Substitute var in smb

The new problem is the %a smb variable is not substitute at runtime for the profile path...
I use profile path like this : \\homeserver\share\userhome\NtProfiles\%a
I have a directory '%a' and not Win2K or something like
an idea...?
@+
Edo...

you're welcome. yep, it's quite basic, so I guess it won't be
mentioned explicitely very often, but you have to know it. that's
what forums are for
cheers,
blemmo

Similar Messages

SMB access for Active Directory users

Hi there,
My server is an OD Master bound to AD for authentication and my institution's Kerberos realm.
When I try to share files from the server via SMB and connect as an Active Directory user I get the following error in the logs:
[2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parse_name(myserver$) failed (Configuration file does not specify default realm)
[2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
I've read something vague about having to Kerberize the SMB service seperately so I'm not sure if that's the problem.
My smb.conf file is as follows:
; Configuration file for the Samba software suite.
; ============================================================================
; For the format of this file and comprehensive descriptions of all the
; configuration option, please refer to the man page for smb.conf(5).
; The following configuration should suit most systems for basic usage and
; initial testing. It gives all clients access to their home directories and
; allows access to all printers specified in /etc/printcap.
; BEGIN required configuration
; Parameters inside the required configuration block should not be altered.
; They may be changed at any time by upgrades or other automated processes.
; Site-specific customizations will only be preserved if they are done
; outside this block. If you choose to make customizations, it is your
; own responsibility to verify that they work correctly with the supported
; configuration tools.
[global]
debug pid = yes
log level = 1
server string = Mac OS X
printcap name = cups
printing = cups
encrypt passwords = yes
use spnego = yes
passdb backend = odsam
idmap domains = default
idmap config default: default = yes
idmap config default: backend = odsam
idmap alloc backend = odsam
idmap negative cache time = 5
map to guest = Bad User
guest account = nobody
unix charset = UTF-8-MAC
display charset = UTF-8-MAC
dos charset = 437
vfs objects = darwinacl,darwin_streams
; Don't become a master browser unless absolutely necessary.
os level = 2
domain master = no
; For performance reasons, set the transmit buffer size
; to the maximum and enable sendfile support.
max xmit = 131072
use sendfile = yes
; The darwin_streams module gives us named streams support.
stream support = yes
ea support = yes
; Enable locking coherency with AFP.
darwin_streams:brlm = yes
; Core files are invariably disabled system-wide, but attempting to
; dump core will trigger a crash report, so we still want to try.
enable core files = yes
; Configure usershares for use by the synchronize-shares tool.
usershare max shares = 1000
usershare path = /var/samba/shares
usershare owner only = no
usershare allow guests = yes
usershare allow full config = yes
; Filter inaccessible shares from the browse list.
com.apple:filter shares by access = yes
; Check in with PAM to enforce SACL access policy.
obey pam restrictions = yes
; Don't be trying to enforce ACLs in userspace.
acl check permissions = no
; Make sure that we resolve unqualified names as NetBIOS before DNS.
name resolve order = lmhosts wins bcast host
; Pull in system-wide preference settings. These are managed by
; synchronize-preferences tool.
include = /var/db/smb.conf
[printers]
comment = All Printers
path = /tmp
printable = yes
guest ok = no
create mode = 0700
writeable = no
browseable = no
; Site-specific parameters can be added below this comment.
; END required configuration.
Any help would be much appreciated!!
Thanks.

I am now having the same problem - a Windows server trying to access a file share on the Mac Server is presented with the same error message in the log files:
[2009/06/29 21:34:56, 2, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:setupnew_vcsession(1260)
setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parsename(vifile$) failed (Configuration file does not specify default realm)
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
Workgroup manager can read from Active Directory - seems to be jiving correctly - my server (SMB) is in Domain Member mode...
When I try to access system from \\UNC command, I am presented with username/password prompt and nothing works.
Not feeling the Mac OS X love tonight.
Bill
System is bound to active directory - green light in Directory Utility

Smb.conf?

Hi,
After a completely flawless upgrade to Leopard on my Mac Pro, a so-so upgrade leading to a wipe and clean install on my Powerbook, I am now trying to get my mac mini updated to Leopard. The mini acts as a mini home server for music and acts as an email and file server to a win xp laptop and the aforementioned Macs. My problem has been (and I've seen many many posts on this) is that what worked with no problem in Tiger seems to be completely broken in Leopard. The WinXP laptop cannot connect to the Mini. When I try to connect via SMB from one of the Macs it says that it is unable to connect etc. (I can connect via AFP however).
One thing that is definitely new/different with Leopard is that /etc/smb.conf seems to have very little control over how smbd behaves. Has anyone figured out where all the parameters for smb.conf are coming from? I would like the mini to act as a domain server and WINS server (things I had running previously with no problems, pre-upgrade). I see no way of switching the "no" to "yes" via smb.conf even when I've tried adding an "include" file to the end of smb.conf.
Any help here would be greatly appreciated.

..."One thing that is definitely new/different with Leopard is that /etc/smb.conf seems to have very little control over how smbd behaves. Has anyone figured out where all the parameters for smb.conf are coming from?"...
My understandng is that many of the problems of users trying to set things in '/etc/smb.conf' comes from the 'include = /var/run/smb.conf' line near the end of the file, overriding user settings in "/etc/smb.conf". I would have thought that any settings entered after that line (including additional "includes") would have taken precedence.
At least some of the contents of "/var/run/smb.conf" seem to come from the file "/System" > "Library" > "CoreServices" > "SmbFileServer.bundle" > "Resources" > "DesktopDefaults.plist". While it isn't always clear (to me, anyway) how that file is interpreted to generate "/var/run/smb.conf", it might be worth a look...

Does smb in 10.8 server support NTLMv2?

Does smb in 10.8 server support NTLMv2? If so, how do I enable it?
Smb worked just fine in 10.6, but after upgrading to 10.8 its broken when windows machines try and connect. It works if I disable the requirement for NTLMv2 on my windows 7 clients, but that is a very poor solution.
I tried putting "client ntlmv2 auth = yes" in /var/db/smb.conf but that didn't fix anything.

Wow.....that's fantastic! I couldn't understand a word from my supplier before. Now it works, thanks Tom!

SMB Sharing

When I enable SMB sharing on Leopard so that I can access my mac files from Vista, my Vista computer can see everything on my mac hard drive...I mean everything! I have tried limiting which files/folders to share on my mac, but it has no effect. Is anyone else experiencing this phenomenon? It is actually really scary!

I'm having the same problem. Tried everything from messing with the /etc/smb.conf file with any relevant settings. It calls another config file from /var/run/smb.conf but if you manually edit that with emacs or any text editor and re-start the SMB sharing service, it will overwrite any changes to the defaults and continue to show the shares.
On a second note, I noticed that when I plugged in my external drives (2 of them for backups) after a minute or so, even though they are not in the list of shares from the "System Preferences" menu, the two drives automagically showed up as shares where the Vista computer could see them and all their contents. This is not good because once they are shared, I cannot eject them any longer as they become locked. The biggest issue after this point (not withstanding the security issue of having all the root level data exposed) is that Carbon Copy Cloner can no longer access the backup drive as it says it is in use.
I'm pulling my hair out right now and 4 hours Googling an answer and searching in the Apple forums has left me right back where I started, still with no answer.

