HOWTO add static entries to WINS?

Axel Thimm Axel.Thimm at physik.fu-berlin.de
Fri Mar 2 08:27:05 GMT 2001


On Mon, Feb 26, 2001 at 05:37:03PM +1030, Martin Sheppard wrote:
> At 02:43 PM 23/02/2001 +0100, Axel Thimm wrote:
> >On Fri, Feb 09, 2001 at 01:31:03PM +0100, werner maes wrote:
> > > I've read the Netbios.txt documentation and it says:
> > > "The WINS server _can_ have static NetBIOS entries added to its database
> > > (usually for security reasons you might want to consider putting your >
> > > > domain controllers or other important servers as static entries,but
> > > you should not rely on this as your sole means of security),but for the
> > > most part, NetBIOS names are registered dynamically."
> > > How can you add static Netbios entries (f.e. for a logon server) to a
> > > Samba based WINS server?
> 
> You can use this patch I made against Samba 2.0.7. Normally entries in the
> lmhosts file are only used locally on the machine with the lmhosts
> file. This patch adds them to the WINS database, so they are served out as
> well.

Thanks, the patch was easy to apply against samba_2_2 cvs. I also succeeded in
creating an entry for a server on another subnet, i.e. smbclient can connect
and Windows browsers can connect *only* if the name is given explicitly,
i.e. the server does not appear in any browsing lists.

I guess this has to do with missing lmhosts entries for the workgroup/domain
name of the external server. How does such an entry look like (the man page to
lmhosts was not helpfull in these details)?

> It seemed to work for me, but I must say that I didn't look at the code to
> expire WINS entries, so that may still be a problem.

Could a samba guru comment? ;)

Also would that small patch make it to the src trees?

> I'm also not sure if it actually gives you any more security like the
> documentation says it does.

Why not? At least the IP address is secured now. Although it may be spoofed by
other means, a hacker has more obstacles now.

Regards, Axel.
-- 
Axel.Thimm at physik.fu-berlin.de




More information about the samba-technical mailing list