[Samba] UNICAST cross-subnet browsing, Port 445 vs. 139, and Win2k
Andy Levine
andyl at epicrealm.com
Sat Sep 7 03:10:01 GMT 2002
I have been having a heck of a time getting cross subnet browsing to work
properly. After MANY hours hunting through source and debug logs, I have
FINALLY found the source of my browsing issues.
My Samba nmdb properly becomes the LMB for my segment on a WAN. I VPN to my
servers at the home office and Samba attempts to sync with the DMB. nmbd
properly locates the DMB via WINS over the UNICAST_SUBNET, then proceeds to
try and sync with it over port 445. The connection to port 445 works JUST
FINE. I get connected, the connection to IPC$ happens just fine and the
return from the cli_NetServerEnum calls for Domains and everything else
complete fine. The problem is the returned lists are empty !!! Debug logs
show: "sync with HOMEOFFICE(172.16.10.5) for workgroup GROUPXYZ completed (0
records)". The dumped returned blocks show a correct return record, just
with nothing in it.
I tried the same thing from the command line using smbclient with the same
results:
----------------------------------------------------------------------------
--------
[root at farmboy /]# smbclient -p 445 -L HOMEOFFICE -U% -W GROUPXYZ
added interface ip=192.168.1.10 bcast=192.168.1.255 nmask=255.255.255.0
Got a positive name query response from 172.16.10.10 ( 172.16.10.5 )
Domain=[XXXX] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
Sharename Type Comment
--------- ---- -------
IPC$ IPC Remote IPC
JACKSON.log Disk "Exchange message tracking logs"
Resources$ Disk "Event logging files"
NETLOGON Disk Logon server share
CertConfig Disk Certificate Services configuration
CertEnroll Disk Certificate Services share
ADMIN$ Disk Remote Admin
SYSVOL Disk Logon server share
C$ Disk Default share
Address Disk "Access to address objects"
Server Comment
--------- -------
Workgroup Master
--------- -------
[root at farmboy /]#
----------------------------------------------------------------------------
--------
However, force the cli_NetServerEnum calls to be on the OLD NMB port (139)
and everything works !!
----------------------------------------------------------------------------
------
[root at farmboy /]# smbclient -p 139 -L HOMEOFFICE -N -U% -W GROUPXYZ
added interface ip=192.168.1.10 bcast=192.168.1.255 nmask=255.255.255.0
Got a positive name query response from 172.16.10.10 ( 172.16.10.5 )
Domain=[XXXX] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
Sharename Type Comment
--------- ---- -------
IPC$ IPC Remote IPC
JACKSON.log Disk "Exchange message tracking logs"
Resources$ Disk "Event logging files"
NETLOGON Disk Logon server share
CertConfig Disk Certificate Services configuration
CertEnroll Disk Certificate Services share
ADMIN$ Disk Remote Admin
SYSVOL Disk Logon server share
C$ Disk Default share
Address Disk "Access to address objects"
Server Comment
--------- -------
4THFLOORCONF
QA
QA4
QAVM1A
QAVM1B
QAVM1C
QAVM1D
QAVM2B
QAVM2C
VPN
-------- snip LOTS of stuff omitted -----------------------
Workgroup Master
--------- -------
-------- snip LOTS of stuff omitted -----------------------
WORKGROUP QA10
[root at farmboy /]#
--------------------------------------------------------------------
Now my questions:
1) I figure this to be some kind of misconfigured W2K server at the other
end, correct ? Why does the connection to port 449 succeed, yet fail to
serve up all the desired info ??
2) The code in libsmb/cliconnect.c, cli_connect ALWAYS tries port 449 first,
then falls back to port 139 if the open fails. In my case the open DOESN'T
fail so I never fall back to port 139, which in my case would solve my
browsing issues. It does NOT appear that there is any way to override this
behavior. Would it be beneficial (or detrimental for that matter) for me to
create a patch that would allow a user to specify which port browse
synchronization to occur on ?? Something like a new smb.conf parm,
"browse-sync-ports 139 445" that could then be used in cli_connect to
specify desired behavior ?
Sorry for the long post. I wasn't sure if this was the correct group or if
samba-technical was more appropriate.
Thanks
Andy Levine
More information about the samba
mailing list