Intermittent issue with SMB in windows

This is driving me crazy. I've got about 8 WinXP users connected via SMB to an OS X 10.5.3 server. At first, everything runs at lightning speed. Then, windows will start hanging for up to 45 seconds when users try to open a file or navigate folders. Disconnecting and reconnecting temporarily clears the problem. I can't figure out what the trigger could be. Sometimes the problem appears quickly after connecting to the share, sometimes it'll work fine for hours. There appears to be nothing wrong with the server itself; the same problem doesn't appear over AFP. I've noticed our log has a lot of "authentication failed/no such user" messages, but it doesn't seem to report what login was attempted. Below is our smb.conf file and part of the SMB log.
smb.conf:
cat /private/var/db/smb.conf
# Configuration options for smbd(8), nmbd(8) and winbindd(8).
# This file is automatically generated, DO NOT EDIT!
# Defaults signature: 8f1910b00eba4008abf4247000097c0f2470000
# Preferences signature: b00ef1639099e60480000115000000
# Configuration rules: $Id: rules.cpp 32909 2007-08-17 23:07:40Z jpeach $
# Server role: Standalone
# Guest access: never
# NetBIOS browsing: not a master browser
# Services required: org.samba.smbd org.samba.nmbd
[global]
security = USER
auth methods = odsam
netbios name = PHARM1
workgroup = PHARMACOLOGY
realm = PHARM1.UCSD.EDU
dos charset = CP437
server string = Pharmacology Server
ntlm auth = yes
lanman auth = yes
max smbd processes = 0
log level = 2
use kerberos keytab = yes
realm = PHARM1.UCSD.EDU
map to guest = Never
domain master = no
preferred master = no
enable disk services = yes
enable print services = yes
wins support = yes
[homes]
comment = User Home Directories
browseable = no
read only = no
create mode = 0750
guest ok = no
com.apple: show admin all volumes = no
[global]
log.smbd excerpt:
2008/06/22 00:39:05, 2, pid=93082] /SourceCache/samba/samba-187.1/samba/source/auth/auth.c:checkntlmpassword(319)
checkntlmpassword: Authentication for user [] -> [] FAILED with error NTSTATUS_NO_SUCHUSER
[2008/06/22 00:39:05, 2, pid=93081] /SourceCache/samba/samba-187.1/samba/source/auth/auth.c:checkntlmpassword(319)
checkntlmpassword: Authentication for user [] -> [] FAILED with error NTSTATUS_NO_SUCHUSER
[2008/06/22 00:39:05, 2, pid=93089] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(328)
netbios connect: name1=172.16.67.244 name2=PHARM1
[2008/06/22 00:39:05, 2, pid=93089] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(335)
netbios connect: local=172.16.67.244 remote=pharm1, name type = 0
[2008/06/22 00:39:05, 2, pid=93089] /SourceCache/samba/samba-187.1/samba/source/lib/module.c:dosmb_loadmodule(64)
Module '/usr/lib/samba/auth/odsam.dylib' loaded
[2008/06/22 00:39:05, 2, pid=93089] /SourceCache/samba/samba-187.1/samba/source/auth/auth.c:checkntlmpassword(319)
checkntlmpassword: Authentication for user [] -> [] FAILED with error NTSTATUS_NO_SUCHUSER
[2008/06/22 00:39:05, 2, pid=93090] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(328)
netbios connect: name1=172.16.67.244 name2=PHARM1
[2008/06/22 00:39:05, 2, pid=93090] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(335)
netbios connect: local=172.16.67.244 remote=pharm1, name type = 0
[2008/06/22 00:39:05, 2, pid=93090] /SourceCache/samba/samba-187.1/samba/source/lib/module.c:dosmb_loadmodule(64)
Module '/usr/lib/samba/auth/odsam.dylib' loaded
[2008/06/22 00:39:05, 2, pid=93090] /SourceCache/samba/samba-187.1/samba/source/auth/auth.c:checkntlmpassword(319)
checkntlmpassword: Authentication for user [] -> [] FAILED with error NTSTATUS_NO_SUCHUSER
[2008/06/22 00:45:04, 2, pid=93255] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(328)
netbios connect: name1=172.16.67.244 name2=PHARM1
[2008/06/22 00:45:04, 2, pid=93255] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(335)
netbios connect: local=172.16.67.244 remote=pharm1, name type = 0
[2008/06/22 00:45:04, 2, pid=93256] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(328)
netbios connect: name1=172.16.67.244 name2=PHARM1
[2008/06/22 00:45:04, 2, pid=93256] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(335)
netbios connect: local=172.16.67.244 remote=pharm1, name type = 0
[2008/06/22 00:45:04, 2, pid=93255] /SourceCache/samba/samba-187.1/samba/source/lib/module.c:dosmb_loadmodule(64)
Module '/usr/lib/samba/auth/odsam.dylib' loaded
[2008/06/22 00:45:04, 2, pid=93256] /SourceCache/samba/samba-187.1/samba/source/lib/module.c:dosmb_loadmodule(64)
Module '/usr/lib/samba/auth/odsam.dylib' loaded
[2008/06/22 00:45:04, 2, pid=93255] /SourceCache/samba/samba-187.1/samba/source/auth/auth.c:checkntlmpassword(319)
checkntlmpassword: Authentication for user [] -> [] FAILED with error NTSTATUS_NO_SUCHUSER
[2008/06/22 00:45:04, 2, pid=93256] /SourceCache/samba/samba-187.1/samba/source/auth/auth.c:checkntlmpassword(319)
checkntlmpassword: Authentication for user [] -> [] FAILED with error NTSTATUS_NO_SUCHUSER
[2008/06/22 00:45:05, 2, pid=93261] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(328)
netbios connect: name1=172.16.67.244 name2=PHARM1
[2008/06/22 00:45:05, 2, pid=93261] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(335)
netbios connect: local=172.16.67.244 remote=pharm1, name type = 0
[2008/06/22 00:45:05, 2, pid=93262] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(328)
netbios connect: name1=172.16.67.244 name2=PHARM1
[2008/06/22 00:45:05, 2, pid=93262] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(335)
netbios connect: local=172.16.67.244 remote=pharm1, name type = 0
[2008/06/22 00:45:05, 2, pid=93262] /SourceCache/samba/samba-187.1/samba/source/lib/module.c:dosmb_loadmodule(64)
Module '/usr/lib/samba/auth/odsam.dylib' loaded
[2008/06/22 00:45:05, 2, pid=93262] /SourceCache/samba/samba-187.1/samba/source/auth/auth.c:checkntlmpassword(319)
checkntlmpassword: Authentication for user [] -> [] FAILED with error NTSTATUS_NO_SUCHUSER
[2008/06/22 00:45:05, 2, pid=93261] /SourceCache/samba/samba-187.1/samba/source/lib/module.c:dosmb_loadmodule(64)
Module '/usr/lib/samba/auth/odsam.dylib' loaded
[2008/06/22 00:45:05, 2, pid=93261] /SourceCache/samba/samba-187.1/samba/source/auth/auth.c:checkntlmpassword(319)
checkntlmpassword: Authentication for user [] -> [] FAILED with error NTSTATUS_NO_SUCHUSER
[2008/06/22 00:51:04, 2, pid=93440] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(328)
[2008/06/22 00:51:04, 2, pid=93439] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(328)
netbios connect: name1=172.16.67.244 name2=PHARM1
netbios connect: name1=172.16.67.244 name2=PHARM1
[2008/06/22 00:51:04, 2, pid=93440] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(335)
[2008/06/22 00:51:04, 2, pid=93439] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(335)
netbios connect: local=172.16.67.244 remote=pharm1, name type = 0
netbios connect: local=172.16.67.244 remote=pharm1, name type = 0
[2008/06/22 00:51:04, 2, pid=93439] /SourceCache/samba/samba-187.1/samba/source/lib/module.c:dosmb_loadmodule(64)
[2008/06/22 00:51:04, 2, pid=93440] /SourceCache/samba/samba-187.1/samba/source/lib/module.c:dosmb_loadmodule(64)
Module '/usr/lib/samba/auth/odsam.dylib' loaded
Module '/usr/lib/samba/auth/odsam.dylib' loaded
[2008/06/22 00:51:04, 2, pid=93440] /SourceCache/samba/samba-187.1/samba/source/auth/auth.c:checkntlmpassword(319)
[2008/06/22 00:51:04, 2, pid=93439] /SourceCache/samba/samba-187.1/samba/source/auth/auth.c:checkntlmpassword(319)
checkntlmpassword: Authentication for user [] -> [] FAILED with error NTSTATUS_NO_SUCHUSER
checkntlmpassword: Authentication for user [] -> [] FAILED with error NTSTATUS_NO_SUCHUSER
[2008/06/22 00:51:05, 2, pid=93445] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(328)
netbios connect: name1=172.16.67.244 name2=PHARM1
[2008/06/22 00:51:05, 2, pid=93445] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(335)
netbios connect: local=172.16.67.244 remote=pharm1, name type = 0
[2008/06/22 00:51:05, 2, pid=93446] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(328)
netbios connect: name1=172.16.67.244 name2=PHARM1
[2008/06/22 00:51:05, 2, pid=93446] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(335)
netbios connect: local=172.16.67.244 remote=pharm1, name type = 0
[2008/06/22 00:51:05, 2, pid=93446] /SourceCache/samba/samba-187.1/samba/source/lib/module.c:dosmb_loadmodule(64)
Module '/usr/lib/samba/auth/odsam.dylib' loaded
[2008/06/22 00:51:05, 2, pid=93446] /SourceCache/samba/samba-187.1/samba/source/auth/auth.c:checkntlmpassword(319)
checkntlmpassword: Authentication for user [] -> [] FAILED with error NTSTATUS_NO_SUCHUSER
[2008/06/22 00:51:05, 2, pid=93445] /SourceCache/samba/samba-187.1/samba/source/lib/module.c:dosmb_loadmodule(64)
Module '/usr/lib/samba/auth/odsam.dylib' loaded
[2008/06/22 00:51:05, 2, pid=93445] /SourceCache/samba/samba-187.1/samba/source/auth/auth.c:checkntlmpassword(319)
checkntlmpassword: Authentication for user [] -> [] FAILED with error NTSTATUS_NO_SUCHUSER
[2008/06/22 00:57:04, 2, pid=93626] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(328)
[2008/06/22 00:57:04, 2, pid=93625] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(328)
netbios connect: name1=172.16.67.244 name2=PHARM1
[2008/06/22 00:57:04, 2, pid=93626] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(335)
netbios connect: local=172.16.67.244 remote=pharm1, name type = 0
netbios connect: name1=172.16.67.244 name2=PHARM1
[2008/06/22 00:57:04, 2, pid=93625] /SourceCache/samba/samba-187.1/samba/source/smbd/reply.c:reply_special(335)
netbios connect: local=172.16.67.244 remote=pharm1, name type = 0

