Penguin
Note: You are viewing an old revision of this page. View the current version.

As Samba is such a huge concept and will have so many entries, ranging from PDCs with DomainLogons, to LDAP integration, SSL, and error diagnostics, not to mention differences between each version of Samba currently available - 2.2, 3.0alpha, and samba-tng, we'll use this is a main page and link to other pages whenever they get enough content or are conceptually large enough to support a new page.

I'll start off by adding a SambaErrorMessages wiki, although other notes should probably appear in this page for now.

Samba related concepts

Firewalling SMB/CIFS

If you wish to firewall out all smb/cifs traffic (from either samba or windows pc's) you will need to firewall the following ports
UDP/137 - used by nmbd UDP/138 - used by nmbd TCP/139 - used by smbd TCP/445 - used by smbd

The last one is important as many older firewall setups may not be aware of it, given that this port was only added to the protocol in recent years.

For more information on the use of port 445, go to http://www.petri.co.il/what_is_port_445_in_w2kxp.htm

Samba Strangeness (or "How do I fix this?")

Printing jobs from windows clients leaves a "ghost" job in the queue.

This is not actually a problem with samba, but rather a way in which lpd and the windows spooler communicate. In newer lpd versions, there is a parameter (done_jobs) which is set to 1 by default - it stores old completed jobs for "reference". Unfortunately, windows retains these jobs in the spooler. This is not usually desirable behaviour. Set "done_jobs=0" in lpd.conf and restart lpd.

Unable to login to samba - logs show "nobody" being auth'd instead of user.

This is probably a symptom of having usernames with mixed case. If this is so, you need to modify the

[global? section of smb.conf with the parameter

username level = 3

You may need more, depending on your pattern of usernames. This parameter tells samba to try at least $username_level initial caps in the supplied name. For example, I had a site where the username pattern matched Y[0-2?name. In this case, I needed to set username level to 1, to catch the initial uppercase character. Needless to say this would not be necessary if windows clients would behave and send the username exactly as provided...

Print Queue in Windows 2000/XP shows "Access denied, unable to connect".

This drove me insane. I now have the answer:

1. Edit smb.conf. Ensure you add in the global section "use client driver = yes".

2. On the printers share definition, ensure the following rights are granted
printer = raw browseable = yes public = yes guest ok = yes writable = yes printable = yes

3. Restart Samba.

Storing profiles on a Samba 2.2.x server fails after applying either Win XP SP1 or Win 2k SP4 on the client

Microsoft changed things and it broke samba versions older than 2.2.6. 2.2.6 added a new config option (profile acls (S)) to allow a work around for this. Check the smb.conf man page from version 2.2.6 or higher.

Debian woody only ships version 2.2.3a with back-ported patches for security updates so needs to be updated for this to work.

2.2.8a packages can be found here http://people.debian.org/peloy/samba/ or here ftp://au1.samba.org/pub/samba/Binary_Packages/Debian

You can just add either

deb !http://people.debian.org/peloy/samba stable main

or

deb !ftp://au1.samba.org/pub/samba/Binary_Packages/Debian stable main

to your apt sources.list

Offline files fails

If you have a file share with multiple users using it regularly, and one of the users tries to synchronize the files using Windows's "Offline Files" feature, you might find that random files fail. The user will have read/write access through their group, but the file will be owned by someone else.

Why this is happening

From Jeremy Allison, Samba developer: "Windows does a sync by creating a new file with a temporary name, then sets an ACL on it that matches the current one (but seems to add write access for the current user, not just the owner). This must succeed else the sync will fail. Then it sets the DOS attributes, again this must succeed or the sync will fail. Under POSIX we encode the attributes in the file permissions and these can only be changed by the owner, unless the "dos filemode" parameter is set."

How to fix it

Upgrade to at least Samba 3.0.0. Ensure that smbd is compiled with ACL support (the Debian packages work fine out of the box), and running on a filesystem with POSIX AccessControlLists. Then you also need to set the parameter "dos filemode = yes" for the share. You don't need the acl package installed, but you probably need libacl.

error code was NT_STATUS_PIPE_NOT_AVAILABLE (0xc00000ac)

If you get this error running wbinfo -t, try setting client schannel = no in your smb.conf.


CategoryInteroperability