1<html> 2<body bgcolor="#ffffff"> 3 4<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76" 5hspace="10" align="left" /> 6 7<h1 class="head0">Chapter 7. Name Resolution and Browsing</h1> 8 9 10 11 12<p><a name="INDEX-1"/><em class="firstterm">Name 13resolution</em> is critical to Samba's 14operation because names are used to find the servers that share files 15or printers. <em class="firstterm">Browsing</em> takes the task of 16finding servers to a new level of sophistication by allowing a user 17to delve down into a hierarchy of networks, domains, hosts, and 18services offered by each server.</p> 19 20<p>While name resolution and 21<a name="INDEX-2"/>browsing are not 22difficult to configure, some complexity is introduced by the variety 23of available name-resolution systems. Historically, Unix and other 24TCP/IP users have moved from a flat hosts file to the Domain Name 25System, with the Network Information System being another popular 26choice. Meanwhile, Microsoft has moved from a broadcasting system to 27a simple, LAN-only name server called WINS and ultimately to DNS.</p> 28 29<p>The reason for going over that history is that all previous systems 30of name resolution are still in use today! Finding a host is so 31crucial to networking that sites want robust (if limited) 32name-resolution systems to fall back on in case the main system 33fails. Browsing is also complicated by the frequent need to show 34hosts in other subnets. This chapter shows you how to configure your 35network to handle name resolution and browsing any way you want.</p> 36 37<p>Some of the differences between Unix and Microsoft networking 38implementations are the result of fundamental design goals. Unix 39networking was originally designed largely to implement a relatively 40formal group of systems that were assumed to be small in number, 41well-maintained, and highly available, that have static IP addresses, 42and that wouldn't physically move around from place 43to place. Bringing a new server online was a labor-intensive task, 44but it did not have to be performed frequently. In contrast, Windows 45networking was originally developed as a peer-to-peer collection of 46small personal computers on a single subnet, having no centrally or 47hierarchically organized structure.</p> 48 49<p>SMB networking is dynamic. Computers are allowed to leave the network 50at any time, sometimes without warning, and also to join or rejoin 51the network at any time. Furthermore, any user in a Windows network 52can add a new shared resource to the network or remove a resource 53that he had previously added. The change in the 54network's configuration is handled automatically by 55the rest of the network without requiring a system administrator to 56take any action.</p> 57 58 59 60<div class="sect1"><a name="samba2-CHP-7-SECT-1"/> 61 62<h2 class="head1">Name Resolution</h2> 63 64<p>TCP/IP networks identify systems by IP addresses and always associate 65these addresses with more human-readable text names. In 66Microsoft's earliest networking implementations (for 67MS-DOS and Windows for Workgroups), the translation of names to 68network addresses was carried out in a manner that was very simple, 69yet very inefficient. When a system on the network needed an IP 70address corresponding to a name, it broadcasted the name to every 71other system on the network and waited for the system that owned the 72name to respond with its IP address.</p> 73 74<p>The main problem with performing <a name="INDEX-3"/>name resolution using broadcast 75packets is poor performance of the network as a whole, including CPU 76time consumed by each host on the network, which has to accept every 77broadcast packet and decide whether to respond to it. Also, broadcast 78packets usually aren't forwarded by routers, 79limiting name resolution to the local subnet. 80Microsoft's solution was to add WINS (Windows 81Internet Name Service) support to Windows NT so that the computers on 82the network can perform a direct query of the WINS server instead of 83using broadcast packets.</p> 84 85<p>Modern Windows clients use a variety of methods for translating 86hostnames into IP addresses. The exact method varies depending on the 87version of Windows the client is running, how the client is 88configured (i.e., whether DNS server and/or WINS server IP addresses 89are provided), and whether the application software is accessing the 90network through Microsoft's Winsock or TCP/IP API. 91In general, Windows uses some combination of the following 92methods:<a name="INDEX-4"/></p> 93 94<ul><li> 95<p>Looking up the name in its cache of recently resolved names</p> 96</li><li> 97<p>Querying DNS servers</p> 98</li><li> 99<p>Using the DNS <em class="filename">Hosts</em> file</p> 100</li><li> 101<p>Querying WINS servers</p> 102</li><li> 103<p>Using the WINS <em class="filename">LMHOSTS</em> file</p> 104</li><li> 105<p>Performing broadcast name resolution</p> 106</li></ul> 107<p>The first method is pretty much self-explanatory. A hostname is 108checked against a cache of hostnames that have been recently resolved 109to IP addresses. This helps to save time and network bandwidth for 110resolving names that are used frequently.</p> 111 112<p>When a Windows system is configured with the IP address of at least 113one <a name="INDEX-5"/>DNS server, it can use DNS to 114resolve fully qualified domain names, such as those for sites on the 115Internet. The DNS servers can be either Windows NT/2000 or Unix 116systems. You can learn more about DNS and DNS server configuration in 117the O'Reilly book <em class="citetitle">DNS and 118BIND</em>.</p> 119 120<p>In this chapter, we focus mainly on name resolution using WINS, which 121is supported by Samba with the <em class="emphasis">nmbd</em> daemon.</p> 122 123 124<div class="sect2"><a name="samba2-CHP-7-SECT-1.1"/> 125 126<h3 class="head2">WINS Clients and Server Interaction</h3> 127 128<p>There are two types of interaction between a 129<a name="INDEX-6"/>WINS client and a server: the 130client keeps its own NetBIOS name<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> registered with the server and 131queries the server to get the IP address corresponding to the NetBIOS 132name of another system.</p> 133 134<p>When a WINS client joins the network, it registers its NetBIOS name 135with the WINS server, which stores it along with the 136client's IP address in the WINS database. This entry 137is marked <em class="firstterm">active</em>. The client is then expected 138to renew the registration of its name periodically (typically, every 139four days) to inform the server that it is still using the name. This 140period is called the <em class="firstterm">time to live</em>, or TTL. 141When the client leaves the network by being shut down gracefully, it 142informs the server, and the server marks the 143client's entry in its database as 144<em class="firstterm">released</em>.</p> 145 146<p>When a client leaves the network without telling the WINS server to 147release its name, the server waits until after it fails to receive 148the expected registration renewal from the client and then marks the 149entry as released.</p> 150 151<p>In either case, the released name is available for use by other 152clients joining the network. It might persist in the released state 153in the WINS database, and if it is not reregistered, the entry will 154eventually be deleted.</p> 155 156<p>More information on WINS can be found in the Microsoft white paper 157<em class="citetitle">Windows Internet Naming Service (WINS) Architecture and 158Capacity Planning</em><a name="INDEX-7"/>. It can be downloaded from the 159Microsoft web site at <a href="http://www.microsoft.com">http://www.microsoft.com</a>.</p> 160 161 162</div> 163 164 165<div class="sect2"><a name="samba2-CHP-7-SECT-1.2"/> 166 167<h3 class="head2">The lmhosts File</h3> 168 169<p>In <a href="ch03.html">Chapter 3</a> we showed you how to configure 170Windows systems to use the 171<em class="filename">LMHOSTS</em><a name="INDEX-8"/> 172file as an alternative to the WINS server for name resolution. Samba 173also can use an <em class="filename">LMHOSTS</em> file, which by default 174is <em class="filename">/usr/local/samba/lib/lmhosts</em>. 175Samba's <em class="filename">lmhosts</em> is the same 176format as the Windows version. A simple <em class="filename">lmhosts</em> 177file might look like this:</p> 178 179<blockquote><pre class="code">172.16.1.1 toltec 180172.16.1.6 maya</pre></blockquote> 181 182<p>The names on the right side of the entries are NetBIOS names, so you 183can assign resource types to them and add additional entries for 184computers:</p> 185 186<blockquote><pre class="code">172.16.1.1 toltec#20 187172.16.1.1 metran#1b 188172.16.1.6 maya#20</pre></blockquote> 189 190<p>Here, we've made <tt class="literal">toltec</tt> the 191primary domain controller of the <tt class="literal">METRAN</tt> domain on 192the second line. This line starts with 193<tt class="literal">toltec</tt>'s IP address, followed by 194the name metran and the resource type <1B>. The other lines are 195entries for <tt class="literal">toltec</tt> and <tt class="literal">maya</tt> as 196standard workstations.