Hmm, I don't think we're having the same problem- server admin is still accessible while the clients are hung. Someone on our local sysadmin mailing list suggested it may be a permissions issue; office apps scan the directory that the file they're opening resides in, and no-permission folders cause a time out. I still can't say for certain this is the issue, I'm still trying to figure out what the trigger is exactly.
I'm also thinking it may be a conflict with novell software installed on the machines; I can't get our IT office machines, without netware installed, to duplicate the problem.
Sorry I can't help you with roaming profiles, we're not hosting profiles on our server, just file shares.

Help needed with SMB

I'm trying to configure SMB under Leopard. I'd like to make some changes to some of the configuration settings found in /var/run/smb.conf and make those changes permantent. Does anybody know what's generating this file? From /etc/smb.conf:
; Pull in system-wide preference settings. These are managed by
; synchronize-preferences tool.
include = /var/run/smb.conf
What is synchronize-preferences tool? I'd simply comment this include and set everything in the proper file, but I don't know what side effects this action may have on the system.
Thanks for your comments!

Entrinix, thanks for your reply.
As you say in your post, the file located in /var/run is regenerated periodically, more precisely every time you start the SMB services (smbd and nmbd). This can be done manually or like you say by rebooting.
The actual configuration file SMB is using is a conjunction of both smb.conf files mentioned earlier, product of the include I posted above. This can be easily verified by running the following command: +$testparm -s /etc/smb.conf+
The problem we have is that we can't alter what's being written in the temporary file. Furthermore, if I try to modify some parameter present in this file (like +server string+) by adding it to /etc/smb.conf, this is totally ignored by the OS, which uses the definition found in /var/run/smb.conf. Ironically, +server string+ is defined in the smb.conf template Apple provides with Leopard (oO).
Like you said, there has to be a way to alter the file generated by the OS in /var (in fact if you change your workgroup from +System Preferences+ your're effectively altering it), the thing is that for the rest of the settings it is not too obvious where to look.
Maybe someone can help us and shed some light into how this works on Leopard. In particular, what I want to do is to change this (and some other minor details):
+com.apple:show admin all volumes = yes+
There has to be a way, Apple couldn't have been so careless...

SMB Code Page settings cannot be changed

We have a OSX standalone server 10.5.4 that's running SMB service.
Otherwise it runs ok, but I just cant change the Code Page -setting on advanced -tab of SMB settings. I can choose the desired code page from the list, but when I click "Save", the selection changes back to "Latin US (437)".
That's really annoying because it makes some folders unaccessible for win clients. So is it a bug or am I just doing something wrong?

Check the files /etc/smb.conf and /var/db/smb.conf (which is included by the /etc one) -- I found that when I used Server Admin to change the Code Page setting, it changed the "dos charset" setting in /var/db, but not the one in /etc, and I'm not sure how smbd interprets the conflict. If you have a similar conflict, you could try hand-editing /etc/smb.conf to either remove or "fix" the "dos charset" value.
No promises, but that's what comes to mind...

WinXP AD users can't connect via SMB

Server is an Intel Xserve, 10.5.8.
Windows users get authentication errors when attempting to connect via SMB on the Mac server. The server is bound to Active Directory, and the Mac users are able to connect via AFP just fine. Macs also cannot connect via SMB. I get the error message "NTSTATUS_WRONGPASSWORD" when the user attempts to log in.
Local users are able to connect via SMB, but I don't want to re-enter a dozen or so PC users on this server if I can avoid it.
In the /var/db/smb.conf file there is an entry for a password server that may not be correct, but if I change it to the password server I've been instructed to use, the file flips back to the original setting when I stop and start the SMB service. I think if I make changes to the /etc/smb.conf file outside the END section, where the comments say to make changes, they will carry over to /var/db/smb.conf, but I'm not sure of the syntax.
If you need me to post the testparm output I can do that.

You're going to have to look into potential underlying issues.
I don't know what's happened for you, but I have an identical type setup for a client done over a year ago and no such problems have occurred.
What does the UNEDITED (please !) result of (using the Terminal) the following show:
cat /Library/Preferences/edu.mit.Kerberos
What happens when a user can't connect (error message, loginwindow shake) ? Are all client machines & the server using a common (eg internal) time-server ?
Be sure to see http://docs.info.apple.com/article.html?artnum=300765
And certainly read through Bombich' excellent PDF (click on the icon of it) at
http://www.bombich.com/mactips/activedir.html - esp. the troubleshooting section
for when a user is unable to login.
Currently, I'm not able to check/verify the settings for any of the servers I've setup for clients in a "magic triangle" setting. I'm not certain about the "passwordserver" entry,
on the one hand the actual passwordserver is actually part of

Change settings fo Samba(SMB) via smb.conf has no effect in 10.5 nor 10.6

Hello,
I would like to change some stuff of my Samba Configuration on my MacBook and PowerMac (10.6.2 and 10.5.8). But on both OS X Versions changing /etc/smb.conf doesn´t do anything and /var/db/smb.conf is written automatically, so how can i make sure the changes will be done correct and permanent.
thx
T.

