Re: [Samba] The single WINS problem: question
werner maes wrote: I know what you mean but that's something we've tried. If we shut down the PDC (and WINS server) then the clients were not able to login even with the BDC running. They could not resolve the Domain ! maybe I misconfigured something... you said in a prior mail, that the BDC is in the same subnet like the PDC and the clients are in another subnet. that won´t work (if PDC/WINS is down), because they cannot resolve the DCs via broadcast, because they are in another subnet. that´s why i adviced setting up DCs in each subnet greez werner At 10:53 19/12/2005, you wrote: you misunderstood my recommendation: the BDCs should not be WINS server. if you have multiple subnets, each subnet should get its own BDCs for logins to avoid login problems if the PDC and WINS server is down! greez werner maes wrote: At 10:32 19/12/2005, you wrote: werner maes wrote: no, because all our client are not located on the same subnet! ok, you´re right. that´s another story. i thought all clients/servers are in the same subnet, because your BDC is on the same subnet as the PDC. why don´t you setup BDCs for each subnet that your clients are at least able to login? greetz problem remains that the single point of failure is your WINS server (the PDC in my case). it's not recommend that you set each BDC to act as a WINS server. werner Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany! Phone: 49 (0)341 - 3550 137 Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The single WINS problem: question
you misunderstood my recommendation: the BDCs should not be WINS server. if you have multiple subnets, each subnet should get its own BDCs for logins to avoid login problems if the PDC and WINS server is down! greez werner maes wrote: At 10:32 19/12/2005, you wrote: werner maes wrote: no, because all our client are not located on the same subnet! ok, you´re right. that´s another story. i thought all clients/servers are in the same subnet, because your BDC is on the same subnet as the PDC. why don´t you setup BDCs for each subnet that your clients are at least able to login? greetz problem remains that the single point of failure is your WINS server (the PDC in my case). it's not recommend that you set each BDC to act as a WINS server. werner Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The single WINS problem: question
werner maes wrote: no, because all our client are not located on the same subnet! ok, you´re right. that´s another story. i thought all clients/servers are in the same subnet, because your BDC is on the same subnet as the PDC. why don´t you setup BDCs for each subnet that your clients are at least able to login? greez werner At 10:17 19/12/2005, you wrote: werner maes wrote: no, the BDC is on the same subnet as the PDC so single WINS should be no prob, because your clients will fall back to broadcast/DNS in your subnet and are still able to locate DCs greez -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The single WINS problem: question
werner maes wrote: no, the BDC is on the same subnet as the PDC so single WINS should be no prob, because your clients will fall back to broadcast/DNS in your subnet and are still able to locate DCs greez -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The single WINS problem: question
do you have multiple subnets for each BDC? greez werner maes wrote: On Monday 12 December 2005 02:02, werner maes wrote: > hello > > I've been reading the thread > (http://marc.theaimsgroup.com/?t=11328637691&r=1&w=2) and I have > the same limitation with WINS in a PDC/BDC. > > That's why I have the following (experimental) setup: > > PDC ==> wins support = yes, passdb backend: master ldap > BDC ==> wins support = yes, passdb backend: slave ldap > > I configured some of my XP clients to use both WINS servers and it > seems to work. Well, you CAN do this, but then it is necessary to use the "remote browse sync" and "remote announce" parameters on both systems to gain cross-subnet browsing and name resolution capability. You will likely find that Windows hosts will register with only one WINS server - that is one of the key reasons for the advice that is in the man page and in the HOWTO book. > > but in the manual of smb.conf I read: > > wins support (G) >Note that you should NEVER set this to yes on >more than one machine in your network. > > > What could happen if you use more than one WINS server on your network? You COULD (likely will) have broken NetBIOS name resolution, with the result that windows clients can panic and blue-screen. - John T. sorry for the repost, hope it appears in the right thread now... thanks for your advice john. I will setup a few XP clients with two WINS servers configured and see what happens. but I need this kind of backup because else I can't see the point of setting up a BDC if the WINS server remains the single point of failure. I'm looking forward to Samba4 where "WINS replication support is nearly finished" as I've read on the website (http://us4.samba.org/samba/ftp/slides/tridge_sambaxp05.pdf) kind regards werner Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] The single WINS problem: question
