samba - Aug 1997 - (LONG) Please help. Subnet browsing 1.9.17alpha5 (LONG)

I've posted a number of articles to comp.protocols.smb, without success.

And I know this is a very wearisome (perhaps vexing) question.  But can
somebody please assist me in trying to get subnet browsing working with
samba 1.9.17alpha5.


The Simplified Setting
=====================
	- two subnets

   (Samba)
   (WINS)
   (DMB)
   (MBR)
   oasyd     Win95   WinNT(workstation)
     |        |      |
  ----------------------
   |
   | 201.1.1.x
   |
 +---+
 |R1 |
 +---+
   |
   | 201.1.2.x
   |
  -----------------------
     |
   cascade
   (MBR)
   (WinNT4 SP3 - workstation)



The Symptoms
===========>From cascade, I would expect to see all the 201.1.1.X machines in
its
browse list.
But of course, I don't.


Things that are NOT the problem
==============================1. anything to do with encrypted passwords
	- samba has been compiled with encrypted password support.
	- this has been verified working by
		a) using "net view \\oasyd"
		b) setting remote announce in samba causes "oasyd" to
		   appear in the subnet 201.1.2.X browse list (as expected)


2. WINS not being used.
	- it is ... see nmbd log files below for details

3. the bug fixed by Berhard Laeser recently.
	- the patch (dated Tue Aug 12 1997) posted to comp.protocols.smb has
been applied.


The smb.conf file
================
Or at least a portion of it...

	[global]

	debug level = 9
	guest account = nobody

	lock directory = /usr/local/samba/var/locks
	share modes = yes

	security = user
	hosts allow = 201.1.1. 201.1.2.
	workgroup = WORKGROUP

	encrypt passwords = yes
	read prediction = yes
	socket options = TCP_NODELAY IPTOS_LOWDELAY

	preserve case = yes
	short preserve case = yes
	mangle case = no
	case sensitive = no

	time server = yes

	wins support = yes
	dns proxy = yes
	;wins proxy = yes

	;domain controller = 201.1.1.1
	;domain logons = yes
	;logon script = %U.bat

	; We control browsing!
	os level = 65
	domain master = yes
	local master = yes
	preferred master = yes
	;remote announce = 201.1.2.255



var/log.nmb
==========
Sorry, this is verbose, but perhaps necessary.  The gist of the
following is that the NT4 machine cascade asks the samba WINS server who
the master browser is, and then who the domain controller is for
WORKGROUP.  Samba "seems" to respond, but the NT machine isn't
satisfied.

NOTE: I have added a row of stars between what I considered groups of
related lines.  However I could be mistaken, so please don't read too
much into them.

With debug level = 9 ....

dump domain bcast=    201.1.1.255:  netmask=  255.255.255.0:
        WORKGROUP(1)
                OASYD 400c9a23 (Samba 1.9.17alpha5)
                WORKGROUP c0001000 (OASYD)
                CLOWN 40011003 (Windows NT 4.0 Saves Open Access)
                BIGCOW 40011003 ()
                CAMEL 40412003 (malcolms's hobby)
                QUAKE 40412003 (Free roving bovine)
                ZAFFY 40412003 (Zaf's Piece of Machinery)
                NEVSTER 40412003 (Mr Peabody, and SHERWIN!)
dump domain bcast=255.255.255.255:  netmask=        0.0.0.0:
        WORKGROUP(1)
                OASYD 40099a23 (Samba 1.9.17alpha5)
                WORKGROUP 80001000 (OASYD)
workgroup search for WORKGROUP: found
do_browser_lists: no entries to sync.
do_browser_lists: returning due to t(871720067) - last(871720057) < 20
do_browser_lists: no entries to sync.
********************************************************************************
08/16/97 18:28:11 received a packet of len 50 from (201.1.2.98) port 137
nmb packet from 201.1.2.98 header: id=32988 opcode=Query(0) response=No
    header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No
    header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0
    question: q_name=WORKGROUP(1b) q_type=32 q_class=1
Name query from 201.1.2.98 for name WORKGROUP<0x1b>
find_name on WINS: WORKGROUP(1b) 201.1.2.98 search 2
find_name: found name WORKGROUP(1b)
OK 201.1.1.1
replying netbios packet: nmb_query WORKGROUP(1b)
nmb packet from 201.1.2.98 header: id=32988 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=WORKGROUP(1b) rr_type=32 rr_class=1 ttl=14400
    answers   0 char D.....   hex 4400C9010101
08/16/97 18:28:11 sending a packet of len 62 to (201.1.2.98) on port 137
********************************************************************************
do_browser_lists: returning due to t(871720087) - last(871720077) < 20
********************************************************************************
08/16/97 18:28:11 received a packet of len 232 from (201.1.2.98) port
138
find_name on WINS: WORKGROUP(1b) 201.1.2.98 search 7
find_name: found name WORKGROUP(1b)
process_dgram: datagram from CASCADE(0) to WORKGROUP(1b) for
\MAILSLOT\NET\NETLOGON of type 7 len=58
No domain logons
********************************************************************************
do_browser_lists: returning due to t(871720091) - last(871720077) < 20
********************************************************************************
08/16/97 18:28:16 received a packet of len 232 from (201.1.2.98) port
138
find_name on WINS: WORKGROUP(1b) 201.1.2.98 search 7
find_name: found name WORKGROUP(1b)
process_dgram: datagram from CASCADE(0) to WORKGROUP(1b) for
\MAILSLOT\NET\NETLOGON of type 7 len=58
No domain logons
********************************************************************************
do_browser_lists: returning due to t(871720091) - last(871720077) < 20
********************************************************************************
08/16/97 18:28:16 received a packet of len 50 from (201.1.2.98) port 137
nmb packet from 201.1.2.98 header: id=32994 opcode=Query(0) response=No
    header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No
    header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0
    question: q_name=WORKGROUP(1c) q_type=32 q_class=1
Name query from 201.1.2.98 for name WORKGROUP<0x1c>
find_name on WINS: WORKGROUP(1c) 201.1.2.98 search 2
find_name: name WORKGROUP(1c) NOT FOUND
Search for WORKGROUP(1c) - types 0x20 0x0 only: name not found
UNKNOWN
replying netbios packet: nmb_query WORKGROUP(1c)
nmb packet from 201.1.2.98 header: id=32994 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
    header: rcode=3 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=WORKGROUP(1c) rr_type=32 rr_class=1 ttl=0
08/16/97 18:28:16 sending a packet of len 56 to (201.1.2.98) on port 137
********************************************************************************
do_browser_lists: returning due to t(871720096) - last(871720077) < 20
********************************************************************************
08/16/97 18:28:19 received a packet of len 232 from (201.1.2.98) port
138
find_name on WINS: WORKGROUP(1c) 201.1.2.98 search 7
find_name: name WORKGROUP(1c) NOT FOUND
process_dgram: ignoring dgram packet sent to name WORKGROUP(1c) from
201.1.2.98
do_browser_lists: returning due to t(871720096) - last(871720077) < 20
08/16/97 18:28:21 received a packet of len 232 from (201.1.2.98) port
138
find_name on WINS: WORKGROUP(1b) 201.1.2.98 search 7
find_name: found name WORKGROUP(1b)
process_dgram: datagram from CASCADE(0) to WORKGROUP(1b) for
\MAILSLOT\NET\NETLOGON of type 7 len=58
No domain logons
********************************************************************************
do_browser_lists: no entries to sync.
********************************************************************************
08/16/97 18:28:21 received a packet of len 50 from (201.1.2.98) port 137
nmb packet from 201.1.2.98 header: id=33002 opcode=Query(0) response=No
    header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No
    header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0
    question: q_name=WORKGROUP(1c) q_type=32 q_class=1
Name query from 201.1.2.98 for name WORKGROUP<0x1c>
find_name on WINS: WORKGROUP(1c) 201.1.2.98 search 2
find_name: name WORKGROUP(1c) NOT FOUND
Search for WORKGROUP(1c) - types 0x20 0x0 only: name not found
UNKNOWN
replying netbios packet: nmb_query WORKGROUP(1c)
nmb packet from 201.1.2.98 header: id=33002 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
    header: rcode=3 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=WORKGROUP(1c) rr_type=32 rr_class=1 ttl=0
08/16/97 18:28:21 sending a packet of len 56 to (201.1.2.98) on port 137
********************************************************************************
do_browser_lists: returning due to t(871720101) - last(871720099) < 20
********************************************************************************
08/16/97 18:28:24 received a packet of len 232 from (201.1.2.98) port
138
find_name on WINS: WORKGROUP(1c) 201.1.2.98 search 7
find_name: name WORKGROUP(1c) NOT FOUND
process_dgram: ignoring dgram packet sent to name WORKGROUP(1c) from
201.1.2.98
********************************************************************************
do_browser_lists: returning due to t(871720101) - last(871720099) < 20
do_browser_lists: returning due to t(871720104) - last(871720099) < 20