Had a further play with my system. It seems as though smbclient respects the content in /etc/smb.conf. I tried using the -d4 debug option and my adjustments made in smb.conf were used.
However Finder seems to be broken and ignores smb.conf. Feedback sent to Apple.
Try smbclient //ip-address-of-NAS/share-name -W workgroupname -U username -d4
and see what happens.

Cannot switch SMB codepage setting

Hi all,
This is my first post. Sorry for my poor English.
In "Server Admin" tool - "SMB" service - "Advanced" settings page,
I'd like to switch the setting for SMB codepage from "Latin US (437)" to "Japanese SJIS (932)", but I can't.
When I choose "Japanese SJIS (932)" and click "Save", the setting is reset to "Latin US (437)" automatically.
I've never seen such a phenomenon in my Panther Server (v10.3.9) environment.
Is this my mistake or not?
FYI;
I've installed my Leopard Server newly, and its structure is "Advanced".
AFP, DHCP, FTP and SMTP are also run.
Finally, so sorry if the question like this has already been solved in another discussion page/s.
Message was edited by: Fanoar

I can confirm that I have the same problem be it any type of configuration in 10.5.0 and 10.5.1 servers. Manually editing /etc/smb.conf didn't change it in the admin interface. (Line: dos charset = 437). After manual edit, change in admin still doesn't change it in the smb.conf. But it stays okay in the smb.conf file, stopped and started SMB service and it stays correct in the smb.conf file. However,...
manually editing /var/run/smb.conf changed it for admin interface.
Which is included from /etc/smb.conf. This will overrule the other value as this include statement comes later... Touching the admin interface changes back /var/run/smb.conf line: dos charset = CP437. So the big question is, where does the admin interface get this default from?

Smb resolution problem on one of two MBPs, same network

I have a MBP 2,2, 10.6.5 and a MBP 8,2, 10.6.7. Each connects to the local network via WiFi 802.11n. The router is a Netgear WNDR3700.
On the new MBP, I have connection problems when browsing to SMB shares in the Finder that are not named explicitly in /etc/hosts. All the shares I expect show up in the Finder. However, connections fail:
6/29/11 29 103715 /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder[210] SharePointBrowser::handleOpenCallBack returned 65
On the old MBP there is no problem.
What's been tried so far: make /etc/smb.conf identical on the two machines; twiddle name resolve order when that didn't work; examine /var/db/smb.conf (which on the new machine includes three Kerberos lines that do not appear in the old machine's /var/db/smb.conf, I've commented these out even though the file header says DO NOT EDIT); throwing away /Library/Caches and ~Library/Caches; adding hosts' names explicitly to /etc/hosts. Firewall settings on the two machines are identical.
Connections always work to shares named explicitly in /etc/hosts. They always work between the two MBPs. The new MBP can basically connect to nothing that isn't named in /etc/hosts on any reboot except the one immediately following deletion of the caches. If the machine is connecting properly and then allowed to sleep, on waking it can no longer connect to the shares.
What should I look for to figure out this behavior? The MBP 2,2 has been exemplary and it seems reasonable that the 8,2 can do the same things.
Thanks.

Yoo Chung,
Went into preferences and deleted all cookies. Then with Safari downloaded and installed 'Firefox Browser' and ran to see if we could break into Yahoo mail. Unfortunately, that didn't help. One thing that I didn't take into account was that I had reset the 'Parental Controls' after installing and updating Leopard.
I decided to uncheck the Parental Controls, log into Yahoo from 'Firefox', and got to the mail account page without any difficulty. We backed out, tried the same on Safari and everything worked just fine. I let her get into her email account and clean up the multitude of junk that collected since installing Leopard. Then reset the Parental Controls and then went back to the Yahoo mail account without any glitches.
Apparently, something triggered a fault and would let her go beyond the Yahoo opening page to mail. Everything is running great now, and we've an additional browser just in case.
Thanks for you help.

After upgrading to 10.5.3 I can no longer login to my RedHat ES4 shares

Hello,
I am a new Mac user so please forgive me if there is a simple answer to this question...
Since I installed the 10.5.3 update over 10.5.2 I can no longer login/connect to my RH ES4 (SMB Version 3.0.10-1.4E) shares. I can still login to my CentOS 5 (SMB Version 3.0.25b-1.el5_1.4) and my older RedHat 7.3 (SMB Version 2.2.3a) shares, as well as a few windows shares, without any problem. It is just the RH ES4 shares that I can no longer connect to.
For legacy purposes I configured SMB on both my MacBook Pro and the above mentioned servers to use plain text passwords. To do this on my MacBook this I created nsmb.conf in /etc which contains the following...
[default]
minauth=none
Everything worked perfectly minutes before the upgrade to 10.5.3 and nothing else in the network, software or hardware, has changed.
Any help would be greatly appreciated.
Thanks,
Tom Boilard

Welcome to the forums... unfortunately SMB issues are not fully mainstream.
Anyhow, I have scanned the change log of files touched by the update (searching for SMB - original list courtesy of Rixstep). This yielded:
/Library/Preferences/SystemConfiguration/com.apple.smb.server.plist
/private/etc/smb.conf
/System/Library/CoreServices/SmbFileServer.bundle/Versions/A/Resources/DesktopDe faults.plist
/System/Library/LaunchDaemons/com.apple.smb.server.preferences.plist
/System/Library/LaunchDaemons/com.apple.smbfsloadkext.plist
/System/Library/LaunchDaemons/smbd.plist
/private/etc/smb.conf.template
/System/Library/Extensions/smbfs.kext
/System/Library/Extensions/smbfs.kext/Contents/CodeDirectory
/System/Library/Extensions/smbfs.kext/Contents/CodeRequirements
/System/Library/Extensions/smbfs.kext/Contents/CodeResources
/System/Library/Extensions/smbfs.kext/Contents/CodeSignature
/System/Library/Extensions/smbfs.kext/Contents/Info.plist
/System/Library/Extensions/smbfs.kext/Contents/MacOS/smbfs
/System/Library/Extensions/smbfs.kext/Contents/Resources/load_smbfs
/System/Library/Extensions/smbfs.kext/Contents/version.plist
/System/Library/Filesystems/smbfs.fs
/System/Library/Filesystems/smbfs.fs/Contents
/System/Library/Filesystems/smbfs.fs/Contents/Info.plist
/System/Library/Filesystems/smbfs.fs/Contents/Resources
/System/Library/Filesystems/smbfs.fs/Contents/Resources/English.lproj
/System/Library/Filesystems/smbfs.fs/Contents/Resources/English.lproj/InfoPlist. strings
/usr/lib/sasl2/smb_lm.so
/usr/lib/sasl2/smb_nt.so
/usr/lib/sasl2/smb_ntlmv2.so
/private/var/db/smb.conf
Items highlighted in bold could be relevant.
Have you checked that your entry in nsmb.conf is intact? If it is, could it be overridden by a change to one of the other conf files (or a plist)?

Explanation of Leopard NetBIOS (Windows Sharing) Wackyness With Solutions!

Kick back and grab some coffee. This could be a while. I agree, this fly's in the face of the 'It Just Works' we're all used to, but if you want to get things working, understanding the information below is critical.
I dazed off writing this up, so if I don't make sense someplace, please comment and I'll clarify.
Summary
Leopard does some 'Interesting' things with how it handles announcing and learning about Windows services that may make it feel different than previous versions. Understanding how it does things can help in resolving your Windows related networking issues.
Please do not reply to this post unless it has helped to solve your issue, you have something useful to add (such as where I might be incorrect), or you are posting the output of diagnostics commands. Any other posts have already been made in 1,000 other threads and will only cause clutter.
This post will first define many of the terms used, describe the basics of simple Windows networking with NetBIOS/SMB, explain how Leopard makes things a big goofy, and provide step by step solutions to these issues. Troubleshooting steps are also listed for cases in which things do not work.
Definitions
NetBIOS/NBT (NetBIOS over TCP) - This is a legacy windows protocol that allows for systems to share information about their presence on the network and what they have to offer for resources.
SMB/CIFS - This standards for Server Message Block / Common Internet File System and is just a newer way of doing the same old stuff.
Browse List - This is a list of systems and services advertised over the network that describes who you are, what you are, and what you have to give.
Workgroup - This is a logical grouping of systems into browse lists.
Master Browser - This is a single system elected on the network to be the official holder of the browse list. If enough systems are on the network, there may be backups and backup of backups. Your systems place in this election is determined by your 'os level' and other information.
Domain Master - This very well may be the same system as the Master Browser, but maintains information regarding workgroups other than its own.
WINS - This stands for Windows Internet Naming Service and is a client/server protocol used in larger Windows network environments to share workgroup information (browse lists) between separate locations.
DNS - This stands for Domain Name Services and is used to resolve names (such as 'bob.apple.com') to an IP address (such as 123.123.123.1). It can also maintain 'Special' generic records used to locate special types of systems in your network.
Unicast - A 'unicast' is a packet sent directly from one node on a network to another.
Broadcast - A 'broadcast' is a packet that reaches all nodes of a local area network.
Multicast - A 'multicast' is a packet that goes only to systems that subscribe to a specific multicast address. In a single segment local area network, this typically hits the same number of hosts as a broadcast. However, in larger networks, it can be more restricted. Multicasts are be sent from network segment to network segment, but only if properly configured.
Shell - This is the text mode command interpreter that is available within OS X. You can enter this mode by searching 'terminal' in spotlight. Many of the graphical configurations in OS X really modify text files that you can also view and modify through the shell.
Privileged Access - OS X is a multi-user operating system and as such has separates roles and functions from one user to another. Some commands require you to grant yourself additional rights than you normally have. This is normally seen when you install software and get prompted for your username and password. In the shell, you will only be prompted for your password. Privileged access is typically achieved by starting a command with 'sudo' or 'super-user do'.
_Windows Networking_
This description is no where near complete nor do I guarantee that it is 100% accurate. Most of this is from experience and I will provide links to additional information where it isn't. Advanced topics will not be covered - only what I feel is the minimum knowledge to understand what is happening, how to know if something is going wrong, and how you might fix it.
In a small network, such as a home or small office environment, there is a need to share files, printers, and other services between systems on a network. It's why networks were installed in the first place. In order to do this, four main things are required (I'm sure you can come up with more).
1. Something to Share (which we'll just call the 'Share')
2. Users that have permissions to access the Share
3. Something to announce to the rest of the world that you have something to share
4. A method to connect to the share
If you're reading this because Leopard broke your Windows networking, you're already familiar with #1 and #2 and somewhat annoyed at #3. You may have even jumped to #4 and gained access to your resources by using Option-K in the finder and pointing at the device with smb://x.x.x.x/, although smb://hostname/ may not be working.
This post will assume that you have already setup a windows share and know the username/password on the Windows machine that you will be connecting to.
So that leaves 'Something to announce to the rest of the world that you have something to share' and 'a method to connect to the share'.
That Something is known as the NetBIOS browser service.
In basic IP networking, three primary things allow two systems to talk to each other.
The first is the source IP address. This is the network address of the device that wants to connect to another device or the device that is announcing its services to the world.
The second is the destination IP address. This is the network address of the device or devices that you want to connect (or get information) to. The destination may be a unicast (single host), multicast (subscribed hosts), or broadcast (all hosts).
And finally, the third is the Port number. This is a number between 0 and 65535 that lets the computer know what application, such as Safari, iTunes, etc., that is to receive the data in the packets that were sent.
To share things with each other using Windows protocols, we're primarily concerned about ports udp/137 and tcp/445. Other ports may be used depending on what version of windows you are connecting to and what you are trying to do with it.
Possible destinations are the broadcast address (such as 192.168.15.255) or a unicast address of a system that has something to share (such as 192.168.15.100).
We'll go over how to know what your system is talking to in the diagnostics section of this post.
When a system boots up on the network, it will announce itself and what workgroup it is part of with a broadcast to udp port 137. All systems will see this broadcast and add this information to their local browse cache.
As long as there is already a master browser on the network, things will be fairly quiet at this point as systems that have been running for more than 12 minutes will only broadcast this information every 12 minutes! This means that if you just joined the network, it my be 12 minutes before you see another system.
You, on the other hand, being a system that just turned on, will send your information:
1) When you first come on the network
2) At 4 minutes
3) At 8 minutes
4) At 12 minutes ... and then every 12 minutes after.
This is to make sure that if packets are lost (broadcasts are udp and NOT guaranteed to be delivered) that you'll be seen within this 12 minute interval.
This can be a problem if you're trying to figure out why something doesn't work because you have to wait for 12 minutes to see if your change actually had any effect on solving your problem. If you don't wait this full 12 minutes, you very well may have missed out on seeing the other systems broadcast.
_Finding Systems on the Network_
Most of us are already familiar with a protocol called DNS. It's how you probably got to this website. You give the computer a friendly name, such as discussions.apple.com, and your computer hands it off to its configured DNS server. That DNS server then looks to see if it has the IP address, and if not, queries a root domain server to find out who does. The root domain server sends you off to apple's DNS servers who finally give you an 'authoritative' response. Your configured DNS server then saves that information for its configured or permitted time to live (ttl) and gives you the IP address for the name you just asked for.
You can also do this in reverse (hand DNS an IP address and make it give you the hostname). This is the topic of a number of other threads causing 30, 60, 90 (or some other multiple of 30) second hangs when you try to bring up a web page or before a webpage finishes loading. You can find the details of this issue and solutions in other threads (or post here and I'll write something up on that too).
As you probably guessed, there are other ways to turn names into IP addresses as well and NetBIOS has one as well.
If you recall, when your PC booted up, it broadcast its name, workgroup, and IP address out for everyone to see. The master browser recorded this information in its browse list and therefore has all the information necessary to turn names of systems on the network to IP addresses.
So let's say you want to connect to 'meatwad', which is a local windows system. You type in 'smb://meatwad/' and wait for the system to show up.
In the background, a broadcast just went out on the wire on port 137 asking for meatwad. The master browser responds back saying that 'meatwad' is at 192.168.15.100. This information is given to the smbclient and up pops the remote system.
This isn't working for you? You say that if you do 'smb://192.168.15.100/' that things work?
Well then, there's only a few things that could be wrong.
1) 'Meatwad' never registered with the master browser.
2) Your system doesn't know who the master browser is.
3) There isn't a master browser!
Without going into too many details, if you follow the steps listed in the solutions section below, your resolution should work.
_Leopard Wackeyness_
Leopard changed a few things that make it not quite so obvious that you are sharing files or services with Windows. In addition, it's even more confusing in that even if you don't have anything to share, in order to see other peoples' shares (without connecting to them directly), you need to enable file sharing yourself - and just not share anything.
On top of this, the new application based firewall can be confusing to people.
In addition, the behavior of Leopard when it comes to the master browser role and what workgroup you are in can also cause you headaches.
Here are some examples:
1) You enable File Sharing, click Options, and know for certain that SMB is checked. Yet after 20 minutes, you still don't see anyone and can't find the master browser.
Why? Because unless you have the firewall set to 'Allow All Incoming Connections' or 'Set Access for Specific Services and Applications', you are tossing every one of those broadcasts we talked about that are so critical (and only come in every 12 minutes!) out the window.
