samba - Jun 2011 - WINS and browse list on multiple subnet architecture

Hello,

     As subject says I am working on browsing and access servers, which 
are dispatched on two subnet, in one workgroup named "WORKGROUP".

     First here the network :
( I don' t use ASCI art 'cause I am not an expert on that and it may not
be printed as it was emailed. )
So, there is five machine :
     - one, under debian 6, which is the gateway
     - two, under debian 6, samba server => one per subnet
     - two, under windows xp sp2, "client"
and two network :
     - 192.168.52.0/24
     - 192.168.53.0/24


     The gateway is very simple, it just a fresh minimal install from a 
debian 6.0 business card CD with two network interface and the sysctl 
"net.ipv4.ip_forward" set to "1" in sysctl.conf.
No firewall is running on this gateway so all packet (except broadcast) 
from subnet 1 to subnet 2 pass through and vice versa (tested with ping 
command).
His IP address are 192.168.52.254 for subnet 1 et 192.168.53.254 for 
subnet 2.


     The two samba server :
Both of then are fresh installed as the gateway but with only one 
network interface.
Samba was installed with debian package and version is 3.5.6
IPv6 has been disable on those server with this method 
(wiki.debian.org/DebianIPv6#How_to_turn_off_IPv6) => /echo 
net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf/
They don' t server any printer or file share, configuration file include 
only "global" section.
WINSGW is the wins server, domain master browser, local master browser.
WINSGW2 is only local master browser.


Des conseils sur : interfaces, remote announce, remote browse sync

I understand this, may be I get it wrong !
     Local Master Browser is the computer on each subnet which manage a 
list of computer by the help of broadcast message from all other 
computer on the same subnet. But it don't "share" this list.
     Domain Master Browser (WORKGROUP#1B) is used to share this list of 
computer for each workgroup and is also a local master browser for his 
subnet (if their isn't an other).
     Any LMB must talk to this DMB to sync their browse list.
     WINS server is used to resolve NetBIOS Name and their should be 
only one for the whole network.
Only port 137, 138 and 139 are used to browse and get IP address.

So when client boot up send using brodcast their server announcement 
(share, messenger, user logged) on the local subnet and the LMB 
interpret them.
After they give their IP address to the WINS server.


With no wins server (nor xp client, nor samba configuration) used each 
subnet can see (browse) and can access (sahre) all other computer on the 
same subnet.
Now, the idea is to make computer on each subnet must see computer on 
the other one with the help of WINS and master roles.

I don't make this works.
I don' t know where to place "remote announce", "remote
browse sync" and
which parameter for each and I am not shure about "wins support",
"wins
server" and '"interfaces".
"interfaces" only contain local IP, or they must contain network
address
of each subnet where the workgroup is ?

In my case WINSGW2 can' t solve WORKGROUP#1B (DMB) to an IP address and 
can' t sync his browse list.
Does the wins server should not run any king of master browser ?
It seems that query a wins server about himself don' t generate answer.

I would get advice about previous parameters to understand what they 
means, should done and how.
Does any one has ever worked with this kind of architecture ?

Thank you.



Here extract of the log on WINSGW2 :
[2011/06/07 11:48:57.039190,  0] 
nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail)
   find_domain_master_name_query_fail:
   Unable to find the Domain Master Browser name WORKGROUP<1b> for the 
workgroup WORKGROUP.
   Unable to sync browse lists in this workgroup.
and
[2011/06/07 11:49:58.747925,  3] 
nmbd/nmbd_incomingdgrams.c:378(process_master_browser_announce)
   process_master_browser_announce: Local master announce from WINSGW IP 
192.168.52.253.
[2011/06/07 11:49:58.747985,  0] 
nmbd/nmbd_incomingdgrams.c:382(process_master_browser_announce)
   process_master_browser_announce: Not configured as domain master - 
ignoring master announce.


Here are configuration of samba server and XP client.

WINSGW
     address => 192.168.52.253
     netmask => 255.255.255.0
     gateway => 192.168.52.254
Global section :
    workgroup = WORKGROUP
    server string = %h server
    wins support = yes
    remote browse sync = 192.168.53.253
    dns proxy = no
    name resolve order = wins lmhosts host bcast
    interfaces = 127.0.0.0/8 192.168.52.253/24
    local master = yes
    domain master = yes
    domain logons = no
    preferred master = yes
    os level = 65
    log level = 3
    log file = /var/log/samba/log.%m
    max log size = 1000
    syslog = 0
    security = user
    encrypt passwords = true
    passdb backend = tdbsam


WINSGW2
     address => 192.168.53.253
     netmask => 255.255.255.0
     gateway => 192.168.53.254
Global section :
    workgroup = WORKGROUP
    server string = %h server
    wins support = no
    wins server = 193.168.52.253
    remote browse sync = 192.168.52.253
    remote announce = 192.168.52.253/WORKGROUP
    local master = yes
    domain master = no
    domain logons = no
    preferred master = yes
    os level = 65
    log level = 3
    dns proxy = no
    name resolve order = wins lmhosts host bcast
    interfaces = 127.0.0.0/8 192.168.53.253/24
    log file = /var/log/samba/log.%m
    max log size = 1000
    syslog = 0


     The two XP are fresh install (no any additional software) and the 
windows firewall is disabled on both.
Network configuration :
XP1 :
     address => 192.168.52.1
     netmask => 255.255.255.0
     gateway => 192.168.52.254
     wins => 192.168.52.253
XP2 :
     address => 192.168.53.1
     netmask => 255.255.255.0
     gateway => 192.168.53.254
     wins => 192.168.52.253


Best regards,
BarbeRousse

From: samba tmpmbox <samba-list at tmpmbox.no-ip.org>
Date: Tue, 07 Jun 2011 16:00:48 +0200

(snip)
> Now, the idea is to make computer on each subnet must see computer on 
> the other one with the help of WINS and master roles.
> 
> I don't make this works.
Simply to set below and try:

WINSGW
Global section :
    workgroup = WORKGROUP
    wins support = yes
#    remote browse sync = 192.168.53.253
    local master = yes
    domain master = yes
    domain logons = no
    preferred master = yes
    os level = 65

 WINSGW2
Global section :
    workgroup = WORKGROUP
    wins server = 193.168.52.253
#    remote browse sync = 192.168.52.253
#    remote announce = 192.168.52.253/WORKGROUP
    local master = yes
    domain master = no
    domain logons = no
    preferred master = yes
    os level = 65

You do not need to set "remote browse sync" nor "remote
announce".

Several years ago I examined this setting against Samba 3.0.x (perlaps
3.0.7) and worked well, although I have not yet examined with Samba
3.5.6.

Remember that you need to configure that Samba server (not Windows)
must be a LMB on each subnet or set DMB as PDC to set "domain logons
yes".

---
TAKAHASHI Motonobu <monyo at samba.gr.jp>