Multiple subnets and browsemaster wars.

David Collier-Brown - Sun Canada davecb at
Tue Mar 28 13:15:08 GMT 2000

 Matthew Geier wrote:
|  Unfortunately a misconfigured PC out in one of the subnets seems to
| hose the browse list for the people who have asked us to setup their
| PC's properly.
| 2000/03/28 09:53:37, 0] nmbd/nmbd_incomingdgrams.c:(307)
|   process_local_master_announce: Server PIMMA at IP is
| announcing itself as a local master browser for workgroup ARTS and we
| think we are master. Forcing election.

	Well,. "hosts deny" is only referenced in 
1 loadparm.c 1339 FN_LOCAL_STRING(lp_hostsdeny,szHostsdeny)
2 process.c   533 !check_access(Client, lp_hostsallow(-1), lp_hostsdeny(-1)))) {
3 process.c   606 if (!check_access(Client, lp_hostsallow(-1),
                  lp_hostsdeny(-1))) {
4 service.c   251 lp_hostsallow(snum), lp_hostsdeny(snum))) {
5 testparm.c  247 char *deny_list = lp_hostsdeny(s);
6 testparm.c  299 if
                  (allow_access(lp_hostsdeny(s),lp_hostsallow(s),cname,caddr)) {
7 cgi.c       497 if (!check_access(1, lp_hostsallow(-1), lp_hostsdeny(-1))) {
8 proto.h    1164 char *lp_hostsdeny(int );

	... so it looks like nmbd isn't going to allow you to
	whack it on the head directly (;-))
	I'll comment more on "idiot discovery algorithms later..

|  Short of adding 5 ethernet interfaces to my Dec box and making samba do
| its stuff on each network, is there any solution. Would the 'remote
| announce' parameters help this situation ?

	Depends a lot on the client implementation: it's worth a try,
	but if asked to guess I'd guess no, only the preference bits
	on os levels.

|  Unfortunately running around and turning browser master functionality
| off on all the clients isn't possible, as we don't know where all the
| clients are!. If I could just make the samba server win elections on
| each subnet buy using an outrageously high OS level, I hope all would be
| fine

	Ok: I'd set preferred master, os level = 5280 (;-)) and start
	on your idiot discovery algorithm.
	My next-door neighbour and I used to discover unconfigured
	systems at York University (then Canada's second-largest)
	by a log-grovelling script, which did a sort | diff at the
	end and spat out machines without PTR records.
	At this point we'd find the subnet, which told us the
	department, and probe the machine for a hostname, then
	ask the departmental computer coordinator who'd just
	created a a machine named "edelweiss".  They usually could
	The culprit would then get a letter masquerading as an offer
	of email routing from us, with a form to fill out.  If they did,
	they got outgoing email.  If they didn't, we offered to 
	route against them.  They always seemed cooperative for some 
	In samba terms, I'd "hosts deny" them, and offer to enable them
	if they set their machines up properly.
	Team: is there any value in making nmbd aware of hosts allow/deny
	It would be cool to have both smbd and nmbd services 
	return a message from the smb.conf file, such as:
	idiot discovery = Access denied: your machine is misconfigured, \
		please contact extension 734 to be granted access.

David Collier-Brown in Boston
Phone: (781) 442-0734, Room BUR03-3632

More information about the samba-technical mailing list