----------------------------

Note 1: there is a 'No domain logons' message in the above.  If I set
the parameter
	'domain controller = oasyd'
then this goes away, but NT is still not satisfied.


Note 2: some of the requests are datagram requests to port 138, and some
just netbios packets to port 137.  I don't know if this is significant.


Note 3: there is no local master announce by cascade to the WINS
server.  Why?


Other Info
=========>From the WinNT machine (cascade), the following console session may
give
somebody some needed info:

        C:\WINNT\system32>browstat
        Usage: BROWSTAT Command [Options | /HELP]
        Where <Command> is one of:

         ELECT         ( EL) - Force election on remote domain
         GETBLIST      ( GB) - Get backup list for domain
         GETMASTER     ( GM) - Get remote Master Browser name (using
NetBIOS)
         GETPDC        ( GP) - Get PDC name (using NetBIOS)
         LISTWFW       (WFW) - List WFW servers that are actually
running
browser
         STATS         (STS) - Dump browser statistics
         STATUS        (STA) - Display status about a domain
         TICKLE        (TIC) - Force remote master to stop
         VIEW          ( VW) - Remote NetServerEnum to a server or
domain on
transport

        In server (or domain) list displays, the following flags are
used:
             W=Workstation, S=Server, SQL=SQLServer,
PDC=PrimaryDomainController,
             BDC=BackupDomainController, TS=TimeSource, AFP=AFPServer,
NV=Novell,
             MBC=MemberServer, PQ=PrintServer, DL=DialinServer,
XN=Xenix,
             NT=Windows NT, WFW=WindowsForWorkgroups, MFPN=MS Netware,
             SS=StandardServer, PBR=PotentialBrowser, BBR=BackupBrowser,
             MBR=MasterBrowser, DMB=DomainMasterBrowser, OSF=OSFServer,
VMS=VMSServer,
             W95=Windows95, DFS=DistributedFileSystem



        C:\WINNT\system32>browstat sta

	Status for domain WORKGROUP on transport \Device\NetBT_SMCISA1
	    Browsing is active on domain.
	    Master browser name is: CASCADE
	        Master browser is running build 1381
	    1 backup servers retrieved from master CASCADE
	        \\CASCADE
	    There are 2 servers in domain WORKGROUP on transport
\Device\NetBT_SMCISA1
	    There are 1 domains in domain WORKGROUP on transport
\Device\NetBT_SMCISA1


        C:\WINNT\system32>browstat view netbt_smcisa1 workgroup
	Remoting NetServerEnum to \\CASCADE on transport \device\netbt_smcisa1
with flags ffffffff
	2 entries returned.  2 total. 0 milliseconds

	\\CASCADE           NT   04.00 (W,S,NT,PBR,MBR)
	\\ROD'S             W95  04.00 (W,S,WFW,PBR,BBR,W95)  SALES PC



	C:\WINNT\system32>browstat gm netbt_smcisa1 workgroup
	Master Browser: CASCADE


	C:\WINNT\system32>browstat gp netbt_smcisa1 workgroup
	PDC: OASYD


        C:\WINNT\system32>browstat view netbt_smcisa1 \\oasyd
	Remoting NetServerEnum to \\oasyd on transport \device\netbt_smcisa1
with flags ffffffff
	7 entries returned.  7 total. 921 milliseconds

	\\BIGCOW            NT   00.00 (W,S,NT,PBR)
	\\CAMEL             W95  00.00 (W,S,WFW,PBR,W95)  malcolms's hobby
	\\CLOWN             NT   00.00 (W,S,NT,PBR)       Windows NT 4.0 Saves
Open Access
	\\NEVSTER           W95  00.00 (W,S,WFW,PBR,W95)  Mr Peabody, and
SHERWIN!
	\\OASYD             NT   00.00 (W,S,TS,PQ,XN,NT,SS,MBR,DMB)   Samba
1.9.17alpha5
	\\QUAKE             W95  00.00 (W,S,WFW,PBR,W95)  Free roving bovine
	\\ZAFFY             W95  00.00 (W,S,WFW,PBR,W95)  Zaf's Piece of
Machinery


	C:\WINNT\system32>nbtstat -a oasyd

	       NetBIOS Remote Machine Name Table

	   Name               Type         Status
	---------------------------------------------
	OASYD          <00>  UNIQUE      Registered
	OASYD          <03>  UNIQUE      Registered
	OASYD          <20>  UNIQUE      Registered
	..__MSBROWSE__.<01>  GROUP       Registered
	WORKGROUP      <00>  GROUP       Registered
	WORKGROUP      <1B>  UNIQUE      Registered
	WORKGROUP      <1D>  UNIQUE      Registered
	WORKGROUP      <1E>  GROUP       Registered

	MAC Address = 00-00-00-00-00-00


	C:\WINNT\system32>nbtstat -a cascade

	       NetBIOS Remote Machine Name Table

	   Name               Type         Status
	---------------------------------------------
	CASCADE        <00>  UNIQUE      Registered
	CASCADE        <20>  UNIQUE      Registered
	WORKGROUP      <00>  GROUP       Registered
	CASCADE        <03>  UNIQUE      Registered
	WORKGROUP      <1E>  GROUP       Registered
	RICHARDC       <03>  UNIQUE      Registered
	WORKGROUP      <1D>  UNIQUE      Registered
	..__MSBROWSE__.<01>  GROUP       Registered

	MAC Address = 00-00-C0-89-D9-8C




THE END
======
Thanks to everyone who even tries to read this.

And special thanks to anyone who responds to this whether or not you
have an answer.

Regards,


Richard Colley
richardc@oa.com.au

Richard,

The problem might be that in your setup the service

WORKGROUP(1c) 

doesn't exist. When I run an nbtstat against my Samba server,
I get the following (my workgroup is called E.C.C.):

H:\>nbtstat -a justus

       NetBIOS Remote Machine Name Table

   Name               Type         Status
---------------------------------------------
JUSTUS         <00>  UNIQUE      Registered
JUSTUS         <03>  UNIQUE      Registered
JUSTUS         <20>  UNIQUE      Registered
.__MSBROWSE__.<01>  GROUP       Registered
E.C.C.         <00>  GROUP       Registered
E.C.C.         <1B>  UNIQUE      Registered
E.C.C.         <1C>  GROUP       Registered
E.C.C.         <1D>  UNIQUE      Registered
E.C.C.         <1E>  GROUP       Registered

MAC Address = 00-00-00-00-00-00

and a dump of my wins.dat file gives:

E.C.C.#00 0 0.0.0.0 c4S 
E.C.C.#1e 0 0.0.0.0 c4S 
JUSTUS#20 0 0.0.0.0 44S 
JUSTUS#03 0 0.0.0.0 44S 
JUSTUS#00 0 0.0.0.0 44S 
*#00 0 0.0.0.0 44S 
*#20 0 0.0.0.0 44S 
__SAMBA__#20 0 0.0.0.0 44S 
__SAMBA__#00 0 0.0.0.0 44S 
JOSQUIN#20 871893631 192.168.1.4 60R 
JOSQUIN#00 871893631 192.168.1.4 60R 
JOSQUIN#03 871893631 192.168.1.4 60R 
STEFAAN#03 871893631 192.168.1.4 60R 
JOSQUIN#01 871893631 192.168.1.4 60R 
E.C.C.#1c 0 0.0.0.0 c4S 
E.C.C.#1b 0 0.0.0.0 44S 
JOSQUIN#1f 871893631 192.168.1.4 60R 

As far as NT is concerned, the PDC is also the Domain Master 
Browser. I guess that the lack of a 1c service causes 'cascade'
to conclude that there is no DMB (IMVHO).
I don't know why you don't have an entry for the 1c service; 
my domain/browsing setup is quite similar to yours, apart from
the fact that I have no subnets: 

;  Domain options
        workgroup = E.C.C.
        preferred master = yes
        domain master = yes
        os level = 255
        domain logons = yes
        logon script = %U.bat
;  Browsing option
        wins support = yes

It is possible to force nmbd to advertise the 1c service by
manually adding it to the wins.dat file before starting
nmbd. It's a wild stab, but you could give it a try.

