You are having problems getting samba to do your beck and call, and it’s not working as it should, well here a few things to help you diagnose things – it’s assumed you have the basic already configured.
First, crank up the logging by adding the following to the smb.conf file. Cranking the log level up to 2 will log the IP numbers when a client connects, and show any authentication issues and the such like.
log file = /var/log/samba/log.%m
log level = 2
Also, double check you have your winbind separator set correctly, for example, if you have a shared defined in the smb.conf something like this
comment = /var/log/httpd
path = /var/log/httpd
guest ok = no
read only = yes
force user = root
valid users = FOO\mrfoo
Then make sure the smb.conf has this line
winbind separator = \
Sometimes it may be a “+” character, just make sure they match.
And here other checks/tests you can do.
Also, if you are integrating Samba into Active Directory, (security = ADS) and you are having trouble getting your AD groups to work, check the syntax for your valid users line in the smb.conf, for example:
valid users = FOO\domaingroup – will not work, however, valid users = @”FOO\domaingroup” does work, the quotes are important.
Test the smb.conf
[root@foo samba]# testparm -v|less
[root@foo samba]# smbstatus rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section "[http_log]" Samba version 3.5.6-86.el6_1.4 PID Username Group Machine -------------------------------------------------------------------
Other useful commands
- net ads info – check if it is joined
- kinit mrfoo@FOO.LOCAL – check domain authentication, capitalization is important
- getent passwd, or getent passwd “FOO.LOCAL\mrfoo” – check password authenticatiom
- net lookup dc – check it is pointing to your domain controllers
- wbinfo -g – should pulls a list of groups from FOO domains
- wbinfo -t – check trust relationship
- klist – check you have a valid kerberos ticket
- id mrfoo@FOO.LOCAL – check user account functionality
If you are using selinux and you cannot access a share, try the following:
chcon -R -t samba_share_t "/var/log/httpd/" chcon -R -t samba_share_t "/var/log/tomcat5/"