Samba to the rescue

[lluisma]

We are a very big NT shop inside but using all Unix on Internet gateways
and databases. We have numerous problems on our NT infrastracture and I
was given the task of fixing problems related to NT authentication,
browsing, name registration/resolution(WINS) and performance tuning. I'm
thinking of making use of Samba to solve most of these problems or at
least to introduce more reliability to our systems.

We have several thousands of users but my area is about 800 users
connected to layer 2 and layer 3 switches (VLAN) with servers using
FastEthernet and win95/98 clients using 10baseT. We are a shared network
configuration wherein about 13 subnets share a single VLAN with
connection to one port (100mbit full duplex) in a high speed cisco
router. This one port becomes the primary interface and the 13 subnets
are secondaries(Note: communication between hosts on different subnets
will have to go to the router. The layer 3 switches have some
intelligence and only initial connections go to the router for
communicating hosts connected to layer 3 switches.). The WINS server(NT)
is located on the other side of the router(on a different VLAN) and it
replicates with another WINS server somewhere. The PDC (also NT) is
located on the same VLAN that the WINS server is. We use NT DHCP
server(I'm replacing this with Linux using ISC DHCP).

The problems I'm trying to fix involve browsing and WINS resolution.

Our domain master browser is the NT PDC(we know they are using the same
last byte<1B>). I can't replace the NT WINS with Samba because the
latter doesn't replicate yet. I can't have a Samba
BackupDomainController(BDC) because that is not supported either at this
time. Also win98/95 systems can not become or contact a domain master
browser(even if it is NT). This means I would need at least one NT
server/workstation/Samba for each subnet to act as local master browsers
that can server the browsing needs of win95/98 clients.

This is what I intend to do and please let me know if I make sense or
what is the best way to do it:

Linux box will run Samba, ISC DHCP server, primary internal DNS(fake
root), and many more.
The Linux box(IBM Netfinity 7000 M10 quad Xeon 500, 2GB RAM) will have
one IP address from each of the 13 subnets and aliased it to one or two
primary IP addresses (100Mbit full duplex NIC). With Samba running I'll
make this the local master browser for each of the 13 subnets and make
it synchronize with the NT domain master browser on the other side of
the router. My smb.conf should have something like:

[global]
    wins server = x.x.x.x         ==============> NT is doing WINS, not
Samba
    wins proxy = yes
    dns proxy = yes
    wins support = no
    name resolve order = lmhosts wins hosts
    local master = yes
    preferred master = yes
    remote announce = y.y.y.y   ========> IP address of NT PDC (Domain
Master Browser)
    os level = 32      ======> to make sure it will not become Domain
Master Browser? NT PDC is 33.

To avoid broadcasting from win 95/98 clients (remember I have a shared
network and broadcasts are bad for this) DHCP sets option
netbios-node-type 2 ====> Netbios P-node.

I'm not clear about the WINS proxy support. Can I let win 95/98 clients
use Samba as a WINS proxy to a NT WINS server located on the other side
of the router? If yes can I configure win 95/98 clients (via DHCP) to
use the IP address of the Linux/Samba box as WINS server (something like
a transparent proxy). Is this feature supported by Samba WINS proxy?
Does this WINS proxy support in Samba means that it can pretend to be a
WINS server although in reality it is actually acting as a proxy.

Please help.

Thanks.

ESL