how to manage samba workgroups?

vetti · May 15, 2010, 10:12pm

Not really a problem, but as I do not unterstand, what is happening, I ask for advice:

I have a file and print server (Suse 11.2) running perfectly (almost). The workgroup name initially was “HOME”. There are WinXP, MacOS9 and Vista Clients using files via Samba and print via Cups. Internet connection goes by a Fritz.Box DSL router, which is also the central dhcp-Server. Now a MacBook’s MacOSX entered the scenario. Internet connection was ok, but it did not want to participate the Windows Workgroup. It could use the appletalk connection as MacOS9 does, but not the smb connection. It asked username, workgroup and password. No success. Entry in Samba log file: NT_STATUS_ACCESS_DENIED.
After some googling I found out, that a misconfigured DNS should be the problem. When changing the name of the workgroup to “WORKGROUP” or “FRITZ.BOX”, it would be ok. So, why did WinXP and Vista work, but not MacOSX? I changed the Workgroup name for all of them to “WORKGROUP”, and, fine, it worked. So far, no problem.

But, on my WinXP Desktop PC, also Suse 11.2 is installed (early stage of migration process ). And on the MaxOS9 G4 besides MAcOS9 also Ubuntu 10.40 is installed. When booting the Ubuntu system, I had to alter the workgroup, using the administrative tools to “WORKGROUP” and everything worked as expected. The Suse 11.2 desktop PC, however, has no separate entry for a smb client entry. So I changed the workgroup entry in /etc/samba/smb.conf from “HOME”, which had worked perfectly since then, to “WORKGROUP”. But, it did not work. All other PCs were able to participate in this workgroup, but not the Suse 11.2 desktop PC. But, surprise, when changing the smb.conf entry of the Suse 11.2 desktop PC to “fritz.box”, it entered the workgroup “WORKGROUP” without any problems.
Maybe, this is an issue concerning the Fritz.Box dhcpd, which unfortunately is unable to enter a workgroup manually. But why is it impossible to enter a certain workgroup, even when the connection dialog asks for the workgroup name, as MacOSX did (BTW, Suse 11.2 only asks for user/psswd, not for Workgroup, so you could never choose, which workgroup to enter)?
So, finally, the Win-PCs work as nice as before, the MacBook does its job as all the other members of “WORKGROUP”, the Suse 11.2 desktop does its job, however as a member of “fritz.box”. Well, it works, but, to my sense of a well configured system, this is kind of patchwork, which should become fixed.
Swerdna’s excellent samba pages did not help.
Any explanation is welcome (sorry for the lengthy story).

swerdna · May 15, 2010, 10:44pm

Hard to give a definitive answer with so many machines in the mix. They need to be made somewhat consistent.

Windows xp is configured to resolve names first by using broadcasts. OpenSUSE and Ubuntu are set to use first the lmhosts file (not very sensible IMO). I don’t know what Mac uses. It’s wise to be consistent with the preferred method of name resolution, keeping it the same as windows. So check smb.conf. You should find this if all is well:

name resolve order = bcast host lmhosts wins

Regarding the workgroup name: it should always be the same on all machines if you are trying to use a simple workgroup scenario.

It sounds to me that you have a name resolution problem but if the suggestion above doesn’t fix things then post here the contents of smb.conf for openSUSE and we could look deeper.

vetti · May 17, 2010, 10:08pm

Thanks for your suggestion, swerdna!

