[Samba] Samba and VPN
Aleksandr Koltsoff
aleksandr.koltsoff at eke.fi
Wed Jul 31 23:26:02 GMT 2002
actually. well, you can see my original mail here:
http://lists.samba.org/pipermail/samba-technical/2002-July/038355.html
I have proceeded beyond that now. Since I'm running on a tight schedule and
absolutely needed to get the cross-domain/cross-subnet browsing to work, I
installed MS WINS.
I have since made packet captures (did I mention that all domains are
visible on all
computers that belong to any domain in any network?) and have been studying
the protocol.
To make a long story short, cross-domain and cross-subnet browsing will not
work with samba. especially if domains are limited to one subnet. That's it.
The reasons follow.
MS PDC's (DMB's) will issue a DCE/RPC remote procedure call to the WINS
server asking for the list of all it's DMB's (the <1b> records). In some
microsoft documentation they explain this something like this:
"the DMB will issue a wildcard query for all <1b> names in the WINS and then
proceed by resolving each of the names via reverse queries. DMB will then
periodically attempt to sync those DMB's browse lists".
This is kind of misleading. The DMB will issue the query allright, but not
via the normal NBT name resolving mechanisms. The query will be done using
DCE/RPC. This specific RPC is referenced by MS KB article (reference to it
in my original mail) as R_WinsGetBrowserList (or similar).
I've been studying the packet dumps now, but since I've started capturing
only after the browsing stabilised, I'm still missing the structure of the
reply message. Using ethereal I've found that the domain names do indeed
travel back to the calling PDC (all of them, at least the ones that have
been registered into WINS).
I've now started a 24h capture and there will be three new domain additions
today so I'll get some more data.
Also I suspect a bug in the DCE/RPC parser in ethereal if anyone is
interested in helping, so watch out. the UUIDs get mapped from wrong places
and there are many unaccounted for zero bytes in the packet which don't get
included in parsing for some reason.
If anyone is willing/capable of helping me with this, I'd be grateful.
However since my original mail received no responses at all, looks like I'll
have to do this alone, if I'll have the motivation to continue.
thanks for all the fish :-)
More information about the samba-technical
mailing list