How do you know you're doing this?
In the firewall tab, click on Advanced and 'Open Log'. Do you see that "Nov 30 08:40:12 Err Firewall[49]: Deny nmblookup data in from 192.168.15.100:137 uid = 0 proto=17"? Yeah - that's just the packet you were looking for. And guess what, you won't see it again for a while (unless you go asking for it).
2) You had everything working, but you disabled file sharing because you were going to roam off network and didn't want to go blabbing about your system on the wire. You come back home and now things don't work.
Could be a few things going on here. One that is simple and one that is just plain wacky.
When you uncheck File Sharing and re-Check it, guess what? Leopard has just decided it doesn't want to talk to Windows anymore. You need to go back into options and re-check the SMB box EVEN IF ALL YOU WANT TO DO IS SEE OTHER PEOPLE.
Why? Without this box checked, your computer isn't running the necessary services to hear the broadcasts on port 137 that you just made sure in the firewall could get through. And if your computer gets a packet for a socket (port) that it doesn't have an application bound to, guess what, it gets thrown away too.
You can see this if you do a 'sudo tcpdump -nvvXi en0 -s 1500 broadcast or icmp'. Note: Change en0 to en1 if you're using Airport.
Here's a similar example where 192.168.15.109 is the Windows system asking 192.168.15.53, an OS X Leopard system, for info about its shares. This failed.
bash-3.2# tcpdump -ni en1 host 192.168.15.109
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
23:02:49.458342 ARP, Request who-has 192.168.15.53 tell 192.168.15.109, length 46
23:02:49.458475 ARP, Reply 192.168.15.53 is-at 00:1c:b3:7c:a3:18, length 28
23:02:49.459573 IP 192.168.15.109.137 > 192.168.15.53.137: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
23:02:49.459656 IP 192.168.15.53 > 192.168.15.109: ICMP 192.168.15.53 udp port 137 unreachable, length 36
23:02:50.969783 IP 192.168.15.109.137 > 192.168.15.53.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:02:50.969874 IP 192.168.15.53 > 192.168.15.109: ICMP 192.168.15.53 udp port 137 unreachable, length 36
23:02:52.482892 IP 192.168.15.109.137 > 192.168.15.53.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:02:52.483023 IP 192.168.15.53 > 192.168.15.109: ICMP 192.168.15.53 udp port 137 unreachable, length 36
When you see the next broadcast come in on port 137, you immediately see an ICMP packet go back out from your box saying that the port is unreachable. That is unless you have turned on stealth mode in the firewall. Then it'll just go in the bit bucket with the rest of the garbage.
Here is what it should look like. A simple query from .109 and a simple response from .53.
bash-3.2# tcpdump -ni en1 host 192.168.15.109
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
23:05:47.226351 IP 192.168.15.109.137 > 192.168.15.53.137: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
23:05:47.226667 IP 192.168.15.53.137 > 192.168.15.109.137: NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST
3) You could SWEAR that your system was in workgroup 'MSHOME' and you set it up that way, but you're not being seen there.
This one is interesting. It kinda makes sense, but not really.
In the network settings for your network adapter, under Advanced, you'll notice a tab marked WINS. WINS is really a bad choice of words - it should probably just say 'Windows Networking' since you're not really running wins at home normally, but this is where OS X stores information needed to talk to Windows systems.
The first box (NetBiOS Name) is the name of your system. This should match what you have elsewhere in sharing. The second box is your workgroup and by default is left blank. The default workgroup is WORKGROUP. Why? Because that's what Microsoft uses by default. Usually. There was a period of time in which Windows started using MSHOME. How do you know? Go to your windows system and check. If it's MSHOME, type MSHOME here. If it's WORKGROUP, trust me on this one, FILL IN WORKGROUP. DO NOT leave it BLANK. Also make sure that when you built your windows computer 5 years ago that you didn't put in 'FREE_BIRD' or something you just don't remember anymore.
When you hit 'ok' and apply this change, OS X changes a critical system file in /var/run/smb.conf. Specifically, it sets the workgroup value in the global settings and restarts the name service (nmbd).
Why is this important to know? Because if you switch between a Wired and Wireless network, it will do this again and again each time you connect to one or the other.
So if you set things to 'MSHOME' on Airport and then go plug it into your Ethernet network, it WILL reset you back to WORKGROUP if you didn't also put in MSHOME under the wired interface. When you unplug from the wired network and re-connect to airport, it will put it back to MSHOME again. However, if you turn on Wireless while you're on the Wired network, it will keep the Wired setting. Why? I guess because 'Ethernet' is on top (at least on my system). So what happens if you then unplug the wired network? You guessed it, it goes to whatever setting is on the interface left up.
So the lesson here is to make sure that the WINS tab is configured the same in each of your interface types AND that you don't leave the workgroup field blank. This ensures that you don't toggle between, 'MYHOMENET' and 'WORKGROUP' when you go in and out of your office.
Solutions
How do I go about making sure everything is right with all of these conflicting and wacky things going on?
Here's a step through that should make sure everything is up to snuff and stays that way.
1) Go to system Preferences. Select Security. Select Firewall. Set 'Set Access for specific services and applications'.
2) Click 'Show All' and go back to System Preferences and select Network.
3) Select Airport. Select Advanced. Select WINS. Set your workgroup to 'WORKGROUP' unless you know it's something else. Delete any entries out of WINS unless you KNOW you need it. Select OK. Select Apply.
4) Select Ethernet. Select Advanced. Select WINS. Set your workgroup to 'WORKGROUP' unless you know it's something else. Delete any entries out of WINS unless you KNOW you need it. Select OK. Select Apply.
5) Click 'Show All' and go back to System Preferences and select 'Sharing'
6) Check 'File Sharing'. Select Options. Check 'Add Files and Folders using SMB' and any other methods you want to use. Only check the box next to your users if you want to share their data. Select 'Done'.
7) Wait. Sooner or later, you should start seeing hosts showing up in your Finder. Either on the sidebar or within 'Network'.
You don't? Proceed to Troubleshooting.
Troubleshooting
OS X provides a number of utilities in the shell to see what's going on with network services and NetBIOS specifically. I'll briefly go over each with examples of how you might use them.
0) We're going to assume you already checked to make sure that your Windows firewall was correctly configured as well as your Mac's. So if you're using the default windows firewall, McAfee, ZoneAlarm, etc. - you got to be sure that it's allowing this file sharing stuff in and out.
1) netstat -anp udp
This command will list all ports that your system is using (-a) without translating the IP addresses to names (-n) and only for protocol udp (-p udp). You can also use -p tcp or remove -p xxx altogether.
What you are looking for here are entries for the services that watch for and manage the NetBIOS broadcasts. From earlier in this post, you'll recall that is udp port 137.
You'll see:
*.137
192.168.15.53.137
showing that your host is on the lookout for those packets (your firewall was setup correctly, right?)
2) nmblookup -M -- -
This command will send a query out on the network looking for the master browser on your network. You should get a response back such as:
Err:~ eb$ nmblookup -M -- -
querying _MSBROWSE_ on 192.168.15.255
192.168.15.109 _MSBROWSE_<01>
You don't? You SURE about this whole firewall thing? And your windows machine is on and sharing?
3) nmblookup hostname
Obviously replace 'hostname' with the name of the system you're trying to connect to. This will tell you if you can properly resolve that systems name.
Example:
Err:~ eb$ nmblookup mastershake
querying mastershake on 192.168.15.255
192.168.15.109 mastershake<00>
4) nmblookup -S hostname
Same deal applies here - replace hostname with the name of the system you're trying to connect to. This command will list out all of the services and the name of the workgroup that system is part of. It's the same as what you configured in Network prefs for all your interfaces, right?
Err:~ eb$ nmblookup -S mastershake
querying mastershake on 192.168.15.255
192.168.15.109 mastershake<00>
Looking up status of 192.168.15.109
MASTERSHAKE <00> - B <ACTIVE>
WORKGROUP <00> - <GROUP> B <ACTIVE>
MASTERSHAKE <20> - B <ACTIVE>
WORKGROUP <1e> - <GROUP> B <ACTIVE>
WORKGROUP <1d> - B <ACTIVE>
.._MSBROWSE_. <01> - <GROUP> B <ACTIVE>
MAC Address = 00-1B-B9-52-65-2B
5) tcpdump -nvvXi en0 -s 1500
This command is really one of your best friends. At the end of the day, if everything is configured right and not working, see what is hitting the wire. OS X can't do anything if you're not seeing packets.
Use control-c to get out of this. It may look like garbage, but if you spend some time with it, you'll learn pretty quickly how to read it.
6) Are all of your systems DHCP or did you static them? Make sure that the netmasks are the same. Remember, broadcasts don't cross network boundaries. So if one system has an ip address of 192.168.15.2/255.255.255.0 and the other has an address of 192.168.15.3/255.255.255.252, technically, these are not on the same network and will not be able to see broadcasts from each other.
7) So all of the above seems to be great, and you still don't see things in your finder.
Can you connect manually with option-k by BOTH IP address (smb://192.168.15.109) and hostname (smb://mastershake)?
If so, the issue is with browsing only. If you can do both of the above (IP AND NetBIOS name) and you still cannot see entries in Network, there may be a real bug. I've noticed that Vista machines (with Network Discovery enabled) don't always show up correctly, while XP systems show up every time.
_Other Options_
For those that are familiar with Windows Networking, there have been some great comments regarding some methods to speed this up.
1) Setup your own WINS server. You'll find this in one of the threads. Basically, setup smb.conf to allow it to act as a WINS server and then setup those wins entries I said to leave blank to point to it in each of your clients. Since WINS is client/server, it's much easier to figure out what's happening when it doesn't work.
2) Increase your os value or let yourself be the domain master in smb.conf. You'll find this in the threads as well. Keep in mind, it could still take up to 12 minutes (or more - up to an hour really) to see everything on the network.
Message was edited by: mreckhof

