbd (many times!) - nothing of particular interest appears in the log files.
0
 
LVL 5

Expert Comment

by:koquito
Comment Utility
Is your linux shared folder specified under smb.conf?
ITs weird , it was the easiest thing for me to do, when I did the same. It showed up inmediately under Network Neighborhood, gave me access and everything.
0
 
LVL 2

Author Comment

by:j_dyer
Comment Utility
Yes, it's specified.
As mentioned in my original question, it's currently set to the absolute minimum:
[global]
workgroup = MIDDLEEARTH
netbios name = FRODO

[tmp]
comment = Temp Directory
path = /tmp
0
 
LVL 5

Expert Comment

by:koquito
Comment Utility
try using a directory under your home directory, instead of under the root directory
0
 
LVL 21

Expert Comment

by:wyliecoyoteuk
Comment Utility
Finally, if Samba is running, when I d-click on 'Computers near me', I get the error:
'Middleearth is not accessible'    # I rather like this error message in some way...:)
'The network path was not found'.
Something is hosing the browsing

Check that the Samba server is not set as master browser.
win2k and XP fall out over browser issues with Samba


preferred master=false
local master=no
os level=0
0
 
LVL 2

Author Comment

by:j_dyer
Comment Utility
Thanks for all the suggestions, unfortunatly, none of them have made any difference!
wyliecoyoteuk - I agree, something is definetly messing with the browsing - would
this imply a WINS problem maybe?
I'm not sure if this fact is going to help, but I did initally try to get this working with
Samba v2.something, but I experienced exactly the same problems
0
 
LVL 2

Author Comment

by:j_dyer
Comment Utility
Another brief comment - just ran a net view /domain:middleearth, and both frodo
and smaug were listed, so things are beginning to improve :)
net view \\FRODO and net view \\FRODO /domain:middleearth still don't work though...
0
 
LVL 21

Expert Comment

by:wyliecoyoteuk
Comment Utility
Unless you are running a wins server, the wins support is irrelevant.

There are a few things that you can try, but as a test, I just setup and installed a samba server on my home mdk box, mainly using defaults.
My W2k and an XP laptop can both see it., and net view works.

This  is  /etc/samba/smb.conf

[global]
        log file = /var/log/samba/log.%m
        smb passwd file = /etc/samba/smbpasswd
        load printers = yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        map to guest = bad user
        encrypt passwords = yes
        printer admin = @adm
        dns proxy = no
        netbios name = LINHOME1
        server string = Samba Server %v
        printing = cups
        workgroup = HOME
        os level = 20
        printcap name = cups
        security = user
        preferred master = no
        max log size = 50

[homes]
   comment = Home Directories
   browseable = no
   writable = yes

Note that if the preferred master setting is yes, it will often cause "browser wars" when there is an XP Pro box on the subnet.

You could try adding a Hosts file (search for hosts.sam) on the windows box.
Try doing a search for the IP address of the samba box (this often seems to kick windows browsing into action)
Remember that the browse list is only refreshed every 15 minutes.




0
 
LVL 5

Expert Comment

by:koquito
Comment Utility
Do you have ENCRYPT passwords =YES on your smb.conf?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 2

Author Comment

by:j_dyer
Comment Utility
Well, things seem to be a little better.
Whilst net view \\frodo & net view \\192.168.0.2 still don't work, a straight-forward 'net view' does
now return both smaug and frodo promptly, whereas before, I'd either get an error, or it would
take a long time for the list to appear.

To recap, my smb.conf file now reads as follows:

[global]
  log file = /var/log/samba/log.%m
  smb passwd file = /etc/samba/smbpasswd
  encrypt passwords = yes
  dns proxy = no
  netbios name = FRODO
  server string = Samba Server %v
  workgroup = MIDDLEEARTH
  os level = 20
  security = user
  preferred master = no

[homes]
  comment = Home Directories
  browsable = no
  writable = yes

[tmp]
  path = /tmp
  comment = Temp Dir
  browsable = yes
  writable = no

So, all that we need to get working now is actual connections to the server. Thanks for all
of the help so far - I finally feel like the end is in sight for this problem!
0
 
LVL 21

Expert Comment

by:wyliecoyoteuk
Comment Utility
Can I just ask why you are sharing the /tmp directory?
unlike windows, the /tmp directory has special attributes, and will be flushed at shutdown or bootup.
I would suggest creating a share in /home and try things that way
0
 
LVL 2

Author Comment

by:j_dyer
Comment Utility
Ultimatly, I'm not going to be sharing the /tmp directory - I'm just using it for testing, until
I can get Samba working properly. As soon as I can access shares on the server, I'll turn /tmp
off, and set things up properly.
BTW, the /tmp dir will not get flushed on this server at shutdown/restart - that's something I've
always found annoying, and as such, is always one of the first things I turn off :) I do make it
clear to my users though, that they can't use the area of any form of perm. storage, as things are
likely to go missing from there!
0
 
LVL 21

Expert Comment

by:wyliecoyoteuk
Comment Utility
Also, as Koquito says, include "encrypt passwords=yes"
As windows NT and higher encrypt by default.

Have you created Unix and Samba users?



