samba - Dec 2002 - Help to a wet-behind-the-ears Linux newbie

Hi :-)

I am struggling through a RH 8.0 install on a machine we are looking to 
replace our Netware server. I got tapped to do this as I support the 
Graphics Deparment Mac OS ASIP server (running over 2 years now without a 
crash and no outage except for general maintenance).

I am attempting to set up SAMBA to provide file sharing for our Windows 
clients (something not for the faint of heart, I understand). I was able to 
configure both Webmin and SWAT, and can access both services from a remote 
machine, but am unable to see the server (FLASHSRV.WORKGROUP) in the Network 
Neighborhood or when I list all available hosts in nmblookup (nmblookup -d 2 
'*') and nmblookup acts as if the server isn't even available at the
IP
address specified for it. I have checked the /etc/services file and it lists 
all ports properly for the nmbd and smbd Daemons (137 through 139) so it 
doesn't appear to be a port issue. The NIC doesn't appear to be the
problem,
as I am very able to access the internet via ethernet.

I am able to see all client machines in nmblookup and in Network 
Neighborhood, so I suspect it is a problem with my SAMBA setup, more than 
likely something so simple and Freshman that I will kick myself for a few 
minutes as soon as one of you knowledgeable people are able to point it out 
to me. Any help is greatly appreciated as I am (gasp!) almost ready to give 
up and install a Win 2000 Server (something I have wanted to avoid) in order 
to get this up and running.

Thanks in advance

Here is a dump of my samba.config file

# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2002/12/10 10:22:38

# Global parameters
[global]
	netbios name = FLASHSRV
	server string = %L running Samba 2.2.7
	interfaces = eth0 172.17.2.3/255.255.255.0
	encrypt passwords = Yes
	obey pam restrictions = Yes
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*passwd:*all*authentication*tokens*updated*successfully*
	unix password sync = Yes
	log file = /var/log/samba/%m.log
	max log size = 0
	socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
	os level = 65
	domain master = Yes
	wins proxy = Yes
	wins support = Yes
	read only = No
	create mask = 0777
	directory mask = 0777
	guest only = Yes
	guest ok = Yes
	printing = lprng

[homes]
	comment = Home Directories
	valid users = %S
	create mask = 0664
	directory mask = 0775

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = No

[DATA]
	path = /home/afelling/DATA

[HP_LASERJET]
	path = /var/spool/samba
	printable = Yes
	printer name = HP_LASERJET
	oplocks = No

[CITOH_PLAIN]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	printer name = CITOH_PLAIN
	oplocks = No

[CITOH_FORM]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	printer name = CITOH_PLAIN
	oplocks = No




_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

----- Original Message -----
From: "Andrew Fellingham" <afellingham2@hotmail.com>
To: <samba@lists.samba.org>
Sent: Tuesday, December 10, 2002 4:46 PM
Subject: [Samba] Help to a wet-behind-the-ears Linux newbie

> Hi :-)
>
> I am struggling through a RH 8.0 install on a machine we are looking to
> replace our Netware server. I got tapped to do this as I support the
<snip>

Try it like this first, I'm not familiar with SWAT, I prefer to do it my own
way :)

Can you ping the machine from one of the workstations?

ping flashsrv or ping ip address

the shares are examples of mine, you should easily be able to adapt them for
your own use.

Good luck.

This simple config should get you going:

[global]

##
## Basic Server Settings
##

 # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
 workgroup = YourDomainOrWorkgroup

netbiosname = FLASHSRV

 # server string is the equivalent of the NT Description field
 server string = FLASHSRV Samba File Store

 # This option is important for security.
 hosts allow = 172.17.2.3/255.255.0.0 127.0.0.1

 # Uncomment this if you want a guest account, you must add this to
/etc/passwd
 # otherwise the user "nobody" is used
 ; guest account = pcguest

 # this tells Samba to use a separate log file for each machine
 # that connects
 log file = /usr/local/samba/var/log.%m

 # How much information do you want to see in the logs?
 # default is only to log critical messages
 log level = 5

 # Put a capping on the size of the log files (in Kb).
 max log size = 50

 # Security mode.
 security = user

 # Most people will find that this option gives better performance.
 socket options = TCP_NODELAY  SO_RCVBUF=8192 SO_SNDBUF=8192

##
## Network Browsing
##
 # set local master to no if you don't want Samba to become a master
 # browser on your network. Otherwise the normal election rules apply
 local master = no

##
## WINS & Name Resolution
##
 # Windows Internet Name Serving Support Section:
 # WINS Support - Tells the NMBD component of Samba to enable it's WINS
Server
        wins support = no

 # WINS Server - Tells the NMBD components of Samba to be a WINS Client
 # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
        wins server = WinsServerIPIfYouHaveOne

 # WINS Proxy - Tells Samba to answer name resolution queries on
 # behalf of a non WINS capable client, for this to work there must be
 # at least one WINS Server on the network. The default is NO.
 ; wins proxy = yes

 # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
 # via DNS nslookups.
 dns proxy = no