</p> 197 198<p>If you wish to place an <em class="emphasis">lmhosts</em> file somewhere 199other than the default location, you will need to notify the 200<em class="emphasis">nmbd</em> process upon startup using the 201<em class="emphasis">-H</em> option, followed by the name of your 202<em class="filename">lmhosts</em> file, as follows:</p> 203 204<blockquote><pre class="code"># <tt class="userinput"><b>nmbd -H /etc/samba/lmhosts -D</b></tt></pre></blockquote> 205 206 207</div> 208 209 210<div class="sect2"><a name="samba2-CHP-7-SECT-1.3"/> 211 212<h3 class="head2">Configuring Name Resolution for the Samba Suite</h3> 213 214<p>Various daemons and tools in the Samba suite need to perform 215<a name="INDEX-9"/>name resolution. You can define the 216order in which the programs try each name-resolution method through 217the <tt class="literal">name</tt><a name="INDEX-10"/><a name="INDEX-11"/> 218<tt class="literal">resolve</tt> <tt class="literal">order</tt> parameter, like 219this:</p> 220 221<blockquote><pre class="code">[global] 222 name resolve order = wins lmhosts hosts bcast</pre></blockquote> 223 224<p>The string used to define the parameter can take up to four values:</p> 225 226<dl> 227<dt><b>lmhosts</b></dt> 228<dd> 229<p>Uses the Samba server's local 230<em class="filename">lmhosts</em> file</p> 231</dd> 232 233 234 235<dt><b>hosts</b></dt> 236<dd> 237<p>Uses the standard Unix name-resolution methods, which can be 238<em class="emphasis">/etc/hosts</em>, DNS, NIS, or a combination, 239depending on how the local system is configured</p> 240</dd> 241 242 243 244<dt><b>wins</b></dt> 245<dd> 246<p>Uses the WINS server</p> 247</dd> 248 249 250 251<dt><b>bcast</b></dt> 252<dd> 253<p>Uses the broadcast method</p> 254</dd> 255 256</dl> 257 258<p>The order in which they are specified is the order in which name 259resolution will be attempted. In our example, Samba will attempt to 260use its WINS server first for name resolution, followed by the 261<em class="emphasis">lmhosts</em> file on the local system. Next, the 262<tt class="literal">hosts</tt> value tells it to use Unix name-resolution 263methods. The word <tt class="literal">hosts</tt> can be misleading; it 264covers not only the <em class="filename">/etc/hosts</em> file, but also 265the use of DNS or NIS (as configured on the Unix host). Finally, if 266those three do not work, it will perform a broadcast name resolution.</p> 267 268 269</div> 270 271 272<div class="sect2"><a name="samba2-CHP-7-SECT-1.4"/> 273 274<h3 class="head2">Setting Up Samba as a WINS Server</h3> 275 276<p>You can set up Samba as a <a name="INDEX-12"/>WINS server by setting the 277<tt class="literal">wins</tt><a name="INDEX-13"/> <tt class="literal">support</tt> 278parameter in the configuration file, like this:</p> 279 280<blockquote><pre class="code">[global] 281 wins support = yes</pre></blockquote> 282 283<p>Believe it or not, that's all you need to do! The 284<tt class="literal">wins</tt> <tt class="literal">support</tt> option turns Samba 285into a WINS server. For most installations, Samba's 286default configuration is sufficient.</p> 287<a name="samba2-CHP-7-NOTE-137"/><blockquote class="note"><h4 class="objtitle">WARNING</h4> 288<p>Remember, Samba cannot communicate with Windows WINS servers. If you 289are using Samba as your WINS server, you must make sure not to allow 290any Windows systems or other Samba servers on your network to be 291configured as WINS servers. If you do, their WINS databases will not 292synchronize, resulting in inconsistent name resolution.</p> 293</blockquote> 294 295 296<div class="sect3"><a name="samba2-CHP-7-SECT-1.4.1"/> 297 298<h3 class="head3">Configuring a DNS proxy</h3> 299 300<p>A Samba <a name="INDEX-14"/><a name="INDEX-15"/>WINS server can check with the 301system's DNS server if a requested host cannot be 302found in its WINS database. With a typical Linux system, for example, 303you can find the IP address of the DNS server by searching the 304<em class="filename">/etc/resolv.conf</em><a name="INDEX-16"/><a name="INDEX-17"/> file. In it, you might see an entry such 305as the following:</p> 306 307<blockquote><pre class="code">nameserver 127.0.0.1 308nameserver 172.16.1.192</pre></blockquote> 309 310<p>This tells us that the Linux system is configured to use a DNS server 311located at 172.16.1.192. (The 127.0.0.1 is the 312<tt class="literal">localhost</tt> address and is never a valid DNS server 313address.)</p> 314 315<p>Now it is a simple matter of using the 316<tt class="literal">dns</tt><a name="INDEX-18"/> <tt class="literal">proxy</tt> option to tell 317Samba to use the DNS server:</p> 318 319<blockquote><pre class="code">[global] 320 dns proxy = yes</pre></blockquote> 321 322<a name="samba2-CHP-7-NOTE-138"/><blockquote class="note"><h4 class="objtitle">TIP</h4> 323<p>Although this allows Windows clients to resolve fully qualified 324Internet domain names through the Samba WINS server, it will work 325only for domain names that fit within the 15-character limitation of 326NetBIOS names. For this reason, we recommend you use <tt class="literal">dns 327proxy</tt> only to act as a supplement to your WINS server, 328rather than as a replacement for a DNS server.</p> 329</blockquote> 330 331 332</div> 333 334 335</div> 336 337 338<div class="sect2"><a name="samba2-CHP-7-SECT-1.5"/> 339 340<h3 class="head2">Setting Up Samba to Use Another WINS Server</h3> 341 342<p>You can configure Samba to use a <a name="INDEX-19"/>WINS server somewhere else on the 343network by simply providing it with the IP address of the WINS 344server. This is done with the global 345<tt class="literal">wins</tt><a name="INDEX-20"/> <tt class="literal">server</tt> 346configuration option, as shown here:</p> 347 348<blockquote><pre class="code">[global] 349 wins server = 172.16.1.1</pre></blockquote> 350 351<p>With this option enabled, Samba will direct all WINS requests to the 352server located at 172.16.1.1. Note that because the request is 353directed at a single machine, we don't have to worry 354about any of the problems inherent in broadcasting. However, Samba 355will not necessarily use the WINS server before other forms of name 356resolution. The order in which Samba attempts various name-resolution 357techniques is given with the <tt class="literal">name</tt> 358<tt class="literal">resolve</tt> <tt class="literal">order</tt> configuration 359option, which we discussed earlier.</p> 360 361<p>The <tt class="literal">wins</tt> <tt class="literal">support</tt> and the 362<tt class="literal">wins</tt> <tt class="literal">server</tt> parameters are 363mutually exclusive; you cannot simultaneously offer Samba as the WINS 364server and use another system as the server! Typically, one Samba 365server is set up as the WINS server using <tt class="literal">wins</tt> 366<tt class="literal">support</tt>, and all other Samba servers are 367configured with the <tt class="literal">wins</tt> <tt class="literal">server</tt> 368parameter pointing to the Samba WINS server.</p> 369 370 371<div class="sect3"><a name="samba2-CHP-7-SECT-1.5.1"/> 372 373<h3 class="head3">Configuring a WINS proxy</h3> 374 375<p><a name="INDEX-21"/>If you have a Samba server on a 376subnet that doesn't have a WINS server, and the 377Samba server has been configured with a WINS server on another 378subnet, you can tell the Samba server to forward any name-resolution 379requests with the <tt class="literal">wins</tt><a name="INDEX-22"/> 380<tt class="literal">proxy</tt> option:</p> 381 382<blockquote><pre class="code">[global] 383 wins server = 172.16.200.12 384 wins proxy = yes</pre></blockquote> 385 386<p>Use this only in situations where the WINS server resides on another 387subnet. Otherwise, the broadcast will reach the WINS server 388regardless of any proxying.</p> 389 390 391</div> 392 393 394</div> 395 396 397<div class="sect2"><a name="samba2-CHP-7-SECT-1.6"/> 398 399<h3 class="head2">Name-Resolution Configuration Options</h3> 400 401<p><a name="INDEX-23"/>Samba's <a name="INDEX-24"/>name-resolution options 402are shown in <a href="ch07.html#samba2-CHP-7-TABLE-1">Table 7-1</a>.</p> 403 404<a name="samba2-CHP-7-TABLE-1"/><h4 class="head4">Table 7-1. Name-resolution options</h4><table border="1"> 405 406 407 408 409 410 411<tr> 412<th> 413<p>Option</p> 414</th> 415<th> 416<p>Parameters</p> 417</th> 418<th> 419<p>Function</p> 420</th> 421<th> 422<p>Default</p> 423</th> 424<th> 425<p>Scope</p> 426</th> 427</tr> 428 429 430<tr> 431<td> 432<p><tt class="literal">wins support</tt></p> 433</td> 434<td> 435<p>boolean</p> 436</td> 437<td> 438<p>If set to <tt class="literal">yes</tt>, allows Samba to act as a WINS server</p> 439</td> 440<td> 441<p><tt class="literal">no</tt></p> 442</td> 443<td> 444<p>Global</p> 445</td> 446</tr> 447<tr> 448<td> 449<p><tt class="literal">wins server</tt></p> 450</td> 451<td> 452<p>string (IP address or DNS name)</p> 453</td> 454<td> 455<p>Identifies a WINS server for Samba to use for name registration and 456resolution</p> 457</td> 458<td> 459<p>None</p> 460</td> 461<td> 462<p>Global</p> 463</td> 464</tr> 465<tr> 466<td> 467<p><tt class="literal">wins proxy</tt></p> 468</td> 469<td> 470<p>boolean</p> 471</td> 472<td> 473<p>Allows Samba to act as a proxy to a WINS server on another subnet</p> 474</td> 475<td> 476<p><tt class="literal">no</tt></p> 477</td> 478<td> 479<p>Global</p> 480</td> 481</tr> 482<tr> 483<td> 484<p><tt class="literal">wins hook</tt></p> 485</td> 486<td> 487<p>string</p> 488</td> 489<td> 490<p>Command to run when the WINS database changes</p> 491</td> 492<td> 493<p>None</p> 494</td> 495<td> 496<p>Global</p> 497</td> 498</tr> 499<tr> 500<td> 501<p><tt class="literal">dns proxy</tt></p> 502</td> 503<td> 504<p>boolean</p> 505</td> 506<td> 507<p>If set to <tt class="literal">yes</tt>, allows a Samba WINS server to 508search DNS if it cannot find a name in WINS</p> 509</td> 510<td> 511<p><tt class="literal">no</tt></p> 512</td> 513<td> 514<p>Global</p> 515</td> 516</tr> 517<tr> 518<td> 519<p><tt class="literal">name resolve</tt> <tt class="literal">order</tt></p> 520</td> 521<td> 522<p>string</p> 523</td> 524<td> 525<p>The order of methods used to resolve NetBIOS names</p> 526</td> 527<td> 528<p><tt class="literal">lmhosts</tt> <tt class="literal">hosts wins bcast</tt></p> 529</td> 530<td> 531<p>Global</p> 532</td> 533</tr> 534<tr> 535<td> 536<p><tt class="literal">max ttl</tt></p> 537</td> 538<td> 539<p>numeric</p> 540</td> 541<td> 542<p>Maximum TTL in seconds for a requested NetBIOS