multiple nmbds domains workgroups

Christopher R. Hertel crh at
Mon Sep 17 08:48:01 GMT 2001

> > yes, there are protocol limitations. The problem is that there are
> > parts of the protocol where the client asks a question that has a
> > workgroup specific answer but the client gives no indication as to
> > what workgroup they are interested in. The NetServerEnum RAP call
> > comes to mind. In that call client may choose whether to supply a
> > workgroup, and if it isn't supplied then the server is supposed to use
> > its workgroup. So which workgroup would you use?
> the solution is to use the called netbios name to be associated
> with the workgroup.
> when you have a one-to-one mapping between netbios names
> and workgroups the problem you outline as a protocol
> limitation goes away.

Question below...

> this is why i was so annoyed with microsoft when they came
> up with CIFS/TCP because they failed to provide the equivalent
> of the NetBIOS called name.  oh, and adding *SMBSERVER, too.

A kludge to fix a kludge.  *SMBSERVER forces a one server-service per 
node model, which is completely unneccessary.

> but you *DO* have to deny any connections to
> *SMBSERVER, if you want a single nmbd/smbd daemon to be
> able to do multiple workgroups/domains.

Do you?  I'm probably missing something...

Where in the process could leakage occur?  The port 138 datagram packets 
don't use *SMBSERVER (do they?!).  How is the Server Service used?

> it also may be worthwhile investigating NT5's domain /
> browse management to see if ms learned their lesson yet.

It's a different system, probably written by a completely different set 
of people.

Chris -)-----

Christopher R. Hertel -)-----                   University of Minnesota
crh at              Networking and Telecommunications Services

    Ideals are like stars; you will not succeed in touching them
    with your choose them as your guides, and following
    them you will reach your destiny.  --Carl Schultz

More information about the samba-technical mailing list