Christopher R. Hertel crh at
Thu Dec 28 17:22:34 GMT 2000

> > -----Original Message-----
> > From:	Christopher R. Hertel [SMTP:crh at]
> > 
> > > smb://[[domain/]user[:password]@][workgroup#][server[:port][/share[/path]]]
> > 
> > The part I am trying to work out is this:  except in the case of a trust 
> > relationship or browsing a specific workgroup/ntdomain, is the domain 
> > name ever required?
> > 
> 	Yes. I think you are confusing my definitions of "domain" and
> "workgroup" in the URL spec above. I believe Simo interpreted it in the
> same way as myself as he corrected my original proposal to give the above. 

...but an ntdomain *is* a workgroup.  It's just a workgroup with a domain
controller.  They are the same basic thing except that an ntdomain
provides an authentication server (and a DMB for spreading browse lists
across router boundaries). 

> 	In the above, "domain" is the authentication domain for a user and is
> vitally important. I cannot connect to a share here at work without
> specifying it.

Okay.  This is where it gets interesting (and where I need to do the most 
learning...I'm not up on authentication mechanisms yet).

If I understand this, the ntdomain is required when logging into a domain
rather than logging into a server (via the user or share auth methods).

> It is required in the PrimaryDomain field during session
> setup and used by the server to authenticate me (the client) with the
> domain controller. A "?" can be used in it's place to specify the default
> domain 

Where does the default domain come from?  I assume that this is a
configuration issue and, in the useage we are considering here, one may
not have a specified default.  That would mean that it would need to be 
specified as part of the server string.

> but it is often specified regardless. In this context this
> information is strictly bound to the username (and for that reason IMO
> should reside next to it in a URL). MS uses domain\username so to 
> simply avoid the backslash we do domain/username.

I think we need a different delimiter than the slash, simply because the 
slash is already a defined metacharacter in a URL string.

> Think of the
> [[domain/]user[:password]@] as *prepending* authentication information 
> into the URL. 

Yes, I got that.

Hmmm:  This might work for server syntax:

<server> :== [user[@ntdomain][:passwd]@]server[:port]

This can be parsed, and it limits the number of metacharacters used in the
server string.  If an ntdomain is included, then there will be two '@'
signs in the string, so it will be possible to determine which delimits

> 	The "workgroup#" is a special exception to the whole concept of URLs
> and is meant to deal specifically which Richards original issue.

I have suggested elsewhere that the '#' is not necessary.  If we consider
a Master Browser to be a special case of a server, then we can accomodate
browising without needing to delimit a workgroup name specially.

> Steve has suggested several times that it has no business in the URL (and
> I tend to agree). It is _only for browsing_ under rare cases where the
> name of the workgroup of intrest is not the same as the authentication
> domain. It is a bastard stepchild. An orphan. The problem is where do you
> put the damn thing. My previous post targeted that issue and I think, at
> least Simo and I, felt that it could safely be prepended to the server
> name. In this way you can start a browsing session for you extra-special
> bastard stepchild of a workgroup with: 
> 	smb://bastard#
> 	and then drill down by clicking on a server and then a share and then
>       ... 

I think we are trying to solve the same problem and that our solutions are
not far off.  Let me know if anyone knows any reason why my suggestion
that the browsing service be considered a special case won't work. 


  - Provides a list of workgroups and ntdomains.

  - If <name> is a server name (responds to name#20) then list the available
    shares on that server.
  - If <name> is a workgroup/ntdomain name (responds to name#1d) then 
    ennumerate the browse list.
  - If <name> is a DNS name or IP address then assume it is a file server
    (I think you have to do a reverse lookup anyway).

  - Any time you have a service specified you know that <name> is a server.

How'm I doin?

Chris -)-----

Christopher R. Hertel -)-----                   University of Minnesota
crh at              Networking and Telecommunications Services

    Ideals are like stars; you will not succeed in touching them
    with your choose them as your guides, and following
    them you will reach your destiny.  --Carl Schultz

More information about the samba-technical mailing list