The entry did not change the behaviour. But, I must confess, I did not pay attention to some side effects, which make testing a bit complicated: Sometimes connection worked without any problems, after I had switched the workgroup, logged in and switched back to the previous setting. So, I suggest, there is some caching, which covers actual settings. I had to shut down both machines, wait a minute and restart to get the original situation.
So, what I found during these tests is, that if the server is in workgroup “WORKGROUP” and the desktop PC is in workgroup fritz.box, I can browse in dolphin’s network browser to samba shares, see workgroup “Workgroup”, enter it, see the server, enter it, open the share “public” and - nicely- it will open without any further questioning.
When the desktop PC is in the same workgroup as the server (and have restarted both after waiting for a minute) I can proceed the same way until opening the share “public”. At that moment a dialog opens and asks for username and password. And fails.
Same procedure is on the MacOSX, which is a BSDUnix clone and thus more trustful for me than Windows.There the dialog has an additional entry for the domain. When I enter “fritz.box” there, it works nicely.
Well, and finally I found out, that the server had traditional ifup networking and the PC uses Network manager. Click at the manager icon shows in its bubble message, that, although I am in Workgroup “WORKGOUP”, it suggests to be in the workgroup “fritz.box”.
What I did then, is, that I switched the server to network manger, looked at the bubble help, and, yes, it told me to be in workgroup “fritz.box” as well. Unfortunately, after switching back to ifup, no samba connection could be established at all.
So I remain with network manager on the server and on the PC.
This works as it did before. The rest of the week it has to work alone, as I am on leave, so, no changes til then.

Is it possible, that the dhcp router determines the workgroup, ignoring the workgroup in smb.conf? Somehow a bit messy.

Here my smb.conf

[global]
workgroup = WORKGROUP
name resolve order = bcast host lmhosts wins
printcap name = cups

cups options = raw
    map to guest = Bad User
logon path = \%25L\profiles.msprofile

logon home = \%25L%25U.9xprofile

logon drive = P:
    usershare allow guests = Yes
    add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
    domain master = No
    security = user
    restrict anonymous = no
    domain logons = No
    domain master = No
    passdb backend = smbpasswd
    wins support = Yes
    include = /etc/samba/dhcp.conf
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes

[public]
inherit acls = Yes
path = /home/public
read only = No
…

dhcp.conf is empty.

Thanks for any comment.

swerdna · May 17, 2010, 10:52pm

I’ve spotted the problem. You have enabled the openSUSE box as a “wins server” (to resolve network names) but simultaneously told the box to resolve names by broadcasts (name resolve order = bcast etc). Winxp and vista will alos be using broadcasts, not wins (unless you set them for a wins server).

You should back up your file smb.conf and then change it to this:
[global]
workgroup = WORKGROUP
netbios name = name_of_this_workstation <==give it a name
name resolve order = bcast host lmhosts wins
server string = “”
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
use client driver = yes
map to guest = Bad User
local master = yes
preferred master = yes
os level = 65
usershare allow guests = Yes
usershare max shares = 100
usershare owner only = False

[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes

[public]
inherit acls = Yes
path = /home/public
read only = No

And reboot all the machines in sequence, consecutively, twice (to flush things and get them talking properly in a hurry).

Now, regarding [public]: it can’t work unkless you make the directory “public” at /home/publc and also give that directory the properties drwxr-xr-x and add users to the Samba Password database and make the ownership non-root and so on. But it would be better to delete that share entry from smb.conf (the whole 4 lines) and make a custom share. It’s only there in smb.conf as a suggestion, not as a working share.

You should read the Samba LAN Primer to get a better idea of the default shares

And custom shares are described here: Defining and Using File Shares

vetti · May 22, 2010, 10:03pm

Thanks, Swerdna!

I will try out this weekend. Was on lieve, and came back right now. I looked at the forum, just to see your relpy :). I will tell you later, what happens after I have established your suggestion. Now, tired - need sleep.

BTW: public exists, there are users in smbpasswd, they all use this share without any problems (when they are allowed to “log in”, which usually works fine). So, any need to knock out these four lines?

swerdna · May 22, 2010, 10:35pm

It’s OK to keep the share. You only need to delete the stanza for [public] if you haven’t created the directory “public”.

vetti · May 25, 2010, 1:02pm

Thanks, Swerdna!

Although forgotten to enter a netbios name (it uses the hostname, which is fine) and not have set the os level to 65, it works fine.

But, still, I do not yet have understood, why I could not use shares on samba workgroups other than “WORKGROUP” or “FRITZ.BOX”, although they were browsable, thus could be seen by broadcasting. Only authentification did not succeed. Curiously to me.

Well, I will read through your documents, maybe there is an answer.