multiple nmbds domains workgroups
Christopher R. Hertel
crh at nts.umn.edu
Mon Sep 17 08:48:01 GMT 2001
> > yes, there are protocol limitations. The problem is that there are
> > parts of the protocol where the client asks a question that has a
> > workgroup specific answer but the client gives no indication as to
> > what workgroup they are interested in. The NetServerEnum RAP call
> > comes to mind. In that call client may choose whether to supply a
> > workgroup, and if it isn't supplied then the server is supposed to use
> > its workgroup. So which workgroup would you use?
> the solution is to use the called netbios name to be associated
> with the workgroup.
> when you have a one-to-one mapping between netbios names
> and workgroups the problem you outline as a protocol
> limitation goes away.
> this is why i was so annoyed with microsoft when they came
> up with CIFS/TCP because they failed to provide the equivalent
> of the NetBIOS called name. oh, and adding *SMBSERVER, too.
A kludge to fix a kludge. *SMBSERVER forces a one server-service per
node model, which is completely unneccessary.
> but you *DO* have to deny any connections to
> *SMBSERVER, if you want a single nmbd/smbd daemon to be
> able to do multiple workgroups/domains.
Do you? I'm probably missing something...
Where in the process could leakage occur? The port 138 datagram packets
don't use *SMBSERVER (do they?!). How is the Server Service used?
> it also may be worthwhile investigating NT5's domain /
> browse management to see if ms learned their lesson yet.
It's a different system, probably written by a completely different set
Christopher R. Hertel -)----- University of Minnesota
crh at nts.umn.edu Networking and Telecommunications Services
Ideals are like stars; you will not succeed in touching them
with your hands...you choose them as your guides, and following
them you will reach your destiny. --Carl Schultz
More information about the samba-technical