Greetings:

I am SORT of getting Samba working. The main problem is that my linux box sees my Windows box fine, but not vice versa. The relevant bits of smb.conf is:

[global]
workgroup = xyz
netbios name = abc
encrypt passwords = yes

[test]
path = /home/chris
writeable = yes
guest okay = yes

Equipment: Win 2000 (client for MS Networks, File/Print share for MS Networks, TCP/IP) and Samba 2.2 on Red Hat 9 Linux box.

Possibly related sypmptom:
If I "pull" a file from windows machine to linux box, all is good. If I "push" a file from Linux box to windows box, it's very very slow, and if it's more than about 100k or so, it'll eventually time out. Small text files are fine, just slow.

My question is:
(a) What am I doing wrong? What's missing from my smb.conf file so win2k doesn't see me? The network pings and all that lot correctly.
(b) Am I right in assuming that the slowness of the linux->windows traffic is related to my windows box not seeing my Linux box?

I'm...desparate. I've manged my copy of "Using Samba" 2nd Ed, as well as the Red Hat 9 Bible. I'm stumped. And I hate to admit it!!

In the meantime, thanks in advance for your help.

This sounds kind of like a firewall problem to me, on the linux side. You can check the iptables rules with:

iptables -L

You can clear them all with:

iptables -F

Other than that, you should be able to at least see the Linux box from windows. Actually logging into it will require you to use the "smbpasswd" program to setup a samba user, if you're using encrypted passwords and "security=user".

Also it's hard to tell what the problem may be with the little bit of the smb.conf that you provided above. The above isn't enough to get it up and running.

Does the Samba Server show up in the Windows 2000 "Network Neighborhood"?

If it does, then Samba is configured correctly.
If not, what happens when you try to connect from the Windows box to the Linux box using the path \\{ip-address of linux box}?

As far as the speed issue is concerned, not sure if this will help, but make sure that on the Windows 2000 box that Quality of Service (QoS) is uninstalled, not just unchecked. The MS QoS agent reserves network bandwidth for QoS aware applications, which is pretty much just Explorer (not Internet Explorer) and the newer versions of Internet Information Server (IIS).
MS Knowledge Base #233203 for more info on QoS and Windows 2000.

I have QoS removed on my Windows 2000 box and I usually transfer from my Samba server at 1-7 Mbps, depending on file size.

Another thing to check is the Service Pack on the Windows 2000 box. The latest is SP4. I know in the original version and in SP1, transfers from a Win9x client to a Win2k machine were extremely slow, but were fine the opposite direction.

A third thing to check is the Master Browser Election. By default, a Samba server will beat any Windows machine except for a Primary Domain Controller. For background, the Master Browser maintains a list of all of the available shares in a workgroup/domain. If a mis-configured server wins a browser election, then Network Neighborhood will not show all of the computers in the network.

To change the default Election, put the following command in your [global] area:
os level = 2
This would make any Windows box, except for Windows for Workgroups, win the election.

By the way, you may want to look into using SWAT to configure your Samba server. It is a web based configuration utility that comes with a standard Samba distro, including those distros that come with commercial linux distros. See www.samba.org on details of its use.

Below is an excerpt from my samba.conf. You are more than welcome use it as an example. Note: Everything after the # is comments in this forum post and are not in my samba.conf.

[global]
workgroup = ASGARD # Sets the workgroup name
netbios name = ODIN # Sets the server name
encrypt passwords = Yes # Needed to speak with Win2k Clients
log level = 1
syslog = 0
time server = Yes
unix extensions = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
printcap name = CUPS
printing = cups
veto files = /*.eml/*.nws/riched20.dll/*.{*}/ # Helps reduce the spread of viruses via a samba share.

[homes] # Shares out linux home directory to users that have linux accounts.
comment = Home Directories
valid users = %S
read only = No
create mask = 0640
directory mask = 0750
browseable = No

[mp3s] # Creates a share named "mp3s" that is readable to all, but only writable by user "Bob". This share shows up in Network Neighborhood.
path = /srv/smb/mp3s
write list = bob
guest ok = Yes

[old_mp3s$] # # Creates a share named "old_mp3s$" that is readable to all, but only writable by user "Bob". This share is like a hidden share for Windows. It is no displayed in Network Neighborhood, but you can browse to it if you know the name.
path = /srv/smb/old_mp3s
write list = bob
guest ok = Yes


SWAT is definately a helpful tool that you should look into!
Hope this helps!

Thanks for the replies. Much appreciated.