##
## Passwords & Authentication
##


 # You may wish to use password encryption.
        encrypt passwords = yes

 # Should smbd obey the session and account lines in /etc/pam.d/samba ?
 # only available if --with-pam was used at compile time
 obey pam restrictions = yes

 # When using encrypted passwords, Samba can synchronize the local
 # UNIX password as well.  You will also need the "passwd chat"
parameters
 ; unix password sync = yes

 # how should smbd talk to the local system when changing a UNIX
 # password?  See smb.conf(5) for details
 ; passwd chat = *new*password* %n\n *new*password* %n\n

  map to guest = bad user

 # This is only available if you compiled Samba to include --with-pam
 # Use PAM for changing the password
 ; pam password change = yes

##
## Printing
##

        printer admin = root, @usergroups, @lpd
        printing = lprng
        lpq command = /usr/bin/lpq -P %p
        lprm command = /usr/bin/lprm -P %p %j
        lppause command = /usr/sbin/lpc hold %p %j
        lpresume command = /usr/sbin/lpc release %p %j
        queuepause command = /usr/sbin/lpc stop %p
        queueresume command = /usr/sbin/lpc start %p

        oplocks = no
        kernel oplocks = no
        level2 oplocks = no

#============================ Share Definitions
=============================
# HP Laserjet 4500N Share.
[lj4500n]
        comment = HP LaserJet 4500N
        path = /var/spool/samba
        read only = No
        guest ok = Yes
        printable = Yes
        print command = lpr -P lj4500n -r %s -h; rm %s
        printer name = lj4500n
        oplocks = No
        share modes = No
        admin users = @ITADMIN
        valid users = @EveryoneInMyDomain

# Hidden printer drivers share.
[print$]
        path = /usr/printers
        admin users = root @lp, @ITADMIN
        write list = root @lp, @ITADMIN
        create mask = 0755
        guest ok = Yes

# Home Directory Shares
[homes]
     comment     = Home Directories
     browseable  = no
     writable    = yes
     valid users = %S

# This one is useful for people to share files
[Temp]
   comment     = Temporary File Space
   path        = /usr/temp
   read only   = no
   writable    = yes
   public      = yes
   create mask = 0700

# IT Users Share
[IT]
   comment     = IT Staff Only
   path        = /usr/company/it
   read only   = no
   writable    = yes
   create mask = 0777
   directory mask = 0777
   security mask = 0777
   valid users = @IT

# A publicly accessible directory

[Public]
   comment     = Public Stuff
   path        = /usr/public
   create mask = 0775
   directory mask = 0775
   security mask = 0777

On Tue, 10 Dec 2002, Andrew Fellingham wrote:
> Hi :-)
>
> I am struggling through a RH 8.0 install on a machine we are looking to
> replace our Netware server. I got tapped to do this as I support the
> Graphics Deparment Mac OS ASIP server (running over 2 years now without a
> crash and no outage except for general maintenance).
>
> I am attempting to set up SAMBA to provide file sharing for our Windows
> clients (something not for the faint of heart, I understand). I was able to
> configure both Webmin and SWAT, and can access both services from a remote
> machine, but am unable to see the server (FLASHSRV.WORKGROUP) in the
Network
> Neighborhood or when I list all available hosts in nmblookup (nmblookup -d
2
> '*') and nmblookup acts as if the server isn't even available
at the IP
> address specified for it. I have checked the /etc/services file and it
lists
> all ports properly for the nmbd and smbd Daemons (137 through 139) so it
> doesn't appear to be a port issue. The NIC doesn't appear to be the
problem,
> as I am very able to access the internet via ethernet.
>
> I am able to see all client machines in nmblookup and in Network
> Neighborhood, so I suspect it is a problem with my SAMBA setup, more than
> likely something so simple and Freshman that I will kick myself for a few
> minutes as soon as one of you knowledgeable people are able to point it out
> to me. Any help is greatly appreciated as I am (gasp!) almost ready to give
> up and install a Win 2000 Server (something I have wanted to avoid) in
order
> to get this up and running.
Some hints:

1) Add to smb.conf [globals]:
	workgroup = 'your_workgrop_name'
	domain logons = Yes

2) Remove from smb.conf [globals]
	wins proxy = Yes

3) You specified that the samba server is the WINS server by setting in
smb.conf [globals] "wins support = Yes", so make sure that ALL your MS
Windows clients in their TCP/IP settings have the IP Address of your Samba
server as the WINS server address for BOTH WINS primary and secondary.

4) Reboot all MS Windows workstations

5) Check that in your wins.dat file every MS Windows client has it's
entries. This file will be in /var/cache/samba/wins.dat, of
/var/lock/samba/wins.dat, or in /usr/local/samba/var/locks/wins.dat

6) Wait 15 minutes, then check that all your machines are in the
browse.dat file in the same directory where you found wins.dat.

7) Now things should work for you.

