search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
set version string
[Samba.git] / docs / htmldocs / browsing-quick.html
blob8c597e001ff6c826e0c8b3540271392cab8c08c4
1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
2 <HTML
3 ><HEAD
4 ><TITLE
5 >Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</TITLE
6 ><META
7 NAME="GENERATOR"
8 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
9 "><LINK
10 REL="HOME"
11 TITLE="SAMBA Project Documentation"
12 HREF="samba-howto-collection.html"><LINK
13 REL="UP"
14 TITLE="General installation"
15 HREF="introduction.html"><LINK
16 REL="PREVIOUS"
17 TITLE="Improved browsing in samba"
18 HREF="improved-browsing.html"><LINK
19 REL="NEXT"
20 TITLE="LanMan and NT Password Encryption in Samba"
21 HREF="pwencrypt.html"></HEAD
22 ><BODY
23 CLASS="CHAPTER"
24 BGCOLOR="#FFFFFF"
25 TEXT="#000000"
26 LINK="#0000FF"
27 VLINK="#840084"
28 ALINK="#0000FF"
29 ><DIV
30 CLASS="NAVHEADER"
31 ><TABLE
32 SUMMARY="Header navigation table"
33 WIDTH="100%"
34 BORDER="0"
35 CELLPADDING="0"
36 CELLSPACING="0"
37 ><TR
38 ><TH
39 COLSPAN="3"
40 ALIGN="center"
41 >SAMBA Project Documentation</TH
42 ></TR
43 ><TR
44 ><TD
45 WIDTH="10%"
46 ALIGN="left"
47 VALIGN="bottom"
48 ><A
49 HREF="improved-browsing.html"
50 ACCESSKEY="P"
51 >Prev</A
52 ></TD
53 ><TD
54 WIDTH="80%"
55 ALIGN="center"
56 VALIGN="bottom"
57 ></TD
58 ><TD
59 WIDTH="10%"
60 ALIGN="right"
61 VALIGN="bottom"
62 ><A
63 HREF="pwencrypt.html"
64 ACCESSKEY="N"
65 >Next</A
66 ></TD
67 ></TR
68 ></TABLE
69 ><HR
70 ALIGN="LEFT"
71 WIDTH="100%"></DIV
72 ><DIV
73 CLASS="CHAPTER"
74 ><H1
75 ><A
76 NAME="BROWSING-QUICK">Chapter 3. Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</H1
77 ><P
78 >This document should be read in conjunction with Browsing and may
79 be taken as the fast track guide to implementing browsing across subnets
80 and / or across workgroups (or domains). WINS is the best tool for resolution
81 of NetBIOS names to IP addesses. WINS is NOT involved in browse list handling
82 except by way of name to address mapping.</P
83 ><DIV
84 CLASS="SECT1"
85 ><H1
86 CLASS="SECT1"
87 ><A
88 NAME="AEN377">3.1. Discussion</H1
89 ><P
90 >Firstly, all MS Windows networking is based on SMB (Server Message
91 Block) based messaging. SMB messaging is implemented using NetBIOS. Samba
92 implements NetBIOS by encapsulating it over TCP/IP. MS Windows products can
93 do likewise. NetBIOS based networking uses broadcast messaging to affect
94 browse list management. When running NetBIOS over TCP/IP this uses UDP
95 based messaging. UDP messages can be broadcast or unicast.</P
96 ><P
97 >Normally, only unicast UDP messaging can be forwarded by routers. The
98 "remote announce" parameter to smb.conf helps to project browse announcements
99 to remote network segments via unicast UDP. Similarly, the "remote browse sync"
100 parameter of smb.conf implements browse list collation using unicast UDP.</P
101 ><P
102 >Secondly, in those networks where Samba is the only SMB server technology
103 wherever possible nmbd should be configured on one (1) machine as the WINS
104 server. This makes it easy to manage the browsing environment. If each network
105 segment is configured with it's own Samba WINS server, then the only way to
106 get cross segment browsing to work is by using the "remote announce" and
107 the "remote browse sync" parameters to your smb.conf file.</P
108 ><P
109 >If only one WINS server is used then the use of the "remote announce" and the
110 "remote browse sync" parameters should NOT be necessary.</P
111 ><P
112 >Samba WINS does not support MS-WINS replication. This means that when setting up
113 Samba as a WINS server there must only be one nmbd configured as a WINS server
114 on the network. Some sites have used multiple Samba WINS servers for redundancy
115 (one server per subnet) and then used "remote browse sync" and "remote announce"
116 to affect browse list collation across all segments. Note that this means
117 clients will only resolve local names, and must be configured to use DNS to
118 resolve names on other subnets in order to resolve the IP addresses of the
119 servers they can see on other subnets. This setup is not recommended, but is
120 mentioned as a practical consideration (ie: an 'if all else fails' scenario).</P
121 ><P
122 >Lastly, take note that browse lists are a collection of unreliable broadcast
123 messages that are repeated at intervals of not more than 15 minutes. This means
124 that it will take time to establish a browse list and it can take up to 45
125 minutes to stabilise, particularly across network segments.</P
126 ></DIV
127 ><DIV
128 CLASS="SECT1"
129 ><H1
130 CLASS="SECT1"
131 ><A
132 NAME="AEN385">3.2. Use of the "Remote Announce" parameter</H1
133 ><P
134 >The "remote announce" parameter of smb.conf can be used to forcibly ensure
135 that all the NetBIOS names on a network get announced to a remote network.
136 The syntax of the "remote announce" parameter is:
137 <PRE
138 CLASS="PROGRAMLISTING"
139 > remote announce = a.b.c.d [e.f.g.h] ...</PRE
140 >
141 _or_
142 <PRE
143 CLASS="PROGRAMLISTING"
144 > remote announce = a.b.c.d/WORKGROUP [e.f.g.h/WORKGROUP] ...</PRE
145 >
146
147 where:
148 <P
149 ></P
150 ><DIV
151 CLASS="VARIABLELIST"
152 ><DL
153 ><DT
154 >a.b.c.d and e.f.g.h</DT
155 ><DD
156 ><P
157 >is either the LMB (Local Master Browser) IP address
158 or the broadcst address of the remote network.
159 ie: the LMB is at 192.168.1.10, or the address
160 could be given as 192.168.1.255 where the netmask
161 is assumed to be 24 bits (255.255.255.0).
162 When the remote announcement is made to the broadcast
163 address of the remote network every host will receive
164 our announcements. This is noisy and therefore
165 undesirable but may be necessary if we do NOT know
166 the IP address of the remote LMB.</P
167 ></DD
168 ><DT
169 >WORKGROUP</DT
170 ><DD
171 ><P
172 >is optional and can be either our own workgroup
173 or that of the remote network. If you use the
174 workgroup name of the remote network then our
175 NetBIOS machine names will end up looking like
176 they belong to that workgroup, this may cause
177 name resolution problems and should be avoided.</P
178 ></DD
179 ></DL
180 ></DIV
181 ></P
182 ></DIV
183 ><DIV
184 CLASS="SECT1"
185 ><H1
186 CLASS="SECT1"
187 ><A
188 NAME="AEN399">3.3. Use of the "Remote Browse Sync" parameter</H1
189 ><P
190 >The "remote browse sync" parameter of smb.conf is used to announce to
191 another LMB that it must synchronise it's NetBIOS name list with our
192 Samba LMB. It works ONLY if the Samba server that has this option is
193 simultaneously the LMB on it's network segment.</P
194 ><P
195 >The syntax of the "remote browse sync" parameter is:
196 <PRE
197 CLASS="PROGRAMLISTING"
198 > remote browse sync = a.b.c.d</PRE
199 >
200
201 where a.b.c.d is either the IP address of the remote LMB or else is the network broadcast address of the remote segment.</P
202 ></DIV
203 ><DIV
204 CLASS="SECT1"
205 ><H1
206 CLASS="SECT1"
207 ><A
208 NAME="AEN404">3.4. Use of WINS</H1
209 ><P
210 >Use of WINS (either Samba WINS _or_ MS Windows NT Server WINS) is highly
211 recommended. Every NetBIOS machine registers it's name together with a
212 name_type value for each of of several types of service it has available.