name</p> 543</td> 544<td> 545<p><tt class="literal">259200</tt> ( 3 days)</p> 546</td> 547<td> 548<p>Global</p> 549</td> 550</tr> 551<tr> 552<td> 553<p><tt class="literal">max wins ttl</tt></p> 554</td> 555<td> 556<p>numeric</p> 557</td> 558<td> 559<p>Maximum TTL in seconds for NetBIOS names given out by Samba as a WINS 560server</p> 561</td> 562<td> 563<p><tt class="literal">518400</tt> (6 days)</p> 564</td> 565<td> 566<p>Global</p> 567</td> 568</tr> 569<tr> 570<td> 571<p><tt class="literal">min wins ttl</tt></p> 572</td> 573<td> 574<p>numeric</p> 575</td> 576<td> 577<p>Minimum TTL in seconds for NetBIOS names given out by Samba as a WINS 578server</p> 579</td> 580<td> 581<p><tt class="literal">21600</tt> (6 hours)</p> 582</td> 583<td> 584<p>Global</p> 585</td> 586</tr> 587 588</table> 589 590 591<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.1"/> 592 593<a name="INDEX-25"/><h3 class="head3">wins support</h3> 594 595<p>Samba will provide WINS name service to all machines in the network 596if you set the following in the <tt class="literal">[global]</tt> section 597of the <em class="filename">smb.conf</em> file:</p> 598 599<blockquote><pre class="code">[global] 600 wins support = yes</pre></blockquote> 601 602<p>The default value is <tt class="literal">no</tt>, which is typically used 603to allow a Windows NT/2000 server or another Samba server to be the 604WINS server. If you enable this option, remember that a Samba WINS 605server currently cannot exchange data with other WINS servers, so do 606not allow any other WINS servers on the network. When set to 607<tt class="literal">yes</tt>, this option is mutually exclusive with the 608<tt class="literal">wins</tt> <tt class="literal">server</tt> parameter.</p> 609 610 611</div> 612 613 614 615<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.2"/> 616 617<a name="INDEX-26"/><h3 class="head3">wins server</h3> 618 619<p>Samba will use an existing WINS server on the network if you specify 620the <tt class="literal">wins</tt> <tt class="literal">server</tt> global option 621in your configuration file. The value of this option is either the IP 622address or DNS name (not NetBIOS name) of the WINS server. For 623example:</p> 624 625<blockquote><pre class="code">[global] 626 wins server = 172.16.220.110</pre></blockquote> 627 628<p>or:</p> 629 630<blockquote><pre class="code">[global] 631 wins server = wins.metran.cx</pre></blockquote> 632 633<p>For this option to work, the <tt class="literal">wins</tt> 634<tt class="literal">support</tt> option must be set to 635<tt class="literal">no</tt> (the default). Otherwise, Samba will report an 636error. You can specify only one WINS server using this option.</p> 637 638 639</div> 640 641 642 643<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.3"/> 644 645<a name="INDEX-27"/><h3 class="head3">wins proxy</h3> 646 647<p>This option allows Samba to act as a proxy to another WINS server, 648and thus relay name registration and resolution requests from itself 649to the real WINS server, often outside the current subnet. The WINS 650server can be indicated through the <tt class="literal">wins</tt> 651<tt class="literal">server</tt> option. The proxy will then return the WINS 652response back to the client. You can enable this option by specifying 653the following in the <tt class="literal">[global]</tt> section:</p> 654 655<blockquote><pre class="code">[global] 656 wins proxy = yes</pre></blockquote> 657 658 659</div> 660 661 662 663<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.4"/> 664 665<a name="INDEX-28"/><h3 class="head3">wins hook</h3> 666 667<p>This option allows you to run a script or other program whenever the 668WINS database is modified. One application might be to set up another 669Samba server to act as a backup for another Samba WINS server. This 670is done by having the <tt class="literal">wins</tt> <tt class="literal">hook</tt> 671script call <em class="emphasis">rsync</em> to synchronize the WINS 672databases (<em class="filename">/usr/local/samba/var/locks/wins.dat</em>) 673on the two systems whenever an entry is added or deleted. The script 674would be specified in the Samba configuration file like this:</p> 675 676<blockquote><pre class="code">[global] 677 wins hook = /usr/local/bin/sync_wins</pre></blockquote> 678 679 680</div> 681 682 683 684<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.5"/> 685 686<a name="INDEX-29"/><h3 class="head3">dns proxy</h3> 687 688<p>If you want the DNS to be used if a NetBIOS name 689isn't found in WINS, you can set the following 690option:</p> 691 692<blockquote><pre class="code">[global] 693 dns proxy = yes</pre></blockquote> 694 695<p>This will permit <em class="filename">nmbd</em> to query the 696server's standard DNS. You might wish to deactivate 697this option if you do not have a permanent connection to your DNS 698server. This option should not be used in place of a DNS server on 699your network; it is intended for resolving NetBIOS names rather than 700fully qualified Internet domain names.</p> 701 702 703</div> 704 705 706 707<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.6"/> 708 709<h3 class="head3">name resolve order</h3> 710 711<p>The global <tt class="literal">name</tt><a name="INDEX-30"/> 712<tt class="literal">resolve</tt> <tt class="literal">order</tt> option specifies 713the order of services that Samba will use in performing name 714resolution. The default order is to use the 715<em class="emphasis">lmhosts</em> file, followed by standard Unix 716name-resolution methods (some combination of 717<em class="filename">/etc/hosts</em>, DNS, and NIS), then to query a WINS 718server, and finally to use broadcasting to determine the address of a 719NetBIOS name. You can override this option by specifying something 720like the following:</p> 721 722<blockquote><pre class="code">[global] 723 name resolve order = lmhosts wins hosts bcast</pre></blockquote> 724 725<p>This causes resolution to use the <em class="emphasis">lmhosts</em> file 726first, followed by a query to a WINS server, the 727<em class="filename">/etc/hosts</em> file, and finally broadcasting. You 728need not use all four options. This option is covered in more detail 729in <a href="ch07.html#samba2-CHP-7-SECT-1.4">Section 7.1.4</a>, 730earlier in this chapter.</p> 731 732 733</div> 734 735 736 737<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.7"/> 738 739<a name="INDEX-31"/><h3 class="head3">max ttl</h3> 740 741<p>This option is used when Samba is not acting as a WINS server but is 742using another system on the network for its WINS server. It sets the 743maximum T T L for NetBIOS names registered by the Samba server with 744the WINS server. You should never need to alter this value.</p> 745 746 747</div> 748 749 750 751<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.8"/> 752 753<a name="INDEX-32"/><h3 class="head3">max wins ttl</h3> 754 755<p>This option is used when Samba is providing WINS name service, and it 756sets the maximum T T L for NetBIOS names registered with Samba. You 757should never need to change this value from its default.</p> 758 759 760</div> 761 762 763 764<div class="sect3"><a name="samba2-CHP-7-SECT-1.6.9"/> 765 766<a name="INDEX-33"/><h3 class="head3">min wins ttl</h3> 767 768<p>This option is used when Samba is providing WINS name service, and it 769sets the minimum T T L for NetBIOS names registered with Samba. You 770should never need to alter this value from its default. <a name="INDEX-34"/> <a name="INDEX-35"/> <a name="INDEX-36"/></p> 771 772 773</div> 774 775 776</div> 777 778 779</div> 780 781 782 783<div class="sect1"><a name="samba2-CHP-7-SECT-2"/> 784 785<h2 class="head1">Browsing</h2> 786 787<p><a name="INDEX-37"/>Browsing 788was developed by Microsoft to help users find shared resources on the 789network. In a networked computing environment where users can add or 790remove shares at any time, it is important to have some automatic 791means of keeping track of the shared resources and allowing users to 792"browse" through them to find the 793ones they wish to use.</p> 794 795<p>Before browsing was added to SMB networking, when anyone added a new 796share, the people with whom they wished to share the data or printer 797would have to be informed of the share's UNC, using 798some relatively low-tech method such as speaking to them in person or 799over the phone, or sending email. Already, this was very inconvenient 800in large organizations. To further complicate matters, the users 801working on client computers had to type in the 802share's UNC to connect to it. The only way to get 803around typing in the share's UNC every time it was 804used was to map a network drive to it, and with a large number of 805shares on the network, this could easily get out of hand.</p> 806 807 808<div class="sect2"><a name="samba2-CHP-7-SECT-2.1"/> 809 810<h3 class="head2">Browsing in a Windows Network</h3> 811 812<p><a name="INDEX-38"/>To keep things simple, we will 813first describe network browsing in a network that contains only 814Windows systems and then show you how to add a Samba server.</p> 815 816<p>The basic way browsing works is that one computer in the network 817takes on the role of the <em class="firstterm">master 818browser</em><a name="INDEX-39"/> (also 819called <em class="firstterm">local master 820browser</em><a name="INDEX-40"/>,<em class="firstterm"> browse 821master</em><a name="INDEX-41"/>, or 822<em class="firstterm">browse server</em><a name="INDEX-42"/>) and 823keeps a list of all the computers on the local subnet that are acting 824as SMB servers. The list of computers is called the <em class="firstterm">browse 825list</em><a name="INDEX-43"/> and includes all Samba servers, Windows 826NT/2000/XP systems, and any Windows 95/98/Me systems that have the 827"File and printer sharing for Microsoft 828Networks" networking component installed. The browse 829list also contains the names of all workgroups and domains. At this 830level, browsing is limited to the local subnet because the browsing 831protocol depends on broadcast packets, which are typically not 832forwarded to other subnets by routers.