samba - Jan 2014 - Samba4 as DC and Neighborhood browsing (nmbd functionality) !

At the moment if Samba4 acts as DC (domain controller) it doesn' t
support neighborhood browsing, that is computers in a local group are not
visible in network neighborhood.
I have not been remaining think about working of the functionality.
And have found this one:
http://forge.univention.org/bugzilla/show_bug.cgi?id=30132
I am not a programmer but may be it will be useful for easier and quicker
implementation of such functionality. It is very important and necassary.
Some tech info portion from the link above:
Winbind cannot lookup S-1-5-7, which corresponds to the builtin group
"Anonymous Logon". So winbind cannot find a "user token" in
the idmap.
Incidentally, since Bug 29000 we create these Builtin groups in UCS LDAP,
and thus the samba4-idmap listener creates an idmap entry with
"XID_TYPE_GID".
In UCS 3.1-1 on the other hand Samba4 had written XID_TYPE_BOTH entries.
After manually changing the S-1-5-7 record in idmap to XID_TYPE_BOTH, the
network browsing worked again.
My first idea is, that we should/could change the samba4-idmap listener to
generate XID_TYPE_BOTH records for the Builtin S-1-5* SIDs.
Ok, samba4-idmap.py is adjusted in univention-samba4 3.0.34-1.
For a quick check in the affected test domain update the package and run
/usr/lib/univention-directory-listener/system/samba4-idmap.py
--direct-resync once. After that network browsing should work again, no
samba restart required.
Actually Samba4 on itself creates the idmap record for S-1-5-7 as
ID_TYPE_UID and not ID_TYPE_BOTH.

Samba4 has integrated samba4wins so it should work as wins server.
As far as I know you just have to put the right entries in  "server
services".
Or just enable netbios /TCP in the settings of your Win Clients.

-----------------------------------------------
EDV Daniel M?ller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von Computer service SPb.
Gesendet: Mittwoch, 22. Januar 2014 22:59
An: samba at lists.samba.org
Betreff: [Samba] Samba4 as DC and Neighborhood browsing (nmbd functionality)
!

At the moment if Samba4 acts as DC (domain controller) it doesn' t support
neighborhood browsing, that is computers in a local group are not visible in
network neighborhood.
I have not been remaining think about working of the functionality.
And have found this one:
http://forge.univention.org/bugzilla/show_bug.cgi?id=30132
I am not a programmer but may be it will be useful for easier and quicker
implementation of such functionality. It is very important and necassary.
Some tech info portion from the link above:
Winbind cannot lookup S-1-5-7, which corresponds to the builtin group
"Anonymous Logon". So winbind cannot find a "user token" in
the idmap.
Incidentally, since Bug 29000 we create these Builtin groups in UCS LDAP,
and thus the samba4-idmap listener creates an idmap entry with
"XID_TYPE_GID".
In UCS 3.1-1 on the other hand Samba4 had written XID_TYPE_BOTH entries.
After manually changing the S-1-5-7 record in idmap to XID_TYPE_BOTH, the
network browsing worked again.
My first idea is, that we should/could change the samba4-idmap listener to
generate XID_TYPE_BOTH records for the Builtin S-1-5* SIDs.
Ok, samba4-idmap.py is adjusted in univention-samba4 3.0.34-1.
For a quick check in the affected test domain update the package and run
/usr/lib/univention-directory-listener/system/samba4-idmap.py
--direct-resync once. After that network browsing should work again, no
samba restart required.
Actually Samba4 on itself creates the idmap record for S-1-5-7 as
ID_TYPE_UID and not ID_TYPE_BOTH.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba