[Samba] Problem with Samba Net RPC Behind a firewall

Thu Jun 21 08:08:16 GMT 2007

Hello list

How can I manually register a server in a Samba Wins Server ?

I'm facing this scenario

firewalled net

in the DMZ    Samba Box 3.0.25    FreeBsd 6

In the NET    Windows 2003 SP1

The samba box is authenticating user against the Windows 2003 server. Of
course the firewall is open for TCP 445 88 137-139 UDP 137-139

problems pop up for all NET RPC comands
the samba box cannot find a Domain Server.
Obviously it is because the firewall is stopping broadcasts from DMZ to
Intranet.
So I made Samba working as WINS server
the problem is this

The Domain server WILL NEVER try to register on the Samba Wins Server
and I'm not willing to open Intranet to DMZ WINS comunications over the
firewall

I'd rather preferr to register MANUALLY and ONCE the Windows2003 server on
the Samba WINS server.
How can I do this ?
I searched over and over in google, but found no clue at all.

[global]
        workgroup = DMSWARE
        Wins support = yes
        dns proxy = yes
        #name resolve order = host wins bcast
        name resolve order = wins lmhosts hosts bcast
        local master = yes
        #domain master = yes
        domain master = no
        preferred master = auto
        enhanced browsing = yes
        #encrypt password = yes         # YES = Default

        realm = DMSWARE.it
        server string = mail
        security = ADS
        password server = orion
        passdb backend = tdbsam
        passwd program = /usr/bin/passwd %u
        client use spnego = yes
        server signing = auto
        client signing = auto
        #passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
        #passwd chat debug = yes
        log file = /var/log/samba/log.%m
        add user script = /usr/sbin/pw useradd %u
        delete user script = /usr/sbin/pw userdel %u
        add group script = /usr/sbin/groupadd %g
        delete group script = /usr/sbin/pw groupdel %g

        template homedir = /home/%U
        template shell = /bin/csh
        winbind cache time = 3600
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind nss info = rfc2307

        idmap domains = DMSWARE
        idmap config DMSWARE:range = 10000-49999
        idmap config DMSWARE:base_rid = 0
        idmap config DMSWARE:backend = rid
        idmap uid = 10000-49999
        idmap gid = 10000-49999

        #  Networking configuration options
        hosts allow = 192.168.0. 192.168.1. localhost
        #guest ok = yes
        #guest only = yes
        browseable = yes
        #read only = yes
        #force directory mode = 744
        public = yes
        available = yes
        browse list = yes

----------------------------------------------
Gianluca Culot
DMS Multimedia
Via delle Arti e dei Mestieri, 6
20050 Sulbiate (Mi) - Italy
Tel: +39 039 5968925
Fax: +39 039 3309813
<mailto:gianlucaculot at dmsware.com>
www.dmsware.com <http://www.dmsware.com/>

Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in
questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora
il messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza
copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Il
mittente comunica che il presente messaggio ed ogni suo allegato, al momento
dell’invio, era esente da ogni tipo di virus, worm, trojan e/o ogni altri
tipo di codice software dannoso. Questo messaggio e i suoi allegati
potrebbero essere stati infettati durante la trasmissione. Leggendo il
messaggio e/o aprendo gli allegati, il Destinatario si prende la piena
responsabilità nei confronti di ogni azione protettiva o di rimedio per la
rimozione di virus ed altri difetti. DMS Multimedia non potrà essere
considerata responsabile per qualsivoglia danno o perdita derivata qualunque
modo da questo messaggio o dai suoi allegati.

The information in this electronic mail message, including any attachments,
is confidential and may be legally privileged. It is intended solely for the
addressee(s). Access to this Internet electronic mail message by anyone else
is unauthorised. If you are not the intended recipient, any disclosure,
copying, distribution or action taken or omitted to be taken in reliance on
it is prohibited and may be unlawful. The sender believes that this E-mail
and any attachments were free of any virus, worm, Trojan horse, and/or
malicious code when sent. This message and its attachments could have been
infected during transmission. By reading the message and opening the
attachments, the recipient accepts full responsibility for taking protective
and remedial action about viruses and other defects.DMS Multimedia is not
liable for any loss or damage arising in any way from this message or its
attachments 