[Samba] samber server in openvz container - venet oder veth0?

Fri Aug 10 13:23:47 MDT 2012

If you don't use WINS, and you are trying to log into the domain, the
client will broadcast for a DC server.   This normally works OK if
everything is on the same LAN.   If broadcast doesn't work, the using
WINS helps find the DC's-  since the WINS database on the WINS server
includes name-to-ip entries for DC's as well as hosts.

For simpler things like connecting to network shares , Windows clients
can use dns to find machine names.   So if you want to map a user drive
(e.g.     net use R: \\someserver\someshare) this should work fine with
out wins.  Afterall, the client is doing all the name resolution.  This
is supposing of course that the servers IP name and netbios name are the
same.

however, in practice there does seem to be a server side issue.    I
have several samba servers and I ran into the following problem:

from a VPN client, I could use "net use \\server1_hostname" and "net use
\\server2_hostname" to connect to shared resources.  I could NOT use
"net use \\server3_hostname."  VPN clients did not use WINS, and NETBIOS
broadcasts were blocked for VPN clients, even tho the VPN client
appeared to be on the same subnet.    VPN clients could resolve host
names via DNS.  They could even connect with  "net use
\\server3_IP_address."  Packet captures showed that the clients were in
fact reaching server3_hostname but that server3  would not respond.    
The server should NOT be attempting to resolve the client names but, for
some reason, it was.  

On 08/10/12 14:44, Birgit Berger (UV Wien) wrote:
> sorry, to bother you again.
>
> I cannot join win7 or winXP clients to my samba domain sever located on a
> debian server in a VE (openvz) unless I set up the server and clients to
> use WINS. But the recommendation is not to use WINS. openvz natively uses
> venet. venet makes broadcasting impossible.
>
> I guess DNS is sufficient for name<->IP resolution but not for NetBios
> name<->IP resolution (it doesn' know name types and maybe that's why it
> cannot find DMB and logon server?) and that's why my win7 and winXP
> clients cannot join the domain.
>
> So given my virtual server setup with openvz, do you rather suggest to use
> WINS or to set up veth so I can use normal broadcasting?
> Or are there other ways to do name resolution with a samba server
> installed in a VE container which I oversaw.
>
> I'm a newbie and netbios name resolution is hard to understand. so I would
> be very happy to get any suggestions from people already using samba
> server in an open vz container.... do you guys use venet or veth or do you
> just activate WINS?
>
> birgit 
>
>
>
>
>
> ===========================
>
> thank you Johannes. no, I don't really need WINS but it was the only way I
> could join clients to the domain so far. so I activated it. DNS should be
> available and working too.
>
> /etc/nsswitch.conf looks like this:
> hosts: files dns
>
> Can I use venet with samba or should I change to veth? 
>
> regards, birgit
>
>
>
> Johannes Truschnigg <johannes at truschnigg.info> schreibt:
>> Hi Birgit,
>>
>> On Tue, Aug 07, 2012 at 01:38:32PM +0200, Birgit Berger (UV Wien) wrote:
>>> I'm new to the list. hopefully my question is correctly placed here...
>>>
>>> I'd installed my samba server 3.5.6 on debian squeeze in a openvz
>>> container that uses venet. I'd love to keep it that way but I'm not sure
>>> if that is ok. Do you use samba server with venet or do I have to change
>>> to veth?
>>>
>>> I already read http://wiki.openvz.org/Differences_between_venet_and_veth
>>> and I don't want to intall shorewall in every container (VE). Also venet
>>> seems easier to administrate and is faster.
>>>
>>> I read
>>>
>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html
>>> and nmblookup (chapters 4,5,6 and 10) doesn't work. This is because of
>>> venet, I suppose. Because with venet broadcasting doesn't work. But do I
>>> really need it for the Samba server or can I just use DNS (on other
>>> servers than the samba server) and WINS server (on the samba server)?
>> Can
>>> I stick to venet or should I use veth?
>> Do you have clients on the network that you know absolutely require WINS
>> for
>> resolving names? (I'd actually have a hard time believing that, but who
>> knows...) Other than that, not having WINS but DNS as its modern and
>> sensible
>> replacement in working condition should be perfectly sufficient for your
>> day
>> to day Samba (and other networking) needs. I've been running Samba without
>> nmbd enabled for a few years now (with Windows XP, Windows 7 and
>> GNU/Linux as
>> clients) and did not run into any problems becasue of that.
>>
>> Grüße aus und nach Wien ;)
>>
>> -- 
>> with best regards:
>> - Johannes Truschnigg ( johannes at truschnigg.info )
>>
>> www:   http://johannes.truschnigg.info/
>> phone: +43 650 2 133337
>> xmpp:  johannes at truschnigg.info
>>
>> Please do not bother me with HTML-email or attachments. Thank you.
>
>
> Johannes Truschnigg <johannes at truschnigg.info> schreibt:
>> Hello again,
>>
>> On Tue, Aug 07, 2012 at 02:28:24PM +0200, Birgit Berger (UV Wien) wrote:
>>> thank you Johannes. no, I don't really need WINS but it was the only
>> way I
>>> could join clients to the domain so far. so I activated it. DNS should
>> be
>>> available and working too.
>>>
>>> /etc/nsswitch.conf looks like this:
>>> hosts: files dns
>> That's fine - you don't want anything reagrding winbind or WINS in there,
>> since you don't have proper name resolution set up over that kind of
>> protocol/service.
>>
>>> Can I use venet with samba or should I change to veth?
>> Just stick with what you got - vnet will be fine.
>>
>> Have a nice day!
>>
>> -- 
>> with best regards:
>> - Johannes Truschnigg ( johannes at truschnigg.info )
>>
>> www:   http://johannes.truschnigg.info/
>> phone: +43 650 2 133337
>> xmpp:  johannes at truschnigg.info
>>
>> Please do not bother me with HTML-email or attachments. Thank you.
>
>
> Birgit Berger
>
> EDV-Administratorin an der ÖH Uni Wien
>
> http://www.oeh.univie.ac.at/arbeitsbereiche/edv.html
>