[Samba] UNICAST cross-subnet browsing, Port 445 vs. 139, and Win2k

Andy Levine andyl at epicrealm.com
Sat Sep 7 03:10:01 GMT 2002


I have been having a heck of a time getting cross subnet browsing to work
properly. After MANY hours hunting through source and debug logs, I have
FINALLY found the source of my browsing issues.

My Samba nmdb properly becomes the LMB for my segment on a WAN. I VPN to my
servers at the home office and Samba attempts to sync with the DMB. nmbd
properly locates the DMB via WINS over the UNICAST_SUBNET, then proceeds to
try and sync with it over port 445. The connection to port 445 works JUST
FINE. I get connected, the connection to IPC$ happens just fine and the
return from the cli_NetServerEnum calls for Domains and everything else
complete fine. The problem is the returned lists are empty !!! Debug logs
show: "sync with HOMEOFFICE(172.16.10.5) for workgroup GROUPXYZ completed (0
records)". The dumped returned blocks show a correct return record, just
with nothing in it.

I tried the same thing from the command line using smbclient with the same
results:
----------------------------------------------------------------------------
--------
[root at farmboy /]# smbclient -p 445 -L HOMEOFFICE -U% -W GROUPXYZ
added interface ip=192.168.1.10 bcast=192.168.1.255 nmask=255.255.255.0
Got a positive name query response from 172.16.10.10 ( 172.16.10.5 )
Domain=[XXXX] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]

        Sharename      Type      Comment
        ---------      ----      -------
        IPC$           IPC       Remote IPC
        JACKSON.log    Disk      "Exchange message tracking logs"
        Resources$     Disk      "Event logging files"
        NETLOGON       Disk      Logon server share
        CertConfig     Disk      Certificate Services configuration
        CertEnroll     Disk      Certificate Services share
        ADMIN$         Disk      Remote Admin
        SYSVOL         Disk      Logon server share
        C$             Disk      Default share
        Address        Disk      "Access to address objects"

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------
[root at farmboy /]#
----------------------------------------------------------------------------
--------

However, force the cli_NetServerEnum calls to be on the OLD NMB port (139)
and everything works !!
----------------------------------------------------------------------------
------
[root at farmboy /]# smbclient -p 139 -L HOMEOFFICE -N -U% -W GROUPXYZ
added interface ip=192.168.1.10 bcast=192.168.1.255 nmask=255.255.255.0
Got a positive name query response from 172.16.10.10 ( 172.16.10.5 )
Domain=[XXXX] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]

        Sharename      Type      Comment
        ---------      ----      -------
        IPC$           IPC       Remote IPC
        JACKSON.log    Disk      "Exchange message tracking logs"
        Resources$     Disk      "Event logging files"
        NETLOGON       Disk      Logon server share
        CertConfig     Disk      Certificate Services configuration
        CertEnroll     Disk      Certificate Services share
        ADMIN$         Disk      Remote Admin
        SYSVOL         Disk      Logon server share
        C$             Disk      Default share
        Address        Disk      "Access to address objects"

        Server               Comment
        ---------            -------
        4THFLOORCONF
        QA
        QA4
        QAVM1A
        QAVM1B
        QAVM1C
        QAVM1D
        QAVM2B
        QAVM2C
        VPN
	-------- snip LOTS of stuff omitted -----------------------

        Workgroup            Master
        ---------            -------
	-------- snip LOTS of stuff omitted -----------------------
        WORKGROUP            QA10
[root at farmboy /]#
--------------------------------------------------------------------

Now my questions:

1) I figure this to be some kind of misconfigured W2K server at the other
end, correct ? Why does the connection to port 449 succeed, yet fail to
serve up all the desired info ??

2) The code in libsmb/cliconnect.c, cli_connect ALWAYS tries port 449 first,
then falls back to port 139 if the open fails. In my case the open DOESN'T
fail so I never fall back to port 139, which in my case would solve my
browsing issues. It does NOT appear that there is any way to override this
behavior. Would it be beneficial (or detrimental for that matter) for me to
create a patch that would allow a user to specify which port browse
synchronization to occur on ?? Something like a new smb.conf parm,
"browse-sync-ports   139 445" that could then be used in cli_connect to
specify desired behavior ?

Sorry for the long post. I wasn't sure if this was the correct group or if
samba-technical was more appropriate.

Thanks
Andy Levine




More information about the samba mailing list