On Monday 12 December 2005 02:02, werner maes wrote: > hello > > I've been reading the thread > (http://marc.theaimsgroup.com/?t=11328637691&r=1&w=2) and I have > the same limitation with WINS in a PDC/BDC. > > That's why I have the following (experimental) setup: > > PDC ==> wins support = yes, passdb backend: master ldap > BDC ==> wins support = yes, passdb backend: slave ldap > > I configured some of my XP clients to use both WINS servers and it > seems to work. Well, you CAN do this, but then it is necessary to use the "remote browse sync" and "remote announce" parameters on both systems to gain cross-subnet browsing and name resolution capability. You will likely find that Windows hosts will register with only one WINS server - that is one of the key reasons for the advice that is in the man page and in the HOWTO book. > > but in the manual of smb.conf I read: > > wins support (G) >Note that you should NEVER set this to yes on >more than one machine in your network. > > > What could happen if you use more than one WINS server on your network? You COULD (likely will) have broken NetBIOS name resolution, with the result that windows clients can panic and blue-screen. - John T. sorry for the repost, hope it appears in the right thread now... thanks for your advice john. I will setup a few XP clients with two WINS servers configured and see what happens. but I need this kind of backup because else I can't see the point of setting up a BDC if the WINS server remains the single point of failure. I'm looking forward to Samba4 where "WINS replication support is nearly finished" as I've read on the website (http://us4.samba.org/samba/ftp/slides/tridge_sambaxp05.pdf) kind regards werner Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The single WINS problem: question
On Tuesday 13 December 2005 17:15, Andreas wrote: > On Tue, Dec 13, 2005 at 04:17:04PM -0700, John H Terpstra wrote: > > On Monday 12 December 2005 02:02, werner maes wrote: > > > hello > > > > > > I've been reading the thread > > > (http://marc.theaimsgroup.com/?t=11328637691&r=1&w=2) and I have > > > the same limitation with WINS in a PDC/BDC. > > > > > > That's why I have the following (experimental) setup: > > > > > > PDC ==> wins support = yes, passdb backend: master ldap > > > BDC ==> wins support = yes, passdb backend: slave ldap > > > > > > I configured some of my XP clients to use both WINS servers and it > > > seems to work. > > > > Well, you CAN do this, but then it is necessary to use the "remote browse > > sync" and "remote announce" parameters on both systems to gain > > cross-subnet > > Do these parameters have something to do with name resolution? If they > are only for network browsing, the minute an user clicks on a machine > that appeared in his/her network neighbourhood the name resolution will > come into place and possibly fail. As I have firmly stated in my books on Samba - WINS is your friend. Samba does NOT at this time support multiple distriubted WINS servers. If you use multiple WINS servers you will need to use the "remote browse sync" and "remote announce" together with DNS name resolution. Even this will NOT provide reliable cross-segment services. That's the way it is right now. Sorry. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The single WINS problem: question
On Tue, Dec 13, 2005 at 04:17:04PM -0700, John H Terpstra wrote: > On Monday 12 December 2005 02:02, werner maes wrote: > > hello > > > > I've been reading the thread > > (http://marc.theaimsgroup.com/?t=11328637691&r=1&w=2) and I have > > the same limitation with WINS in a PDC/BDC. > > > > That's why I have the following (experimental) setup: > > > > PDC ==> wins support = yes, passdb backend: master ldap > > BDC ==> wins support = yes, passdb backend: slave ldap > > > > I configured some of my XP clients to use both WINS servers and it > > seems to work. > > Well, you CAN do this, but then it is necessary to use the "remote browse > sync" and "remote announce" parameters on both systems to gain cross-subnet Do these parameters have something to do with name resolution? If they are only for network browsing, the minute an user clicks on a machine that appeared in his/her network neighbourhood the name resolution will come into place and possibly fail. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The single WINS problem: question
On Monday 12 December 2005 02:02, werner maes wrote: > hello > > I've been reading the thread > (http://marc.theaimsgroup.com/?t=11328637691&r=1&w=2) and I have > the same limitation with WINS in a PDC/BDC. > > That's why I have the following (experimental) setup: > > PDC ==> wins support = yes, passdb backend: master ldap > BDC ==> wins support = yes, passdb backend: slave ldap > > I configured some of my XP clients to use both WINS servers and it > seems to work. Well, you CAN do this, but then it is necessary to use the "remote browse sync" and "remote announce" parameters on both systems to gain cross-subnet browsing and name resolution capability. You will likely find that Windows hosts will register with only one WINS server - that is one of the key reasons for the advice that is in the man page and in the HOWTO book. > > but in the manual of smb.conf I read: > > wins support (G) >Note that you should NEVER set this to yes on >more than one machine in your network. > > > What could happen if you use more than one WINS server on your network? You COULD (likely will) have broken NetBIOS name resolution, with the result that windows clients can panic and blue-screen. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] The single WINS problem: question
