Unwanted browselists [Scope ID's]

Fri Oct 6 05:45:54 GMT 1995

I have had a reasonable amount of experience with using scope ID's, and my belief is that they should only be used as a last resort. I think that their use is sort of steeped in the mists of Lan Manager days when SMB over TCP was new stuff. Below is my OPINION only. People with greater technical knowledge of the SMB protocol may be upset by the following description ...

A lot of people had multiple corporations/departments on what was effectvely a shared LAN segment, and because there was not yet Netbios Name Servers (ie WINS) browse lists were built up by broadcasts, often there would be "other" peoples machines on "your" browse lists. 

By using the Scope ID you could isolate "your" machines from everyone elses. Only machines with identical scope ID's could talk to each other. This was good for isolating the network, but the downside was that it when you did want to talk to someone else it was extremely hard.

"Good" after market TCP stacks (eg Ungermann Bass) allowed you to specify a scope delimiter. If my scope ID was 'foo', and I wished to talk to a machine with a scope ID of 'bar', I could say: "net view \\server at bar" or "net use z: \\server at bar\temp".

Unfortunately Win95 and WinNT clients do not have the facility to specify a scope ID delimiter (Microsoft do allow you to spec a scope ID, but I do not know anywhere in the MS TCP stack where you can spec a scope delimiter - if anyone knows of one please enlighten me !).

The bottom line is that if you do implement a scope ID, it will be very hard to talk SMB to someone who does not have the same scope ID (unless you are willing to also load netbeui on the clients and servers, which pretty much defeats the purpose defeats the purpose of using TCP). And it is an "all or nothing" change. You have to convert all clients and all servers in pretty much one big hit.  

Samba does seem to support a scope ID with the (undocumented ?) -i paramater. Eg "smbd -D -i foo" will start samba with the 'foo' scope id. NOTE scope ID's i think are cAsE senSITive - they should be the same case on all machines.

One last thing ... if you are using Linux, pam_smb will not support validating to servers with a scope ID. The scope ID is appended after the Netbios name in the smb call, so server "server1" with scope ID foo becomes "server1       .foo" (from memory). All the NB Name variables in pam_smb are fixed at the max length of a Netbios Name (16 chars?) and extending them all to support a scope ID was too hard for me ...

[Plug on] I did extend pam_smb to include a NT <-> Unix userd ID map. It will map pam user Bob_Smith to Unix user bsmith, look up the domain Bob_Smith belongs to and validate him against a server in that domain. Different users can be in different domains. Email me if you are interested. I mailed patches to the autor of pam_smb, but last time I looked they were not included (this may be a hint about the quality of code, but i works for me) Email me if interested. [plug off]

Hope this gives you some background on Scope ID's ...

Andrew Speer
andrew.speer at sawater.sa.gov.au