</p> 833 834<p>A user at any Windows system can view the browse list by opening up 835the Network Neighborhood (or My Network Places), as we showed you in 836<a href="ch01.html">Chapter 1</a>. Or, the <em class="emphasis">net 837view</em><a name="INDEX-44"/> command can be used from a Windows 838command prompt:</p> 839 840<blockquote><pre class="code">C:\><tt class="userinput"><b>net view</b></tt> 841Server Name Remark 842 843------------------------------------------------------------------------------- 844\\MAYA Windows 98 845\\MIXTEC Samba 2.2.5 846\\OLMEC Windows XP Pro on Pentium/ASUS 847\\TOLTEC Samba 2.2.5 848\\YAQUI Windows 95 on mixtec/VMware 849\\ZAPOTEC 850The command completed successfully.</pre></blockquote> 851 852<p>Then, <em class="emphasis">net view</em> can be used with a computer name 853as an argument to contact a server directly and list the resources it 854is sharing:</p> 855 856<blockquote><pre class="code">C:\><tt class="userinput"><b>net view \\maya</b></tt> 857Shared resources at \\maya 858 859Windows 98 860 861Share name Type Used as Comment 862 863------------------------------------------------------------------------------- 864D Disk 865E Disk 866HP Print 867The command completed successfully.</pre></blockquote> 868 869<p>The computers on the network involved in browsing are more than just 870the master browser and its clients. There are also backup browsers, 871which maintain copies of the browse list and respond to client 872requests for it. Backup browsers are therefore able to take over the 873role of master browser seamlessly in case it fails. The master 874browser usually doesn't serve the browse list 875directly to clients. Instead, its job is mainly to keep the master 876copy of the browse list up-to-date, and also periodically update the 877backup browsers. Clients are expected to get their copies of the 878browse list from backup browsers, selecting among them randomly to 879help to distribute the load on the backup browsers more evenly. 880Ideally, the interaction between any client and the master browser is 881limited to the client announcing when it joins or leaves the network 882(if it is a server) and requesting a list of backup browsers.</p> 883 884<p>There can be more than one <a name="INDEX-45"/>backup browser. A workgroup will have a 885backup browser if two or more computers are running Windows 95/98/Me 886or Windows NT Workstation (or another nonserver version of Windows 887NT/2000/XP) on the subnet. For every 32 additional computers, another 888backup browser is added.</p> 889 890<p>In a Windows NT domain, the <a name="INDEX-46"/>primary domain controller is 891always the local master browser, and if it fails, another Windows 892NT/2000 server (if one exists) will take over the role of local 893master browser. Other versions of Windows can function as backup 894browsers, but will never become a master browser if a Windows NT/2000 895server is available.</p> 896 897<p>In addition to acting as the local master browser, the primary domain 898controller also acts as the <em class="firstterm">domain master 899browser</em><a name="INDEX-47"/>, which ties subnets together and allows 900browse lists to be shared between master and backup browsers on 901separate subnets. This is how browsing is extended to function beyond 902the local subnet. Each subnet functions as a separate browsing 903entity, and the domain master browser synchronizes the master 904browsers of each subnet. In a Windows-only network, browsing cannot 905function across subnets unless a Windows NT/2000 PDC exists on the 906network. Samba can act as a domain master browser and can perform 907that task even in a workgroup network, which means that the Windows 908PDC is not required for this task. (It is also possible to use the 909<tt class="literal">remote</tt> <tt class="literal">browse</tt> 910<tt class="literal">sync</tt> parameter to configure a Samba server to 911synchronize its browse list with a Samba server on another subnet. In 912this case, each server must be acting as the local master browser of 913its subnet.)</p> 914 915<p>Unless it is configured never to act as a browser, each computer on 916the subnet is considered a <em class="firstterm">potential browser</em> 917and can be ordered by the browse master to become a backup browser, 918or it can identify itself as a backup browser and accept the role on 919its own.</p> 920 921 922</div> 923 924 925<div class="sect2"><a name="samba2-CHP-7-SECT-2.2"/> 926 927<h3 class="head2">Browser Elections</h3> 928 929<p><a name="INDEX-48"/>When no master browser is running on 930the subnet, potential browsers choose a new master browser among 931themselves in a process called an <em class="firstterm">election</em>. An 932election is started by a computer in the subnet when it discovers 933that no master browser is currently running. If a master browser is 934shut down gracefully, it will broadcast an election request datagram, 935initiating an election by the remaining computers. If the master 936browser fails, the election can be started by a client computer that 937requests a list of backup browsers from the master browser or by a 938backup browser that requests to have its browse list updated from the 939master browser. In each case, the system fails to receive a reply 940from the master browser and initiates the election.</p> 941 942<p>Browser elections are decided in multiple rounds of self-elimination. 943During each round, potential browsers broadcast election request 944datagrams containing their qualifications to notify other potential 945browsers that an election is happening and that if the recipient is 946more qualified, it should also broadcast a bid. When a potential 947browser receives an election request datagram from a more qualified 948opponent, it drops out, disqualifying itself from becoming the master 949browser. Otherwise, it responds with its own election request 950datagram. After a few rounds, only one potential browser is left in 951the election. After an additional four rounds of sending out an 952election request datagram and receiving no response, it becomes the 953master browser and sends a broadcast datagram announcing itself as 954the local master browser for the subnet. It then assigns runners-up 955in the election as backup browsers, as needed.</p> 956 957<p>A potential browser's qualifications include the 958following:</p> 959 960<ul><li> 961<p>Whether it has recently lost an election</p> 962</li><li> 963<p>The version of the election protocol it is running</p> 964</li><li> 965<p>Its election criteria</p> 966</li><li> 967<p>The amount of time the system has been up</p> 968</li><li> 969<p>The computer's NetBIOS name</p> 970</li></ul> 971<p>If the potential browser has lost an election recently, it 972immediately disqualifies itself. The version of the election protocol 973it is running is checked, but so far, all Windows systems (and Samba) 974use the same election protocol, so the check is not very meaningful. 975The election criteria are usually what determine which computer 976becomes the local master browser. There are two parts to the election 977criteria, shown in Tables <a href="ch07.html#samba2-CHP-7-TABLE-2">Table 7-2</a> and <a href="ch07.html#samba2-CHP-7-TABLE-3">Table 7-3</a>.</p> 978 979<a name="samba2-CHP-7-TABLE-2"/><h4 class="head4">Table 7-2. Operating-system values in an election</h4><table border="1"> 980 981 982 983<tr> 984<th> 985<p>Operating system</p> 986</th> 987<th> 988<p>Value</p> 989</th> 990</tr> 991 992 993<tr> 994<td> 995<p>Windows NT/2000 Server, running as PDC</p> 996</td> 997<td> 998<p>32</p> 999</td> 1000</tr> 1001<tr> 1002<td> 1003<p>Windows NT/2000/XP, if not the PDC</p> 1004</td> 1005<td> 1006<p>16</p> 1007</td> 1008</tr> 1009<tr> 1010<td> 1011<p>Windows 95/98/Me</p> 1012</td> 1013<td> 1014<p>1</p> 1015</td> 1016</tr> 1017<tr> 1018<td> 1019<p>Windows for Workgroups</p> 1020</td> 1021<td> 1022<p>1</p> 1023</td> 1024</tr> 1025 1026</table> 1027 1028<a name="samba2-CHP-7-TABLE-3"/><h4 class="head4">Table 7-3. Computer-role settings in an election</h4><table border="1"> 1029 1030 1031 1032<tr> 1033<th> 1034<p>Role</p> 1035</th> 1036<th> 1037<p>Value</p> 1038</th> 1039</tr> 1040 1041 1042<tr> 1043<td> 1044<p>Domain master browser</p> 1045</td> 1046<td> 1047<p>128</p> 1048</td> 1049</tr> 1050<tr> 1051<td> 1052<p>WINS client</p> 1053</td> 1054<td> 1055<p>32</p> 1056</td> 1057</tr> 1058<tr> 1059<td> 1060<p>Preferred master</p> 1061</td> 1062<td> 1063<p>8</p> 1064</td> 1065</tr> 1066<tr> 1067<td> 1068<p>Running master</p> 1069</td> 1070<td> 1071<p>4</p> 1072</td> 1073</tr> 1074<tr> 1075<td> 1076<p>Recent backup browser</p> 1077</td> 1078<td> 1079<p>2</p> 1080</td> 1081</tr> 1082<tr> 1083<td> 1084<p>Backup browser</p> 1085</td> 1086<td> 1087<p>1</p> 1088</td> 1089</tr> 1090 1091</table> 1092 1093<p>The operating-system type is compared first, and the system with the 1094highest value wins. The values have been chosen to cause the primary 1095domain controller, if there is one, to become the local master 1096browser. Otherwise, a Windows NT/2000/XP system will win over a 1097Windows for Workgroups or Windows 95/98/Me system.</p> 1098 1099<p>When an operating-system type comparison results in a tie, the role 1100of the computer is compared. A computer can have more than one of the 1101values in <a href="ch07.html#samba2-CHP-7-TABLE-3">Table 7-3</a>, in which case the values are 1102added.