[Samba] NetBIOS name resolution from Linux

On Saturday 17 May 2008 06:41:08 am Olivier Parisy wrote:
> John H Terpstra a écrit :
> > On Friday 16 May 2008 09:22:43 am Charles Marcus wrote:
> >> On 5/16/2008 10:08 AM, L.P.H. van Belle wrote:
> >>>>> set your resolve.conf to resolve on localhost first and set the
> >>>>> search order.
> >>>>>
> >>>>> example of the resolve.conf
> >>>>> search yourlocaldomain.internal.local otherdomain.com
> >>>>> nameserver 127.0.0.1
> >>>>> nameserver ipofprovider
> >>>>
> >>>> Much better to use the opendns servers than any randon ISP DNS...
> >>>
> >>> First why use open dns servers.
> >>> the dns servers of your provider is much less hops away.
> >>
> >> Hops really don't matter... most ISP DNS servers are unreliable... some
> >> are extremely unreliable... I said 'random' meaning, it really wouldn't
> >> matter what ISP you were using, I'd say the same thing...
> >
> > OK - now that we have split the atom regarding what might be the best DNS
> > solution, how does this help resolve NetBIOS names within Linux? Have I
> > missed something vital in this thread? Seems I must have.
> >
> > I'd like to know how you propose to store the name_type info in DNS?
> >
> > For example, how would you store "MYSERVERNAME<20>" in DNS?
> >
> > Next, how will you teach the Windows client to search DNS for that info.
> > After all, we are dealing with the NetBIOS name space.
>
> With all due respect, that is not clear to me either.
>
> I am "only" looking for a simple way to resolve NetBIOS names on a Linux
> machine. Replacing NetBIOS resolution by a full-fledged local DNS would,
> I suppose, be appropriate on an enterprise-scale network, but we are
> just talking about an home LAN here (which I should have stated more
> clearly from the start).

I am a little lost at to what the problem is here. WINS does not require
winbindd to be running. On the Linux system it requires:

1) In your /etc/nsswitch.conf file:
...
hosts: files wins [NOTFOUND=return] dns
...

2) Install the samba file libnss_wins.so.2 in the /lib directory (or on 64-bit
systems in the /lib64 directory)

3) Run nmbd


That's it! What is so difficult? What makes this so complicated? If you do
not need DNS, then don't even run it (or else just run a caching DNS server).

Winbind is orthogonal to wins. They serve entirely differing purposes.

- John T.

> My understanding is the following: I need to bridge NetBIOS name
> resolution, as provided by nmbd, with the libc gethostbyname() standard
> call. The Name Service Switch (NSS) seems to be designed for this
> purpose: by adding a "wins" entry in nsswitch.conf and installing
> winbind, the later can then act as a service to NSS (through
> /lib/libnss_wins.so.2; or is it /lib/libnss_winbind.so.2?).
>
> Now, all of this is nice and dandy, but installing winbind opens a whole
> can of worms for me: since it also insists in handling my users and
> groups (which, as I understand it, is its primary goal after all), it
> cannot work "out of the box" and breaks my simple SMB share setting.
>
> So I would say that winbind (or the fact that winbind + libnss_wins.so
> are distributed as the same packet on Debian?) is overkill for me.
>
> Is this description correct? I'd be very interested in a confirmation.
>
> Regards.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

John H Terpstra a écrit :
> I am a little lost at to what the problem is here. WINS does not require
> winbindd to be running. On the Linux system it requires:
>
> 1) In your /etc/nsswitch.conf file:
> ...
> hosts: files wins [NOTFOUND=return] dns
> ...
>
> 2) Install the samba file libnss_wins.so.2 in the /lib directory (or on 64-bit
> systems in the /lib64 directory)
>
> 3) Run nmbd
>
>
> That's it! What is so difficult? What makes this so complicated? If you do
> not need DNS, then don't even run it (or else just run a caching DNS server).
>
> Winbind is orthogonal to wins. They serve entirely differing purposes.
>

Ah, thank you! That is exactly what I expected. I am pleased to read
that winbind and wins are different beasts, as I have no interest in the
former.

The point is that, under Debian, the /lib/libnss_wins.so.2 file is
distributed only in the winbind package, as confirmed by this search:
http://packages.debian.org/search?se...table&arch=any

So it seems like this is a packaging issue, and not a samba one per se.

