[Samba] Samba4 as DC and Neighborhood browsing (nmbd functionality) !

Daniel Müller mueller at tropenklinik.de
Thu Jan 23 00:32:28 MST 2014

Samba4 has integrated samba4wins so it should work as wins server.
As far as I know you just have to put the right entries in  "server
Or just enable netbios /TCP in the settings of your Win Clients.

EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Computer service SPb.
Gesendet: Mittwoch, 22. Januar 2014 22:59
An: samba at lists.samba.org
Betreff: [Samba] Samba4 as DC and Neighborhood browsing (nmbd functionality)

At the moment if Samba4 acts as DC (domain controller) it doesn' t support
neighborhood browsing, that is computers in a local group are not visible in
network neighborhood.
I have not been remaining think about working of the functionality.
And have found this one:
I am not a programmer but may be it will be useful for easier and quicker
implementation of such functionality. It is very important and necassary.
Some tech info portion from the link above:
Winbind cannot lookup S-1-5-7, which corresponds to the builtin group
"Anonymous Logon". So winbind cannot find a "user token" in the idmap.
Incidentally, since Bug 29000 we create these Builtin groups in UCS LDAP,
and thus the samba4-idmap listener creates an idmap entry with
In UCS 3.1-1 on the other hand Samba4 had written XID_TYPE_BOTH entries.
After manually changing the S-1-5-7 record in idmap to XID_TYPE_BOTH, the
network browsing worked again.
My first idea is, that we should/could change the samba4-idmap listener to
generate XID_TYPE_BOTH records for the Builtin S-1-5* SIDs.
Ok, samba4-idmap.py is adjusted in univention-samba4 3.0.34-1.
For a quick check in the affected test domain update the package and run
--direct-resync once. After that network browsing should work again, no
samba restart required.
Actually Samba4 on itself creates the idmap record for S-1-5-7 as
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list