[Samba] Samba4 as DC and Neighborhood browsing (nmbd functionality) !

Computer service SPb. cpservicespb at gmail.com
Wed Jan 22 14:58:57 MST 2014


At the moment if Samba4 acts as DC (domain controller) it doesn' t
support neighborhood browsing, that is computers in a local group are not
visible in network neighborhood.
I have not been remaining think about working of the functionality.
And have found this one:
http://forge.univention.org/bugzilla/show_bug.cgi?id=30132
I am not a programmer but may be it will be useful for easier and quicker
implementation of such functionality. It is very important and necassary.
Some tech info portion from the link above:
Winbind cannot lookup S-1-5-7, which corresponds to the builtin group
"Anonymous Logon". So winbind cannot find a "user token" in the idmap.
Incidentally, since Bug 29000 we create these Builtin groups in UCS LDAP,
and thus the samba4-idmap listener creates an idmap entry with
"XID_TYPE_GID".
In UCS 3.1-1 on the other hand Samba4 had written XID_TYPE_BOTH entries.
After manually changing the S-1-5-7 record in idmap to XID_TYPE_BOTH, the
network browsing worked again.
My first idea is, that we should/could change the samba4-idmap listener to
generate XID_TYPE_BOTH records for the Builtin S-1-5* SIDs.
Ok, samba4-idmap.py is adjusted in univention-samba4 3.0.34-1.
For a quick check in the affected test domain update the package and run
/usr/lib/univention-directory-listener/system/samba4-idmap.py
--direct-resync once. After that network browsing should work again, no
samba restart required.
Actually Samba4 on itself creates the idmap record for S-1-5-7 as
ID_TYPE_UID and not ID_TYPE_BOTH.


More information about the samba mailing list