Using remote announce w/ security=domain
Andrew Perrin - Demography
aperrin at demog.Berkeley.EDU
Wed Apr 14 22:09:17 GMT 1999
So, let me see if I understand the upshot here: what we're hoping to do on
campus is (at least for now) not possible: that is, to plop samba servers
in 'foreign' subnets where we are unable to control the configuration of
the Win9x machines (except to guarantee that they have NetBIOS and TCP/IP)
and have users on those machines be able to view our server's shares and
grab stuff off of them.
1.) Am I wrong that this is not possible?
2.) Does anyone have a suggestion for approximating this result?
thanks-
Andy
---------------------------------------------------------------------
Andrew J. Perrin - aperrin at demog.berkeley.edu - NT/Unix Admin/Support
Department of Demography - University of California at Berkeley
2232 Piedmont Avenue #2120 - Berkeley, California, 94720-2120 USA
http://demog.berkeley.edu/~aperrin --------------------------SEIU1199
On Thu, 15 Apr 1999, Luke Kenneth Casson Leighton wrote:
> On Wed, 14 Apr 1999, Dave J. Andruczyk wrote:
>
> > > this is the correct solution. use of remote announce not recommended
> > > (only heard of one situation on a LAN where it really had to be used).
> > >
> > > > > we'd really like to be able to set a remote browse master in various
> > > > > buildings around campus and thereby have Win9X machines running on their
> > > > > subnets see our domain. Is there any way to do this?
> > > >
> > > > In EACH subnet should be a WINS server.
> > >
> > > why??
> >
> > Oops, I stand corrected. Was thinking in NT terms, as theire can be a
> > "secondary WINS" server (similar to a BDC for load sharing). All machines
> > no matter what the subnet thought should have their TCP/IP settings
> > changed to point to the WINS server that DOES exist.
>
> think of it this way. adding an extra DNS server does nothing for your
> network neighbourhood, therefore why would adding an extra WINS server do
> anything?
>
> > The browse masters on each subnet that DOES NOT have a wins server should
> > have a line saying "wins server = WINS_NETBIOS_NAME" where you replace
> > WINS_NETBIOS_NAME with the netbios name of the WINS server (NT or samba).
>
> partially correct.
>
> think of the NN as a totally, utterly independent service from "name
> resolution", because it is. name resolution HAPPENS, in most
> environments, to be NetBIOS (including WINS).
>
> think of WINS as a dynamic form of DNS.
>
> being a Domain Master Browser, which is responsible for collating browse
> lists from Local Master Browsers, has nothing to do with resolution of the
> names that are IN the browse lists.
>
> this is why so many mis-configured sites run into problems. you need:
>
> - a CENTRALISED system to resolve names in the browse lists. this is
> USUALLY a single WINS server in a samba environment or USUALLY a group of
> replicating WINS servers in an nt environment.
>
> if your samba environment HAPPENS to have identical NetBIOS names as DNS
> names then you can enable "dns proxy = yes" and have multiple samba WINS
> servers. you will also need to add, in this case, static DOMAIN<1b>
> entries to the one samba WINS server that is NOT used by the DMBs on your
> network. ignore this paragraph if you're not sure what i mean.
>
> - every client to use the SAME centralised name resolution system. that
> means, non-local-master-browsers, LMBs on each and every subnet AND your
> DMB.
>
> - your DMB can HAPPEN to be running on the same host (or in the case of
> samba, in the same nmbd process) but even the DMB part of that nmbd
> process needs to use ITSELF as the WINS server just like every other
> browsing client.
>
> one other point: in order to minimise the amount of lookups it's best to
> specify ip address in wins server = not the netbios name. you end up with
> catch 22 otherwise.
>
>
> > That way the browse masters will send their lists to the wins server.
>
> definitely not.
>
More information about the samba-ntdom
mailing list