- John T.
>
> Thanks in advance
>
> Here is a dump of my samba.config file
>
> # Samba config file created using SWAT
> # from 0.0.0.0 (0.0.0.0)
> # Date: 2002/12/10 10:22:38
>
> # Global parameters
> [global]
> 	netbios name = FLASHSRV
> 	server string = %L running Samba 2.2.7
> 	interfaces = eth0 172.17.2.3/255.255.255.0
> 	encrypt passwords = Yes
> 	obey pam restrictions = Yes
> 	pam password change = Yes
> 	passwd program = /usr/bin/passwd %u
> 	passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> 	unix password sync = Yes
> 	log file = /var/log/samba/%m.log
> 	max log size = 0
> 	socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
> 	os level = 65
> 	domain master = Yes
> 	wins proxy = Yes
> 	wins support = Yes
> 	read only = No
> 	create mask = 0777
> 	directory mask = 0777
> 	guest only = Yes
> 	guest ok = Yes
> 	printing = lprng
>
> [homes]
> 	comment = Home Directories
> 	valid users = %S
> 	create mask = 0664
> 	directory mask = 0775
>
> [printers]
> 	comment = All Printers
> 	path = /var/spool/samba
> 	printable = Yes
> 	browseable = No
>
> [DATA]
> 	path = /home/afelling/DATA
>
> [HP_LASERJET]
> 	path = /var/spool/samba
> 	printable = Yes
> 	printer name = HP_LASERJET
> 	oplocks = No
>
> [CITOH_PLAIN]
> 	comment = All Printers
> 	path = /var/spool/samba
> 	printable = Yes
> 	printer name = CITOH_PLAIN
> 	oplocks = No
>
> [CITOH_FORM]
> 	comment = All Printers
> 	path = /var/spool/samba
> 	printable = Yes
> 	printer name = CITOH_PLAIN
> 	oplocks = No
-- 
John H Terpstra
Email: jht@samba.org

> to me. Any help is greatly appreciated as I am (gasp!) almost ready to give
> up and install a Win 2000 Server (something I have wanted to avoid) in
order
> to get this up and running.
I think you'll be sorry if you do that...
comments below...
 
> Thanks in advance
> 
> Here is a dump of my samba.config file
> 
> # Samba config file created using SWAT
> # from 0.0.0.0 (0.0.0.0)
> # Date: 2002/12/10 10:22:38
> 
> # Global parameters
> [global]
> 	netbios name = FLASHSRV
> 	server string = %L running Samba 2.2.7
> 	interfaces = eth0 172.17.2.3/255.255.255.0
you probably need only one of these...
> 	encrypt passwords = Yes
> 	obey pam restrictions = Yes
> 	pam password change = Yes
> 	passwd program = /usr/bin/passwd %u
> 	passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
> *passwd:*all*authentication*tokens*updated*successfully*
> 	unix password sync = Yes
> 	log file = /var/log/samba/%m.log
> 	max log size = 0
> 	socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
> 	os level = 65
> 	domain master = Yes
are you sure you want this setting? 
> 	wins proxy = Yes
you probably don't need this
> 	wins support = Yes
good - wins will make you happier than broadcast browsing.
did you configure the clients to point your the server's IP address
for wins?  have a look at browsing.txt for more info.
> 	read only = No
> 	create mask = 0777
> 	directory mask = 0777
> 	guest only = Yes
are you sure about this...
> 	guest ok = Yes
and this?
> 	printing = lprng
> 
> [homes]
> 	comment = Home Directories
> 	valid users = %S
i don't think %S makes sense here... 
> 	create mask = 0664
> 	directory mask = 0775
> 
it doesn't look like you have any browsable shares...

brad

On Tue, Dec 10, 2002 at 10:46:19AM -0600, Andrew Fellingham
wrote:
> I am attempting to set up SAMBA to provide file sharing for our Windows 
> clients (something not for the faint of heart, I understand). I was able to
> configure both Webmin and SWAT, and can access both services from a remote 
> machine, but am unable to see the server (FLASHSRV.WORKGROUP) in the 
> Network Neighborhood or when I list all available hosts in nmblookup 
> (nmblookup -d 2 '*') and nmblookup acts as if the server isn't
even
> available at the IP address specified for it. I have checked the 
> /etc/services file and it lists all ports properly for the nmbd and smbd 
> Daemons (137 through 139) so it doesn't appear to be a port issue. The
NIC
> doesn't appear to be the problem, as I am very able to access the
internet
> via ethernet.
Are smbd and nmbd actually running? Don't trust what swat/webmin might
say, log in and check yourself.

As I recall, Red Hat's installer asks if you want to have your machine
secured with some firewall rules. If you say yes, it blocks the Samba
ports (and others), but doesn't actually tell you what it's blocking.

Also, as a general rule you should ignore Network Neighborhood. Machines
that have been shut off for days will sometimes still show up, and
machines that have been up and running for days sometimes won't. Network
Neighborhood is utterly worthless for any kind of diagnostic, regardless
of whether you use an NT server or a Samba server.

-- 
Michael Heironimus