Difficulties using Samba v3 with Windows 2k

Hi all,
I'm really pulling my hair out about this, and I need to get this working ASAP, hence the number of points I've allocated to this question.

I'm trying to get Samba filesharing working with a Windows 2K server box, and it's just not working for me...

Configuration / tests I've done / symptoms follow:

I'm using a really simple smb.conf, in an attempt to get this working:

workgroup = MIDDLEEARTH
netbios name = FRODO

comment = Temp Directory
path = /tmp

I've tried adding 'wins support = yes' into the [global] section, but it seems to make no difference.
I've also added the entry  SMAUG into lmhosts, and I've tried   SMAUG   #PRE as well.

The server IP address is:
My Win2K server is in the workgroup: MIDDLEEARTH, and is called SMAUG (ip:

smbclient -L FRODO gives:
        Sharename      Type      Comment
        ---------      ----      -------
        tmp            Disk      Temp Directory
        IPC$           IPC       IPC Service (Samba 3.0.0)
        ADMIN$         IPC       IPC Service (Samba 3.0.0)

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------
        MIDDLEEARTH          FRODO

nmblookup -U FRODO __SAMBA__ produces:
querying __SAMBA__ on __SAMBA__<00>

nmblookup -B SMAUG '*' produces these results (which I'm not convinced are as they should be):

querying * on *<00>

nmblookup -d 2 '*' produces this:

added interface ip= bcast= nmask=
querying * on
Got a positive name query response from ( )
Got a positive name query response from ( ) *<00> *<00>

smbclient //FRODO/tmp works fine.

When I try to run something like: net view \\FRODO, it returns (after a reasonable amount of time):
System error 53 has occured.
The network path was not found.

The same error occurs if I try a net view \\

Finally, if Samba is running, when I d-click on 'Computers near me', I get the error:
'Middleearth is not accessible'    # I rather like this error message in some way...:)
'The network path was not found'.

If Samba is not running, when I d-click on 'Computers near me', it opens the workgroup
with no problems, displaying just the one machine - SMAUG (as I'd expect).

Once I've got this working, I'll be adding some XP machines onto the workgroup, so if this is a client
side issue, please answer with this in mind (if relevant).
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SO you have Linux box?
Do you want to share folders on the Linux box?
Did you try using localhost:901 in your browser to use the admin tool for samba?
You will probably find some advanced settings using it, like host alllow, etc.
j_dyerAuthor Commented:
> SO you have Linux box?
Yes, I am running Samba on a Linux box. Redhat 9, kernel v. 2.4.20-20-9.
As normal, I recompiled the kernel when I built the box, with support for what I needed at the time.
At the time, I didn't need samba, so if there are any settings in the kernel configure which Samba needs,
there is a good chance they would have been missed out - anyone got any ideas if this is the case?

> Do you want to share folders on the Linux box?
Yes, I'm planning on two private areas for each user (home dir and client backup dir), and a public area
where all users (with an account on the server) will be able to share files.

> Did you try using localhost:901 in your browser to use the admin tool for samba?
> You will probably find some advanced settings using it, like host alllow, etc.
I've tried using SWAT whilst trying to get this to work - didn't affect the problems I'm seeing.

I don't think that it's a problem with access; my understanding is that Samba should allow access to everyone
at the moment, since there is no access control specified in the smb.conf file.
Whats the workgroup of your linux box? IS it the same as you said in your smb.conf?
You'r right about the host allow.
did you try restart  nmbd?
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

j_dyerAuthor Commented:
The workgroup on the linux box is MIDDLEEARTH, the same as the Win 2K box.
Yes, I've tried restarting nmbd (many times!) - nothing of particular interest appears in the log files.
Is your linux shared folder specified under smb.conf?
ITs weird , it was the easiest thing for me to do, when I did the same. It showed up inmediately under Network Neighborhood, gave me access and everything.
j_dyerAuthor Commented:
Yes, it's specified.
As mentioned in my original question, it's currently set to the absolute minimum:
workgroup = MIDDLEEARTH
netbios name = FRODO

comment = Temp Directory
path = /tmp
try using a directory under your home directory, instead of under the root directory
wyliecoyoteukIT directorCommented:
Finally, if Samba is running, when I d-click on 'Computers near me', I get the error:
'Middleearth is not accessible'    # I rather like this error message in some way...:)
'The network path was not found'.
Something is hosing the browsing