Let's make sure we're using the same definition of 'Browse'. Are you able to see them (before you have ever connected to them with option-k smb://x.x.x.x/) in your network list dynamically?
Or are you only talking about being able to connect to them with option-k?
The reason why this is necessary is that the nmbd daemon is not running unless you check the File Sharing box and enable SMB.
Example:
- File Sharing Disabled - Note that nmbd is not running and nothing is listening on port 137.
Err:~ eb$ ps -aef | grep -i nmb
501 5778 5743 0 0:00.00 ttys000 0:00.00 grep -i nmb
Err:~ eb$ netstat -anp udp | grep 137
Err:~ eb$
- File Sharing Enabled and SMB Checked - Note we now have the nmbd process and a listener.
Err:~ eb$ ps -aef | grep -i nmb
0 5789 1 0 0:00.01 ?? 0:00.03 /usr/sbin/nmbd -F
501 5791 5743 0 0:00.00 ttys000 0:00.00 grep -i nmb
Err:~ eb$ netstat -anp udp | grep 137
udp4 0 0 192.168.15.53.137 .
udp4 0 0 *.137 .
If you don't have anything listening for the broadcasts, you're not going to be able to browse and see them in your Network list (unless they're also advertising by some other protocol such as Bonjour).
That is not to say that you can't connect to them - you certainly can by smb://x.x.x.x/ (ip) or smb://DNS_NAME/ (not NetBIOS name).
If you can add more detail if you're seeing something else, like netstat output it would be great.

