Browse List Question - please help!

Matthew_S_Cramer at armstrong.com Matthew_S_Cramer at armstrong.com
Thu Dec 17 00:10:40 GMT 1998 

I've RTFM (inlcuding the very nice BROWSING.txt and BROWSING-Config.txt) as well
as the archives and I can't find any info on my particular problem.  Any
assistance at all would be most appreciated!

Background:
I am trying to use samba to control the browse lists for our main workgroup
throughout our enterprise.  I set up a samba server on AIX.  It is a WINS
server, as well as the Domain Master Browser (DMB) and the Local Master Browser
for its subnet.  I have another samba server running Redhat 5.1 and it is acting
as the Local Master Browser for its [different] subnet.  It knows about the WINS
server.

Problem:
By setting my debug level to 3 I can watch samba get info for the workgroup - it
happily collects info and also happily syncs with other Local Master Browsers on
different subnets.  From my Windoze95 I can do a NET VIEW /WORKGROUP:ITS and I
can see the browse list start to grow as the syncs occur.

But, if I go to my NT workstation (MSCRAMER-LAPTOP, with addr 172.16.3.136) *IT
IS UNABLE TO GET THE BROWSE LIST*.  The workgroup name is ITS.  This NT
workstation is on the same subnet as the second samba server.  When I first go
to Network Neighborhood I see the following in log.smb on the WINS Server / DMB:

process_get_backup_list_request: request from MSCRAMER-LAPTOP<00> IP 172.16.3.13
6 to ITS<1b>.
send_backup_list_response: sending backup list for workgroup ITS to MSCRAMER-LAP
TOP<00> IP 172.16.3.136
process_get_backup_list_request: request from MSCRAMER-LAPTOP<00> IP 172.16.3.13
6 to ITS<1b>.
send_backup_list_response: sending backup list for workgroup ITS to MSCRAMER-LAP
TOP<00> IP 172.16.3.136

but none of the machines in the workgroup are in my browse list.  If I drill
down through entire network, MS Networking, and then the workgroup name (ITS) I
get the following error in a dialog:

     Its is not accessible

     The account is not authorized to login from this station

and also the log.nmb given above message appears again on the WINS/DMB machine.

Now, I am aware of the encrypted passwords issue - this NT machine is running
SP4.  If I add the registry key to use plaintext passwords things work fine.
However, adding this registry key to all of our NT machines is not an option.

So.....what is going on here???

Under Windoze95 things work fine - I can see the browse list.  The thing that
confuses me is that if I do a "Find Computer" on NT and search for the name of
the WINS/DMB machine I find it.  Not only do I find it, but I can drill down
into it and see all the shares (like netlogon and a public share)!!!  Without
the Registry kludge!  So obviously I am getting my connection to IPC$.

Permissions on /var/locks/samba are 0644.  The NT box has NetBIOS bound to only
IP.

Am I doing something wrong?  It seems to me (although I don't understand it)
that serving the browse list is some sort of special operation or "share" and
that it requires a password.  If this is true, then this seems like a serious
limitation of samba.  Why not make this available via IPC$?  Please tell me that
I am just doing something wrong.  Attached is the smb.conf for the WINS/DMB
machine.  samba version is 1.9.18p10.

/usr/local/samba/lib/users.map has a single entry:
pcguest = *


;======================= Global Settings =====================================
[global]

   workgroup = ITS
   volume = AIX

   load printers = no

   guest account = pcguest
   guest ok = yes
   username map = /usr/local/samba/lib/users.map

   debug level = 3
   log file = /var/log/samba-log.%m
   max log size = 500

   short preserve case = yes
   preserve case = yes

   lock directory = /var/locks/samba
   locking = yes
   strict locking = yes
   share modes = yes

   security = share

   socket options = TCP_NODELAY

; Domain Control Options

    domain master = yes
    local master = yes
    preferred master = yes
    os level = 128
    domain logons = yes
    wins support = yes

;============================ Share Declarations ==============================
[netlogon]
   comment = Samba Network Logon Service
   path = /home/netlogon
   guest ok = yes
   locking = no
   read only = yes
   browseable = yes

[IPC$]
   comment = IPC Share
   path = /tmp
   guest ok = yes
   browseable = yes

[public]
   path = /home/pcguest
   public = yes
   only guest = yes
   writable = no
   printable = no





Politics:
Getting this working under samba would be a Good Thing.  Right now we have NT in
our environment but with no real structure.  NT bigots want to begin building an
NT4 Domain structure.  Netware bigots want to put NDS for NT on every NT box.
I'd like to take care of our problems by using samba.  Really our only problems
are name resolution and browsing lists.  If I could provide a way for remote
users (on different subnets) to get a consistent list of machines when they
drill down into the ITS workgroup our needs would be met.


Thanks in advance for any help.  If I should increase debugging levels and
forward that info along please ask and I will happily do so.


Matt

More information about the samba mailing list