Check that the Samba server is not set as master browser.
win2k and XP fall out over browser issues with Samba

preferred master=false
local master=no
os level=0
j_dyerAuthor Commented:
Thanks for all the suggestions, unfortunatly, none of them have made any difference!
wyliecoyoteuk - I agree, something is definetly messing with the browsing - would
this imply a WINS problem maybe?
I'm not sure if this fact is going to help, but I did initally try to get this working with
Samba v2.something, but I experienced exactly the same problems
j_dyerAuthor Commented:
Another brief comment - just ran a net view /domain:middleearth, and both frodo
and smaug were listed, so things are beginning to improve :)
net view \\FRODO and net view \\FRODO /domain:middleearth still don't work though...
wyliecoyoteukIT directorCommented:
Unless you are running a wins server, the wins support is irrelevant.

There are a few things that you can try, but as a test, I just setup and installed a samba server on my home mdk box, mainly using defaults.
My W2k and an XP laptop can both see it., and net view works.

This  is  /etc/samba/smb.conf

        log file = /var/log/samba/log.%m
        smb passwd file = /etc/samba/smbpasswd
        load printers = yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        map to guest = bad user
        encrypt passwords = yes
        printer admin = @adm
        dns proxy = no
        netbios name = LINHOME1
        server string = Samba Server %v
        printing = cups
        workgroup = HOME
        os level = 20
        printcap name = cups
        security = user
        preferred master = no
        max log size = 50

   comment = Home Directories
   browseable = no
   writable = yes

Note that if the preferred master setting is yes, it will often cause "browser wars" when there is an XP Pro box on the subnet.

You could try adding a Hosts file (search for hosts.sam) on the windows box.
Try doing a search for the IP address of the samba box (this often seems to kick windows browsing into action)
Remember that the browse list is only refreshed every 15 minutes.

Do you have ENCRYPT passwords =YES on your smb.conf?
j_dyerAuthor Commented:
Well, things seem to be a little better.
Whilst net view \\frodo & net view \\ still don't work, a straight-forward 'net view' does
now return both smaug and frodo promptly, whereas before, I'd either get an error, or it would
take a long time for the list to appear.

To recap, my smb.conf file now reads as follows:

  log file = /var/log/samba/log.%m
  smb passwd file = /etc/samba/smbpasswd
  encrypt passwords = yes
  dns proxy = no
  netbios name = FRODO
  server string = Samba Server %v
  workgroup = MIDDLEEARTH
  os level = 20
  security = user
  preferred master = no

  comment = Home Directories
  browsable = no
  writable = yes

  path = /tmp
  comment = Temp Dir
  browsable = yes
  writable = no

So, all that we need to get working now is actual connections to the server. Thanks for all
of the help so far - I finally feel like the end is in sight for this problem!
wyliecoyoteukIT directorCommented:
Can I just ask why you are sharing the /tmp directory?
unlike windows, the /tmp directory has special attributes, and will be flushed at shutdown or bootup.
I would suggest creating a share in /home and try things that way
j_dyerAuthor Commented:
Ultimatly, I'm not going to be sharing the /tmp directory - I'm just using it for testing, until
I can get Samba working properly. As soon as I can access shares on the server, I'll turn /tmp
off, and set things up properly.
BTW, the /tmp dir will not get flushed on this server at shutdown/restart - that's something I've
always found annoying, and as such, is always one of the first things I turn off :) I do make it
clear to my users though, that they can't use the area of any form of perm. storage, as things are
likely to go missing from there!
wyliecoyoteukIT directorCommented:
Also, as Koquito says, include "encrypt passwords=yes"
As windows NT and higher encrypt by default.

Have you created Unix and Samba users?

So where are we now? You see the server, but can't access it?
Did you check the host.deny  file for eany entries?
Do you have any firewall?
j_dyerAuthor Commented:
wyliecoyoteuk - yes, I've got 'encrypt passwords = yes' set, and the unix and samba users both exist.

koquito - Thats right, I can see the server, but can't access it. There is no host.deny file, so there's
no restriction on access, and yes, we have a firewall, which prevents traffic leaving the lan, but both
the unix box and w2k box are inside the lan, plugged into the same hub, using private address space,
so the firewall shouldn't be an issue.
wyliecoyoteukIT directorCommented:
Beginning to look like a windows side issue .

So you can see the server in network places.What happenss when you try to access it?
have you tried using a hosts file on the win2k box?
you would need to add the entry              FRODO

and save the hosts file WITHOUT the .sam ( or .txt etc) suffix

What are the UNIX permissions on the /tmp directory?

1)Run ipconfig /all on the 2k box and ifconfig on the Linux one, compare info.
2)It could be domain settings for 2k. Try making frodo a member of the domain, also, you  could use security=domain
and set the password server to smaug.

I usually use WEBmin (http://www.webmin.com) to administer samba, (and for a lot of linux server routine stuff), as you can often pick out a problem just by scanning the share listings.

j_dyerAuthor Commented:
My gut instinct is to blame Window as well. I've never had problems of this degree getting Samba to work
before, but this is the first time I've tried to use it with a version of Windows > 98.

The server appears in network places, but when I try to access it, a dialog box pops up saying:
\\Frodo is not accessible.
The network path was not found.

Sometimes, this box appears straight away, sometimes it can take a few (10/20?) seconds to appear.

If I try a net view \\FRODO, I get the message:
System error 53 has occured.
The network path was not found.

This message always takes a few seconds to appear.

Perms on /tmp are standard: rwxrwxrwt root:root

Frodo is already in the hosts and lmhosts files (I'm assuming they're only in \winnt\system32\drivers\etc).

Network settings all appear to be correct.

I'm going to give Webmin a try now, crossing my fingers...:)
j_dyerAuthor Commented:
Tried webmin, and it's made no difference to the problem; couldn't see any options there which
might make a difference.
Meant to mention in my last comment, net view \\ also doesn't work (same symptoms
as net view \\FRODO)
wyliecoyoteukIT directorCommented:
Have you another PC, perhaps a laptop, that you can try, just to make sure that it is a windows thing?
There are a lot of things on win2k server, from domain mode to ldap settings, that can cause this, but netbios naming seems totally screwed.
The problem is that win2k depends on DNS a lot more than NT did.
Workgroups often don`t work properly either.
If you can connect to the webmin server from the win2k box, the IP is working ok, just naming is failing.
You may need to run a WINS server on the 2K  box to get netbios name resolution.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
j_dyerAuthor Commented:
OK, I'm now (almost) convinced that this is a problem with Windows, rather than Samba.
I've managed to free up a W2k (client) machine for more testing.

I enabled the WINS server on SMAUG, and made the other machine a member of middleearth, and
found that that machine couldn't browse the network properly either. I did the same without Samba
running, and the problem persisted.

I've just found out that, whilst both w2k boxes have outbound TCP/IP, I am unable to ping either box
from the Unix server (or from each other). This leads me to conclude that the problems I am seeing
are probably related to TCP/IP connectivity in some way, and I'm now going to look down that route.

wyliecoyoteuk - you mention that w2k depends on DNS more than NT did - this does concern me a bit,
as all of these machines are on privatly routable address space, and therefore do not have DNS entries -
could this be causing these problems as well?
j_dyerAuthor Commented:
Well, it's all finally working, though I'm not 100% sure why though!
I found that the w2k server had some rather odd filtering on it's network adaptor, though that
wasn't the whole cause of the problem (though it did fix the TCP/IP problems).

Having read through the Samba man page again, I decided to use Samba as the WINS server,
since I'd prefer the W2K machine to have a dynamically assigned address via DHCP.

In case you're interested, I've ended up with the following smb.conf file. I'll tidy it up soon
(lower logging level, remove /tmp share, add more shares), but this is what worked for me
(note: only the global area is of interest, so I've excluded the shares).

        dns proxy = no
        log file = /var/log/samba/log.%m
        netbios name = FRODO
        smb passwd file = /etc/samba/smbpasswd
        server string = Samba Server %v
        local master = no
        workgroup = MIDDLEEARTH
        os level = 20
        encrypt passwords = yes
        security = user
#       wins server =
        name resolve order = wins,lmhosts,host,bcast
        domain master = no
        local master = yes
        name cache timeout = 0
        wins support = yes
        log level = 3

My gut instinct at the moment is that the key line is the name resolve order, though I can't
prove it, and can't figure out why. It's just that things started getting better after adding it.
wyliecoyoteukIT directorCommented:
We actually set up a local caching-only nameserver to enable internal DNS for our win2K domain.

It solved a lot of issues, sped up the network, and gave us full LDAP directories.:)

The wins name resolve is doing netbios naming
wins, then lmhosts, then hosts, then broadcast.

 Whereas win2k would do netbios name resolution without WINS or DNS, win2k must have one or the other (and it prefers DNS).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.