[Samba] The "single WINS" problem

Andrew Bartlett abartlet at samba.org
Sat Nov 26 10:39:24 GMT 2005

On Sat, 2005-11-26 at 09:29 +0100, Tomasz Chmielewski wrote:
> To prevent such cases, where networks are separate (i.e. in different 
> cities) but use a single user database (in LDAP), I just set up PDCs 
> instead of BDCs (they don't see each other via netbios anyway), and each 
> of them is acting as a WINS server.
> I find it much more resistent to such failures.

One of the nice things about this setup is that with 'dns proxy = yes',
you can still have access to the same fileservers (because they are in
DNS), but the netbios space is separate for PDC/BDC etc.  I use this to
separate my (less trusted) wireless network from the main LAN.  The
wireless gateway is a DC and WINS server.  Were a malicious laptop to
spoof the DC, corrupt WINS etc, it cannot disrupt the main LAN.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051126/fee6fb8b/attachment.bin

More information about the samba mailing list