Browsing problems with Samba 2.0.5 on HP-UX and WinNT4.0SP4
Borrione Aldo
a.borrione at crf.it
Fri Oct 22 10:37:12 GMT 1999
We're *****very happy***** samba users in an environment where:
3 HP-UX 10.20 9000/700 ws act as servers for about 35 Win95/NT
clients. Just upgraded to 2-0-5a: much performance for clients with
very very low ws load. Great. There is one ws acting as main server
offering disks via NFS to the other two, and there is a central samba
configuration area where we use the machine name to differentiate
machine specific configuration(s).
We run samba in server mode, but request autentication from the
company-wide PDC, an NT machine. All goes smooth this way, with
some help from user maps we allow people without unix account to connect
and work.
There is only one company wide NT Domain, which I call NTLAN.
NOW, I have moved NT4.0 build 1381 srvp 4, and some troubles appeared:
browsing shares on the 3 HP ws has become, let's say, quite unstable and
unpredictable.
This is what happens:
1. Boot & wait for the desktop to appear, then logon to NT as
<myname> <mypasswd><NTLAN domain>. Microsoft SMS starts
and checks, all is fine as far as logon to company-wide domain is concerned
2. Start the network browser: at this point, I look for my servers, which
appear
as expected in the net tree.
3. I double click on one of the servers' icon, and as expected ALL
the shares I have defined in my personal smb.conf.<myname>
appear together with globally available shares.
Please note, all the shares are personal except two, that are public.
These are defined in the main smb.conf file at machine level and access
is granted on a unix-group basis enclosing all the users in my department.
The personal smb.conf file is included in the smb.conf file, and its name is
generated using the %U macro.
4. I double click on one of my PERSONAL shares and I can access
its contents as desired.
If I go back to the share list, all my personal shares just DISAPPEAR
from the browse list, including my home directory. The list shows the
two public shares plus the personal share I accessed previously.
Its comment shows that it is NOW assumed to be my home directory:
it looks like I have changed my name to the share name, which is the
same of the regular unix username owning all the dirs in the share.
The share definition forces the user to be equal to that username.
Please note that:
- access to public shares is ALWAYS OK
- I can open network drives to "invisible shares" without problems, but the
"force user" share paameter does not work properly. Sometimes files are
created with my NT domain username (wrong!) sometimes these are
created following the "force user" parameter value.
5. Trying to refresh the browse window, the situation remains unchanged.
After some minutes (> 10-15), all becomes OK in that I see again the full
list of shares: my home dir, the public shares, all my personal shares.
It is interesting to say that now the browse list remains always coherent
until
the next PC reboot. That is I can double click to a share, look at its
contents, exit and see again ALL the shares with the right comments.
WHAT I HAVE DONE SO FAR
---------------------------------------------
1. Scanned all the docs and faqs, ran testparms on each possible config file
without
getting problem reports.
2. Restarted samba at a higher debug level to have richer logs to look
inside,
nothing appared as relevant
3. Activated the smbpasswd file for remapping passwords
WHAT I SUSPECT:
---------------------------------------------
For some reasons, my NTLAN username does not fall through the chain,
so that the %U macro cannot work. But then it is not clear why I
can open my personal shares - even though invisible in the browse list -
without problems.
No ideas about the odd behaviour of the force user parameter.
For convenience I enclose our smb.conf file and an excerpt of
my personal smb.conf.<myname> file.
Are there any suggestions on how to solve the problem ?
Thanks in advance !
Aldo Borrione
--------------- GLOBAL SMB.CONF -----------
#======================= Global Settings
=====================================
[global]
lock directory = /usr/local/samba/%h/var/locks
oplocks = no
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = DSS- SIST. ELT.
# server string is the equivalent of the NT Description field
server string = Samba Server %v on %h
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts deny = ALL
hosts allow = XXX.YYY. 127.
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
; load printers = yes
# you may wish to override the location of the printcap file
; printcap name = /etc/printcap
# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
; printcap name = lpstat
# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
; printing = bsd
printing = hpux
# Skip the banner page
print command = lp -onb -d%p %s
# Uncomment this if you want a guest account, you must add this to
/etc/passwd
# otherwise the user "nobody" is used
guest account = smbguest
# this tells Samba to use a separate log file for each machine
# that connects
; log file = /usr/local/samba/var/log.%m
log file = /usr/local/samba/%h/var/log.%U
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = server
# Use password server option only with security = server
; password server = <NT-Server-Name>
password server = scrf01, scrf02
# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
; password level = 8
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
smbpasswd file = /usr/local/samba/private/smbpasswd
# Unix users can map to different SMB User names
; username map = /etc/smbusers
username map = /usr/local/samba/lib/smb.users
; domain user map = /usr/local/samba/lib/domain.user.map
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /usr/local/samba/lib/smb.conf.%m
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24
# Configure remote browse list synchronisation here
# request announcement to, or browse list sync from:
# a specific host or from / to a whole subnet (see below)
; remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
; remote announce = 192.168.1.255 192.168.2.44
# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = no
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 33
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
; preferred master = yes
# Use only if you have an NT server on your network that has been
# configured at install time to be a primary domain controller.
; domain controller = <NT-Domain-Controller-SMBName>
; domain controller = scrf01
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS
Server
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT
both
; wins server = w.x.y.z
wins server = XXX.YYY.ZZZ.KKK
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = yes
# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
preserve case = yes
short preserve case = yes
# Default case is normally upper case for all DOS files
; default case = lower
# Be very careful with case sensitivity - it can break things!
; case sensitive = no
#============================ Share Definitions
==============================
[homes]
; comment = %u home directory
browseable = no
writable = yes
; create mode = 0750
; valid users = @dss
[smbguest]
path = /tmp
browseable = no
guest ok = yes
writable = no
valid users = @dss @guests smbguest
[pctools]
comment = Utility e documentazione
path = /usr/services/pctools
valid users = @dss @guests smbguest
public = no
writable = yes
printable = no
create mask = 0775
force create mode = 775
[dsscom]
comment = Area common DSS
path = /usr/services/dsscom
valid users = @dss mario smbguest
public = no
writable = yes
printable = no
create mask = 770
force create mode = 770
directory mask = 770
force directory mode = 770
[sparedisk]
comment = Area spare DSS
path = /sparedisk
valid users = @dss mario smbguest
public = no
writable = yes
printable = no
create mask = 700
directory mask = 700
#============================ Share Definitions
==============================
# Customise configuration on a per user basis.
# The %U gets replaced with the NTLAN name of the user that is connecting
include = /usr/local/samba/%h/lib/smb.conf.%U
While this is an excerpt of each users' smb.conf.<username> file:
#============================ Personal Share Definitions
==============================
[vmbd]
comment = Area di sviluppo VMBD
path = /home/vmbd
valid users = <myname>
public = no
writable = yes
printable = no
create mode = 0770
security mask = 0777
force security mode = 0777
directory security mask = 0777
force directory security mode = 0777
force user = vmbd
force group = dss
[webroot]
comment = Web Server Root
path = /usr/local/etc/httpd/htdocs
valid users = <myname>
public = no
writable = yes
printable = no
create mask = 0750
force user = www
force group = wwwadmin
q
--------------------------------------------
Aldo BORRIONE
Centro Ricerche FIAT
Direzione Sistemi Elettronici
DSS-Progettazione Software
Tel: +39.011.9083.945
Fax: +39.011.9083.083
Email: a.borrione at crf.it
--------------------------------------------
More information about the samba
mailing list