[Samba] Cross-subnet browsing

Misty Stanley-Jones misty at borkholder.com
Wed Nov 30 14:11:55 GMT 2005 

I have two domains which are on different subnets, connected by a routed
OpenVPN tunnel.  The domains trust each other.

Domain A has the WINS server.  Domain B is confused to use Domain A's WINS
server.  The VPN pushes the WINS server as part of its DHCP options as
well.

>From either domain, I am able to use smbclient to see the shares on the
other domain's PDC.  I have to specify -W <domainname> to get it to work
which I assume is normal.

>From Domain B, I'm able to use nmblookup in unicast mode, to resolve WINS
names on Domain A.  I'm not able to do this from Domain A to Domain B,
except for domain B's PDC.  I am able to reverse resolve from IP to WINS
name, for any client on Domain B.

Below I give some examples, to try to alleviate the confusion:

# Proving that I can communicate via IP between domains A and B:
pdc.domainA> /usr/sbin/traceroute 192.168.4.1
traceroute to 192.168.4.1 (192.168.4.1), 30 hops max, 40 byte packets
 1  router.domainA (192.168.1.1)  0.618 ms   0.741 ms   0.784
 4  pdc.domainB (192.168.4.1)  107.080 ms   115.237 ms   118.914 ms

pdc.domainB> /usr/sbin/traceroute 192.168.1.101
traceroute to 192.168.1.101 (192.168.1.101), 30 hops max, 40 byte packets
 1  router.domainB  114.398 ms   123.207 ms   132.061 ms
 4  pdc.domainA (192.168.1.101)  197.005 ms   205.892 ms   214.772 ms

# smbclient from domainB to domainA
pdc.domainB> smbclient -L corpsrv -W DomainA
(output proving it works)

# smbclient from domainA to domainB
pdc.domainA> smbclient -L DUTCHSRV -W DomainB -U root
(output proving it works)

# nmblookup unicast from domainB to domainA
pdc.domainB> nmblookup -U 192.168.1.101 -R 'ifss'
192.168.1.102 ifss<00>

# nmblookup unicast from domainA to domainB
pdc.domainA> nmblookup -U 192.168.1.101 -R 'rachel95'
querying rachel95 on 192.168.1.101
name_query failed to find name rachel95

# Reverse looking up same client after the IP is known
misty at baa:~> nmblookup -U 192.168.4.1 -A 192.168.4.100
Looking up status of 192.168.4.100
        RACHEL95        <00> -         M <ACTIVE>
        DV              <00> - <GROUP> M <ACTIVE>
        RACHEL95        <03> -         M <ACTIVE>
        RACHEL95        <20> -         M <ACTIVE>
        DV              <1e> - <GROUP> M <ACTIVE>
        RACHEL          <03> -         M <ACTIVE>

        MAC Address = 00-10-5A-02-59-2F

I am only able to browse shares on Domain B's PDC from Domain A, not any
other clients.  I have a feeling that it's getting resolved by IP since
the DNS and WINS names of that PDC are the same.

Please let me know how I can resolve WINS names for Domain B and browse
their shares, relying on WINS alone and not on broadcast.

More information about the samba mailing list