</p> 1103 1104<p>A domain master browser has a role value of 128 to weight the 1105election so heavily in its favor that it will also become the local 1106master browser on its own subnet. Although the primary domain 1107controller (which is always the domain master browser) will win the 1108election based solely on its operating system value, sometimes there 1109is no primary domain controller on the network, and the domain master 1110browser would not otherwise be distinguished from other potential 1111browsers.</p> 1112 1113<p>Systems that are using a WINS server for name resolution are weighted 1114heavily over ones that use broadcast name resolution with a role 1115value of 32.</p> 1116 1117<p>A <em class="firstterm">preferred master</em> is a computer that has been 1118selected and configured manually by a system administrator to be 1119favored as the choice master browser. When a preferred master starts 1120up, it forces a browser election, even if an existing master browser 1121is still active. A preferred master has a role value of 8, and the 1122existing master browser gets a value of 4.</p> 1123 1124<p>A backup browser that has recently been a master browser and still 1125has an up-to-date browse list is given a role value of 2, and a 1126potential browser that has been running as a backup browser gets a 1127value of 1.</p> 1128 1129<p>If comparing the operating-system type and role results in a tie, the 1130computer that has been running the longest wins. In the unlikely 1131event that the two have been up for the same amount of time, the 1132computer that wins is the one with the NetBIOS name that sorts first 1133alphabetically.</p> 1134 1135<p>You can tell if a machine is a local master browser by using the 1136Windows <em class="emphasis">nbtstat</em><a name="INDEX-49"/> command. Place the NetBIOS name of the 1137machine you wish to check after the <em class="emphasis">-a</em> option:</p> 1138 1139<blockquote><pre class="code">C:\><tt class="userinput"><b>nbtstat -a toltec</b></tt> 1140 1141Local Area Connection: 1142Node IpAddress: [172.16.1.4] Scope Id: [] 1143 1144 NetBIOS Remote Machine Name Table 1145 1146 Name Type Status 1147 --------------------------------------------- 1148 TOLTEC <00> UNIQUE Registered 1149 TOLTEC <03> UNIQUE Registered 1150 TOLTEC <20> UNIQUE Registered 1151 ..__MSBROWSE__.<01> GROUP Registered 1152 METRAN <00> GROUP Registered 1153 METRAN <1B> UNIQUE Registered 1154 METRAN <1C> GROUP Registered 1155 METRAN <1D> UNIQUE Registered 1156 METRAN <1E> GROUP Registered 1157 1158 MAC Address = 00-00-00-00-00-00</pre></blockquote> 1159 1160<p>The resource entry that you're looking for is 1161<tt class="literal">.._ _MSBROWSE_ _.<01></tt><a name="INDEX-50"/>. This indicates 1162that the server is currently acting as the local master browser for 1163the current subnet. If the machine is a Samba server, you can check 1164the Samba <em class="filename">nmbd</em> log file for an entry such as:</p> 1165 1166<blockquote><pre class="code">nmbd/nmbd_become_lmb.c:become_local_master_stage2(406) 1167***** 1168Samba name server TOLTEC is now a local master browser for 1169workgroup METRAN on subnet 172.16.1.0</pre></blockquote> 1170 1171<p>Or, you can use the 1172<em class="emphasis">nmblookup</em><a name="INDEX-51"/> command with the 1173<em class="emphasis">-M</em> option and the workgroup or domain name on 1174any Samba server to find the IP address of the local master:</p> 1175 1176<a name="INDEX-52"/><blockquote><pre class="code">$ <tt class="userinput"><b>nmblookup -M metran</b></tt> 1177querying metran on 172.16.1.255 1178172.16.1.1 metran<1d></pre></blockquote> 1179 1180 1181</div> 1182 1183 1184<div class="sect2"><a name="samba2-CHP-7-SECT-2.3"/> 1185 1186<h3 class="head2">Server Announcements</h3> 1187 1188<p><a name="INDEX-53"/>After 1189the master browser election is decided, each server on the network 1190announces itself to the network to allow the master and backup 1191browsers to build their browse lists. At first, the server 1192announcements happen every minute, but the interval is gradually 1193stretched out to every 12 minutes. When a server is shut down 1194gracefully, it sends an announcement that it is going offline to 1195allow the master and backup browsers to remove it from the browse 1196list. However, when a server goes offline by crashing or by some 1197other failure, the master browser notices its disappearance only 1198because it stops receiving server announcements. The master browser 1199waits for three of the server's announcement periods 1200before deciding that it is offline, which can take up to 36 minutes. 1201Because backup browsers have their browse lists updated from the 1202master browser once every 15 minutes, it can take up to 51 minutes 1203for clients to be informed of a failed server.</p> 1204 1205<p>For more detailed information on Microsoft's 1206browsing protocols, consult the Microsoft documents 1207<em class="citetitle">Browsing and Windows 95 1208Networking</em><a name="INDEX-54"/> and 1209<em class="citetitle">CIFS/E Browser Protocol</em>. You can find these by 1210searching for the titles on the Microsoft web site at <a href="http://www.microsoft.com">http://www.microsoft.com</a>.</p> 1211 1212<p>More information on configuring Samba for browsing can be found in 1213<em class="filename">BROWSING.txt</em><a name="INDEX-55"/> and 1214<em class="filename">BROWSING-Config.txt</em> in the Samba 1215distribution's <em class="filename">docs/textdocs</em> 1216directory. <a name="INDEX-56"/></p> 1217 1218 1219</div> 1220 1221 1222<div class="sect2"><a name="samba2-CHP-7-SECT-2.4"/> 1223 1224<h3 class="head2">Configuring Samba for Browsing</h3> 1225 1226<p><a name="INDEX-57"/><a name="INDEX-58"/><a name="INDEX-59"/>Samba has full support for browsing 1227and can participate as a master browser, a backup browser, a domain 1228master browser, a potential browser, or just a server that 1229doesn't participate in browsing elections. If you 1230want to make sure your Samba server never becomes a master or backup 1231browser, simply set:</p> 1232 1233<a name="INDEX-60"/><blockquote><pre class="code">[global] 1234 local master = no</pre></blockquote> 1235 1236<p>Usually, you will want Samba to be available as a local master or at 1237least a backup browser. In the simplest case, you 1238don't need to do anything because 1239Samba's default is to participate in browsing 1240elections with its operating system value set to 20, which will beat 1241any Windows system less than a Windows NT/2000 primary domain 1242controller (see <a href="ch07.html#samba2-CHP-7-TABLE-2">Table 7-2</a>). The operating-system 1243value Samba reports for itself in browser elections can be set using 1244the <tt class="literal">os</tt><a name="INDEX-61"/> <tt class="literal">level</tt> 1245parameter:</p> 1246 1247<blockquote><pre class="code">[global] 1248 os level = 33</pre></blockquote> 1249 1250<p>The preceding value will allow Samba to beat even a Windows 2000 1251Advanced Server acting as a primary domain controller. As we show in 1252the following section, though, forcing Samba to win this way is not 1253recommended.</p> 1254 1255<p>If you want to allow a Windows XP Professional system to be the 1256master browser, you would need to set Samba lower:</p> 1257 1258<blockquote><pre class="code">[global] 1259 os level = 8</pre></blockquote> 1260 1261<p>The maximum value for <tt class="literal">os</tt> <tt class="literal">level</tt> 1262is 255 because it is handled as an 8-bit unsigned integer. Supposing 1263we wanted to make absolutely sure our Samba server will be the local 1264master browser at all times, we might say:</p> 1265 1266<blockquote><pre class="code">[global] 1267 local master = yes 1268 os level = 255 1269 preferred master = yes</pre></blockquote> 1270 1271<p>The addition of the 1272<tt class="literal">preferred</tt><a name="INDEX-62"/> 1273<tt class="literal">master</tt> parameter causes Samba to start a browser 1274election as soon as it starts up, and the <tt class="literal">os</tt> 1275<tt class="literal">level</tt> of 255 allows it to beat any other system on 1276the network. This includes other Samba servers, assuming they are 1277configured properly! If another server is using a similar 1278configuration file (with <tt class="literal">os</tt> 1279<tt class="literal">level</tt> <tt class="literal">=</tt> <tt class="literal">255</tt> 1280and <tt class="literal">preferred</tt> <tt class="literal">master</tt> 1281<tt class="literal">=</tt> <tt class="literal">yes</tt>), the two will fight each 1282other for the master browser role, winning elections based on minor 1283criteria, such as uptime or their current role. To avoid this, other 1284Samba servers should be set with a lower <tt class="literal">os</tt> 1285<tt class="literal">level</tt> and not configured to be the preferred 1286master.</p> 1287 1288 1289</div> 1290 1291 1292<div class="sect2"><a name="samba2-CHP-7-SECT-2.5"/> 1293 1294<h3 class="head2">Samba as the Domain Master Browser</h3> 1295 1296<p><a name="INDEX-63"/>Previously we mentioned that for a Windows 1297workgroup or domain to extend into multiple subnets, one system would 1298have to take the role of the domain master browser. The domain master 1299browser propagates browse lists across each subnet in the workgroup. 1300This works because each local master browser periodically 1301synchronizes its browse list with the domain master browser. During 1302this synchronization, the local master browser passes on the name of 1303any server that the domain master browser does not have in its browse 1304list, and vice versa. Each local master browser eventually holds the 1305browse list for the entire domain.</p> 1306 1307<p>There is no election to determine which machine assumes the role of 1308the domain master browser. Instead, the administrator has to set it 1309manually. By Microsoft design, however, the domain master browser and 1310the PDC both register a resource type of <1B>, so the 1311roles—and the machines—are inseparable.</p> 1312 1313<p>If you have a Windows NT server on the network acting as a PDC, we 1314recommend that you do not try to use Samba to become the domain 1315master browser. The reverse is true as well: if Samba is taking on 1316the responsibilities of a PDC, we recommend making it the domain 1317master browser as well. Although it is possible to split the roles 1318with Samba, this is not a good idea. Using two different machines to 1319serve as the PDC and the domain master browser can cause random 1320errors to occur in a Windows workgroup.</p> 1321 1322<p>Samba can assume the role of a domain master browser for all subnets 1323in the workgroup with the following options:</p> 1324 1325<blockquote><pre class="code">[global] 1326 domain master = yes 1327 preferred master = yes 1328 local master = yes 1329 os level = 255</pre></blockquote> 1330 1331<p>The final three parameters ensure that the server is also the local 1332master browser, which is vital for it to work properly as the domain 1333master browser. You can verify that a Samba machine is in fact the 1334<a name="INDEX-64"/>domain master browser by checking the 1335<em class="emphasis">nmbd</em><a name="INDEX-65"/><a name="INDEX-66"/> log file:</p> 1336 1337<blockquote><pre class="code">nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118) 1338***** 1339Samba name server TOLTEC is now a domain master browser for 1340workgroup METRAN on subnet 172.16.1.0</pre></blockquote> 1341 1342<p>Or you can use the 1343<em class="emphasis">nmblookup</em><a name="INDEX-67"/> command that comes with the Samba 1344distribution to query for a unique <1B> resource type in the 1345workgroup:</p> 1346 1347<blockquote><pre class="code"># <tt class="userinput"><b>nmblookup METRAN#1B</b></tt> 1348Sending queries to 172.16.1.255 1349172.16.1.1 METRAN<1b></pre></blockquote> 1350 1351 1352<div class="sect3"><a name="samba2-CHP-7-SECT-2.5.1"/> 1353 1354<h3 class="head3">Multiple subnets</h3> 1355 1356<p><a name="INDEX-68"/>You must 1357remember three rules when creating a 1358<a name="INDEX-69"/>workgroup/domain 1359that spans more than one subnet:</p> 1360 1361<ul><li> 1362<p>You must have either a Windows NT/2000 or Samba server acting as a 1363local master browser on each subnet in the workgroup/domain.</p> 1364</li><li> 1365<p>You must have a Windows NT/2000 Server edition or a Samba server 1366acting as a domain master browser somewhere in the workgroup/domain.</p> 1367</li><li> 1368<p>A WINS server should be on the network, with each system on the 1369network configured to use it for name resolution.</p> 1370</li></ul> 1371<p>Samba has some additional features you can use if you 1372don't have or want a domain master browser on your 1373network and still need to have <a name="INDEX-70"/>cross-subnet browsing. Consider the 1374subnets shown in <a href="ch07.html#samba2-CHP-7-FIG-1">Figure 7-1</a>.</p> 1375 1376<div class="figure"><a name="samba2-CHP-7-FIG-1"/><a name="INDEX-71"/><a name="INDEX-72"/><img src="figs/sam2_0701.gif"/></div><h4 class="head4">Figure 7-1. Multiple subnets with Samba servers</h4> 1377 1378<p>First, a Samba server that is a local master browser can use the 1379<tt class="literal">remote</tt><a name="INDEX-73"/> <tt class="literal">announce</tt> 1380configuration option to make sure that computers in different subnets 1381are sent broadcast announcements about the server. This has the 1382effect of ensuring that the Samba server appears in the browse lists 1383of foreign subnets. To achieve this, however, the directed broadcasts 1384must reach the local master browser on the other subnet. Be aware 1385that many routers do not allow directed broadcasts by default; you 1386might have to change this setting on the router for the directed 1387broadcasts to get through to its subnet.</p> 1388 1389<p>With the <tt class="literal">remote</tt> <tt class="literal">announce</tt> 1390option, list the subnets and the workgroup that should receive the 1391broadcast. For example, to ensure that machines in the 172.16.2 and 1392172.16.3 subnets and the METRAN workgroup are sent broadcast 1393information from our Samba server, we could specify the following:</p> 1394 1395<blockquote><pre class="code">[global] 1396 remote announce = 172.16.2.255/METRAN \ 1397 172.16.3.255/METRAN</pre></blockquote> 1398 1399<p>Instead of supplying a broadcast address of the remote subnet, you 1400are allowed to specify the exact address where broadcasts should be 1401sent if the local master browser on the foreign subnet is guaranteed 1402to always have the same IP address.</p> 1403 1404<p>A Samba local master browser can synchronize its browse list directly 1405with one or more Samba servers, each acting as a local master browser 1406on a different subnet. This is another way to implement browsing 1407across subnets. For example, let's assume that Samba 1408is configured as a local master browser, and Samba local master 1409browsers exist at 172.16.2.130 and 172.16.3.120. We can use the 1410<tt class="literal">remote</tt> <tt class="literal">browse</tt> 1411<tt class="literal">sync</tt> option to sync directly with the Samba 1412servers, as follows:</p> 1413 1414<blockquote><pre class="code">[global] 1415 remote browse sync = 172.16.2.130 172.16.3.120</pre></blockquote> 1416 1417<p>For this to work, the other Samba machines must also be local master 1418browsers. You can also use directed broadcasts with this option if 1419you do not know specific IP addresses of local master browsers.</p> 1420 1421 1422</div> 1423 1424 1425</div> 1426 1427 1428<div class="sect2"><a name="samba2-CHP-7-SECT-2.6"/> 1429 1430<h3 class="head2">Making a Share Invisible</h3> 1431 1432<p><a name="INDEX-74"/><a name="INDEX-75"/><a name="INDEX-76"/>You can keep a share from being in the 1433browse list by using the 1434<tt class="literal">browsable</tt><a name="INDEX-77"/> option. This Boolean option 1435prevents a share from being seen in the Network Neighborhood or My 1436Network Places. For example, to prevent the <tt class="literal">[data]</tt> 1437share from being visible, we could write:</p> 1438 1439<blockquote><pre class="code">[data] 1440 path = /export/samba/userdata 1441 browsable = no</pre></blockquote> 1442 1443<p>Although you typically don't want to do this to an 1444ordinary disk share, the <tt class="literal">browsable</tt> option is 1445useful in the event that you need to create a share with contents 1446that you do not want others to see, such as a 1447<tt class="literal">[netlogon]</tt><a name="INDEX-78"/> share for storing logon scripts 1448for Windows domain control (see <a href="ch04.html">Chapter 4</a> for more 1449information on logon scripts).</p> 1450 1451<p>Another example is the 1452<tt class="literal">[homes]</tt><a name="INDEX-79"/> share. This share is often marked 1453nonbrowsable so that a share named <tt class="literal">[homes]</tt> 1454won't appear when its machine's 1455resources are browsed. However, if a user <tt class="literal">alice</tt> 1456logs on and looks at the machine's shares, an 1457<tt class="literal">[alice]</tt> share will appear under the machine.</p> 1458 1459<p>What if we wanted to make sure 1460<tt class="literal">alice</tt>'s share appeared to 1461everyone before she logs on? This could be done with the global 1462<tt class="literal">auto</tt><a name="INDEX-80"/> <tt class="literal">services</tt> 1463option. This option preloads shares into the browse list to ensure 1464that they are always visible:</p> 1465 1466<blockquote><pre class="code">[global] 1467 auto services = alice</pre></blockquote> 1468 1469 1470</div> 1471 1472 1473<div class="sect2"><a name="samba2-CHP-7-SECT-2.7"/> 1474 1475<h3 class="head2">Browsing Options</h3> 1476 1477<p><a href="ch07.html#samba2-CHP-7-TABLE-4">Table 7-4</a> <a name="INDEX-81"/><a name="INDEX-82"/>shows 1478options that define how Samba handles browsing tasks.</p> 1479 1480<a name="samba2-CHP-7-TABLE-4"/><h4 class="head4">Table 7-4. Browsing configuration options</h4><table border="1"> 1481 1482 1483 1484 1485 1486 1487<tr> 1488<th> 1489<p>Option</p> 1490</th> 1491<th> 1492<p>Parameters</p> 1493</th> 1494<th> 1495<p>Function</p> 1496</th> 1497<th> 1498<p>Default</p> 1499</th> 1500<th> 1501<p>Scope</p> 1502</th> 1503</tr> 1504 1505 1506<tr> 1507<td> 1508<p><tt class="literal">announce as</tt></p> 1509</td> 1510<td> 1511<p>string</p> 1512</td> 1513<td> 1514<p>Operating system that Samba will announce itself as.</p> 1515</td> 1516<td> 1517<p><tt class="literal">N T Server</tt></p> 1518</td> 1519<td> 1520<p>Global</p> 1521</td> 1522</tr> 1523<tr> 1524<td> 1525<p><tt class="literal">announce</tt> <tt class="literal">version</tt></p> 1526</td> 1527<td> 1528<p>numeric</p> 1529</td> 1530<td> 1531<p>Version of the operating system that Samba will announce itself as.</p> 1532</td> 1533<td> 1534<p><tt class="literal">4.5</tt></p> 1535</td> 1536<td> 1537<p>Global</p> 1538</td> 1539</tr> 1540<tr> 1541<td> 1542<p><tt class="literal">browsable</tt> <tt class="literal">(browseable)</tt></p> 1543</td> 1544<td> 1545<p>Boolean</p> 1546</td> 1547<td> 1548<p>Allows share to be displayed in list of machine resources.</p> 1549</td> 1550<td> 1551<p><tt class="literal">yes</tt></p> 1552</td> 1553<td> 1554<p>Share</p> 1555</td> 1556</tr> 1557<tr> 1558<td> 1559<p><tt class="literal">browse list</tt></p> 1560</td> 1561<td> 1562<p>Boolean</p> 1563</td> 1564<td> 1565<p>If <tt class="literal">yes</tt>, allows Samba to provide a browse list on 1566this server.</p> 1567</td> 1568<td> 1569<p><tt class="literal">yes</tt></p> 1570</td> 1571<td> 1572<p>Global</p> 1573</td> 1574</tr> 1575<tr> 1576<td> 1577<p><tt class="literal">auto services</tt> <tt class="literal">(preload)</tt></p> 1578</td> 1579<td> 1580<p>string (share list)</p> 1581</td> 1582<td> 1583<p>List of shares that will always appear in the browse list.