[Samba] Network Meltdown after Samba 4.9.0 Upgrade
Rowland Penny
rpenny at samba.org
Sat Sep 15 12:57:15 UTC 2018
On Sat, 15 Sep 2018 05:39:02 -0700
Andrew Bartlett <abartlet at samba.org> wrote:
> On Sat, 2018-09-15 at 10:37 +0100, Rowland Penny via samba wrote:
> > On Sat, 15 Sep 2018 04:02:29 -0500
> > "David C. Rankin via samba" <samba at lists.samba.org> wrote:
> >
> > >
> > > On 09/15/2018 03:40 AM, Rowland Penny via samba wrote:
> > > >
> > > >
> > > > It is undoubtedly for a 'standalone server', so why does it also
> > > > have the line 'domain master = Yes' ??
> > > > It cannot be both, I would suggest removing this line.
> > > >
> > > > Rowland
> > > >
> > > >
> > > Rowland,
> > >
> > > domain master=yes used to be standard for stand-alone to cause
> > > nmbd
> > > claim a special domain specific NetBIOS name as a domain master
> > > browser (based on the os level/preferred master election rules)
> > >
> > > man smb.conf does not mention any discontinuation for use in
> > > stand-alone mode. Should it not be used any longer in that role,
> > > or is it a matter of network scale?
> > >
> > Things have changed, you should allow the domain/workgroup to set
> > its own master especially if there is a PDC or DC in the mix.
>
> Rowland,
>
> The purpose of the 'domain master' parameter is as David describes, to
> configure exactly this mode.
>
> It is not in conflict with 'server role = standalone server', the
> parameters are intended to allow this, which is why the default for
> 'domain master' is 'auto'.
>
> I hope this clarifies things,
>
> Andrew Bartlett
Not really, if you examine man smb.conf, you will find this:
domain master (G)
Tell smbd(8) to enable WAN-wide browse list collation. Setting this
option causes nmbd to claim a special domain specific NetBIOS name
that identifies it as a domain master browser for its given
workgroup. Local master browsers in the same workgroup on
broadcast-isolated subnets will give this nmbd their local browse
lists, and then ask smbd(8) for a complete copy of the browse list
for the whole wide area network. Browser clients will then contact
their local master browser, and will receive the domain-wide browse
list, instead of just the list for their broadcast-isolated subnet.
Note that Windows NT Primary Domain Controllers expect to be able
to claim this workgroup specific special NetBIOS name that
identifies them as domain master browsers for that workgroup by
default (i.e. there is no way to prevent a Windows NT PDC from
attempting to do this). This means that if this parameter is set
and nmbd claims the special name for a workgroup before a Windows
NT PDC is able to do so then cross subnet browsing will behave
strangely and may fail.
If domain logons = yes, then the default behavior is to enable the
domain master parameter. If domain logons is not enabled (the
default setting), then neither will domain master be enabled by
default.
When domain logons = Yes the default setting for this parameter is
Yes, with the result that Samba will be a PDC. If domain master =
No, Samba will function as a BDC. In general, this parameter should
be set to 'No' only on a BDC.
Default: domain master = auto
So, from my reading, you should only set 'domain master' (be it 'yes'
or 'no') on a PDC or a BDC, on anything else it shouldn't be set at all
and allow the default, which is auto.
Also, doesn't network browsing need SMBv1 and isn't it now turned off
by default ?
Rowland
More information about the samba
mailing list