Samba troubleshooting guide

From MEPIS Documentation Wiki

This article or section is a stub. You can help Mepis Documentation Project by expanding it.

Samba is the open-source implementation of SMB/CIFS, or what is commonly known as Windows file sharing. Samba actually encompasses much more than just file sharing, such as printer sharing, messaging, and domain authentication. Here we are only going to focus on file sharing as that is its most common application for home users.

Samba is fairly complex, and many things can potentially go wrong with setting it up. We'll look at various ways Samba can foul up and how you need to address the problems.

[edit]

Some prerequisites

Before you begin troubleshooting, you'll need to do a few things that will be helpful:

Get and write down the hostnames and IP addresses of the computers involved. On Linux, use the command "ifconfig" to get the IP address and "hostname" to get the hostname. On Windows, open Command Prompt (under Accessories) and use the command "ipconfig" to get the IP address and "hostname" to get the hostname.

Make sure you have read through the SAMBA page here at the wiki, including Configuring SAMBA and Using SAMBA.

Know that your Linux Samba configuration is stored in /etc/samba/smb.conf. No matter which tool you use to configure it, all your settings are stored in that file.

Know that your Linux Samba Log files are in /var/log/samba. You need to be root to read them.

[edit]

Troubleshooting Connectivity

The first step in troubleshooting Samba is to determine if the two computers involved can "talk"; we call this connectivity.

Basic Network connectivity: From the command line of either machine, type
```
 ping xxx.xxx.xxx.xxx
```
"xxx.xxx.xxx.xxx" should be the IP address of the other machine. You should get several replies (on Windows, you'll get 4 replies, on Linux you'll get replies until you hit ctrl-C). If you don't, you have a basic network connectivity issue (or very restrictive firewall settings).

Name resolution: To access another computer by its hostname, you need to have something translating hostnames to addresses. Samba has several methods of doing this, but the default is to use a service called "netbios name service" or nmbd. To test if you can access another machine by its hostname, type on Linux "nmblookup hostname". On Windows, type "nbtstat -a hostname". You should get some kind of response indicating that a machine by that name exists.

Firewall issues: Firewalls are often the cause of connectivity problems. The machine with the share will need to have Samba ports open to the other machines on your network. If your firewall does not have Samba listed as a service to permit, you can specify ports 135 through 139 and port 445. This should be all the ports necessary for Samba to work. Alternately, you can turn off your firewall temporarily to see if it improves the situation any.

[edit]

Security Configuration issues

Samba security can be a little confusing because of the many options. What makes it more confusing is that some options have an effect on the way other options work!

Hosts allow: Linux Samba has an option to specify which hosts (computers on the network) or networks are allowed to access its shares. This is found in the smb.conf file. The default setting in MEPIS is:
```
hosts allow = 192.168.0. 192.168.1. 192.168.2. 192.168.79. 127.
```
If your network addresses don't start with any of the listed numbers, you aren't going to be able to connect to the MEPIS shares. You either need to add your network to the list, your specific host IP addresses, or just allow all hosts by changing the line to:
```
hosts allow = ALL
```

Security mode: Linux Samba supports five different security modes; only two of them are relevant to most home networks: user and share.

User: You use this mode when you want to have secured shares that authenticate against your local usernames.

Share: This mode is better for when you want open, unsecured shares, or shares that require a password (but not a username) to access. In other words, Share mode behaves more like a file share on Windows 9x/ME.

Share Permissions: Each file share has a simple set of permissions which restrict what can be done to files and folders accessed through that share. By default, shares are read-only. You have to specify write permissions if you want to grant them.

File Permissions: Local file permissions also apply. If the security mode is "User", then the permissions apply according to which username you authenticate against. In security mode "Share", you are typically accessing files as user "nobody" in group "nogroup". If you want to allow read & write to files in share mode, you will have to make sure user "nobody" or group "nogroup" has read & write permissions on the files.

File and share permissions are cumulative, and restrictions always trump permissions. In other words, if you authenticate to the server as user "warren", and user "warren" only has read and execute permissions on file "foo", you will not be able to write to that file, even if the share permissions allow read & write. If the share permissions are read-only, you will not be able to write to files even if your user owns them and has full file permissions.

Retrieved from "http://www.mepis.org/docs/en/index.php/Samba_troubleshooting_guide"

Categories: Stub | Troubleshooting | Networking