[Samba] NetBIOS name resolution from Linux

Hi all,

I set up a Samba server (version 3.0.24) names "Lamp" on a Debian Etch
distribution. It provides a "guest" (guest ok = yes, guest only = yes,
security = SHARE) access to a "share" directory, which works fine.
Indeed, I can access \\lamp\share from a Windows machine (named
"Ginger") without issuing a password.

I can also ping the Linux machine from the Windows one using "ping
Lamp", and get the Windows machine IP from its NetBIOS name:
# nmblookup Ginger
querying Ginger on 192.168.1.255
192.168.1.22 Ginger<00>


But I cannot ping (or, more generally, resolve the name of) the Windows
machine from the Linux one:
# ping Ginger
ping: unknown host Ginger


I hence followed the guidelines from those links:
http://ubuntuforums.org/archive/index.php/t-182824.html
http://www.linuxquestions.org/questi...-names-622797/

Which means I installed winbind and modified /etc/nsswitch.conf by
adding "wins" to the "hosts" entry. As I understand it, winbind provides
a bridge between nmbd and gethostbyname() by using the "Name Service
Switch". Please note that I am not interested in the "active directory"
part of winbind, nor in joining a domain, etc.

Anyway, after I performed those modifications, "ping Ginger" actually
worked. But then, \\lamp\share could not be accessed anymore (the error
message was "The specified group does not exist").

Now, as soon as I remove the winbind package, I can access \\lamp\share
again, but "ping Ginger" does not work anymore.


I've been suggested on #samba to drop winbind and simply add "wins
support = yes" to smb.conf; but then "ping Ginger" does not work any better.


So, can I keep my simple "share" configuration, *and* integrate NetBIOS
name resolution to my Linux system using Name Service Switch?

FWIW, I posted my smb.conf here: http://pastebin.ca/1019614
<http://pastebin.ca/1019614> and nsswitch.conf here:
http://pastebin.ca/1019612 <http://pastebin.ca/1019612>.

Any hint would be greatly approciated. Wht should I look for?

Regards.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Hi,

you can resolve this by following this howto.

http://www.debian-administration.org/articles/343

Configuring Dynamic DNS & DHCP

set your resolve.conf to resolve on localhost first and set the
search order.

example of the resolve.conf
search yourlocaldomain.internal.local otherdomain.com
nameserver 127.0.0.1
nameserver ipofprovider

Louis


>-----Oorspronkelijk bericht-----
>Van: samba-bounces+belle=bazuin.nl@lists.samba.org
>[mailto:samba-bounces+belle=bazuin.nl@lists.samba.org] Namens
>Olivier Parisy
>Verzonden: vrijdag 16 mei 2008 2:05
>Aan: samba@lists.samba.org
>Onderwerp: [Samba] NetBIOS name resolution from Linux
>
>Hi all,
>
>I set up a Samba server (version 3.0.24) names "Lamp" on a Debian Etch
>distribution. It provides a "guest" (guest ok = yes, guest only = yes,
>security = SHARE) access to a "share" directory, which works fine.
>Indeed, I can access \\lamp\share from a Windows machine (named
>"Ginger") without issuing a password.
>
>I can also ping the Linux machine from the Windows one using "ping
>Lamp", and get the Windows machine IP from its NetBIOS name:
># nmblookup Ginger
>querying Ginger on 192.168.1.255
>192.168.1.22 Ginger<00>
>
>
>But I cannot ping (or, more generally, resolve the name of)
>the Windows
>machine from the Linux one:
># ping Ginger
>ping: unknown host Ginger
>
>
>I hence followed the guidelines from those links:
>http://ubuntuforums.org/archive/index.php/t-182824.html
>http://www.linuxquestions.org/questi...working-3/linu
>xsamba-pdc-cant-resolve-windows-names-622797/
>
>Which means I installed winbind and modified /etc/nsswitch.conf by
>adding "wins" to the "hosts" entry. As I understand it,
>winbind provides
>a bridge between nmbd and gethostbyname() by using the "Name Service
>Switch". Please note that I am not interested in the "active
>directory"
>part of winbind, nor in joining a domain, etc.
>
>Anyway, after I performed those modifications, "ping Ginger" actually
>worked. But then, \\lamp\share could not be accessed anymore
>(the error
>message was "The specified group does not exist").
>
>Now, as soon as I remove the winbind package, I can access
>\\lamp\share
>again, but "ping Ginger" does not work anymore.
>
>
>I've been suggested on #samba to drop winbind and simply add "wins
>support = yes" to smb.conf; but then "ping Ginger" does not
>work any better.
>
>
>So, can I keep my simple "share" configuration, *and*
>integrate NetBIOS
>name resolution to my Linux system using Name Service Switch?
>
>FWIW, I posted my smb.conf here: http://pastebin.ca/1019614
><http://pastebin.ca/1019614> and nsswitch.conf here:
>http://pastebin.ca/1019612 <http://pastebin.ca/1019612>.
>
>Any hint would be greatly approciated. Wht should I look for?
>
>Regards.
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/listinfo/samba
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

On 5/16/2008, L.P.H. van Belle (belle@bazuin.nl) wrote:
> set your resolve.conf to resolve on localhost first and set the
> search order.
>
> example of the resolve.conf
> search yourlocaldomain.internal.local otherdomain.com
> nameserver 127.0.0.1
> nameserver ipofprovider

Much better to use the opendns servers than any randon ISP DNS...

--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

First why use open dns servers.
the dns servers of your provider is much less hops away.

if you run you own dns server with caching modus on you have a very fast
dns response and less traffic.

in this example i first point to you own dns server.
( i also have forwarding dns servers in my bind9 config )
and i added 3 dns server of my provider in my resolve.conf

show what i now get is.
1 search order makes sure my own dns is search first.
2 my own dns server responds, if not its forwarded to my providers dns
with caching modes active.
3 every old request is very very fast because of the caching.
4 if my dns server fails, the linux server still has dns resolving
provided by resolve.conf 's dns server.

and, my local hosts in my lan are always correct even PTR records.
i use this setup in my company. and it goes further.
here i have 1 master dns + dhcp3 ( dynamic dns server + dhcp server )
every other server is dns slave. ( i have about 8 servers here ) and
also across a wan. ( over vpn )

what i acomplised is a very stable and very fast, low cpu consuming
dns setup. every server is capable of resolving any host/object in my
lan/wan.

so yes sure opendns is useable but if you really want it ...


ow and i didnt say any randon ISP DNS. use your own IPS dns server

;-)

Louis



>-----Oorspronkelijk bericht-----
>Van: samba-bounces+belle=bazuin.nl@lists.samba.org
>[mailto:samba-bounces+belle=bazuin.nl@lists.samba.org] Namens
>Charles Marcus
>Verzonden: vrijdag 16 mei 2008 15:30
>Aan: samba@lists.samba.org
>Onderwerp: Re: [Samba] NetBIOS name resolution from Linux
>
>On 5/16/2008, L.P.H. van Belle (belle@bazuin.nl) wrote:
>> set your resolve.conf to resolve on localhost first and set the
>> search order.
>>
>> example of the resolve.conf
>> search yourlocaldomain.internal.local otherdomain.com
>> nameserver 127.0.0.1
>> nameserver ipofprovider
>
>Much better to use the opendns servers than any randon ISP DNS...
>
>--
>
>Best regards,
>
>Charles
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/listinfo/samba
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

On 5/16/2008 10:08 AM, L.P.H. van Belle wrote:
>>> set your resolve.conf to resolve on localhost first and set the
>>> search order.
>>>
>>> example of the resolve.conf
>>> search yourlocaldomain.internal.local otherdomain.com
>>> nameserver 127.0.0.1
>>> nameserver ipofprovider

>> Much better to use the opendns servers than any randon ISP DNS...

> First why use open dns servers.
> the dns servers of your provider is much less hops away.

Hops really don't matter... most ISP DNS servers are unreliable... some
are extremely unreliable... I said 'random' meaning, it really wouldn't
matter what ISP you were using, I'd say the same thing...

> if you run you own dns server with caching modus on you have a very
> fast dns response and less traffic.

Of course... but we weren't talking about someone using their own full
DNS server, we were talking about using ISP DNS servers as forwarders...

> in this example i first point to you own dns server.
> ( i also have forwarding dns servers in my bind9 config )
> and i added 3 dns server of my provider in my resolve.conf

If you are running your own full blown DNS server, why on earth would
you use *any* forwarders? Just use the root servers.

But *if* you are going to use forwarders, then the opendns servers are
much more reliable - and from my experience, much *faster* too - than
any random ISP DNS servers someone might be using...

I agree one should, at a minimum, run a caching DNS server locally - but
again, use the opendns servers as your forwarders...

--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

On Friday 16 May 2008 09:22:43 am Charles Marcus wrote:
> On 5/16/2008 10:08 AM, L.P.H. van Belle wrote:
> >>> set your resolve.conf to resolve on localhost first and set the
> >>> search order.
> >>>
> >>> example of the resolve.conf
> >>> search yourlocaldomain.internal.local otherdomain.com
> >>> nameserver 127.0.0.1
> >>> nameserver ipofprovider
> >>
> >> Much better to use the opendns servers than any randon ISP DNS...
> >
> > First why use open dns servers.
> > the dns servers of your provider is much less hops away.
>
> Hops really don't matter... most ISP DNS servers are unreliable... some
> are extremely unreliable... I said 'random' meaning, it really wouldn't
> matter what ISP you were using, I'd say the same thing...

OK - now that we have split the atom regarding what might be the best DNS
solution, how does this help resolve NetBIOS names within Linux? Have I
missed something vital in this thread? Seems I must have.

I'd like to know how you propose to store the name_type info in DNS?

For example, how would you store "MYSERVERNAME<20>" in DNS?

Next, how will you teach the Windows client to search DNS for that info.
After all, we are dealing with the NetBIOS name space.

- John T.

> > if you run you own dns server with caching modus on you have a very
> > fast dns response and less traffic.
>
> Of course... but we weren't talking about someone using their own full
> DNS server, we were talking about using ISP DNS servers as forwarders...
>
> > in this example i first point to you own dns server.
> > ( i also have forwarding dns servers in my bind9 config )
> > and i added 3 dns server of my provider in my resolve.conf
>
> If you are running your own full blown DNS server, why on earth would
> you use *any* forwarders? Just use the root servers.
>
> But *if* you are going to use forwarders, then the opendns servers are
> much more reliable - and from my experience, much *faster* too - than
> any random ISP DNS servers someone might be using...
>
> I agree one should, at a minimum, run a caching DNS server locally - but
> again, use the opendns servers as your forwarders...
>
> --
>
> Best regards,
>
> Charles



--
John H Terpstra
Samba-Team Member
Phone: +1 (512) 970-0256

Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

A few thoughts, take from them what you will (and remember, free advice
is worth what you pay for it).

It's really good to have proper IP name resolution. Requires DNS or
(ugh) hosts files.

It can also be good to have NetBIOS name resolution, if you have the
need (Windows type browsing and sharing in non-native AD environments).
Implies WINS or (ugh) lmhosts files for resolution (or you're left only
with broadcasts).

It's good to avoid security=share, especially if you want to run WINS.
And yes, a proper setup using security=user can provide guest shares.

Winbind is normally used to authenticate against Windows servers that
are running WINS or AD, so that you don't need to duplicate the Windows
user/groups.

You don't mention how big your network is, but if you're dealing with 5
or more systems I highly suggest both DNS and WINS over their static
equivalents, hosts and lmhosts, respectively. Even with fewer systems,
it can be a good idea to bother with the setup if you intend to grow or
want flexibility.

If you run a WINS server, you need to tell your clients to register with
it (this is easily done with DHCP - then you don't have to manually
configure them), or it wont contain their information.

--
Chris
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

On 5/16/2008, John H Terpstra (jht@samba.org) wrote:
> OK - now that we have split the atom regarding what might be the best DNS
> solution, how does this help resolve NetBIOS names within Linux? Have I
> missed something vital in this thread? Seems I must have.

I was just responding to the recommendation to use ISP DNS servers for
forwarders...

sorry for the OT noise...

--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

John H Terpstra a écrit :
> On Friday 16 May 2008 09:22:43 am Charles Marcus wrote:
>
>> On 5/16/2008 10:08 AM, L.P.H. van Belle wrote:
>>
>>>>> set your resolve.conf to resolve on localhost first and set the
>>>>> search order.
>>>>>
>>>>> example of the resolve.conf
>>>>> search yourlocaldomain.internal.local otherdomain.com
>>>>> nameserver 127.0.0.1
>>>>> nameserver ipofprovider
>>>>>
>>>> Much better to use the opendns servers than any randon ISP DNS...
>>>>
>>> First why use open dns servers.
>>> the dns servers of your provider is much less hops away.
>>>
>> Hops really don't matter... most ISP DNS servers are unreliable... some
>> are extremely unreliable... I said 'random' meaning, it really wouldn't
>> matter what ISP you were using, I'd say the same thing...
>>
>
> OK - now that we have split the atom regarding what might be the best DNS
> solution, how does this help resolve NetBIOS names within Linux? Have I
> missed something vital in this thread? Seems I must have.
>
> I'd like to know how you propose to store the name_type info in DNS?
>
> For example, how would you store "MYSERVERNAME<20>" in DNS?
>
> Next, how will you teach the Windows client to search DNS for that info.
> After all, we are dealing with the NetBIOS name space.
>
With all due respect, that is not clear to me either.

I am "only" looking for a simple way to resolve NetBIOS names on a Linux
machine. Replacing NetBIOS resolution by a full-fledged local DNS would,
I suppose, be appropriate on an enterprise-scale network, but we are
just talking about an home LAN here (which I should have stated more
clearly from the start).

My understanding is the following: I need to bridge NetBIOS name
resolution, as provided by nmbd, with the libc gethostbyname() standard
call. The Name Service Switch (NSS) seems to be designed for this
purpose: by adding a "wins" entry in nsswitch.conf and installing
winbind, the later can then act as a service to NSS (through
/lib/libnss_wins.so.2; or is it /lib/libnss_winbind.so.2?).

Now, all of this is nice and dandy, but installing winbind opens a whole
can of worms for me: since it also insists in handling my users and
groups (which, as I understand it, is its primary goal after all), it
cannot work "out of the box" and breaks my simple SMB share setting.

So I would say that winbind (or the fact that winbind + libnss_wins.so
are distributed as the same packet on Debian?) is overkill for me.

Is this description correct? I'd be very interested in a confirmation.

Regards.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Chris Smith a écrit :
> A few thoughts, take from them what you will (and remember, free advice
> is worth what you pay for it).
>
That is understandable. Thanks for your time :-)

> It's really good to have proper IP name resolution. Requires DNS or
> (ugh) hosts files.
>
> It can also be good to have NetBIOS name resolution, if you have the
> need (Windows type browsing and sharing in non-native AD environments).
> Implies WINS or (ugh) lmhosts files for resolution (or you're left only
> with broadcasts).
>
Yes, that is what I would like to achieve, and without static settings
as much as possible. I am actually mostly interested in NetBIOS names
resolutions (all my computers use Windows or Linux + Samba); that LAN
worked without a DNS until now, and I would like to keep it that way.

> It's good to avoid security=share, especially if you want to run WINS.
>
I understand this. But that is simpler, and enough for me. That share is
only used by local, trusted computers.

> And yes, a proper setup using security=user can provide guest shares.
>
I suppose so. But as described in my previous answers, everything is
already working flawlessly, excepted the Linux NetBIOS name resolution.
So I would like to avoid changing all my setting just for solving this,
if at all possible.

> Winbind is normally used to authenticate against Windows servers that
> are running WINS or AD, so that you don't need to duplicate the Windows
> user/groups.
>
I think that is the crux of the matter. I am definitely not interested
in this functionality of winbind, which seems to impose a modification
of all my setup; all I am interested in is the name resolution part (for
which a bridging through the Name Service Switch seems reasonable).

By the way, people on #samba seemed surprised by the fact that I needed
to install the winbind packet to gain access to ls /lib/lib_wins.so.2.
Is this the same with other distributions (I am using Debian Etch)?. Is
there as an example a way I could compile and install only this library,
without winbind?

> You don't mention how big your network is, but if you're dealing with 5
> or more systems I highly suggest both DNS and WINS over their static
> equivalents, hosts and lmhosts, respectively. Even with fewer systems,
> it can be a good idea to bother with the setup if you intend to grow or
> want flexibility.
>
I should have definitely stated this from the start. My setting is the
following: a Windows host embedding a Debian virtual machine. Both get
Internet connectivity and IP addresses through the DHCP server of a
small xDSL routing box.

I am interested in NetBIOS resolution so that the virtual machine could
more easily get the Windows host IP (remember that this is a dynamic
setting).

So yes, I could hardcode everything or, at the opposite of the scale,
install a full DNS and WINS solution. But I expected a simpler, more
flexible solution could be found inbetween.

Regards,
Olivier Parisy.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba