cross-subnet authentication

[Lars Kneschke]

Philip Ciufo wrote:
> 
> I've been using samba for a while now as a PDC and now require to move
> several NT workstations into a new subnet, one that is different from the
> subnet the PDC resides in. I tried the move already and the workstation
> comes up with the error "a pdc for the domain could not be found". I
> placed an entry in the lmhosts file of the workstation and this made no
> difference.
> 
> I ran samba with a higher log level, but have lost the logs. However, I
> did see a "rejecting dgram ..." message of sort in the nmbd log file. I
> can reproduce the error, so if anyone feels I really need the log file
> then I can post it.
> 
> My issue here is really if anyone has had a samba PDC in A.B.C.any
> subnet and the workstation in A.B.D.any subnet and been able to get the
> workstation to authenticate? If so, was there anything special you had to
> do?
If you have Windows workstations in different subnets then the pdc you
need a wins server. It makes no difference if the pdc is a windows nt or
samba server. Samba acts as wins server, when you set the parameter
"wins support = yes" in the global section of your smb.conf.

Why do you need a wins server?

With out wins, the windows workstation finds it's pdc, sending
broadcasts. But a router normaly doesn't route broadcast. So no
workstation in another subnet then the pdc, will find the pdc.
If you are using a wins server, the client registers itself and his
function(pdc, domainmasterbrowser, local masterbrowser) at the wins
server. If the client searches his pdc, it will ask the wins server,
which gives him the ip address of the pdc.
You need to configure the windows workstation to use wins.

Cu