Best of luck

Stefaan
___________________________________________________________________
Stefaan A Eeckels                         (Stefaan.Eeckels@ecc.lu)
  "The nice thing about standards is that there are so many of
   them to choose from."                 -- Andrew S Tanenbaum
___________________________________________________________________

On Sat, 16 Aug 1997, Richard L. Colley wrote:
> I've posted a number of articles to comp.protocols.smb, without
success.
that's because i hate news, and don't read it / respond to it / know
_how_
to access it.  [the fact that the samba digest is posted to
comp.protocols.smb really annoys me: i get all sorts of stupid shite from 
idiots that trawl newsgroups for email addresses, and i hate it.  end of 
complaint session].
 
> Things that are NOT the problem
> ==============================> 1. anything to do with encrypted
passwords
> 	- samba has been compiled with encrypted password support.
> 	- this has been verified working by
> 		a) using "net view \\oasyd"
> 		b) setting remote announce in samba causes "oasyd" to
> 		   appear in the subnet 201.1.2.X browse list (as expected)
this is a likely problem: you are confusing the browse clients by sending 
out announcements that inform them that oasyd is only a "workgroup 
member", instead of what it is: a "domain master".
> The smb.conf file
> ================> 
> Or at least a portion of it...
> 
> 	[global]
> 
> 	debug level = 9
> 	guest account = nobody
> 
> 	lock directory = /usr/local/samba/var/locks
> 	share modes = yes
> 
> 	security = user
> 	hosts allow = 201.1.1. 201.1.2.
> 	workgroup = WORKGROUP
> 
> 	encrypt passwords = yes
> 	read prediction = yes
> 	socket options = TCP_NODELAY IPTOS_LOWDELAY
> 
> 	preserve case = yes
> 	short preserve case = yes
> 	mangle case = no
> 	case sensitive = no
> 
> 	time server = yes
> 
> 	wins support = yes
> 	dns proxy = yes
> 	;wins proxy = yes
> 
> 	;domain controller = 201.1.1.1
> 	;domain logons = yes
> 	;logon script = %U.bat
> 
> 	; We control browsing!
> 	os level = 65
> 	domain master = yes
> 	local master = yes
> 	preferred master = yes
> 	;remote announce = 201.1.2.255
> 


looks good to me...  try switching on domain logons again, though.  and
don't use domain controller = x.x.x.x in combination with domain logons yes
and / or domain master = yes: read the documentation on exactly what
the domain controller parameter is. 

also, are you aware that browse lists will take at least 15 minutes to 
propagate across the entire LAN?  look for MasterAnnouncement packets in 
you log.nmb files.  if there are any, and there is an interchange of 
NetServerEnum2 calls (browse list syncs), then everything's hunky-dory.


luke

find_name: found name WORKGROUP(1b)
process_dgram: datagram from CASCADE(0) to WORKGROUP(1b) for
\MAILSLOT\NET\NETLOGON of type 7 len=58
No domain logons

AH! this is the problem.




hi, richard,

do you remember that i asked you if you could set "domain logons = 
yes" (but not in combination with "domain controller = x.x.x.x")?
 well, this is the problem, and we will need to fix it.

there is an annoying method that windows clients use to turn the 
DOMAIN name into the PDC name.  they send a NETLOGON datagram request. 
 you set "domain master = yes" but we only allow a response to this 
packet if "domain logons = yes" is also set.  sorry.

so, thank you for providing sufficient information to find this 
problem: we will have to find a suitable way to fix it (which may 
simply involve removing the "if (!lp_domain_logons() return;" lines in
namelogon.c, but will more likely involve a refinement of this 
check).

luke

It is possible to force nmbd to advertise the 1c service by
manually adding it to the wins.dat file before starting
nmbd. It's a wild stab, but you could give it a try.

Best of luck

Stefaan
___________________________________________________________________
Stefaan A Eeckels                         (Stefaan.Eeckels@ecc.lu)

stefaan,

your diagnosis is correct: your solution is not.  putting "domain 
logons = yes" is the correct fix, while we work out the code fix.

luke