1. Doesn't seem to be the firewall. I played with all settings of enabling, disabling, blowing away iptables. Same symptoms.
2. I have all current service packs on win2k box. I don't have the QoS installed. Imagine that, a M$ "quality" feature that isn't.
3. Here's where it gets wierd. If I log into windows from linux box, my linux box shows up in the network neighborhood. If I don't log into it, it doesn't show up. Even when Linux box shows up, if I "click" on it, I get the dreaded "\\Ray is not accessable. The network path was not found." (Ray is the Linux box.)
4. Right now, I'm at os level = 65. One post reccomended 2. Is *that* the problem <head scratches>?

You guys are awesome. Thanks for the continued help. I am close. I know I am. I just don't know what 1 or 2 niggling details are eluding me.

Best,
Chris

The main reason I recommended 2 was for trouble shooting.

With os level set to 65, you will beat out any Windows box. But if the server is misconfigured, it will screw up network neighborhood.

If you set it to 2, the Windows box will win the browser election, and you may be able to browse network neighborhood.

I do not think that the os level setting is what is causing the problem, but the os level is handy for trouble shooting.

Can you post your samba.conf so that we can take a look at it?

I really appreciate any help on said symptoms. If you manage to get me out of this dilema, I'll buy you a beer if you're ever in Chicago, Illinois USA.

smb.conf:

# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = DEBDEN
netbios name = RAY

# server string is the equivalent of the NT Description field
server string = Ray-built Linux Box

# Encrypt passwords? You need this in v2.2 when dealing with win 2k/XP
encrypt passwords = Yes

# This one is to set optimistic locking. No means a bit less performance, but is safety on flaky windows clients.
oplocks = no

# WINS. Wins converts NetBios Computer names into IP addresses.
wins support = yes

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts allow = 192.168.0.1, 192.168.0.2, 192.168.0.3, 127.0.0.1

# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
printcap name = /etc/printcap
load printers = yes

# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx, cups
printing = cups

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/%m.log

# Put a capping on the size of the log files (in Kb).
max log size = 50

# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = SHARE

# Use password server option only with security = server
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
; password server = <NT-Server-Name>

# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
; password level = 8
; username level = 8

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
smb passwd file = /etc/samba/smbpasswd

# The following is needed to keep smbclient from spouting spurious errors
# when Samba is built with support for SSL.
; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt

# The following are needed to allow password changing from Windows to
# update the Linux system password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
# the encrypted SMB passwords. They allow the Unix password
# to be kept in sync with the SMB password.
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*

# You can use PAM's password change control flag for Samba. If
# enabled, then PAM will be used for password changes when requested
# by an SMB client instead of the program listed in passwd program.
# It should be possible to enable this without changing your passwd
# chat parameter for most setups.

pam password change = yes

# Unix users can map to different SMB User names
; username map = /etc/samba/smbusers

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /etc/samba/smb.conf.%m

# This parameter will control whether or not Samba should obey PAM's
# account and session management directives. The default behavior is
# to use PAM for clear text authentication only and to ignore any
# account or session management. Note that Samba always ignores PAM
# for authentication in the case of encrypt passwords = yes

obey pam restrictions = yes

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24

# Configure remote browse list synchronisation here
# request announcement to, or browse list sync from:
# a specific host or from / to a whole subnet (see below)
; remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
; remote announce = 192.168.1.255 192.168.2.44

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = yes

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
os level = 65

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = yes

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
guest ok = yes
guest account = chris
dns proxy = no

# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
; preserve case = no
; short preserve case = no
# Default case is normally upper case for all DOS files
; default case = lower
# Be very careful with case sensitivity - it can break things!
; case sensitive = no

#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writeable = yes
valid users = %S
create mode = 0664
directory mode = 0775
# If you want users samba doesn't recognize to be mapped to a guest user
; map to guest = bad user


# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /usr/local/samba/profiles
; browseable = no
; guest ok = yes


# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
printable = yes

# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /home/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/local/pc/%m
; public = no
; writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765

[ChrisOnRay]
comment = ChrisLinuxFiles
path = /home/chris
writeable = yes
guest ok = yes

When working with Win2k clients, the security setting should be set to user. This requires a username/password before connections can be made. This is most likely the problem that you are having, as Win2k does not support Share level permissions very well. Nor should it. Share level permissions are less secure than User Level permissions.

In the global section of the config file, change security = share to security = user

See Samba Docs for more info on this.
http://us1.samba.org/samba/docs/man/....html#SECURITY

Using security=user, you will need to map unix usernames to samba usernames. You will use the smbpasswd utility. Details on its use are in the smbpasswd man pages, or at this link:
http://us1.samba.org/samba/docs/man/smbpasswd.8.html

And while not a requirement, but a recommendation, change the guest account = chris to an account that has very little permissions, guest account = nobody. A lot of times a user account named "nobody" is created by Commercial Distros for this and other similar purposes. This is primarily for security. You don't want guests to use your account!

Hope this helps!
Let us know what happens.

I will poke around with these suggestions and give you an update. I REALLY appreciate your mental bandwidth.

You da man.