[Samba] Browsing on remote subnets, domain logons

Fri Dec 13 19:01:06 GMT 2002

Pihhan,

Sorry, I do not have time to answer all your questions.

- John T.

On Fri, 13 Dec 2002, Pihhan wrote:

> Hello,
>
> I have a few questions.
> I have network like this:
> (A)---------(MS)--------(SS)-------(B)
>              |         |
>             inet      (C)
>
> Ms and SS are linux servers with samba. others are workstations with
> WinMe.
>
> Can I make all subnets and all computers to see all computers on all
> subnets without using WINS?

Yes. Read up on "remote announce" and "remote browse sync" by doing:

	man smb.conf

then search for those parameter.

The result will be that all machines will appear in the browse list, you
may then have a problem with NetBIOS name resolution. You will need DNS
for name resolution. You will see a LOT of UDP broadcast activity on the
network - but that is the price of not using WINS.

> So A should see SS, B and C. Because between MS and SS is very long
> network (connection between two divided LANs) made of 10BASE2, it is
> considered unreliable. Thus MS and SS should be always ready to answer
> all authorization on its direct subnets, and be backup for others.
> Thats because C is in the middle, and have connection to both MS and
> SS. If one connection is broken, LANs will be divided but should be
> operational itself.
>
> That's why I dont want WINS, because if it connection to MS fail, there
> will be long timeout to use secondary WINS on SS. Is there way to sync
> both servers nethood for broadcast and wins for all subnets, where
> servers MS and SS would broadcast only local network and remote info
> gets from the other server?

You could use both WINS and the "remote announce" and "remote browse sync"
options together.

>
> I don't know how to make this. I want only one domain, where both MS
> and SS will serve to direct subnets and get informations about unknown
> users from second server. On MS is routing to internet, directed with
> iptables and firewall. In preexec script of netlogon share it checks
> if logging user has paid for internet and so if he is allowed to use
> internet. That somewhat works, I wonder why sometimes...
>
> All I need is allow all users from all subnets to access MS, and
> netlogon share. I want synchronised browse list on all subnets, and if
> users from B cannot login to MS, they must be able to login to SS.
> Thats because I dont want change setting on machines if connection
> between MS and SS fails. So they cannot reach MS or other remote
> computers, but can operate well on their LAN with direct neighbours.
>
> SS will not be under my direct control (I am not root there),
> it will act partialy as BDC. It will not sync users list from
> MS itself, they would need be added manualy. But all users on this
> server, who wants internet, need also account on MS. So only local
> users will have accounts only on local server, not on both.
>
> I think there would be two domains for this, but does Samba support
> some way of trusted domains? I am using individual sharing on WinME.
> This gets better security to network, with less passwords to remember.
> But there are in fact two PDCs, and only one is really PDC. I get list
> of users on my PDC server, so I can assign on Windows shares for every user
> different acces rights. But can I do this for users from different
> domain? or from different server? That is really problem in two
> separate domains, but two PDCs cannot be in one domain, right?
> Have you any good ideas, how to solve this? Can I sync browse list for
> different domains? Must I have workgroup same with domain on
> workstations, or can I have one workgroup in two domains? That would
> get browsing easier.
>
> (sorry for my english)
> (I sent this message already, but in Latin2 encoding, so you seen only
> block of octets, i think.)
>
> I hope you are smarter than me,
>  PihhanN‹§²æìr¸›yúèšØb²X¬¶
-¢Ø^~‰e£§DKjwky§m
è§²ÚîrØ¨žÏ¡¶Ú~ÿùb²Û,jfÚ¢¸?™¨¥™©ÿ–+-ŠwèþÆ¦m

-- 
John H Terpstra
Email: jht at samba.org