Using remote announce w/ security=domain

Luke Kenneth Casson Leighton lkcl at
Thu Apr 15 15:29:07 GMT 1999

On Wed, 14 Apr 1999, Andrew Perrin - Demography wrote:

> So, let me see if I understand the upshot here: what we're hoping to do on
> campus is (at least for now) not possible: that is, to plop samba servers
> in 'foreign' subnets where we are unable to control the configuration of
> the Win9x machines (except to guarantee that they have NetBIOS and TCP/IP)
> and have users on those machines be able to view our server's shares and
> grab stuff off of them.

basically correct.


1) poison their WINS server database (either by using it as _your_ WINS
server or getting its admin to add an entry for your server OR by writing
a small program to register the samba server's ip address in TWO WINS
servers :-) :-)

2) sneak a samba server onto that subnet with "wins proxy = yes" where
that samba server uses the same WINS server as the rest of _your_ samba
servers+windows clients.

3) rely on the remote clients using dns, plus you using remote announce:
this is one of the _only_ situations under which i would recommend the use
of remote announce

4) hack into all of those machines on the remote network and put your
samba server in their lmhosts files (not recommended :-)

5) _ask_ individual users who wish to access your samba servers to add an
entry in the lmhosts file.

samba servers as PDCs need to have that odd #PRE DOMAIN_NAME system in
clients' lmhosts.

More information about the samba-ntdom mailing list