Regards,
Olivier Parisy.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

On Saturday 17 May 2008 07:44:36 am Olivier Parisy wrote:
> John H Terpstra a écrit :
> > I am a little lost at to what the problem is here. WINS does not require
> > winbindd to be running. On the Linux system it requires:
> >
> > 1) In your /etc/nsswitch.conf file:
> > ...
> > hosts: files wins [NOTFOUND=return] dns
> > ...
> >
> > 2) Install the samba file libnss_wins.so.2 in the /lib directory (or on
> > 64-bit systems in the /lib64 directory)
> >
> > 3) Run nmbd
> >
> >
> > That's it! What is so difficult? What makes this so complicated? If
> > you do not need DNS, then don't even run it (or else just run a caching
> > DNS server).
> >
> > Winbind is orthogonal to wins. They serve entirely differing purposes.
>
> Ah, thank you! That is exactly what I expected. I am pleased to read
> that winbind and wins are different beasts, as I have no interest in the
> former.
>
> The point is that, under Debian, the /lib/libnss_wins.so.2 file is
> distributed only in the winbind package, as confirmed by this search:
> http://packages.debian.org/search?se...libnss_wins&mo
>de=filename&suite=stable&arch=any
>
> So it seems like this is a packaging issue, and not a samba one per se.

No. Not a packaging issue. winbind and wins NSS files are built out of the
same code tree. It is a good idea to keep them together - just use what you
need and ignore the rest.

- John T.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

John H Terpstra a écrit :
> No. Not a packaging issue. winbind and wins NSS files are built out of the
> same code tree. It is a good idea to keep them together - just use what you
> need and ignore the rest.
>
That's a good point! Following this advice, I installed the winbind
package but disabled winbind daemon's launch at start up (by deleting
the proper /etc/rc2.d link).

Things now work properly: I can ping NetBIOS names from my Linux
machine, and my SMB share still work without modifications since winbind
daemon is not launched.

Thanks!

Regards,
Olivier.


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

On Saturday 17 May 2008, Olivier Parisy wrote:
> > It's good to avoid security=share, especially if you want to run
> > WINS.
>
> I understand this. But that is simpler, and enough for me. That share
> is only used by local, trusted computers.

Much less difficult than anything else involved here; it's just plain
old good practice, will save you a headache or two down the road. And
if you want non-static netbios resolution you need WINS.

> By the way, people on #samba seemed surprised by the fact that I
> needed to install the winbind packet to gain access to ls
> /lib/lib_wins.so.2. Is this the same with other distributions (I am
> using Debian Etch)?. Is there as an example a way I could compile and
> install only this library, without winbind?

I mentioned this in a post last year sometime. Thought it was odd as
well but no replies were forthcoming. If you compile samba w/o winbind
you don't get the needed library. You don't have run winbind, but you
need to compile samba that way.

> I should have definitely stated this from the start. My setting is
> the following: a Windows host embedding a Debian virtual machine.
> Both get Internet connectivity and IP addresses through the DHCP
> server of a small xDSL routing box.

> So yes, I could hardcode everything or, at the opposite of the scale,
> install a full DNS and WINS solution.

Frankly I would just hardcode the hosts and lmhosts files (they should
be identical) on both OS's. Way too fast and easy for that setup.

