[Samba] Network Meltdown after Samba 4.9.0 Upgrade
Rowland Penny
rpenny at samba.org
Sat Sep 15 13:18:04 UTC 2018
On Sat, 15 Sep 2018 06:05:33 -0700
Andrew Bartlett <abartlet at samba.org> wrote:
> On Sat, 2018-09-15 at 13:57 +0100, Rowland Penny wrote:
> > On Sat, 15 Sep 2018 05:39:02 -0700
> > Andrew Bartlett <abartlet at samba.org> wrote:
> >
> > >
> > > On Sat, 2018-09-15 at 10:37 +0100, Rowland Penny via samba wrote:
> > > >
> > > > On Sat, 15 Sep 2018 04:02:29 -0500
> > > > "David C. Rankin via samba" <samba at lists.samba.org> wrote:
> > > >
> > > > >
> > > > >
> > > > > On 09/15/2018 03:40 AM, Rowland Penny via samba wrote:
> > > > > >
> > > > > >
> > > > > >
> > > > > > It is undoubtedly for a 'standalone server', so why does it
> > > > > > also
> > > > > > have the line 'domain master = Yes' ??
> > > > > > It cannot be both, I would suggest removing this line.
> > > > > >
> > > > > > Rowland
> > > > > >
> > > > > >
> > > > > Rowland,
> > > > >
> > > > > domain master=yes used to be standard for stand-alone to
> > > > > cause
> > > > > nmbd
> > > > > claim a special domain specific NetBIOS name as a domain
> > > > > master browser (based on the os level/preferred master
> > > > > election rules)
> > > > >
> > > > > man smb.conf does not mention any discontinuation for use in
> > > > > stand-alone mode. Should it not be used any longer in that
> > > > > role,
> > > > > or is it a matter of network scale?
> > > > >
> > > > Things have changed, you should allow the domain/workgroup to
> > > > set its own master especially if there is a PDC or DC in the
> > > > mix.
> > > Rowland,
> > >
> > > The purpose of the 'domain master' parameter is as David
> > > describes, to
> > > configure exactly this mode.
> > >
> > > It is not in conflict with 'server role = standalone server', the
> > > parameters are intended to allow this, which is why the default
> > > for 'domain master' is 'auto'.
> > >
> > > I hope this clarifies things,
> > >
> > > Andrew Bartlett
> > Not really, if you examine man smb.conf, you will find this:
> >
> >
> > domain master (G)
> >
> > Tell smbd(8) to enable WAN-wide browse list collation.
> > Setting this
> > option causes nmbd to claim a special domain specific
> > NetBIOS name
> > that identifies it as a domain master browser for its
> > given
> > workgroup. Local master browsers in the same workgroup on
> > broadcast-isolated subnets will give this nmbd their
> > local browse
> > lists, and then ask smbd(8) for a complete copy of the
> > browse list
> > for the whole wide area network. Browser clients will
> > then contact
> > their local master browser, and will receive the domain-
> > wide browse
> > list, instead of just the list for their broadcast-
> > isolated subnet.
>
> ...
>
> > So, from my reading, you should only set 'domain master' (be it
> > 'yes' or 'no') on a PDC or a BDC, on anything else it shouldn't be
> > set at all
> > and allow the default, which is auto.
>
> No, there is that third mode, being a domain master browser alone.
>
> That is what the first paragraph above refers.
>
> > Also, doesn't network browsing need SMBv1 and isn't it now turned
> > off by default ?
>
> Yes it uses SMBv1, but no it is still very popular.
>
I wasn't talking about how popular it is, I was talking about 'ntlm
auth' not being set in the OP's smb.conf, so it is using the default
NTLMv2, so browsing will not work.
I personally think we are both right here, you for the bug and myself
for saying you shouldn't set 'domain master' on a standalone server.
Rowland
More information about the samba
mailing list