Using remote announce w/ security=domain

Luke Kenneth Casson Leighton lkcl at
Wed Apr 14 16:11:33 GMT 1999

On Wed, 14 Apr 1999, Dave J. Andruczyk wrote:

> > this is the correct solution.  use of remote announce not recommended
> > (only heard of one situation on a LAN where it really had to be used).
> > 
> > > > we'd really like to be able to set a remote browse master in various
> > > > buildings around campus and thereby have Win9X machines running on their
> > > > subnets see our domain. Is there any way to do this?
> > > 
> > > In EACH subnet should be a WINS server.
> > 
> > why??
> Oops, I stand corrected.  Was thinking in NT terms, as theire can be a
> "secondary WINS" server (similar to a BDC for load sharing).  All machines
> no matter what the subnet thought should have their  TCP/IP settings
> changed to point to the WINS server that DOES exist.

think of it this way.  adding an extra DNS server does nothing for your
network neighbourhood, therefore why would adding an extra WINS server do
> The browse masters on each subnet that DOES NOT have a wins server should
> have a line saying "wins server = WINS_NETBIOS_NAME" where you replace
> WINS_NETBIOS_NAME with the netbios name of the WINS server (NT or samba).

partially correct.

think of the NN as a totally, utterly independent service from "name
resolution", because it is.  name resolution HAPPENS, in most
environments, to be NetBIOS (including WINS).

think of WINS as a dynamic form of DNS.

being a Domain Master Browser, which is responsible for collating browse
lists from Local Master Browsers, has nothing to do with resolution of the
names that are IN the browse lists.

this is why so many mis-configured sites run into problems.  you need:

- a CENTRALISED system to resolve names in the browse lists.  this is
USUALLY a single WINS server in a samba environment or USUALLY a group of
replicating WINS servers in an nt environment.

if your samba environment HAPPENS to have identical NetBIOS names as DNS
names then you can enable "dns proxy = yes" and have multiple samba WINS
servers.  you will also need to add, in this case, static DOMAIN<1b>
entries to the one samba WINS server that is NOT used by the DMBs on your
network.  ignore this paragraph if you're not sure what i mean.

- every client to use the SAME centralised name resolution system.  that
means, non-local-master-browsers, LMBs on each and every subnet AND your

- your DMB can HAPPEN to be running on the same host (or in the case of
samba, in the same nmbd process) but even the DMB part of that nmbd
process needs to use ITSELF as the WINS server just like every other
browsing client.

one other point: in order to minimise the amount of lookups it's best to
specify ip address in wins server = not the netbios name.  you end up with
catch 22 otherwise.

> That way the browse masters will send their lists to the wins server.

definitely not.  

More information about the samba-ntdom mailing list