[Samba] Samba and VPN

Simo Sorce idra at samba.org
Thu Aug 1 00:21:02 GMT 2002 

Hi Aleksander, thank you very much for spending your time on this issue.
I'm really curious to see what you find out.
Just now I checked samba code and found no RPC calls about wins browse
list implemented on server side, so I'll appreciate very much if you can
keep us informed and send the traces of the call and response you find
out.
This way we can implement also this one and let you live happy with a
samba wins server :).

As for ethereal you may contact tpot at samba.org if you found errors, but
please upgrade to the latest cvs before.

Simo.

On Thu, 2002-08-01 at 08:23, Aleksandr Koltsoff wrote:
> actually. well, you can see my original mail here:
> 
> http://lists.samba.org/pipermail/samba-technical/2002-July/038355.html
> 
> I have proceeded beyond that now. Since I'm running on a tight schedule and
> absolutely needed to get the cross-domain/cross-subnet browsing to work, I
> installed MS WINS.
> 
> I have since made packet captures (did I mention that all domains are
> visible on all
> computers that belong to any domain in any network?) and have been studying
> the protocol.
> 
> To make a long story short, cross-domain and cross-subnet browsing will not
> work with samba. especially if domains are limited to one subnet. That's it.
> The reasons follow.
> 
> MS PDC's (DMB's) will issue a DCE/RPC remote procedure call to the WINS
> server asking for the list of all it's DMB's (the <1b> records). In some
> microsoft documentation they explain this something like this:
> 
> "the DMB will issue a wildcard query for all <1b> names in the WINS and then
> proceed by resolving each of the names via reverse queries. DMB will then
> periodically attempt to sync those DMB's browse lists".
> 
> This is kind of misleading. The DMB will issue the query allright, but not
> via the normal NBT name resolving mechanisms. The query will be done using
> DCE/RPC. This specific RPC is referenced by MS KB article (reference to it
> in my original mail) as R_WinsGetBrowserList (or similar).
> 
> I've been studying the packet dumps now, but since I've started capturing
> only after the browsing stabilised, I'm still missing the structure of the
> reply message. Using ethereal I've found that the domain names do indeed
> travel back to the calling PDC (all of them, at least the ones that have
> been registered into WINS).
> 
> I've now started a 24h capture and there will be three new domain additions
> today so I'll get some more data.
> 
> Also I suspect a bug in the DCE/RPC parser in ethereal if anyone is
> interested in helping, so watch out. the UUIDs get mapped from wrong places
> and there are many unaccounted for zero bytes in the packet which don't get
> included in parsing for some reason.
> 
> If anyone is willing/capable of helping me with this, I'd be grateful.
> However since my original mail received no responses at all, looks like I'll
> have to do this alone, if I'll have the motivation to continue.
> 
> thanks for all the fish :-)
> 
> 
-- 
Simo Sorce
----------
Una scelta di liberta': Software Libero.
A choice of freedom: Free Software.
http://www.softwarelibero.it

More information about the samba-technical mailing list