I've been using Linux exclusively for 4 years at home (currently Mandrake 8.2) and am trying to get my office interested. I'm not in IT department so they are very suspicious of what I'm doing.

After pestering for some months they gave me an old server to use. It's a Comaq Proliant 1500 with 32 bit Smart Array using an Intel Pentium 100 and 96Mb RAM. After many attempts I got Mandrake 8.0 up an running. There were initial problems recognising the RAM and getting the Smart Array configured but that's history.

Now I have Samba loaded and I can use Gnome Samba browser to see the Win2000 network but so far I cannot open any of the other computers on the network. If I look from a Win200 terminal I can see my linux server but cannot enter.

I've tried using SWAT but I really am now a newbie and am struggling. What I would like is a very basic samba.conf setup without any security that would let me access from win2000 to the linux server. Later I can add the security as I learn.

Can anyone help please? The vultures are flying overhead and are hoping to take back the server for Win.

Hopefully
David (oth88)

PS To me Linux has been the greatest thing since sliced bread!!

Hi David aka oth88

there are a zillion security-related settings in the smb.conf file. My favorites people have problems with are

encrypt passwords = yes
hosts allow = ....
security = user

Did you log in the samba server's log file to see what it says when you fail to connect from win to your box? It might give you some clues.

I usually tcpdump the connection if all else fails - you can watch the traffic and see where it get sstuck, like who talked last.

You probably know this - you can make a smbfs mount point in /etc/fstab just like an nfs one. We are using samba between central Unix servers and user Linux desktops - we can't allow nfs mounts because of the host-local security issue, but samba with its central authentication is fine.

If you are dealing with user desktop as you do, set the suid bit on /usr/bin/smbmnt, create /mnt/sharename, and add to the /etc/fstab (all in one line)

//sambaserver.where.you.are/sharename
/mnt/sharename
smbfs
username=your_name,uid=youruid,gid=yourgid,user,exec,nodev,noauto,nosuid 0 0

Hope it helps,

Martin

Dear Martin,

Many thanks for your help. I'm probably more of a newbie than you think but I'm trying your suggestions but so far without success. I modified the fstab file but it won't mount. I probably got some of the "where.you.are" and "sharename" bits wrong.

Today I achieved a great leap forward (for me anyway). I loaded Mandrake 8.2 to my laptop to dual boot with W2k and tonight I managed to connect with ssh to the Linux server through the office network.

Thanks again for your help and I will soldier on.

Kind regards
David

Ok, just try once more, and post the resulting output in the log file. Also the smb.conf file. We'll figure it out.

M.

Dear Martin

Now I've got ssh working from win2000 to the Linux server. The smb log files (log.username) are saying:

lib/util_sock.c:write_socket_data(540)
write_socket_data: write failure. Error = connection reset by peer.
lib/util_sock.c:write_socket (565)
write_socket: Error writing 4 bytes to socket 6: Errno = connection reset by peer.
lib/util_sock.c:send_smb (754)
error writing 4 bytes to client. -1 exiting

I have set up a username in the linux server with the same username and password as the win2000 client that is trying to access through network neighborhood.

If you can point me in the right direction I would appreciate it. Thanks
David

Hi David,

remind me - in the "network neighborhood" view, does your Linux box show up?

Does any of your boxes have a firewall (iptables on linux, some zonealarm or some such on win)? During those tests, shut down iptables if they are on.

Then go and try a samba connection from your linux machine to itself while tailing the log files.

smbclient -L <the machine's own ip> -U <theusername>

that should list the shares on your box, say you have "data". Then make /tmp/xxx, and

where you put in the machine's ip. So you mount its own samba share on the local box, just to eliminate the win box at this point. Watch the log files. If all goes ok, you get a passwd prompt for the samba password.

Try that, and see and post what you get.

Martin

Dear Martin,

Yes, the Linux box does show up in the network neighbourhood but if I try to access it says:

\\Gpclinux is not accessible. The network path was not found.

I tried your suggestion with a small modification. I connected from my win2000 laptop and logged in as root to Gpclinux server using ssh. Then I did the connection that you suggested and I was able to log in with one of my user accounts (dne). It asked for my password and all was fine. The following was displayed:

Sharename type Comment
-------------------------------------------------------
share disk Linux share space
dne disk
guest disk
user disk
IPC$ IPC IPC service (Samba)

Server Comment
------------------------------------------
GPC-PDC
GPCLINUX Samba

Workgroups Master
---------------------------------------
GPC GPC-PDC

Gpclinux is the name that I gave the Linux server and GPC is the win2000 network. I'm not sure why GPC-PDC has shown up as it is just one on many clients on GPC.

So any ideas on how to let win clients look into Gpclinux?

Thanks
David

Well, in order to reverse the path to your Gpclinux (which advertises itself alright), the nmbd (the "Netbios Name Server") must have all the info and that seems to be the problem. We are approaching the limits of my knowledge how in detail this protocol works, but since you established that the samba server lets you in in general, try, on the win box, to "Map network drive" (right-click on my computer), then don't call it by its name but by its IP, like \\192.168.xxx.xxx\user disk

I'm not sure if the space in the name of the shares is a good idea.

Alternatively, you may want to google around for info about how the mastership of the domain is handled and stuff, and who has the master nmbd, and so on.

Hope it helps,
Martin

Hi Martin,

Many thanks for your invaluable help. I have the server running and can now access from my win2k with putty so I can experiment with all the samba settings. I have set up shares but they only work if I set the access as Public. If I try anything else I get the usertname/password dialogue box and it always rejects my password.

I have set the a user in the linux server to have the same name and password as my win2k computer. I have set the smbpasswd by adding that user and password. I have tried every (well what seems like every) combination of allowing hosts, guest only, writeable, user list and so on but I never seem to get the right one.

I have set password encrypted and have tried share, user, domain and server but none work. I have been through all the helps and samba.org but can't seem to find the right answers.

Any ideas would be welcome.

Kind regards
David

well, maybe you can try to compare the security-relevant settings that I have in my smb.conf file with yours. After that, I would break out tcpdump as a way to see what's going on.

Here's what I have in smb.conf that has some impact on the password business:

Failing that, well, for that kind of problem I just capture the dialog with tcpdump for any more clues. Try, for example

tcpdump -s 1500 -i eth0 -X host <yourwinbox>

that prints the packets to and from your windows box. Maybe it tells you something, but of course it's a shot in the dark.

Hope it helps,
Martin

Hi Martin,

Thanks for your input. A little while after I made the changes the network PDC (W2k) crashed. Since the company has bought a new machine I think the problem was harware but the IT department think it might be the Linux server. As I set the OS level to 0 I don't think this could be the reason. Could the PAM settings have any effect on the PDC server? Anyway they have disconnected me for the time being. At the same time they had a hardware failure on a RAID array server (it's actually a linux firmware setup) which again had nothing to do with the Linux server but I shall stop further work until the dust settles.

Kind regards
David

David - can you paste a copy of your smb.conf here it may help to resolve the problem...

I can't see how the linux box would have crashed the w2k PDC.

You could also try this link: ftp://ftp.stratus.com/pub/vos/custom...leshooting.rtf

Hi David Have U Solved The Problem Or No yet.....

Let ME know i had the same problem this was my first intrest of leting Win2k Pro To Login on Linux Server and LInux To Act As Domain but not as a Active Directory That option is in the lates version of Samba i gues it's version 3. i worked very hard to get this thing woked and finaly Thankx God it happend.......

anyway i worked on Red Hat Linux 7.3 so if i can heilp u on this just let me know

Arif Hamirani

Hi,


There are a number of docs describing in detail the Samba installation.
I had my own share of problems when installing it for the first time to run on a Win2k dominated network.

I found this file very helpful in diagnosing my problems (path taken directly from my RH 7.3 box - it may be elsewhere on your system):

/usr/share/doc/samba-2.2.3a/docs/textdocs/DIAGNOSIS.txt

Check it out, and go step-by-step as described in the file.
There are also a number of other files in that directory that you might want to read.

Good luck,
Matt

P.S. email me if you want to try my smb.conf and smbpasswd files

I'm a little late getting in on this. I take it you company runs in a domain model. Then you need to make the samba sever part of the domain. First you need the admins to create an account on the PDC for your Linux box. You will also have to make a static DNS entry for the Linux box too, since Linux doesn't do dynamic DNS.

Then at the command line you need to type smbpasswd -j <domain anme> -r <machine Name>. This will join the Linux box to the Windows domain.

To make it easy you need to tell samba to authenticate thru the PDC. I have a very simple smb.conf file posted on my website. It's http://www.valkyre.net/~tangle/web/c.../smb_conf.htm. You need to change the names and number in the config file to match those of your netwrok.

The wins server = tell the sever what wins server to registar itself with. This should take care of the name resolution thing and allow you to map a drive by using a UNC name (ie \\Gpclinux\share name\)

The security = tells the server that it should authenticate through a server, not itself.

The password server = tells the server what password server to use. Instead of a name I would use the IP number of the server.

This config file worked fine for me at home, when I had a Windows 2000 domain set up. It is very simple and you will find out that you will need more thing added.

Let me know if this helps

One other thing, tell those so called admins that you got that a Linux box running samba will not crash a PDC or any other node on the network. If DHCP is running it might hose your DHCP service but would never crash a server. I take it they are all paper MCSEs. HAHAHA