--
Chris
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

On Thu, May 15, 2008 at 7:05 PM, Olivier Parisy
<ml.olivier.parisy@free.fr> wrote:
> Hi all,
>
> I set up a Samba server (version 3.0.24) names "Lamp" on a Debian Etch
> distribution. It provides a "guest" (guest ok = yes, guest only = yes,
> security = SHARE) access to a "share" directory, which works fine. Indeed, I
> can access \\lamp\share from a Windows machine (named "Ginger") without
> issuing a password.
>
> I can also ping the Linux machine from the Windows one using "ping Lamp",
> and get the Windows machine IP from its NetBIOS name:
> # nmblookup Ginger
> querying Ginger on 192.168.1.255
> 192.168.1.22 Ginger<00>
>
>
> But I cannot ping (or, more generally, resolve the name of) the Windows
> machine from the Linux one:
> # ping Ginger
> ping: unknown host Ginger
>
>
> I hence followed the guidelines from those links:
> http://ubuntuforums.org/archive/index.php/t-182824.html
> http://www.linuxquestions.org/questi...-names-622797/
>
> Which means I installed winbind and modified /etc/nsswitch.conf by adding
> "wins" to the "hosts" entry. As I understand it, winbind provides a bridge
> between nmbd and gethostbyname() by using the "Name Service Switch". Please
> note that I am not interested in the "active directory" part of winbind, nor
> in joining a domain, etc.
>
> Anyway, after I performed those modifications, "ping Ginger" actually
> worked. But then, \\lamp\share could not be accessed anymore (the error
> message was "The specified group does not exist").
>
> Now, as soon as I remove the winbind package, I can access \\lamp\share
> again, but "ping Ginger" does not work anymore.
>
>
> I've been suggested on #samba to drop winbind and simply add "wins support =
> yes" to smb.conf; but then "ping Ginger" does not work any better.
>
>
> So, can I keep my simple "share" configuration, *and* integrate NetBIOS name
> resolution to my Linux system using Name Service Switch?
>
> FWIW, I posted my smb.conf here: http://pastebin.ca/1019614
> <http://pastebin.ca/1019614> and nsswitch.conf here:
> http://pastebin.ca/1019612 <http://pastebin.ca/1019612>.
>
> Any hint would be greatly approciated. Wht should I look for?


You just need to do this:
http://lucasmanual.com/mywiki/SambaD...148e63eeab95e7

Lucas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Wow, i was gone this weekend, heavy discussion here on this subject.

What i did to make resolving work for "my PDC" and all of my other server
my goals where, and i think this is good to know for others.

1) my pdc is my master server,
2) my email server must also resolve my pc names
3) my proxy server also must resolve my pc names
4) i must be able to resolve pcnames over wan
5) i must have dns backup.

so what i came back with.
1a) samba (PDC), with dhcp and DDns.
preferred master = Yes
domain master = Yes
os level = 65
these are used to make sure samba is master browser.

dns proxy = yes
this is used to make sure samba resolves over DNS first.

wins support = Yes
you want it to work, netbios.. so enable this.

1b) resolve.conf
search yourlocaldomain.internal.local otherdomain.com
( search = to make sure my own domain is resolved first )
nameserver 127.0.0.1
other extra for internet backup ( has nothing to do with netbios
resolution )
1c) setup DHCP3 + DDNS
this is done so every pc which is connected to the network and gets
dhcp ip
also gets recorded in the dns server.

2) my email server has a dns slave setup.
i also have "1b" in this server.
3) see 2 ;-)
4) i also manual record the dns of my pc's on other offices
( there are 4-5 pc's there in 2 remote offices)
yes, dhcp relay should be better, but i never tried it to set it up.
5) because all of my server have the same dns setup is good to have
fallback.

so i think the above is a lot of crap, but i hope it helps someone.
for me this setup is working sinds 2005, and im happy with it.
.... as is my boss... grin..

ow and you better not uses hosts files, and dont forget to check also your
nss.conf
if your using ldap.

Louis

p.s.
if i can improve some thing, please let me know.
for example howto setup the dhcp relay. ;-)