OS X Server 10.4.11 - OS X Server 10.5.5 - PDC - No Windows login

Hey there,
we just upgraded a 10.4.11 Server to 10.5.5. Some little issues occured afterwards which we were possible to solve but one big problem remained.
Before upgrading the server, Windows XP Clients and a Windows 2003 Server could use our OD user accounts for a domain login.
Now the clients prompt that there is no domaincontroller available or the machine account couldn't be found.
Rejoining the domain works but doesn't solve the problem. The message keeps the same.
The OS X Server is PDC and OD Master.
Some relevant informations:
/etc/smb.conf:
xserve:Users sadmin$ more /etc/smb.conf
; Configuration file for the Samba software suite.
; ============================================================================
; For the format of this file and comprehensive descriptions of all the
; configuration option, please refer to the man page for smb.conf(5).
; The following configuration should suit most systems for basic usage and
; initial testing. It gives all clients access to their home directories and
; allows access to all printers specified in /etc/printcap.
; BEGIN required configuration
; Parameters inside the required configuration block should not be altered.
; They may be changed at any time by upgrades or other automated processes.
; Site-specific customizations will only be preserved if they are done
; outside this block. If you choose to make customizations, it is your
; own responsibility to verify that they work correctly with the supported
; configuration tools.
[global]
debug pid = yes
log level = 1
server string = Mac OS X
printcap name = cups
printing = cups
encrypt passwords = yes
use spnego = yes
passdb backend = odsam
idmap domains = default
idmap config default: default = yes
idmap config default: backend = odsam
idmap alloc backend = odsam
idmap negative cache time = 5
map to guest = Bad User
guest account = nobody
unix charset = UTF-8-MAC
display charset = UTF-8-MAC
dos charset = 437
vfs objects = darwinacl,darwin_streams
; Don't become a master browser unless absolutely necessary.
os level = 2
domain master = no
; For performance reasons, set the transmit buffer size
; to the maximum and enable sendfile support.
max xmit = 131072
use sendfile = yes
; The darwin_streams module gives us named streams support.
stream support = yes
ea support = yes
; Enable locking coherency with AFP.
darwin_streams:brlm = yes
; Core files are invariably disabled system-wide, but attempting to
; dump core will trigger a crash report, so we still want to try.
enable core files = yes
; Configure usershares for use by the synchronize-shares tool.
usershare max shares = 1000
usershare path = /var/samba/shares
usershare owner only = no
usershare allow guests = yes
usershare allow full config = yes
; Filter inaccessible shares from the browse list.
com.apple:filter shares by access = yes
; Check in with PAM to enforce SACL access policy.
obey pam restrictions = yes
; Don't be trying to enforce ACLs in userspace.
acl check permissions = no
; Make sure that we resolve unqualified names as NetBIOS before DNS.
name resolve order = lmhosts wins bcast host
; Pull in system-wide preference settings. These are managed by
; synchronize-preferences tool.
include = /var/db/smb.conf
[printers]
comment = All Printers
path = /tmp
printable = yes
guest ok = no
create mode = 0700
writeable = no
browseable = no
; Site-specific parameters can be added below this comment.
; END required configuration.
/var/db/smb.conf:
xserve:Users sadmin$ more /var/db/smb.conf
# Configuration options for smbd(8), nmbd(8) and winbindd(8).
# This file is automatically generated, DO NOT EDIT!
# Defaults signature: 0cff3e2e008004ba46f9cd36000048ff36880000
# Preferences signature: e0080ddc1594905ae70000000000574
# Configuration rules: $Id: rules.cpp 32909 2007-08-17 23:07:40Z jpeach $
# Server role: PrimaryDomainController
# Guest access: never
# NetBIOS browsing: domain master browser
# Services required: org.samba.smbd org.samba.nmbd
[global]
security = USER
add machine script = /usr/bin/opendirectorypdbconfig -c createcomputer
account -r %u -n /LDAPv3/127.0.0.1
add user script = /usr/bin/opendirectorypdbconfig -c createuseraccount
-r %u -n /LDAPv3/127.0.0.1
domain logons = yes
logon drive = H:
logon path = \\%N\profiles\%u
auth methods = odsam
netbios name = xserve
workgroup = OUR-WINDOWS-DOMAIN
dos charset = 437
server string = xserve
ntlm auth = yes
lanman auth = yes
max smbd processes = 40
log level = 1
map to guest = Never
wins server = 192.168.1.1
domain master = yes
preferred master = yes
os level = 65
enable disk services = yes
enable print services = yes
wins support = no
[netlogon]
path = /etc/netlogon
browseable = no
write list = @admin
oplocks = yes
strict locking = no
[profiles]
path = /Users/Profiles
browseable = no
read only = no
oplocks = yes
strict locking = no
[homes]
root preexec = /usr/sbin/inituser %U
comment = User Home Directories
browseable = no
read only = no
create mode = 0750
guest ok = no
com.apple: show admin all volumes = no
[global]
Error messages in the smb log:
[2008/10/23 13:21:18, 0, pid=554] /SourceCache/samba/samba-187.8/samba/source >/passdb/pdbodsam.c:odssamgetsampwnam(1571)
opendirectorysamsearchname gave -14136 [eDSRecordNotFound]: no >dsRecTypeStandard:Computers record for account 'LAZ-IMAC-20-ZOL$'
[2008/10/23 13:21:18, 0, pid=554] /SourceCache/samba/samba-187.8/samba/source >/passdb/pdbodsam.c:odssamgetgrnam(2040)
odssam_getgrnam gave -14136 [eDSRecordNotFound]: no dsRecTypeStandard:Groups >record for 'LAZ-IMAC-20-ZOL$'!
[2008/10/23 13:21:18, 0, pid=554] /SourceCache/samba/samba-187.8/samba/source >/passdb/pdbodsam.c:odssamgetsampwnam(1571)
opendirectorysamsearchname gave -14136 [eDSRecordNotFound]: no >dsRecTypeStandard:Computers record for account 'LAZ-IMAC-20-ZOL$'
kDSStdAuthNewUser was successful for account "laz-imac-20-zol$"
kDSStdAuthNewUser accountid len(392)"0x49005e2f415db9d900000ece00000600,1024 >35 >131244790597481883925064106712462407867419357228339572195109892970463819598600 08944504249596590147264020481450929886533055945735978363855606054033179354725683 16502940822933278295061864335023431267611975840263121713521174193910961618397774 36761029605188471296273168837776820246633980403453223607235696076277111 >[email protected]"
<CFArray 0x129cd0 [0xa06fb174]>{type = mutable-small, count = 1, values = (
0 : <CFDictionary 0x113180 [0xa06fb174]>{type = mutable, count = 3, >capacity = 3, pairs = (
0 : <CFString 0x129800 [0xa06fb174]>{contents = >"dsAttrTypeStandard:RecordName"} = <CFArray 0x129710 [0xa06fb174]>{type = >mutable-small, count = 1, values = (
0 : <CFString 0x128140 [0xa06fb174]>{contents = "passwordserver"}
1 : <CFString 0x12ca80 [0xa06fb174]>{contents = >"dsAttrTypeStandard:PasswordServerLocation"} = <CFArray 0x129100 >[0xa06fb174]>{type = mutable-small, count = 1, values = (
0 : <CFString 0x129f50 [0xa06fb174]>{contents = "192.168.64.55"}
3 : <CFString 0x10ca00 [0xa06fb174]>{contents = >"dsAttrTypeStandard:AppleMetaNodeLocation"} = <CFArray 0x12a450 >[0xa06fb174]>{type = mutable-small, count = 1, values = (
0 : <CFString 0x12b140 [0xa06fb174]>{contents = "/LDAPv3/127.0.0.1"}
[2008/10/23 13:21:19, 0, pid=554] /SourceCache/samba/samba-187.8/samba/source >/passdb/pdbget_set.c:pdb_get_groupsid(211)
pdbget_groupsid: Failed to find Unix account for laz-imac-20-zol$
[2008/10/23 13:21:19, 0, pid=554] /SourceCache/samba/samba-187.8/samba/source >/passdb/pdbget_set.c:pdb_get_groupsid(211)
pdbget_groupsid: Failed to find Unix account for laz-imac-20-zol$
testparm /etc/smb.conf
Load smb config files from /etc/smb.conf
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLEDOMAINPDC
testparm /var/db/smb.conf
Load smb config files from /var/db/smb.conf
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[homes]"
Loaded services file OK.
Server role: ROLEDOMAINPDC
Is it possible to try the following?
/usr/bin/opendirectorypdbconfig -c createuseraccount -r %u -n /LDAPv3/127.0.0.1
create user account(%u)
no credentials available
opendirectorypdbconfig error(-14200)
Or that?
/usr/bin/opendirectorypdbconfig -c createcomputeraccount -r %u -n /LDAPv3/127.0.0.1
create computer account(%u)
no credentials available
opendirectorypdbconfig error(-14200)
Or must that lead into those error messages?
Error message in the nmbd log:
[2008/10/29 10:20:03, 0, pid=74896] /SourceCache/samba/samba-187.8/samba/source >/libsmb/nmblib.c:send_udp(791)
Packet send failed to 169.254.255.255(138) ERRNO=Host is down
[2008/10/29 10:20:05, 0, pid=74896] /SourceCache/samba/samba-187.8/samba/source >/libsmb/nmblib.c:send_udp(791)
Packet send failed to 169.254.255.255(138) ERRNO=Host is down
It would be awesome if some of you guys could help us back into the communication between OS X Server and Windows!
Thanks a lot!

I had some issues when I initially setup Windows Services on our 10.4 server.
Some things that may help:
1) Check the WINS server box in Server Admin. Make sure your Windows clients have the IP address on your WINS server in their TCP/IP configuration
2) Reset your SID on the server. More info @ http://www.radiotope.com/node/61
2) If the diradmin password has changed, you will have to demote the PDC and recreate it to get the link between OD and samba working again, unless Apple fixed that in Leopard. Of course, you'll have to add all your machines back to the domain after this.
I'm looking at a problem now where just one machine cannot download a roaming profile after I had to restore OD from archive. I'm thinking it is a problem with the SID, bit so far, no love...
-Jon
Jon Auman
Systems Administrator
National Evolutionary Synthesis Center
Duke University
http:www.nescent.org
------------------------------------------------------

Substitute var in smb

Similar Messages

Maybe you are looking for