</p> 1584</td> 1585<td> 1586<p>None</p> 1587</td> 1588<td> 1589<p>Global</p> 1590</td> 1591</tr> 1592<tr> 1593<td> 1594<p><tt class="literal">default</tt> <tt class="literal">service (default)</tt></p> 1595</td> 1596<td> 1597<p>string (share name)</p> 1598</td> 1599<td> 1600<p>Name of a share (service) that will be provided if the client 1601requests a share not listed in <em class="emphasis">smb.conf</em>.</p> 1602</td> 1603<td> 1604<p>None</p> 1605</td> 1606<td> 1607<p>Global</p> 1608</td> 1609</tr> 1610<tr> 1611<td> 1612<p><tt class="literal">local master</tt></p> 1613</td> 1614<td> 1615<p>Boolean</p> 1616</td> 1617<td> 1618<p>If <tt class="literal">yes</tt>, allows Samba to participate in browsing 1619elections.</p> 1620</td> 1621<td> 1622<p><tt class="literal">yes</tt></p> 1623</td> 1624<td> 1625<p>Global</p> 1626</td> 1627</tr> 1628<tr> 1629<td> 1630<p><tt class="literal">lm announce</tt></p> 1631</td> 1632<td> 1633<p><tt class="literal">yes</tt>, <tt class="literal">no</tt>, or 1634<tt class="literal">auto</tt></p> 1635</td> 1636<td> 1637<p>Enables or disables LAN Manager-style host announcements.</p> 1638</td> 1639<td> 1640<p><tt class="literal">auto</tt></p> 1641</td> 1642<td> 1643<p>Global</p> 1644</td> 1645</tr> 1646<tr> 1647<td> 1648<p><tt class="literal">lm interval</tt></p> 1649</td> 1650<td> 1651<p>numeric</p> 1652</td> 1653<td> 1654<p>Frequency in seconds that LAN Manager announcements will be made if 1655activated.</p> 1656</td> 1657<td> 1658<p><tt class="literal">60</tt></p> 1659</td> 1660<td> 1661<p>Global</p> 1662</td> 1663</tr> 1664<tr> 1665<td> 1666<p><tt class="literal">preferred</tt> <tt class="literal">master (prefered 1667master)</tt></p> 1668</td> 1669<td> 1670<p>Boolean</p> 1671</td> 1672<td> 1673<p>If <tt class="literal">yes</tt>, allows Samba to use the preferred master 1674browser bit to attempt to become the local master browser.</p> 1675</td> 1676<td> 1677<p><tt class="literal">no</tt></p> 1678</td> 1679<td> 1680<p>Global</p> 1681</td> 1682</tr> 1683<tr> 1684<td> 1685<p><tt class="literal">domain master</tt></p> 1686</td> 1687<td> 1688<p>Boolean</p> 1689</td> 1690<td> 1691<p>If <tt class="literal">yes</tt>, allows Samba to become the domain browser 1692master for the workgroup or domain.</p> 1693</td> 1694<td> 1695<p><tt class="literal">no</tt></p> 1696</td> 1697<td> 1698<p>Global</p> 1699</td> 1700</tr> 1701<tr> 1702<td> 1703<p><tt class="literal">os level</tt></p> 1704</td> 1705<td> 1706<p>numeric</p> 1707</td> 1708<td> 1709<p>Operating system level of Samba in an election for local master 1710browser.</p> 1711</td> 1712<td> 1713<p><tt class="literal">0</tt></p> 1714</td> 1715<td> 1716<p>Global</p> 1717</td> 1718</tr> 1719<tr> 1720<td> 1721<p><tt class="literal">remote browse</tt> <tt class="literal">sync</tt></p> 1722</td> 1723<td> 1724<p>string (list of IP addresses)</p> 1725</td> 1726<td> 1727<p>Samba servers to synchronize browse lists with.</p> 1728</td> 1729<td> 1730<p>None</p> 1731</td> 1732<td> 1733<p>Global</p> 1734</td> 1735</tr> 1736<tr> 1737<td> 1738<p><tt class="literal">remote</tt> <tt class="literal">announce</tt></p> 1739</td> 1740<td> 1741<p>string (IP address/workgroup pairs)</p> 1742</td> 1743<td> 1744<p>Subnets and workgroups to send directed broadcast packets to, 1745allowing Samba to appear in their browse lists.</p> 1746</td> 1747<td> 1748<p>None</p> 1749</td> 1750<td> 1751<p>Global</p> 1752</td> 1753</tr> 1754 1755</table> 1756 1757 1758<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.1"/> 1759 1760<a name="INDEX-83"/><h3 class="head3">announce as</h3> 1761 1762<p>This global configuration option specifies the type of operating 1763system that Samba announces to other machines on the network. The 1764default value for this option is <tt class="literal">N T</tt> 1765<tt class="literal">Server</tt>, which causes Samba to masquerade as a 1766Windows NT Server operating system. Other possible values are 1767<tt class="literal">NT</tt>, <tt class="literal">NT</tt> 1768<tt class="literal">Workstation</tt>, <tt class="literal">Win95</tt>, and 1769<tt class="literal">W f W</tt> for a Windows for Workgroup operating 1770system. You can override the default value with the following:</p> 1771 1772<blockquote><pre class="code">[global] 1773 announce as = Win95</pre></blockquote> 1774 1775<p>We recommend against changing the default value of this configuration 1776option.</p> 1777 1778 1779</div> 1780 1781 1782 1783<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.2"/> 1784 1785<a name="INDEX-84"/><h3 class="head3">announce version</h3> 1786 1787<p>This global option is frequently used with the 1788<tt class="literal">announce</tt> <tt class="literal">as</tt> configuration 1789option; it specifies the version of the operating system that Samba 1790announces to other machines on the network. The default value of this 1791option is 4.5, which places Samba above Windows NT Version 4.0, but 1792below Windows 2000. You can specify a new value with a global entry 1793such as the following:</p> 1794 1795<blockquote><pre class="code">[global] 1796 announce version = 4.3</pre></blockquote> 1797 1798<p>We recommend against changing the default value of this configuration 1799option.</p> 1800 1801 1802</div> 1803 1804 1805 1806<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.3"/> 1807 1808<h3 class="head3">browsable</h3> 1809 1810<p>The <tt class="literal">browsable</tt><a name="INDEX-85"/> option (also spelled 1811<tt class="literal">browseable</tt>) indicates whether the share referenced 1812should appear in the list of available resources for the system on 1813which it resides. This option is always set to <tt class="literal">yes</tt> 1814by default. If you wish to prevent the share from being seen in a 1815client's browser, you can reset this option to 1816<tt class="literal">no</tt>.</p> 1817 1818<p>Note that this does not prevent someone from accessing the share 1819using other means, such as specifying a UNC location (e.g., 1820<tt class="literal">\\server\accounting)</tt> in Windows Explorer. It only 1821prevents the share from being listed under the 1822system's resources when being browsed.</p> 1823 1824 1825</div> 1826 1827 1828 1829<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.4"/> 1830 1831<a name="INDEX-86"/><h3 class="head3">browse list</h3> 1832 1833<p>You should never need to change this parameter from its default value 1834of <tt class="literal">yes</tt>. If your Samba server is acting as a local 1835master browser (i.e., it has won the browsing election), you can use 1836the global <tt class="literal">browse</tt> <tt class="literal">list</tt> option 1837to instruct Samba to provide or withhold its browse list to all 1838clients. By default, Samba always provides a browse list. You can 1839withhold this information by specifying the following:</p> 1840 1841<blockquote><pre class="code">[global] 1842 browse list = no</pre></blockquote> 1843 1844<p>If you disable the browse list, clients cannot browse the names of 1845other machines, their services, and other domains currently available 1846on the network. Note that this won't make any 1847particular machine inaccessible; if someone knows a valid machine 1848name/address and a share on that machine, he can still connect to it 1849explicitly using the Windows <em class="emphasis">net use</em> command or 1850by mapping a drive letter to it using Windows Explorer. It simply 1851prevents information in the browse list from being retrieved by any 1852client that requests it.</p> 1853 1854 1855</div> 1856 1857 1858 1859<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.5"/> 1860 1861<h3 class="head3">auto services</h3> 1862 1863<p>The global <tt class="literal">auto</tt><a name="INDEX-87"/> 1864<tt class="literal">services</tt> option, which is also called 1865<tt class="literal">preload</tt> <a name="INDEX-88"/>, ensures that the specified 1866shares are always visible in the browse list. One common use for this 1867option is to advertise specific user or printer shares that are 1868created by the <tt class="literal">[homes]</tt> or 1869<tt class="literal">[printers]</tt> shares, but are not otherwise 1870browsable.</p> 1871 1872<p>This option works best with disk shares. If you wish to force each of 1873your system printers (i.e., those listed in the printer capabilities 1874file) to appear in the browse list, we recommend using the 1875<tt class="literal">load</tt> <tt class="literal">printers</tt> option instead.</p> 1876 1877<p>Shares listed with the <tt class="literal">auto</tt> 1878<tt class="literal">services</tt> option will not be displayed if the 1879<tt class="literal">browse</tt> <tt class="literal">list</tt> option is set to 1880<tt class="literal">no</tt>.</p> 1881 1882 1883</div> 1884 1885 1886 1887<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.6"/> 1888 1889<h3 class="head3">default service</h3> 1890 1891<p>The global <tt class="literal">default</tt><a name="INDEX-89"/> 1892<tt class="literal">service</tt> option (sometimes called 1893<tt class="literal">default</tt>) names a 1894"last-ditch" share. The value is 1895set to an existing share name without the enclosing brackets. When a 1896client requests a nonexistent disk or printer share, Samba will 1897attempt to connect the user to the share specified by this option 1898instead. The option is specified as follows:</p> 1899 1900<blockquote><pre class="code">[global] 1901 default service = helpshare</pre></blockquote> 1902 1903<p>When Samba redirects the requested, nonexistent service to the 1904service specified by <tt class="literal">default</tt> 1905<tt class="literal">service</tt>, the <tt class="literal">%S</tt> option takes on 1906the value of the requested service, with any underscores ( 1907<tt class="literal">_</tt> ) in the requested service replaced by forward slashes 1908(<tt class="literal">/</tt>).