Samba troubleshooting tips & tricks

Posted on September 25, 2013 by hedscratchers

You are having problems getting samba to do your beck and call, and it’s not working as it should, well here a few things to help you diagnose things – it’s assumed you have the basic already configured.

First, crank up the logging by adding the following to the smb.conf file. Cranking the log level up to 2 will log the IP numbers when a client connects, and show any authentication issues and the such like.

log file = /var/log/samba/log.%m
log level = 2 

Also, double check you have your winbind separator set correctly, for example, if you have a shared defined in the smb.conf something  like this

[http_log]
        comment = /var/log/httpd
        path = /var/log/httpd
        guest ok = no
        read only = yes
        force user = root
        valid users = FOO\mrfoo

Then make sure the smb.conf has this line

winbind separator = \

Sometimes it may be a “+” character, just make sure they match.
And here other checks/tests you can do.

Also, if you are integrating Samba into Active Directory, (security = ADS) and you are having trouble getting your AD groups to work, check the syntax for your valid users line in the smb.conf, for example:

valid users = FOO\domaingroup – will not work, however, valid users = @”FOO\domaingroup” does work, the quotes are important.

Test the smb.conf

[root@foo samba]# testparm -v|less

Check status

[root@foo samba]# smbstatus
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[http_log]"

Samba version 3.5.6-86.el6_1.4
PID     Username      Group         Machine                        
-------------------------------------------------------------------

Other useful commands

  • net ads info – check if it is joined
  • kinit mrfoo@FOO.LOCAL – check domain authentication, capitalization is important
  • getent passwd, or getent passwd “FOO.LOCAL\mrfoo” – check password authenticatiom
  • net lookup dc – check it is pointing to your domain controllers
  • wbinfo -g – should pulls a list of groups from FOO domains
  • wbinfo -t – check trust relationship
  • klist – check you have a valid kerberos ticket
  • id mrfoo@FOO.LOCAL – check user account functionality

If you are using selinux and you cannot access a share, try the following:

chcon -R -t samba_share_t "/var/log/httpd/"
chcon -R -t samba_share_t "/var/log/tomcat5/"
Advertisement

About hedscratchers

A UK ex-pat now living in the USA.
This entry was posted in Linux & Solaris and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s