213 eg: It registers it's name directly as a unique (the type 0x03) name.
214 It also registers it's name if it is running the lanmanager compatible
215 server service (used to make shares and printers available to other users)
216 by registering the server (the type 0x20) name.</P
217 ><P
218 >All NetBIOS names are up to 15 characters in length. The name_type variable
219 is added to the end of the name - thus creating a 16 character name. Any
220 name that is shorter than 15 characters is padded with spaces to the 15th
221 character. ie: All NetBIOS names are 16 characters long (including the
222 name_type information).</P
223 ><P
224 >WINS can store these 16 character names as they get registered. A client
225 that wants to log onto the network can ask the WINS server for a list
226 of all names that have registered the NetLogon service name_type. This saves
227 broadcast traffic and greatly expedites logon processing. Since broadcast
228 name resolution can not be used across network segments this type of
229 information can only be provided via WINS _or_ via statically configured
230 "lmhosts" files that must reside on all clients in the absence of WINS.</P
231 ><P
232 >WINS also serves the purpose of forcing browse list synchronisation by all
233 LMB's. LMB's must synchronise their browse list with the DMB (domain master
234 browser) and WINS helps the LMB to identify it's DMB. By definition this
235 will work only within a single workgroup. Note that the domain master browser
236 has NOTHING to do with what is referred to as an MS Windows NT Domain. The
237 later is a reference to a security environment while the DMB refers to the
238 master controller for browse list information only.</P
239 ><P
240 >Use of WINS will work correctly only if EVERY client TCP/IP protocol stack
241 has been configured to use the WINS server/s. Any client that has not been
242 configured to use the WINS server will continue to use only broadcast based
243 name registration so that WINS may NEVER get to know about it. In any case,
244 machines that have not registered with a WINS server will fail name to address
245 lookup attempts by other clients and will therefore cause workstation access
246 errors.</P
247 ><P
248 >To configure Samba as a WINS server just add "wins support = yes" to the
249 smb.conf file [globals] section.</P
250 ><P
251 >To configure Samba to register with a WINS server just add
252 "wins server = a.b.c.d" to your smb.conf file [globals] section.</P
253 ><P
254 ><SPAN
255 CLASS="emphasis"
256 ><I
257 CLASS="EMPHASIS"
258 >DO NOT EVER</I
259 ></SPAN
260 > use both "wins support = yes" together with "wins server = a.b.c.d"
261 particularly not using it's own IP address.</P
262 ></DIV
263 ><DIV
264 CLASS="SECT1"
265 ><H1
266 CLASS="SECT1"
267 ><A
268 NAME="AEN415">3.5. Do NOT use more than one (1) protocol on MS Windows machines</H1
269 ><P
270 >A very common cause of browsing problems results from installing more than
271 one protocol on an MS Windows machine.</P
272 ><P
273 >Every NetBIOS machine take part in a process of electing the LMB (and DMB)
274 every 15 minutes. A set of election criteria is used to determine the order
275 of precidence for winning this election process. A machine running Samba or
276 Windows NT will be biased so that the most suitable machine will predictably
277 win and thus retain it's role.</P
278 ><P
279 >The election process is "fought out" so to speak over every NetBIOS network
280 interface. In the case of a Windows 9x machine that has both TCP/IP and IPX
