[Samba] Multiple Domains and Network Browsing

Greg Dickie greg at justaguy.ca
Wed Dec 17 03:02:01 GMT 2003

I'm sure you can make this work better if you only use one wins server. If you 
are migrating to samba anyway is it an option to at least point everyone to 
samba as WINS?

I've never had any luck with remote announce and in any case it will only 
announce the server and not any of the other workstations. You might try 
using the broadcast address of that subnet instead though in case the server 
is not the browse master.

Could you add an interface on the samba machine that was on the other VLAN 
(ie: multihomed). This way it would announce itself on both broadcast 

WINS and broadcast seems to be the only way to make network neighborhoods 

hope this helps,

On Tuesday 16 December 2003 21:42, Jason Gray wrote:
> Hi all,
> I have been working on a multi-domain network (2 of them) with one domain
> being controlled by Samba/Openldap config and the other a standard Win2k
> AD. I have had success getting all computers on the Samba domain to see the
> Win2k controller via the Network browser but it does not seem to be working
> the other way around.
> My network config is split up into two separate VLANs using an extreme
> switch ( and  They talk to each other through a
> router, have gateways out to a firewall and then pass into the internet.
> Both domains have WINS/DNS/DHCP running.  Each domain has each others
> WINS/DNS in their config files.  Both DHCP servers have propagated each
> others DNS/WINS to the various workstations (Each DHCP services only one
> sub-net).
> On workstations within the Win2k domain I can type in the desired
> workstation and it does appear or I can search for it.  However, the Domain
> container for the SAMBA group is missing on workstations within the Win2k
> domain (hope that makes sense).
> Below is a version of my smb.conf file:
>         server string =
>         workgroup = BOGUSGROUP
>         netbios name = BOGUSNAME
>         null passwords = yes
>         passdb backend = ldapsam:ldap://localhost
>         log level =1
>         add user script = /usr/local/sbin/smbldap-useradd.pl -a -m %u
>         add group script = /usr/local/sbin/smbldap-groupadd.pl -g %g
>         add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u
>         logon path = \{}\{}%L\{}profiles\{}$user
>         logon drive = H:
>         logon home = \{}\{}%L\{}$user\{}.profiles
>         domain logons = yes
>         os level = 64
>         preferred master =yes
>         domain master =  yes
>         ldap suffix = dc=group,dc=ca
>         ldap machine suffix =
> cn=Computers,ou=Systems,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
>         ldap user suffix =
> cn=Users,ou=People,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
> #        ldap group suffix =
> cn=Group,ou=Groups,sambaDomainName=BOGUSGROUP,dc=group,dc=ca
>         ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
>         ldap admin dn = "cn=Manager,dc=group,dc=ca"
>         ldap ssl = no
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         template homedir = /home/%D/%U
>         template shell = /bin/bash
>         winbind separator = +
>         wins support = yes
>         wins server =,
>         wins proxy = yes
>         dns proxy = yes
>         admin users = administrator, root
>         remote announce =
>         interfaces =
> I thought that maybe the remote announce would work but it hasn't seemed
> to. The problem is it is hard to tell which domain controller is at fault. 
> I don't think that the Samba is the problem.  The WINS on the win2k box was
> mangled until recently and the DNS is also flaky (hence the move over to
> Samba).  But I have to keep both domains up for the next little while
> (production environment) and then we will slowly migrate everyone over.
> Any thoughts would be appreciated.
> Jason

Greg Dickie
just a guy
greg at justaguy.ca

More information about the samba mailing list