>-----Oorspronkelijk bericht-----
>Van: samba-bounces+belle=bazuin.nl@lists.samba.org
>[mailto:samba-bounces+belle=bazuin.nl@lists.samba.org] Namens
>John H Terpstra
>Verzonden: zaterdag 17 mei 2008 14:26
>Aan: samba@lists.samba.org
>Onderwerp: Re: [Samba] NetBIOS name resolution from Linux
>
>On Saturday 17 May 2008 06:41:08 am Olivier Parisy wrote:
>> John H Terpstra a écrit :
>> > On Friday 16 May 2008 09:22:43 am Charles Marcus wrote:
>> >> On 5/16/2008 10:08 AM, L.P.H. van Belle wrote:
>> >>>>> set your resolve.conf to resolve on localhost first and set the
>> >>>>> search order.
>> >>>>>
>> >>>>> example of the resolve.conf
>> >>>>> search yourlocaldomain.internal.local otherdomain.com
>> >>>>> nameserver 127.0.0.1
>> >>>>> nameserver ipofprovider
>> >>>>
>> >>>> Much better to use the opendns servers than any randon
>ISP DNS...
>> >>>
>> >>> First why use open dns servers.
>> >>> the dns servers of your provider is much less hops away.
>> >>
>> >> Hops really don't matter... most ISP DNS servers are
>unreliable... some
>> >> are extremely unreliable... I said 'random' meaning, it
>really wouldn't
>> >> matter what ISP you were using, I'd say the same thing...
>> >
>> > OK - now that we have split the atom regarding what might
>be the best DNS
>> > solution, how does this help resolve NetBIOS names within
>Linux? Have I
>> > missed something vital in this thread? Seems I must have.
>> >
>> > I'd like to know how you propose to store the name_type
>info in DNS?
>> >
>> > For example, how would you store "MYSERVERNAME<20>" in DNS?
>> >
>> > Next, how will you teach the Windows client to search DNS
>for that info.
>> > After all, we are dealing with the NetBIOS name space.
>>
>> With all due respect, that is not clear to me either.
>>
>> I am "only" looking for a simple way to resolve NetBIOS
>names on a Linux
>> machine. Replacing NetBIOS resolution by a full-fledged
>local DNS would,
>> I suppose, be appropriate on an enterprise-scale network, but we are
>> just talking about an home LAN here (which I should have stated more
>> clearly from the start).
>
>I am a little lost at to what the problem is here. WINS does
>not require
>winbindd to be running. On the Linux system it requires:
>
>1) In your /etc/nsswitch.conf file:
>...
>hosts: files wins [NOTFOUND=return] dns
>...
>
>2) Install the samba file libnss_wins.so.2 in the /lib
>directory (or on 64-bit
>systems in the /lib64 directory)
>
>3) Run nmbd
>
>
>That's it! What is so difficult? What makes this so
>complicated? If you do
>not need DNS, then don't even run it (or else just run a
>caching DNS server).
>
>Winbind is orthogonal to wins. They serve entirely differing purposes.
>
>- John T.
>
>> My understanding is the following: I need to bridge NetBIOS name
>> resolution, as provided by nmbd, with the libc
>gethostbyname() standard
>> call. The Name Service Switch (NSS) seems to be designed for this
>> purpose: by adding a "wins" entry in nsswitch.conf and installing
>> winbind, the later can then act as a service to NSS (through
>> /lib/libnss_wins.so.2; or is it /lib/libnss_winbind.so.2?).
>>
>> Now, all of this is nice and dandy, but installing winbind
>opens a whole
>> can of worms for me: since it also insists in handling my users and
>> groups (which, as I understand it, is its primary goal after all), it
>> cannot work "out of the box" and breaks my simple SMB share setting.
>>
>> So I would say that winbind (or the fact that winbind +
>libnss_wins.so
>> are distributed as the same packet on Debian?) is overkill for me.
>>
>> Is this description correct? I'd be very interested in a
>confirmation.
>>
>> Regards.
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/listinfo/samba
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

On 5/19/2008, L.P.H. van Belle (belle@bazuin.nl) wrote:
> 1c) setup DHCP3 + DDNS
> this is done so every pc which is connected to the network
> and gets dhcp ip also gets recorded in the dns server.

What did you use for DNS? Bind? How is it configured (caching only with
forwarders?)

--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Hi,

i used Bind9 ( with dhcp3), with caching dns with forwarders.
i have 4 local zones. these are in the resolve.conf
as search domains. ( 4 different subnets )

If you want a copy of my config its possible.

Louis


>-----Oorspronkelijk bericht-----
>Van: samba-bounces+belle=bazuin.nl@lists.samba.org
>[mailto:samba-bounces+belle=bazuin.nl@lists.samba.org] Namens
>Charles Marcus
>Verzonden: maandag 19 mei 2008 12:56
>Aan: samba@lists.samba.org
>Onderwerp: Re: [Samba] NetBIOS name resolution from Linux
>
>On 5/19/2008, L.P.H. van Belle (belle@bazuin.nl) wrote:
>> 1c) setup DHCP3 + DDNS
>> this is done so every pc which is connected to the network
>> and gets dhcp ip also gets recorded in the dns server.
>
>What did you use for DNS? Bind? How is it configured (caching only with
>forwarders?)
>
>--
>
>Best regards,
>
>Charles
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/listinfo/samba
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

On Monday 19 May 2008, L.P.H. van Belle wrote:
> dns proxy = yes
> ********this is used to make sure samba resolves over DNSfirst.

The default is yes for that parameter but your explanation doesn't fit
with the man page. It doesn't use DNS first it only uses it for
unregistered names, therefore it must check the WINS database first.

--
Chris
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba