[Samba] Re: Cannot Sync Browser Lists
Enrique Sanchez Vela
esanchezvela at yahoo.com
Tue Jul 9 08:56:03 GMT 2002
Hi,
I just read your samba problem and I belive I know
about 1% about IPSec, FreeSwan, Smaba, GWs, tcp/ip and
nothing about ipchains and friendss, but the ability
to ping a server accross the network is just a proff
of conectivity.
if you remember ping uses icmp packets and SMB uses
tcp (perhaps udp) packets they are very different from
a fw/gw prespective.
check for access to the netbios ports (you'll find
them in /etc/services) in your fw rules..
regards,
esv.
=================================================
I run an IPsec/Freeswan VPN to connect 4 disparet
windows LANS.
I managed to RTFM until cross-subnet browsing worked
(samba 2.0).
Having upgraded to 2.2.3 It would seem that this
feature is not
working.
BACKGROUND:
originally all sources of information led me to
understand that I would
need a box running samba behind the firewall/IPsec box
as I could not
even ping a remote internal IP from the firewall. I
then built a few
cheap x86 boxes to simply collate share information
then remote browse
sync to the DMB in the main office.
It worked!
Network neighborhood was never happier.
Since then my knowledge of iptables has increased and
I now invoke
`/sbin/iptables -t nat -A POSTROUTING -o ipsec0 -s
$EXTERNALIP
-j SNAT --to $INTERNALIP`
This allows me to connect to services on remote
internal networks from
an IPsec Gateway.
AHA I thought. I can eliminate those
unsightly pentium samba boxes and place the share
collation on the
reliable (and underworked) firewall/IPsec Gateways now
that I could
actually ping the DMB from any given IPsec GW.
If I can ping the DMB from another samba server I
should be able to
perform
a remote browse sync without error.
CURRENT:
Since the only samba availible to the IPsec
gateway boxes was 2.2.3 I had to use it ( debian
woody). I figured that
it would not cause any problems.
It would appear that something is foiling my attempts
for the elegant
one box solution.
Unexplanibly the only box that correctly performs the
remote browse
sync
is one stray pentium running samba 2.0 (debian potato)
which is on the
inside of the firewall. Perhaps because it always
worked... hmm? I
wonder.
The other two samba boxes luckily produce errors..
/var/log/samba/log.nmbd from \\SAMBA-KC IP
192.168.4.1:
[2002/07/08 15:58:28, 0]
nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(359)
find_domain_master_name_query_fail: Unable to find the
Domain Master Browser name WORKGROUP<1b> for the
workgroup WORKGROUP.
Unable to sync browse lists in this workgroup.
/var/log/samba/log.nmbd from \\SAMBA-HYDEPARK IP
192.168.3.1:
[2002/07/08 07:42:24, 0]
nmbd/nmbd_incomingdgrams.c:process_master_browser_announce(396)
process_master_browser_announce: Not configured as
domain master - ignoring master announce.
[2002/07/08 07:44:07, 0]
nmbd/nmbd_browsesync.c:domain_master_node_status_fail(263)domain_master_node_status_fail:
Doing a node status request to the domain master
browser
for workgroup WORKGROUP at IP 192.168.100.4 failed.
Cannot sync browser lists.
The core of my smb.conf is basically the same on the 3
non-DMBs:
wins server = 192.168.100.4 ; this is the IP of the
DMB
os level = 65
domain master = no
localmaster = yes
preferred master = yes
remote browse sync = 192.168.100.4 192.168.3.1
192.168.4.1
On the the DMB \\SAMBA-UNION:
os level = 65
preferred master = True
domain master = True
dns proxy = No
wins support = Yes
remote announce = 192.168.1.2 192.168.3.1
192.168.4.1
remote browse sync = 192.168.1.2 192.168.3.1
192.168.4.1
If anyone can suggest any pointers I would greatly
appreciate it.
I /dont/ want to return to the former config. the
physical distance
between makes physical maintainace a logistical PITA
I will place conf's and logs on a website upon request
I am not on the list.
please cc: dxd at phmeco.com
or dxd at dariux.net
later
-dxd
__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com
More information about the samba
mailing list