Browse List Mangling

[Martin Sheppard]

Hi,

We are in the situation where we will end up consolidating over 5000 
computers into a single Windows 2000 domain. As a result we will end up 
with a a rather large browse list for this domain, which it will be no fun 
using. I am working on a possible solution to this problem by setting samba 
up as a local master browser for the domain and getting it to alter the 
browse lists that it serves out in various ways.

nmbd collects the browse lists and writes them out to a file. browse.dat. 
Normally smbd would read this file, but I patched smbd so that it reads 
them from browse.dax instead and I have a perl script that periodically 
reads browse.dat, makes whatever changes are required and writes it out to 
browse.dax. This means that the browse list that gets served up to clients 
is the modified one.

It's possible to do quite a lot by modifying these lists. Here is a very 
simple browse.dat file:

"DOMAIN"                  c0001000 "OLDSCURVY-AN"                "DOMAIN"
"LOCALWG"                 c0001000 "TEST-AN"                     "LOCALWG"
"REMOTEWG"                80001000 "MTHORNBER HOME"              "REMOTEWG"
"3POFG-AN"                40019a03 "Samba 2.0.7"                 "DOMAIN"
"4PG634S-FA"              00011003 "Samba 2.0.7"                 "DOMAIN"

Some examples of what could be done:

REMOTEWG is a workgroup with no computers it the workgroup on the local 
LAN. By removing it from the list, it won't appear in the Network 
Neighborhood of local clients. The same thing would apply to removing the 
computer 3PW631S-FA.

LOCALWG is a local workgroup. If we want keep this in the local browse 
lists, but not publish it to the global list, we could change its server 
type from c0001000 to 80001000, so that it won't get synced with the domain 
master browser. In the same way we could stop LIVER-AN from being published 
globally by changing the type from 40019a03 to 00019a03, or remove it from 
all browse lists completely by deleting it form the list. Stopping machines 
from being published globally makes sense if the firewall blocks remote SMB 
access to them anyway.

It's also possible to make additions to the list and depending on the 
server type, they will be seen either locally or globally. It should also 
be possible to run other copies of samba on the same machine under a 
different IP address and control multiple workgroups at the same time.

Currently I am running an implementation of this that just filters out 
unwanted remote computers and workgroups to make it more manageable for 
people browsing the Network Neighborhood, and so far it seems to be working 
quite well.

Would a generic mechanism for doing browse list mangling be of interest to 
other people?
Would it be accepted as a patch to samba?
Any other thoughts or comments?

Cheers,

Martin.