0
 
LVL 5

Expert Comment

by:koquito
Comment Utility
So where are we now? You see the server, but can't access it?
Did you check the host.deny  file for eany entries?
Do you have any firewall?
0
 
LVL 2

Author Comment

by:j_dyer
Comment Utility
wyliecoyoteuk - yes, I've got 'encrypt passwords = yes' set, and the unix and samba users both exist.

koquito - Thats right, I can see the server, but can't access it. There is no host.deny file, so there's
no restriction on access, and yes, we have a firewall, which prevents traffic leaving the lan, but both
the unix box and w2k box are inside the lan, plugged into the same hub, using private address space,
so the firewall shouldn't be an issue.
0
 
LVL 21

Expert Comment

by:wyliecoyoteuk
Comment Utility
Beginning to look like a windows side issue .

So you can see the server in network places.What happenss when you try to access it?
have you tried using a hosts file on the win2k box?
you would need to add the entry

192.168.0.2              FRODO

and save the hosts file WITHOUT the .sam ( or .txt etc) suffix

What are the UNIX permissions on the /tmp directory?

1)Run ipconfig /all on the 2k box and ifconfig on the Linux one, compare info.
2)It could be domain settings for 2k. Try making frodo a member of the domain, also, you  could use security=domain
and set the password server to smaug.


I usually use WEBmin (http://www.webmin.com) to administer samba, (and for a lot of linux server routine stuff), as you can often pick out a problem just by scanning the share listings.


0
 
LVL 2

Author Comment

by:j_dyer
Comment Utility
My gut instinct is to blame Window as well. I've never had problems of this degree getting Samba to work
before, but this is the first time I've tried to use it with a version of Windows > 98.

The server appears in network places, but when I try to access it, a dialog box pops up saying:
\\Frodo is not accessible.
The network path was not found.

Sometimes, this box appears straight away, sometimes it can take a few (10/20?) seconds to appear.

If I try a net view \\FRODO, I get the message:
System error 53 has occured.
The network path was not found.

This message always takes a few seconds to appear.

Perms on /tmp are standard: rwxrwxrwt root:root

Frodo is already in the hosts and lmhosts files (I'm assuming they're only in \winnt\system32\drivers\etc).

Network settings all appear to be correct.

I'm going to give Webmin a try now, crossing my fingers...:)
0
 
LVL 2

Author Comment

by:j_dyer
Comment Utility
Tried webmin, and it's made no difference to the problem; couldn't see any options there which
might make a difference.
Meant to mention in my last comment, net view \\192.168.0.2 also doesn't work (same symptoms
as net view \\FRODO)
0
 
LVL 21

Accepted Solution

by:
wyliecoyoteuk earned 500 total points
Comment Utility
Have you another PC, perhaps a laptop, that you can try, just to make sure that it is a windows thing?
There are a lot of things on win2k server, from domain mode to ldap settings, that can cause this, but netbios naming seems totally screwed.
The problem is that win2k depends on DNS a lot more than NT did.
Workgroups often don`t work properly either.
If you can connect to the webmin server from the win2k box, the IP is working ok, just naming is failing.
You may need to run a WINS server on the 2K  box to get netbios name resolution.
0
 
LVL 2

Author Comment

by:j_dyer
Comment Utility
OK, I'm now (almost) convinced that this is a problem with Windows, rather than Samba.
I've managed to free up a W2k (client) machine for more testing.

I enabled the WINS server on SMAUG, and made the other machine a member of middleearth, and
found that that machine couldn't browse the network properly either. I did the same without Samba
running, and the problem persisted.

I've just found out that, whilst both w2k boxes have outbound TCP/IP, I am unable to ping either box
from the Unix server (or from each other). This leads me to conclude that the problems I am seeing
are probably related to TCP/IP connectivity in some way, and I'm now going to look down that route.

wyliecoyoteuk - you mention that w2k depends on DNS more than NT did - this does concern me a bit,
as all of these machines are on privatly routable address space, and therefore do not have DNS entries -
could this be causing these problems as well?
0
 
LVL 2

Author Comment

by:j_dyer
Comment Utility
Well, it's all finally working, though I'm not 100% sure why though!
I found that the w2k server had some rather odd filtering on it's network adaptor, though that
wasn't the whole cause of the problem (though it did fix the TCP/IP problems).

Having read through the Samba man page again, I decided to use Samba as the WINS server,
since I'd prefer the W2K machine to have a dynamically assigned address via DHCP.

In case you're interested, I've ended up with the following smb.conf file. I'll tidy it up soon
(lower logging level, remove /tmp share, add more shares), but this is what worked for me
(note: only the global area is of interest, so I've excluded the shares).

[global]
        dns proxy = no
        log file = /var/log/samba/log.%m
        netbios name = FRODO
        smb passwd file = /etc/samba/smbpasswd
        server string = Samba Server %v
        local master = no
        workgroup = MIDDLEEARTH
        os level = 20
        encrypt passwords = yes
        security = user
#       wins server = 192.168.0.3
        name resolve order = wins,lmhosts,host,bcast
        domain master = no
        local master = yes
        name cache timeout = 0
        wins support = yes
        log level = 3

My gut instinct at the moment is that the key line is the name resolve order, though I can't
prove it, and can't figure out why. It's just that things started getting better after adding it.
0
 
LVL 21

Expert Comment

by:wyliecoyoteuk
Comment Utility
We actually set up a local caching-only nameserver to enable internal DNS for our win2K domain.

It solved a lot of issues, sped up the network, and gave us full LDAP directories.:)

The wins name resolve is doing netbios naming
wins, then lmhosts, then hosts, then broadcast.

 Whereas win2k would do netbios name resolution without WINS or DNS, win2k must have one or the other (and it prefers DNS).
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now