</p> 1909 1910 1911</div> 1912 1913 1914 1915<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.7"/> 1916 1917<a name="INDEX-90"/><h3 class="head3">local master</h3> 1918 1919<p>This global option specifies whether Samba will attempt to become the 1920local master browser for the subnet when it starts up. If this option 1921is set to <tt class="literal">yes</tt>, Samba will participate in 1922elections. However, setting this option by itself does not guarantee 1923victory. (Other parameters, such as <tt class="literal">preferred</tt> 1924<tt class="literal">master</tt> and <tt class="literal">os</tt> 1925<tt class="literal">level</tt>, help Samba win browsing elections.) If this 1926option is set to <tt class="literal">no</tt>, Samba will lose all browsing 1927elections, regardless of which values are specified by the other 1928configuration options. The default value is <tt class="literal">yes</tt>.</p> 1929 1930 1931</div> 1932 1933 1934 1935<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.8"/> 1936 1937<h3 class="head3">lm announce</h3> 1938 1939<p>The global <tt class="literal">lm</tt><a name="INDEX-91"/> 1940<tt class="literal">announce</tt> option tells Samba's 1941<em class="emphasis">nmbd</em> whether to send <a name="INDEX-92"/>LAN Manager host 1942announcements on behalf of the server. These host announcements might 1943be required by older clients, such as IBM's OS/2 1944operating system. This announcement allows the server to be added to 1945the browse lists of the client. If activated, Samba will announce 1946itself repetitively at the number of seconds specified by the 1947<tt class="literal">lm</tt> <tt class="literal">interval</tt> option.</p> 1948 1949<p>You can specify the option as follows:</p> 1950 1951<blockquote><pre class="code">[global] 1952 lm announce = yes</pre></blockquote> 1953 1954<p>This configuration option takes the standard Boolean values, 1955<tt class="literal">yes</tt> and <tt class="literal">no</tt>, which enable or 1956disable LAN Manager announcements, respectively. In addition, a third 1957option, <tt class="literal">auto</tt>, causes <em class="emphasis">nmbd</em> to 1958listen passively for LAN Manager announcements, but not to send any 1959of its own initially. If LAN Manager announcements are detected for 1960another machine on the network, <em class="emphasis">nmbd</em> will start 1961sending its own LAN Manager announcements to ensure that it is 1962visible. The default value is <tt class="literal">auto</tt>. You probably 1963won't need to change this value from its default.</p> 1964 1965 1966</div> 1967 1968 1969 1970<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.9"/> 1971 1972<a name="INDEX-93"/><h3 class="head3">lm interval</h3> 1973 1974<p>This option, which is used in conjunction with <tt class="literal">lm</tt> 1975<tt class="literal">announce</tt>, indicates the number of seconds 1976<em class="emphasis">nmbd</em> will wait before repeatedly broadcasting 1977LAN Manager-style announcements. LAN Manager announcements must be 1978enabled for this option to work. The default value is 60 seconds. If 1979you set this value to 0, Samba will not send any LAN Manager host 1980announcements, regardless of the value of the <tt class="literal">lm</tt> 1981<tt class="literal">announce</tt> option. You can reset the value of this 1982option as follows:</p> 1983 1984<blockquote><pre class="code">[global] 1985 lm interval = 90</pre></blockquote> 1986 1987 1988</div> 1989 1990 1991 1992<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.10"/> 1993 1994<h3 class="head3">preferred master</h3> 1995 1996<p>The <tt class="literal">preferred</tt><a name="INDEX-94"/> 1997<tt class="literal">master</tt> option requests that Samba set the 1998preferred master bit when participating in an election. This gives 1999the server a higher preferred status in the workgroup than other 2000machines at the same operating-system level. If you are configuring 2001your Samba machine to become the local master browser, it is wise to 2002set the following value:</p> 2003 2004<blockquote><pre class="code">[global] 2005 preferred master = yes</pre></blockquote> 2006 2007<p>Otherwise, you should leave it set to its default, 2008<tt class="literal">no</tt>. If Samba is configured as a preferred master 2009browser, it will force an election when it first comes online.</p> 2010 2011 2012</div> 2013 2014 2015 2016<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.11"/> 2017 2018<a name="INDEX-95"/><h3 class="head3">domain master</h3> 2019 2020<p>If Samba is the primary domain controller for your workgroup or NT 2021domain, it should also be made the domain master browser. The domain 2022master browser is a special machine that has the NetBIOS resource 2023type <1B> and is used to propagate browse lists to and from 2024each local master browser in individual subnets across the domain. To 2025force Samba to become the <a name="INDEX-96"/>domain master browser, set the following in 2026the <tt class="literal">[global]</tt> section of the 2027<em class="filename">smb.conf</em>:</p> 2028 2029<blockquote><pre class="code">[global] 2030 domain master = yes</pre></blockquote> 2031 2032<p>If you have a Windows NT server on the network acting as a primary 2033domain controller (PDC), we recommend that you do not use Samba to 2034become the domain master browser. The reverse is true as well: if 2035Samba is taking on the responsibilities of a PDC, we recommend making 2036it the domain master browser. Splitting the PDC and the domain master 2037browser will cause unpredictable errors to occur on the network.</p> 2038 2039 2040</div> 2041 2042 2043 2044<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.12"/> 2045 2046<h3 class="head3">os level</h3> 2047 2048<p>The global <tt class="literal">os</tt><a name="INDEX-97"/> <tt class="literal">level</tt> option 2049defines the operating-system value with which Samba will masquerade 2050during a browser election. If you wish to have Samba win an election 2051and become the master browser, set the <tt class="literal">os</tt> 2052<tt class="literal">level</tt> higher than that of any other system on the 2053subnet. The values are shown in <a href="ch07.html#samba2-CHP-7-TABLE-2">Table 7-2</a>. The 2054default level is 20, which means that Samba will win elections 2055against all versions of Windows, except Windows NT/2000 if it is 2056operating as the PDC. If you wish Samba to win all elections, you can 2057set its operating system value as follows:</p> 2058 2059<blockquote><pre class="code">[global] 2060 os level = 255</pre></blockquote> 2061 2062 2063</div> 2064 2065 2066 2067<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.13"/> 2068 2069<h3 class="head3">remote browse sync</h3> 2070 2071<p>The global <tt class="literal">remote</tt><a name="INDEX-98"/> 2072<tt class="literal">browse</tt> <tt class="literal">sync</tt> option specifies 2073that Samba should synchronize its browse lists with local master 2074browsers in other subnets. However, the synchronization can occur 2075only with other Samba servers and not with Windows computers. For 2076example, if your Samba server were a master browser on the subnet 2077172.16.235, and Samba local master browsers existed on other subnets 2078located at 172.16.234.92 and 172.16.236.2, you would specify the 2079following:</p> 2080 2081<blockquote><pre class="code">[global] 2082 remote browse sync = 172.16.234.92 172.16.236.2</pre></blockquote> 2083 2084<p>The Samba server would then directly contact the other machines on 2085the address list and synchronize browse lists. You can also say:</p> 2086 2087<blockquote><pre class="code">[global] 2088 remote browse sync = 172.16.234.255 172.16.236.255</pre></blockquote> 2089 2090<p>This forces Samba to broadcast queries to determine the IP addresses 2091of the local master browser on each subnet, with which it will then 2092synchronize browse lists. This works, however, only if your router 2093doesn't block directed broadcast requests ending in 2094255.</p> 2095 2096 2097</div> 2098 2099 2100 2101<div class="sect3"><a name="samba2-CHP-7-SECT-2.7.14"/> 2102 2103<h3 class="head3">remote announce</h3> 2104 2105<p>Samba servers are capable of providing browse lists to foreign 2106subnets with the <tt class="literal">remote</tt><a name="INDEX-99"/> 2107<tt class="literal">announce</tt> option. This is typically sent to the 2108local master browser of the foreign subnet in question. However, if 2109you do not know the address of the local master browser, you can do 2110the following:</p> 2111 2112<blockquote><pre class="code">[global] 2113 remote announce = 172.16.234.255/ACCOUNTING \ 2114 172.16.236.255/ACCOUNTING</pre></blockquote> 2115 2116<p>With this, Samba will broadcast host announcements to all machines on 2117subnets 172.16.234 and 172.16.236, which will hopefully reach the 2118local master browser of the subnet.</p> 2119 2120<p>You can also specify exact IP addresses, if they are known, but this 2121works only if the systems are guaranteed to maintain the role of 2122master browser on their subnets. By appending a workgroup or domain 2123name to the IP address, Samba announces that it is in that workgroup 2124or domain. If this is left out, the workgroup set by the 2125<tt class="literal">workgroup</tt> parameter is used. <a name="INDEX-100"/> <a name="INDEX-101"/><a name="INDEX-102"/></p> 2126 2127 2128</div> 2129 2130 2131</div> 2132 2133 2134</div> 2135 2136<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> <p><a href="#FNPTR-1">[1]</a> As we explained in 2137<a href="ch01.html">Chapter 1</a>, a system can register under more than 2138one NetBIOS name. We use the singular here only to keep our 2139explanation simple.</p> </blockquote><hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html> 2140