Browse List Mangling
martin.sheppard at hsn.csiro.au
Thu Mar 29 05:44:37 GMT 2001
We are in the situation where we will end up consolidating over 5000
computers into a single Windows 2000 domain. As a result we will end up
with a a rather large browse list for this domain, which it will be no fun
using. I am working on a possible solution to this problem by setting samba
up as a local master browser for the domain and getting it to alter the
browse lists that it serves out in various ways.
nmbd collects the browse lists and writes them out to a file. browse.dat.
Normally smbd would read this file, but I patched smbd so that it reads
them from browse.dax instead and I have a perl script that periodically
reads browse.dat, makes whatever changes are required and writes it out to
browse.dax. This means that the browse list that gets served up to clients
is the modified one.
It's possible to do quite a lot by modifying these lists. Here is a very
simple browse.dat file:
"DOMAIN" c0001000 "OLDSCURVY-AN" "DOMAIN"
"LOCALWG" c0001000 "TEST-AN" "LOCALWG"
"REMOTEWG" 80001000 "MTHORNBER HOME" "REMOTEWG"
"3POFG-AN" 40019a03 "Samba 2.0.7" "DOMAIN"
"4PG634S-FA" 00011003 "Samba 2.0.7" "DOMAIN"
Some examples of what could be done:
REMOTEWG is a workgroup with no computers it the workgroup on the local
LAN. By removing it from the list, it won't appear in the Network
Neighborhood of local clients. The same thing would apply to removing the
LOCALWG is a local workgroup. If we want keep this in the local browse
lists, but not publish it to the global list, we could change its server
type from c0001000 to 80001000, so that it won't get synced with the domain
master browser. In the same way we could stop LIVER-AN from being published
globally by changing the type from 40019a03 to 00019a03, or remove it from
all browse lists completely by deleting it form the list. Stopping machines
from being published globally makes sense if the firewall blocks remote SMB
access to them anyway.
It's also possible to make additions to the list and depending on the
server type, they will be seen either locally or globally. It should also
be possible to run other copies of samba on the same machine under a
different IP address and control multiple workgroups at the same time.
Currently I am running an implementation of this that just filters out
unwanted remote computers and workgroups to make it more manageable for
people browsing the Network Neighborhood, and so far it seems to be working
Would a generic mechanism for doing browse list mangling be of interest to
Would it be accepted as a patch to samba?
Any other thoughts or comments?
More information about the samba-technical