samba - Jan 2011 - can connect to 2 samba servers by name but to one by IP only

I have a samba domain with a Samba 3.4.x PDC  (compiled from source on
Solaris 10) and two Samba 3.0.x BDC's (Sun-bundled Samba on Solaris 10.)
XP clients use DHCP.  When on the LAN, DHCP includes WINS server (the WINS
server is one of the Samba 3.0.x machines.)

 

We also have a VPN for remote client access for Windows XP machines.  XP
machines could include home PC's (not in the domain) or company laptops
(which are in the domain.)    The VPN client has a virtual network adapter,
which gets an IP address from the corporate DHCP server.  The IP address is
in the same private class C  as the machines on the network.   By default
the VPN is NOT configured relay Multicast or Windows Netbios Broadcast
packets.  Also,  VPN clients do NOT get a WINS server assigned.  I don't
actually want VPN users browsing for Windows shares or mapping network
drivers over the VPN.    VPN is typically for low-bandwidth friendly stuff
like RDP, HTTP and e-mail.    When on a VPN, you can't go to "My
Network
Places" and browse for servers.)  

 

 

None-the-less, users found they are able to access  (or map) network shares
by explicitly using the server name and share (e.g. via the Windows explorer
or the "net use" command.)       Which brings me to the
"problem."    When
accessing via VPN, users can access the samba 3.0.x BDC's via name.    But
they can NOT access the PDC by name.  They can access via the PDC's IP.
All 3 DC's have ports 139 and 445 open.  

 

 

C:\ >net use \\bdc1

The command completed successfully.

 

C:\ >net use \\bdc2

The command completed successfully.

 

 

C:\ >net use \\pdc1

System error 67 has occurred.

 

The network name cannot be found.

 

 

C:\ >net use \\192.168.x.y

The command completed successfully.

 

 

 

My understanding is that XP (and Win 2000/2003) machines are "smart"
enough
to use DNS look ups to resolve a windows "netbios" name to IP in the
case
that legacy (archaic) "Netbios" name resolution (WINS, lmhosts,
broadcast)
methods don't work.    In fact this seems to work for any samba or windows
machine on the network EXCEPT the Samba 3.4.x PDC.     It seems to work for
Win 2003 machines, Samba 3.4.x member servers, XP machines, etc.    The XP
VPN Clients are not using hosts or lmhosts files.  Wins is not used over the
VPN.        All the samba and windows machines on the network are configured
to use WINS so I don't think they would respond to netbios broadcast
requests looking for a machine by name.     

 

I can't see how any configuration option on the PDC  would affect how
CLIENTS resolve its name (unless I was relying on WINS and the server was
not using WINS.)   

 

This isn't really a show stopper (and actually I might eventually want to
BLOCK windows networking over VPN) but I can't figure out why one server has
this problem. 

 

Thanks

> The XP
> VPN Clients are not using hosts or lmhosts files.  Wins is not used over
the
> VPN.        All the samba and windows machines on the network are
configured
> to use WINS so I don't think they would respond to netbios broadcast
> requests looking for a machine by name.     
> 
>  
Does it not work that when a windows machine has no wins server that it
can use the master browser to resolve netbios names?  If such is the
case, then perhaps the pdc is not being listed by the master browser
that the vpn clients are consulting?
I am not familiar with the type of VPN you are working with, but I know
broadcast is a problem for the ones I have worked with.  If you have a
full virtual nic on the LAN, then this probably isn't a problem for you,
but in my experience, a vpn client cannot send a broadcast packet to a
remote LAN.  This has caused me some serious grey hairs over my time
playing with vpns and windows networking, seems a lot of things depend
on it.
just some thoughts...



Bob Miller
334-7117/660-5315
http://computerisms.ca
bob at computerisms.ca
Network, Internet, Server,
and Open Source Solutions

Yes

 

From: tms3 at tms3.com [mailto:tms3 at tms3.com] 
Sent: Wednesday, January 05, 2011 10:53 PM
To: gaiseric.vandal at gmail.com
Subject: Re: [Samba] can connect to 2 samba servers by name but to one by IP
only

 

Just a quick thought...is pdc1 in DNS?



On Wednesday 05/01/2011 at 7:42 pm, Gaiseric Vandal wrote: 

I have a samba domain with a Samba 3.4.x PDC (compiled from source on
Solaris 10) and two Samba 3.0.x BDC's (Sun-bundled Samba on Solaris 10.)
XP clients use DHCP. When on the LAN, DHCP includes WINS server (the WINS
server is one of the Samba 3.0.x machines.)



We also have a VPN for remote client access for Windows XP machines. XP
machines could include home PC's (not in the domain) or company laptops
(which are in the domain.) The VPN client has a virtual network adapter,
which gets an IP address from the corporate DHCP server. The IP address is
in the same private class C as the machines on the network. By default
the VPN is NOT configured relay Multicast or Windows Netbios Broadcast
packets. Also, VPN clients do NOT get a WINS server assigned. I don't
actually want VPN users browsing for Windows shares or mapping network
drivers over the VPN. VPN is typically for low-bandwidth friendly stuff
like RDP, HTTP and e-mail. When on a VPN, you can't go to "My Network
Places" and browse for servers.) 





None-the-less, users found they are able to access (or map) network shares
by explicitly using the server name and share (e.g. via the Windows explorer
or the "net use" command.) Which brings me to the "problem."
When
accessing via VPN, users can access the samba 3.0.x BDC's via name. But
they can NOT access the PDC by name. They can access via the PDC's IP.
All 3 DC's have ports 139 and 445 open. 





C:\ >net use \\bdc1

The command completed successfully.



C:\ >net use \\bdc2

The command completed successfully.





C:\ >net use \\pdc1

System error 67 has occurred.



The network name cannot be found.





C:\ >net use \\192.168.x.y

The command completed successfully.







My understanding is that XP (and Win 2000/2003) machines are "smart"
enough
to use DNS look ups to resolve a windows "netbios" name to IP in the
case
that legacy (archaic) "Netbios" name resolution (WINS, lmhosts,
broadcast)
methods don't work. In fact this seems to work for any samba or windows
machine on the network EXCEPT the Samba 3.4.x PDC. It seems to work for
Win 2003 machines, Samba 3.4.x member servers, XP machines, etc. The XP
VPN Clients are not using hosts or lmhosts files. Wins is not used over the
VPN. All the samba and windows machines on the network are configured
to use WINS so I don't think they would respond to netbios broadcast
requests looking for a machine by name. 



I can't see how any configuration option on the PDC would affect how
CLIENTS resolve its name (unless I was relying on WINS and the server was
not using WINS.) 



This isn't really a show stopper (and actually I might eventually want to
BLOCK windows networking over VPN) but I can't figure out why one server has
this problem. 



Thanks







-- 
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba