|
The below is partly based on the official Samba diagnosis chapter. It's been tweaked for FreeBSD, and includes tests for WINS and a member server running Winbind, plus some extra bits. Some tests may not be applicable to your environment.
The test lab has two servers, one client PC and one user. One of the servers is a PDC named "emachine", on IP address 192.168.1.201, and it runs an NT4-style domain called TESTDOM. The other server, named "array" and on IP address 192.168.1.202, is a member server in the TESTDOM domain. The client PC is named "tinyxp" and is on IP address 192.168.1.7. The user is named "testuser"; his password is "xyz". The PDC is sharing home directories, plus a share called "x-drive". The member server has a single share called "vol1".
The goals:
Note that the Winbind tests should only be run on the member server. All machines should be freshly rebooted (if possible) and left unused for up to 15 minutes prior to testing (this is to allow time for the machines to register themselves, conduct browser elections etc).
Please see the main Samba section for instructions on how to build the servers.
First, some errors and their possible causes:
NT_STATUS_CONNECTION_REFUSED | this can appear if the interfaces line in smb.conf is incorrect |
NT_STATUS_INVALID_NETWORK_RESPONSE | this can appear if the hosts allow line in smb.conf is incorrect |
NT_STATUS_NETWORK_ACCESS_DENIED | this is due to unix file system permissions, eg. chmod and chgrp |
tree connect failed: NT_STATUS_ACCESS_DENIED | this appears if the user is not listed in the valid users line, due to unix file system permissions (chown) |
session setup failed: NT_STATUS_LOGON_FAILURE | this is when the username or password is incorrect |
Now, to the tests. The output shown below is what appears when everything is working correctly.
===> The following configuration options are available for samba-3.0.37,1: LDAP=off "With LDAP support" ADS=off "With Active Directory support" CUPS=off "With CUPS printing support" WINBIND=off "With WinBIND support" ACL_SUPPORT=off "With ACL support" AIO_SUPPORT=off "With Asyncronous IO support" FAM_SUPPORT=off "With File Alteration Monitor" SYSLOG=on "With Syslog support" QUOTAS=off "With Disk quota support" UTMP=on "With UTMP accounting support" PAM_SMBPASS=on "With PAM authentication vs passdb backends" CLUSTER=off "With experimental cluster support" DNSUPDATE=off "With dynamic DNS update(require ADS)" EXP_MODULES=off "With experimental modules" POPT=on "With system-wide POPT library" PCH=on "With precompiled headers optimization" MAX_DEBUG=off "With maximum debugging" SMBTORTURE=off "With smbtorture"
Note: this is a FreeBSD-specific command that lists the Samba version and compile-time options.
===> The following configuration options are available for samba-3.0.37,1: LDAP=off "With LDAP support" ADS=off "With Active Directory support" CUPS=off "With CUPS printing support" WINBIND=on "With WinBIND support" ACL_SUPPORT=off "With ACL support" AIO_SUPPORT=off "With Asyncronous IO support" FAM_SUPPORT=off "With File Alteration Monitor" SYSLOG=on "With Syslog support" QUOTAS=off "With Disk quota support" UTMP=on "With UTMP accounting support" PAM_SMBPASS=on "With PAM authentication vs passdb backends" CLUSTER=off "With experimental cluster support" DNSUPDATE=off "With dynamic DNS update(require ADS)" EXP_MODULES=off "With experimental modules" POPT=on "With system-wide POPT library" PCH=on "With precompiled headers optimization" MAX_DEBUG=off "With maximum debugging" SMBTORTURE=off "With smbtorture"
Domain=[TESTDOM] OS=[Unix] Server=[Samba 3.0.37] Sharename Type Comment --------- ---- ------- netlogon Disk Network Logon Service x-drive Disk Test Share IPC$ IPC IPC Service (Samba Server [PDC]) Server Comment --------- ------- ARRAY Samba Server [storage] EMACHINE Samba Server [PDC] TINYXP Workgroup Master --------- ------- TESTDOM EMACHINE
Domain=[TESTDOM] OS=[Unix] Server=[Samba 3.0.37] Sharename Type Comment --------- ---- ------- vol1 Disk test share IPC$ IPC IPC Service (Samba Server [storage]) Server Comment --------- ------- ARRAY Samba Server [storage] EMACHINE Samba Server [PDC] Workgroup Master --------- ------- TESTDOM EC2
Load smb config files from /usr/local/etc/smb.conf Processing section "[netlogon]" Processing section "[homes]" Processing section "[x-drive]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions
Load smb config files from /usr/local/etc/smb.conf Processing section "[vol1]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions
array$:1004:machine account root:0:Charlie & tinyxp$:1002:machine account testuser:1003:Test User
This lists the user and machine accounts defined in the SAM database. Use -v for verbose.
querying __SAMBA__ on 192.168.1.201 192.168.1.201 __SAMBA__<00>
querying __SAMBA__ on 192.168.1.201 192.168.1.201 __SAMBA__<00>
querying tinyxp on 192.168.1.201 192.168.1.7 tinyxp<00>
This tests whether NetBIOS names can be resolved with WINS.
querying tinyxp on 192.168.1.201 192.168.1.7 tinyxp<00>
added interface ip=192.168.1.201 bcast=192.168.1.255 nmask=255.255.255.0 querying * on 192.168.1.255 Got a positive name query response from 192.168.1.202 ( 192.168.1.202 ) Got a positive name query response from 192.168.1.201 ( 192.168.1.201 ) 192.168.1.202 *<00> 192.168.1.201 *<00>
This tests whether the broadcast address is working.
added interface ip=192.168.1.202 bcast=192.168.1.255 nmask=255.255.255.0 querying * on 192.168.1.255 Got a positive name query response from 192.168.1.201 ( 192.168.1.201 ) Got a positive name query response from 192.168.1.202 ( 192.168.1.202 ) 192.168.1.201 *<00> 192.168.1.202 *<00>
querying TESTDOM on 192.168.1.255 192.168.1.201 TESTDOM<1d>
This tests whether a master browser can be found.
querying TESTDOM on 192.168.1.255 192.168.1.201 TESTDOM<1d>
*=DMB +=LMB IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION --------------------------------------------------------------------- 192.168.1.201 EMACHINE *[TESTDOM] [Unix] [Samba 3.0.37] 192.168.1.202 ARRAY [TESTDOM] [Unix] [Samba 3.0.37]
This scans the network for NetBIOS hosts.
*=DMB +=LMB IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION --------------------------------------------------------------------- 192.168.1.201 EMACHINE *[TESTDOM] [Unix] [Samba 3.0.37] 192.168.1.202 ARRAY [TESTDOM] [Unix] [Samba 3.0.37]
Ping to winbindd succeeded on fd 4
This pings the Winbind daemon. Run on the member server only (winbind test).
TESTDOM\root TESTDOM\testuser
This lists domain users. Run on the member server only (winbind test).
BUILTIN\administrators BUILTIN\users TESTDOM\domain users TESTDOM\domain guests TESTDOM\domain admins
This lists domain groups. Run on the member server only (winbind test).
Name : TESTDOM Alt_Name : SID : S-1-5-21-2081955890-1415863938-788714504 Active Directory : No Native : No Primary : Yes Sequence : 1262306190
This lists domain info. Run on the member server only (winbind test).
uid=10000(TESTDOM\testuser) gid=10002(TESTDOM\domain users) groups=10002(TESTDOM\domain users), 10001(BUILTIN\users)
This lists user info. Run on the member server only (winbind test).
plaintext password authentication succeeded challenge/response password authentication succeeded
This tests user authentication. Run on the member server only (winbind test).
[... snip ...] nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin TESTDOM\root:*:10001:10002::0:0:Charlie &:/home/TESTDOM/root:/sbin/nologin TESTDOM\testuser:*:10000:10002::0:0:Test User:/home/TESTDOM/testuser:/sbin/nologin
This shows the combined local and domain user list. Run on the member server only (winbind test).
[... snip ...] nobody:*:65534: TESTDOM\domain users:*:10002:TESTDOM\testuser TESTDOM\domain guests:*:10003: TESTDOM\domain admins:*:10004:TESTDOM\root BUILTIN\administrators:*:10000:TESTDOM\root BUILTIN\users:*:10001:TESTDOM\testuser
This shows the combined local and domain group list. Run on the member server only (winbind test).
TESTDOM\testuser:*:10000:10002::0:0:Test User:/home/TESTDOM/testuser:/sbin/nologin
This lists user info, using Winbind UID. Run on the member server only (winbind test).
TESTDOM\domain users:*:10002:TESTDOM\testuser
This lists domain group membership. Run on the member server only (winbind test).
Domain=[TESTDOM] OS=[Unix] Server=[Samba 3.0.37] . D 0 Sun Jan 3 02:05:44 2010 .. D 0 Fri Jan 1 20:50:26 2010 testfile1.txt A 5 Sat Dec 19 09:52:10 2009 54836 blocks of size 131072. 32709 blocks available
This tests whether the user can list files on shares on the PDC.
Domain=[TESTDOM] OS=[Unix] Server=[Samba 3.0.37] . D 0 Sun Jan 3 02:05:44 2010 .. D 0 Fri Jan 1 20:50:26 2010 testfile1.txt A 5 Sat Dec 19 09:52:10 2009 54836 blocks of size 131072. 32709 blocks available
Domain=[TESTDOM] OS=[Unix] Server=[Samba 3.0.37] . D 0 Sun Jan 3 02:03:20 2010 .. D 0 Fri Jan 1 22:56:27 2010 testfile2.txt A 5 Sat Dec 19 09:52:10 2009 43617 blocks of size 524288. 36240 blocks available
This tests whether the user can list files on shares on the member server.
Domain=[TESTDOM] OS=[Unix] Server=[Samba 3.0.37] . D 0 Sun Jan 3 02:03:20 2010 .. D 0 Fri Jan 1 22:56:27 2010 testfile2.txt A 5 Sat Dec 19 09:52:10 2009 43617 blocks of size 524288. 36240 blocks available
Shared resources at \\emachine Samba Server [PDC] Share name Type Used as Comment ---------------------------------------------------- netlogon Disk Network Logon Service testuser Disk H: Home Directory x-drive Disk Test Share The command completed successfully.
Shared resources at \\array Samba Server [storage] Share name Type Used as Comment ---------------------------------------------------- vol1 Disk The command completed successfully.
The command completed successfully.
The command completed successfully.
Samba version 3.0.37 PID Username Group Machine ------------------------------------------------------------------- 508 array$ machines array (192.168.1.202) 510 array$ machines array (192.168.1.202) 1032 testuser staff tinyxp (192.168.1.7) Service pid machine Connected at ------------------------------------------------------- testuser 1032 tinyxp Sun Jan 3 02:04:44 2010 IPC$ 1032 tinyxp Sun Jan 3 02:04:26 2010 IPC$ 508 array Sun Jan 3 00:43:04 2010 IPC$ 510 array Sun Jan 3 00:43:05 2010 netlogon 1032 tinyxp Sun Jan 3 02:11:15 2010 x-drive 1032 tinyxp Sun Jan 3 02:13:53 2010 No locked files
Note: the "locked files" section of the above output will list all open files (if any).
Samba version 3.0.37 PID Username Group Machine ------------------------------------------------------------------- 823 TESTDOM\testuser TESTDOM\domain users tinyxp (192.168.1.7) Service pid machine Connected at ------------------------------------------------------- vol1 823 tinyxp Sun Jan 3 02:14:06 2010 No locked files
related articles: |