281 installed and has NetBIOS enabled over both protocols the election will be
282 decided over both protocols. As often happens, if the Windows 9x machine is
283 the only one with both protocols then the LMB may be won on the NetBIOS
284 interface over the IPX protocol. Samba will then lose the LMB role as Windows
285 9x will insist it knows who the LMB is. Samba will then cease to function
286 as an LMB and thus browse list operation on all TCP/IP only machines will
287 fail.</P
288 ><P
289 >The safest rule of all to follow it this - USE ONLY ONE PROTOCOL!</P
290 ></DIV
291 ><DIV
292 CLASS="SECT1"
293 ><H1
294 CLASS="SECT1"
295 ><A
296 NAME="AEN421">3.6. Name Resolution Order</H1
297 ><P
298 >Resolution of NetBIOS names to IP addresses can take place using a number
299 of methods. The only ones that can provide NetBIOS name_type information
300 are:
301 <P
302 ></P
303 ><TABLE
304 BORDER="0"
305 ><TBODY
306 ><TR
307 ><TD
308 >WINS: the best tool!</TD
309 ></TR
310 ><TR
311 ><TD
312 >LMHOSTS: is static and hard to maintain.</TD
313 ></TR
314 ><TR
315 ><TD
316 >Broadcast: uses UDP and can not resolve names across remote segments.</TD
317 ></TR
318 ></TBODY
319 ></TABLE
320 ><P
321 ></P
322 ></P
323 ><P
324 >Alternative means of name resolution includes:
325 <P
326 ></P
327 ><TABLE
328 BORDER="0"
329 ><TBODY
330 ><TR
331 ><TD
332 >/etc/hosts: is static, hard to maintain, and lacks name_type info</TD
333 ></TR
334 ><TR
335 ><TD
336 >DNS: is a good choice but lacks essential name_type info.</TD
337 ></TR
338 ></TBODY
339 ></TABLE
340 ><P
341 ></P
342 ></P
343 ><P
344 >Many sites want to restrict DNS lookups and want to avoid broadcast name
345 resolution traffic. The "name resolve order" parameter is of great help here.
346 The syntax of the "name resolve order" parameter is:
347 <PRE
348 CLASS="PROGRAMLISTING"
349 > name resolve order = wins lmhosts bcast host</PRE
350 >
351 _or_
352 <PRE
353 CLASS="PROGRAMLISTING"
354 > name resolve order = wins lmhosts (eliminates bcast and host)</PRE
355 >
356 The default is:
357 <PRE
358 CLASS="PROGRAMLISTING"
359 > name resolve order = host lmhost wins bcast</PRE
360 >.
361 where "host" refers the the native methods used by the Unix system
362 to implement the gethostbyname() function call. This is normally
363 controlled by <TT
364 CLASS="FILENAME"
365 >/etc/host.conf</TT
366 >, <TT
367 CLASS="FILENAME"
368 >/etc/nsswitch.conf</TT
369 > and <TT
370 CLASS="FILENAME"
371 >/etc/resolv.conf</TT
372 >.</P
373 ></DIV
374 ></DIV
375 ><DIV
376 CLASS="NAVFOOTER"
377 ><HR
378 ALIGN="LEFT"
379 WIDTH="100%"><TABLE
380 SUMMARY="Footer navigation table"
381 WIDTH="100%"
382 BORDER="0"
383 CELLPADDING="0"
384 CELLSPACING="0"
385 ><TR
386 ><TD
387 WIDTH="33%"
388 ALIGN="left"
389 VALIGN="top"
390 ><A
391 HREF="improved-browsing.html"
392 ACCESSKEY="P"
393 >Prev</A
394 ></TD
395 ><TD
396 WIDTH="34%"
397 ALIGN="center"
398 VALIGN="top"
399 ><A
400 HREF="samba-howto-collection.html"
401 ACCESSKEY="H"
402 >Home</A
403 ></TD
404 ><TD
405 WIDTH="33%"
406 ALIGN="right"
407 VALIGN="top"
408 ><A
409 HREF="pwencrypt.html"
410 ACCESSKEY="N"
411 >Next</A
412 ></TD
413 ></TR
414 ><TR
415 ><TD
416 WIDTH="33%"
417 ALIGN="left"
418 VALIGN="top"
419 >Improved browsing in samba</TD
420 ><TD
421 WIDTH="34%"
422 ALIGN="center"
423 VALIGN="top"
424 ><A
425 HREF="introduction.html"
426 ACCESSKEY="U"
427 >Up</A
428 ></TD
429 ><TD
430 WIDTH="33%"
431 ALIGN="right"
432 VALIGN="top"
433 >LanMan and NT Password Encryption in Samba</TD
434 ></TR
435 ></TABLE
436 ></DIV
437 ></BODY
438 ></HTML
439 >
Samba GIT mirror