[Samba] Network Meltdown after Samba 4.9.0 Upgrade

Rowland Penny rpenny at samba.org
Sat Sep 15 13:18:04 UTC 2018


On Sat, 15 Sep 2018 06:05:33 -0700
Andrew Bartlett <abartlet at samba.org> wrote:

> On Sat, 2018-09-15 at 13:57 +0100, Rowland Penny wrote:
> > On Sat, 15 Sep 2018 05:39:02 -0700
> > Andrew Bartlett <abartlet at samba.org> wrote:
> > 
> > > 
> > > On Sat, 2018-09-15 at 10:37 +0100, Rowland Penny via samba wrote:
> > > > 
> > > > On Sat, 15 Sep 2018 04:02:29 -0500
> > > > "David C. Rankin via samba" <samba at lists.samba.org> wrote:
> > > > 
> > > > > 
> > > > > 
> > > > > On 09/15/2018 03:40 AM, Rowland Penny via samba wrote:
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > It is undoubtedly for a 'standalone server', so why does it
> > > > > > also
> > > > > > have the line 'domain master = Yes' ??
> > > > > > It cannot be both, I would suggest removing this line.
> > > > > > 
> > > > > > Rowland
> > > > > > 
> > > > > > 
> > > > > Rowland,
> > > > > 
> > > > >   domain master=yes used to be standard for stand-alone to
> > > > > cause
> > > > > nmbd
> > > > > claim a special domain specific NetBIOS name as a domain
> > > > > master browser (based on the os level/preferred master
> > > > > election rules)
> > > > > 
> > > > >   man smb.conf does not mention any discontinuation for use in
> > > > > stand-alone mode. Should it not be used any longer in that
> > > > > role,
> > > > > or is it a matter of network scale?
> > > > > 
> > > > Things have changed, you should allow the domain/workgroup to
> > > > set its own master especially if there is a PDC or DC in the
> > > > mix.
> > > Rowland,
> > > 
> > > The purpose of the 'domain master' parameter is as David
> > > describes, to
> > > configure exactly this mode.  
> > > 
> > > It is not in conflict with 'server role = standalone server', the
> > > parameters are intended to allow this, which is why the default
> > > for 'domain master' is 'auto'.
> > > 
> > > I hope this clarifies things,
> > > 
> > > Andrew Bartlett
> > Not really, if you examine man smb.conf, you will find this:
> > 
> > 
> >        domain master (G)
> > 
> >            Tell smbd(8) to enable WAN-wide browse list collation.
> > Setting this
> >            option causes nmbd to claim a special domain specific
> > NetBIOS name
> >            that identifies it as a domain master browser for its
> > given
> >            workgroup. Local master browsers in the same workgroup on
> >            broadcast-isolated subnets will give this nmbd their
> > local browse
> >            lists, and then ask smbd(8) for a complete copy of the
> > browse list
> >            for the whole wide area network. Browser clients will
> > then contact
> >            their local master browser, and will receive the domain-
> > wide browse
> >            list, instead of just the list for their broadcast-
> > isolated subnet.
> 
> ...
> 
> > So, from my reading, you should only set 'domain master' (be it
> > 'yes' or 'no') on a PDC or a BDC, on anything else it shouldn't be
> > set at all
> > and allow the default, which is auto.
> 
> No, there is that third mode, being a domain master browser alone. 
> 
> That is what the first paragraph above refers.
> 
> > Also, doesn't network browsing need SMBv1 and isn't it now turned
> > off by default ?
> 
> Yes it uses SMBv1, but no it is still very popular.
> 

I wasn't talking about how popular it is, I was talking about 'ntlm
auth' not being set in the OP's smb.conf, so it is using the default
NTLMv2, so browsing will not work.

I personally think we are both right here, you for the bug and myself
for saying you shouldn't set 'domain master' on a standalone server.

Rowland



More information about the samba mailing list