On Sat, 2018-09-15 at 10:37 +0100, Rowland Penny via samba wrote:> On Sat, 15 Sep 2018 04:02:29 -0500 > "David C. Rankin via samba" <samba at lists.samba.org> wrote: > > > > > On 09/15/2018 03:40 AM, Rowland Penny via samba wrote: > > > > > > > > > It is undoubtedly for a 'standalone server', so why does it also > > > have the line 'domain master = Yes' ?? > > > It cannot be both, I would suggest removing this line. > > > > > > Rowland > > > > > > > > Rowland, > > > > domain master=yes used to be standard for stand-alone to cause > > nmbd > > claim a special domain specific NetBIOS name as a domain master > > browser (based on the os level/preferred master election rules) > > > > man smb.conf does not mention any discontinuation for use in > > stand-alone mode. Should it not be used any longer in that role, or > > is it a matter of network scale? > > > Things have changed, you should allow the domain/workgroup to set its > own master especially if there is a PDC or DC in the mix.Rowland, The purpose of the 'domain master' parameter is as David describes, to configure exactly this mode. It is not in conflict with 'server role = standalone server', the parameters are intended to allow this, which is why the default for 'domain master' is 'auto'. I hope this clarifies things, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
On Sat, 15 Sep 2018 05:39:02 -0700 Andrew Bartlett <abartlet at samba.org> wrote:> On Sat, 2018-09-15 at 10:37 +0100, Rowland Penny via samba wrote: > > On Sat, 15 Sep 2018 04:02:29 -0500 > > "David C. Rankin via samba" <samba at lists.samba.org> wrote: > > > > > > > > On 09/15/2018 03:40 AM, Rowland Penny via samba wrote: > > > > > > > > > > > > It is undoubtedly for a 'standalone server', so why does it also > > > > have the line 'domain master = Yes' ?? > > > > It cannot be both, I would suggest removing this line. > > > > > > > > Rowland > > > > > > > > > > > Rowland, > > > > > > domain master=yes used to be standard for stand-alone to cause > > > nmbd > > > claim a special domain specific NetBIOS name as a domain master > > > browser (based on the os level/preferred master election rules) > > > > > > man smb.conf does not mention any discontinuation for use in > > > stand-alone mode. Should it not be used any longer in that role, > > > or is it a matter of network scale? > > > > > Things have changed, you should allow the domain/workgroup to set > > its own master especially if there is a PDC or DC in the mix. > > Rowland, > > The purpose of the 'domain master' parameter is as David describes, to > configure exactly this mode. > > It is not in conflict with 'server role = standalone server', the > parameters are intended to allow this, which is why the default for > 'domain master' is 'auto'. > > I hope this clarifies things, > > Andrew BartlettNot really, if you examine man smb.conf, you will find this: domain master (G) Tell smbd(8) to enable WAN-wide browse list collation. Setting this option causes nmbd to claim a special domain specific NetBIOS name that identifies it as a domain master browser for its given workgroup. Local master browsers in the same workgroup on broadcast-isolated subnets will give this nmbd their local browse lists, and then ask smbd(8) for a complete copy of the browse list for the whole wide area network. Browser clients will then contact their local master browser, and will receive the domain-wide browse list, instead of just the list for their broadcast-isolated subnet. Note that Windows NT Primary Domain Controllers expect to be able to claim this workgroup specific special NetBIOS name that identifies them as domain master browsers for that workgroup by default (i.e. there is no way to prevent a Windows NT PDC from attempting to do this). This means that if this parameter is set and nmbd claims the special name for a workgroup before a Windows NT PDC is able to do so then cross subnet browsing will behave strangely and may fail. If domain logons = yes, then the default behavior is to enable the domain master parameter. If domain logons is not enabled (the default setting), then neither will domain master be enabled by default. When domain logons = Yes the default setting for this parameter is Yes, with the result that Samba will be a PDC. If domain master No, Samba will function as a BDC. In general, this parameter should be set to 'No' only on a BDC. Default: domain master = auto So, from my reading, you should only set 'domain master' (be it 'yes' or 'no') on a PDC or a BDC, on anything else it shouldn't be set at all and allow the default, which is auto. Also, doesn't network browsing need SMBv1 and isn't it now turned off by default ? Rowland
On Sat, 2018-09-15 at 13:57 +0100, Rowland Penny wrote:> On Sat, 15 Sep 2018 05:39:02 -0700 > Andrew Bartlett <abartlet at samba.org> wrote: > > > > > On Sat, 2018-09-15 at 10:37 +0100, Rowland Penny via samba wrote: > > > > > > On Sat, 15 Sep 2018 04:02:29 -0500 > > > "David C. Rankin via samba" <samba at lists.samba.org> wrote: > > > > > > > > > > > > > > > On 09/15/2018 03:40 AM, Rowland Penny via samba wrote: > > > > > > > > > > > > > > > > > > > > It is undoubtedly for a 'standalone server', so why does it > > > > > also > > > > > have the line 'domain master = Yes' ?? > > > > > It cannot be both, I would suggest removing this line. > > > > > > > > > > Rowland > > > > > > > > > > > > > > Rowland, > > > > > > > > domain master=yes used to be standard for stand-alone to > > > > cause > > > > nmbd > > > > claim a special domain specific NetBIOS name as a domain master > > > > browser (based on the os level/preferred master election rules) > > > > > > > > man smb.conf does not mention any discontinuation for use in > > > > stand-alone mode. Should it not be used any longer in that > > > > role, > > > > or is it a matter of network scale? > > > > > > > Things have changed, you should allow the domain/workgroup to set > > > its own master especially if there is a PDC or DC in the mix. > > Rowland, > > > > The purpose of the 'domain master' parameter is as David describes, > > to > > configure exactly this mode. > > > > It is not in conflict with 'server role = standalone server', the > > parameters are intended to allow this, which is why the default for > > 'domain master' is 'auto'. > > > > I hope this clarifies things, > > > > Andrew Bartlett > Not really, if you examine man smb.conf, you will find this: > > > domain master (G) > > Tell smbd(8) to enable WAN-wide browse list collation. > Setting this > option causes nmbd to claim a special domain specific > NetBIOS name > that identifies it as a domain master browser for its > given > workgroup. Local master browsers in the same workgroup on > broadcast-isolated subnets will give this nmbd their local > browse > lists, and then ask smbd(8) for a complete copy of the > browse list > for the whole wide area network. Browser clients will then > contact > their local master browser, and will receive the domain- > wide browse > list, instead of just the list for their broadcast- > isolated subnet....> So, from my reading, you should only set 'domain master' (be it 'yes' > or 'no') on a PDC or a BDC, on anything else it shouldn't be set at > all > and allow the default, which is auto.No, there is that third mode, being a domain master browser alone. That is what the first paragraph above refers.> Also, doesn't network browsing need SMBv1 and isn't it now turned off > by default ?Yes it uses SMBv1, but no it is still very popular. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba