# samba broken again

## Gentree

Hi,

it seems that every tiem I need to use samba I need to spend half a day fixing it since I last used it. I have little to do with windoze but from time to time I need to "share" something.

My infrequent use of samba means there has usually been some security flaw and an update since I last used it and now something is broken.

Today is a case in point. I tried to start samba and nmbd failed. I get the following in the logs which is about a much help as a fart in a space suit.

```

bash-3.2#/etc/init.d/samba start

 * samba -> start: smbd ...                                               [ ok ]

 * samba -> start: nmbd ...                                               [ !! ]

 * Error: starting services (see system logs)

 * samba -> stop: smbd ...                                                [ !! ]

 * samba -> stop: nmbd ...                                                [ ok ]

```

```

Oct 17 11:58:23 linbox smbd: gethostby*.getanswer: asked for "eth0 IN A", got type "TXT"

Oct 17 11:58:23 linbox nmbd: gethostby*.getanswer: asked for "eth0 IN A", got type "TXT"

Oct 17 11:58:23 linbox rc-scripts: Error: starting services (see system logs)
```

googlin drew a blank.

I'm running ~x86 so maybe something is a bit too new.

Anyone recognise this?

TIA, Gentree.   :Cool: 

----------

## DaggyStyle

can you post smb.conf?

----------

## Gentree

did you mean  /etc/conf.d/samba?

```
#add "winbind" to the daemon_list if you also want winbind to start

daemon_list="smbd nmbd"

#----------------------------------------------------------------------------

# Daemons calls: <daemon_name>_<command_option>

#----------------------------------------------------------------------------

my_service_name="samba"

my_service_PRE="unset TMP TMPDIR"

my_service_POST=""

#----------------------------------------------------------------------------

# Daemons calls: <daemon_name>_<command_option>

#----------------------------------------------------------------------------

smbd_start_options="-D"

smbd_start="start-stop-daemon --start --quiet --exec /usr/sbin/smbd -- ${smbd_start_options}"

smbd_stop="start-stop-daemon --stop --quiet --pidfile /var/run/samba/smbd.pid"

smbd_reload="killall -HUP smbd"

nmbd_start_options="-D"

nmbd_start="start-stop-daemon --start --quiet --exec /usr/sbin/nmbd -- ${nmbd_start_options}"

nmbd_stop="start-stop-daemon --stop --quiet --pidfile /var/run/samba/nmbd.pid"

nmbd_reload="killall -HUP nmbd"

winbind_start_options=""

winbind_start="start-stop-daemon --start --quiet --exec /usr/sbin/winbindd -- ${winbind_start_options}"

winbind_stop="start-stop-daemon --stop --quiet --oknodo --exec /usr/sbin/winbindd"

winbind_reload="killall -HUP winbindd"
```

thx

----------

## DaggyStyle

nope, I mean /etc/samba/smb.conf

----------

## Gentree

I dont see what that has to do with nmbd failing but here goes.

```
bash-3.2#cat /etc/samba/smb.conf

[global] 

        workgroup = workgroup 

        encrypt passwords = yes 

        unix password sync = no 

        null passwords = yes 

        security = user 

### essential get-it-running "globals" ends here. Following are needed for a realistic config. ###

   # netbios name is the name you will see in "Network Neighbourhood", 

   # but defaults to your hostname 

   ###netbios aliases = LINBOX

   # server string is the equivalent of the NT Description field 

    server string = %h (Gentoo Linux/Samba V%v)

   # Allows DOS and Windows clients to use files that do not conform to 

   # the "8.3 Windows" naming convention. 

        mangling method = hash2 

   # 2. Printing Options: 

   # CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK 

   # if you want to automatically load your printer list rather 

   # than setting them up individually then you'll need this 

   printcap name = cups 

   load printers = yes

# Specifies directories in the share that Samba should not enter. 

        dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd,/sys

   # 4. Security and Domain Membership Options: 

   # This option is important for security. It allows you to restrict 

   # connections to machines which are on your local network. The 

   # following example restricts access to two C class networks and 

   # the "loopback" interface. For more examples of the syntax see 

   # the smb.conf man page. Do not enable this if (tcp/ip) name resolution does 

   # not work for all the hosts in your network. 

  hosts allow = 192.168.0.0/25  127. 

   # All other connections will be refused connections as soon as the client 

   # sends its first packet. The refusal will be marked as a 'not listening 

   # on called name' error. 

  hosts deny = 0.0.0.0/0

   # Password Level allows matching of _n_ characters of the password for 

   # all combinations of upper and lower case. 

   password level = 8 

   username level = 8

   # You may wish to use password encryption. Please read 

   # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. 

   # Do not enable this option unless you have read those documents 

   # Encrypted passwords are required for any use of samba in a Windows NT domain 

   # The smbpasswd file is only required by a server doing authentication, thus 

   # members of a domain do not need one. 

   encrypt passwords = yes 

   smb passwd file = /etc/samba/private/smbpasswd

   # Unix users can map to different SMB User names 

###   username map = /etc/samba/smbusers

   # Using the following line enables you to customise your configuration 

   # on a per machine basis. The %m gets replaced with the netbios name 

   # of the machine that is connecting 

   ;    include = /etc/samba/smb.conf.%m

   # 5. Browser Control and Networking Options: 

   # Most people will find that this option gives better performance. 

   # See speed.txt and the manual pages for details 

   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=16384 SO_SNDBUF=16384

   # Configure Samba to use multiple interfaces 

   # If you have multiple network interfaces then you must list them 

   # here. See the man page for details. 

   ;    interfaces = 192.168.12.2/24 192.168.13.2/24 

   interfaces = lo eth0 

   bind interfaces only = yes

### some DOS win tweeks , not too well tested by me ###

  # 8. File Naming Options: 

   # Case Preservation can be handy - system default is _no_ 

   # NOTE: These can be set on a per share basis 

   preserve case = Yes 

   short preserve case = Yes 

   # Default case is normally upper case for all DOS files 

   ;    default case = lower 

   # Be very careful with case sensitivity - it can break things! 

   ;    case sensitive = No 

   # Enabling internationalization: 

   # you can match a Windows code page with a UNIX character set. 

   # Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European), 

   # 852 (Czech), 861 (???), 932 (Japanese), 

   # 936 (Simplified Chin.), 949 (Korean Hangul), 

   # 950 (Trad. Chin.). 

   # More detail about code page is in 

   # "http://www.microsoft.com/globaldev/reference/oslocversion.mspx" 

   # UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.), 

   # ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.) 

   # This is an example for french users: 

   dos charset = 850 

   unix charset = ISO8859-15

   # Allows non-owners of a file to change its time if they can 

   # write to it. Defauts to no. Set this to yes if you enable 

   # time server. 

   dos filetimes = Yes 

   # Causes file times to be rounded to the next even second. Defaults 

   # to no. Set this to yes if you enable time server. 

   dos filetime resolution = Yes 

   # Sets directory times to avoid a MS nmake bug. Defautls to no. Set 

   # this to yes if you enable time server. 

   fake directory create times = Yes 

   # The value of the parameter (a decimal integer) represents the 

   # number of minutes of inactivity before a connection is 

   # considered dead, and it is disconnected. The deadtime only takes 

   # effect if the number of open files is zero.

[share] 

        path = /home/samba

        public = yes 

        writable = yes 

        comment = public r/w scratch pad dir

### basic globals and one "share" should get you going, then add the rest.

[printers] 

   # NOTE: If you have a CUPS print system there is no need to 

   # specifically define each individual printer. 

   # You must configure the samba printers with the appropriate Windows 

   # drivers on your Windows clients. On the Samba server no filtering is 

   # done. If you wish that the server provides the driver and the clients 

   # send PostScript ("Generic PostScript Printer" under Windows), you have 

   # to swap the 'print command' line below with the commented one. 

   guest ok = Yes 

   printable = Yes 

   path = /var/spool/samba 

   browseable = No 

   read only  = Yes 

   printable = Yes 

   writable = No 

   create mode = 0700 

   # ===================================== 

   # print command: see above for details. 

   # ===================================== 

   ;    print command = lpr-cups -P %p -o raw %s -r   # using client side printer drivers. 

   ;    print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients). 

   print command = lpr-cups -P %p -o raw %s -r 

   # The following two commands are the samba defaults for printing=cups 

   # change them only if you need different options: 

   ;    lpq command = lpq -P %p 

   ;    lprm command = cancel %p-%j 

   ;    lprm command = /usr/bin/lprm -P%p %j

[print$] 

   # This share is used for Windows NT-style point-and-print support. 

   # To be able to install drivers, you need to be either root, or listed 

   # in the printer admin parameter above. Note that you also need write access 

   # to the directory and share definition to be able to upload the drivers. 

   # For more information on this, please see the Printing Support Section of 

   # /usr/share/doc/samba-<version>/Samba-HOWTO-Collection.pdf 

   comment = All Network Printers 

   path = /var/lib/samba/printers 

   guest ok = Yes 

   browseable = Yes 

   read only = Yes 

   valid users = @adm root 

   write list = @adm root 

   create mask = 0664 

   directory mask = 0775

[profsdir] 

   comment = Prof's linbox home dir

   path = /home/prof 

   valid users = prof 

   public = No 

   writable = Yes 

   printable = No

[photos] 

   comment = Prof's photobox

   path = /photos 

   valid users = prof,marie 

   guest ok = Yes

   public = Yes

   writable = No 

   printable = No

[suse-tmp] 

   comment = linbox SuSE /tmp

   path = /suse/tmp

   valid users = prof,marie 

   guest ok = Yes

   public = Yes

   writable = No 

   printable = No

bash-3.2#

```

thx   :Cool: 

----------

## b.tomasik

Have you tried using a packet sniffer to watch dns requests?

The daemons were asking for A records (IP addresses) but got TXT responses?

(From Wiki... with a google search)

A TXT Record allows an administrator to insert arbitrary text into a DNS record. For example, this record is used to implement the Sender Policy Framework and DomainKeys specifications.

Looking at the packets will at least tell you what it is saying...  *shrugs*

----------

## darkphader

Try setting the netbios name  in the global section:

```
netbios name = myshorthostname
```

Remove the "hosts deny" line.

Maybe change hosts allow to the same format for both:

```
hosts allow = 192.168.0.  127.
```

Also make sure you ran etc-update or dispatch-conf after emerging samba. Also try doing a zap after a stop. then starting:

```
/etc/init.d/samba stop

/etc/init.d/samba zap

/et/init.d/samba start
```

Chris

----------

## Gentree

Thanks, you put me onto the right trail.

It was the line  

```
interfaces = lo eth0
```

 that was messing it up. A while back I had to rename the interface eth_pci to stop udev moving it around between eth0 and eth1.

Seems that was since the last time I needed Samba. 

How the hell I was supposed to work that out from that rediculously obtuce error message I dont know. 

Thanks for your help.

What can you make of this??

```

bash-3.2#smbclient -L winbox

Password: 

        Sharename       Type      Comment

        ---------       ----      -------

cli_rpc_pipe_open: cli_nt_create failed on pipe \srvsvc to machine winbox.  Error was ERRSRV - ERRerror (Non-specific error code.)

        K6-200-F        Disk      

        K200-E          Disk      

        K200-C          Disk      

        IPC$            IPC       Remote Inter Process Communication

        Server               Comment

        ---------            -------

        Workgroup            Master

        ---------            -------

bash-3.2#

```

Yep, that's just how it comes out. I can mount that share with the following line in fstab without any errors but smbclient does not seem too happy.

```
//winbox/k200-C    /smb/winbox        smbfs  noauto,username=prof,rw,users 0 0
```

Oh well at leat it's servicable.

 :Cool: 

----------

## darkphader

 *Gentree wrote:*   

> What can you make of this??
> 
> ```
> 
> bash-3.2#smbclient -L winbox
> ...

 

Not much. Is the user/password pair valid for the winbox? Maybe firewall? I get a nice clean listing to my winbox:

```
$ smbclient -L zapenstien

Password:

Domain=[COMPUTERGUY] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]

        Sharename       Type      Comment

        ---------       ----      -------

        IPC$            IPC       Remote IPC

        print$          Disk      Printer Drivers

        ISO2            Disk

        G$              Disk      Default share

        service         Disk

        guestArea       Disk

        ISO             Disk

        ADMIN$          Disk      Remote Admin

        C$              Disk      Default share

Domain=[COMPUTERGUY] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]

        Server               Comment

        ---------            -------

        Workgroup            Master

        ---------            -------

```

Did you try it with the -I option?

```
smbclient -I w.x.y.z -L winbox
```

Or with -U to specify the username?

```
smbclient -I w.x.y.z -U validremoteusername -L winbox
```

Also try paring your smb.conf down to essentials. For example there's no reason to use "interfaces =" unless you're trying to prevent samba from running on a particular interface.

As an added note, you're normally much better off using cifs instead of smbfs for mounting such remote shares. You will have problems, like 2GB limit, etc. when using the old, deprecated smbfs module instead of cifs.

Chris

----------

## Gentree

Hi Chris,

I tried the two smbclient lines you suggested and got exactly the same response.

I note 

```
 cli_nt_create failed on pipe \srvsvc to machine winbox
```

, since this is a win98SE installation it may not be surprising that it's not responding to a nt_create. 

It looks like this may be a badly error trap , especially the way it is spuriously dumped in the middle of the normal output and the rest of the command seems to work.

The interface command is there since I have a second subnet that connects to internet, I dont want samba or anything on the LAN to see the router.

I did try cifs some time back but there was a reason I dropped it and went back to smbfs. I can't remember the details. I dont have any 2GB files to worry about.

Samba is well tested by now I dont see why it does not work correctly unless there's some regression. I did not have this sort of issue last time I connected to this box, probably a year back.

A manual mount is not too much a problem , at least I can do what I need.

Thanks for your help.

 :Cool: 

----------

## darkphader

I can get the error in this form:

```
cli_rpc_pipe_open: cli_nt_create failed on pipe \srvsvc to machine WINBOX.  Error was NT_STATUS_ACCESS_DENIED
```

 if my usr/pwd pair is not valid for the client system.

Also some AV/security software tends to screw with this. Make sure you've totally shut any of that down when you're testing.

Try commenting out

```
   password level = 8 

   username level = 8 
```

 in your smb.conf as those are not the defaults. I've never seen them used anywhere. Again it's good to simplify the smb.conf - if you don't know that it's absolutely necessary get rid of it.

As a note your [print$] share should have the "valid users = " line removed - it doesn't make sense to say "guest ok = yes" then limit via valid users.

----------

## thecooptoo

im setting up a new machine and had the same error. Mine was due to a missing smb.conf. It installed smb.conf.example

a message about a missing smb.conf file would have been more helpful

----------

