winbindd architecture

Christopher R. Hertel crh at
Thu Jul 11 17:35:12 GMT 2002

On Thu, Jul 11, 2002 at 07:04:39AM -0700, Tim Potter wrote:
> On Thu, Jul 11, 2002 at 03:57:11PM -0400, Leducq Dominique wrote:
> > Le Mercredi 20 F?vrier 2002 12:51, Tim Potter a ?crit :
> > > Nmbd needs to be running on the local system as there are some lookup
> > > requests send by winbindd that are sent by Windows NT domain controllers
> > > to the incorrect port which is a bug in Windows. ?Nmbd receives these
> > > packets and stores them in a database (unexpected.tdb) which winbindd
> > > reads from.
> > 
> > I would need some more details about this. Could you please tell me :
> > 
> > - which versions of the OS are involved (NT 4 to XP) ? Only as PDC ?
> > - which kind of requests ? 
> > - which port ? (I guess it replies to port 137 or 445 instead of source
> >   port of the request...)
> >From memory it is the network request that locates the PDC name on the
> network.  I think it is only Windows NT 4 but I haven't tested it.  It
> is one of the udp ports - 139 I think.


I haven't followed this closely so I may talking about the wrong things, 
but in general terms...

The NBT Name Service is on UDP/137.  Early versions of Windows/95 reply to
this port instead of the originating source port when sent a Node Status
Request.  I don't know of anything else that makes that mistake, and it
only happens on the Node Status Request, so it's fairly limited.

The NBT Datagram Service is used for service announcement (browse list
stuff).  That's on port UDP/138.  I have heard that there are problems
with Windows boxes (9x and NT) always replying to 138 when they should
reply to the originating source port.  I don't have specifics on that one.

If NT is involved, then port 445 isn't an issue.  NT runs SMB over the NBT 
Session Service, which is TCP/139.

Anyway, if the unexpected.tdb is the reason that winbindd needs nmbd, then
I think it could be made optional.  I imagine that winbindd would be
sending regular name queries in order to find the PDC, probably looking
for <ntdomain>#1B.  The 1B address is actually the DMB identifier, but in
Windows the DMB and PDC must be the same node.  It is possible that a Node
Status query is also being sent, to verify that the 1B node also has the
1C name registered (1C means "I am an NT Domain Controller).  That could
be an issue with a Samba DMB.  If that's the case, though, W/95 can't be a
PDC anyway so not getting a reply shouldn't be a problem.

Again, I'm not in sync with the discussion so if that's totally bogus 
please disregard.

Chris -)-----

Samba Team --     -)-----   Christopher R. Hertel
jCIFS Team --   -)-----   ubiqx development, uninq.
ubiqx Team --     -)-----   crh at
OnLineBook --    -)-----   crh at

More information about the samba-technical mailing list