hello I've been reading the thread (http://marc.theaimsgroup.com/?t=11328637691&r=1&w=2) and I have the same limitation with WINS in a PDC/BDC. That's why I have the following (experimental) setup: PDC ==> wins support = yes, passdb backend: master ldap BDC ==> wins support = yes, passdb backend: slave ldap I configured some of my XP clients to use both WINS servers and it seems to work. but in the manual of smb.conf I read: wins support (G) Note that you should NEVER set this to yes on more than one machine in your network. What could happen if you use more than one WINS server on your network? thanks werner maes Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] The single WINS problem: question
hello I've been reading the thread (http://marc.theaimsgroup.com/?t=11328637691&r=1&w=2) and I have the same limitation with WINS in a PDC/BDC. That's why I have the following (experimental) setup: PDC ==> wins support = yes, passdb backend: master ldap BDC ==> wins support = yes, passdb backend: slave ldap I configured some of my XP clients to use both WINS servers and it seems to work. but in the manual of smb.conf I read: wins support (G) Note that you should NEVER set this to yes on more than one machine in your network. What could happen if you use more than one WINS server on your network? thanks werner maes Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Thu, Dec 01, 2005 at 09:11:22AM +0100, Michael Gasch wrote: > thanks, you?re a great help for us! > all machines are in the same subnet incl. PDC/BDC. > > so it should be no prob as expected if WINS fails (DNS/Broadcast > fallback) ... That's correct. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
thanks, you´re a great help for us! all machines are in the same subnet incl. PDC/BDC. so it should be no prob as expected if WINS fails (DNS/Broadcast fallback) ... please correct me if i´m wrong. thx Andreas Hasenack wrote: On Wed, Nov 30, 2005 at 10:23:44AM -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Hasenack wrote: |> so what really happens when WINS server dies (or the PDC at all)? |> we have a PDC/BDC samba setup. | | Name resolution for servers outside the | local subnet fails. | |> it would be a mess if the BDC could not be asked |> for logons because WINS of PDC fails, when PDC is down!!! | | That's what happens in my case, the BDC is useless | because the machine hosting the WINS service crashed. Right. We dont't do wins replication right now. But if people really want WINS replication, we can do it. There's been a few patches and metze has made amazing progress with it in the Samba 4 tree. It's more an issue of developer resources. Nothing is impossible in software :-) I would be very happy with something that did replication among samba servers, I wouldn't even worry about windows server compatibility. After all, samba already does the PDC BDC dance without windows compatibility and it works very well (thanks!). Searching for alternatives I even found an interesting one that I didn't know about: #INCLUDE \\server\share\file in windows' LMHOSTS ;) A poor man's read-only wins ;) -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Wed, Nov 30, 2005 at 10:23:44AM -0600, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Andreas Hasenack wrote: > > |> so what really happens when WINS server dies (or the PDC at all)? > |> we have a PDC/BDC samba setup. > | > | Name resolution for servers outside the > | local subnet fails. > | > |> it would be a mess if the BDC could not be asked > |> for logons because WINS of PDC fails, when PDC is down!!! > | > | That's what happens in my case, the BDC is useless > | because the machine hosting the WINS service crashed. > > Right. We dont't do wins replication right now. > > But if people really want WINS replication, we can do > it. There's been a few patches and metze has made > amazing progress with it in the Samba 4 tree. It's > more an issue of developer resources. > > Nothing is impossible in software :-) I would be very happy with something that did replication among samba servers, I wouldn't even worry about windows server compatibility. After all, samba already does the PDC BDC dance without windows compatibility and it works very well (thanks!). Searching for alternatives I even found an interesting one that I didn't know about: #INCLUDE \\server\share\file in windows' LMHOSTS ;) A poor man's read-only wins ;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Hasenack wrote: |> so what really happens when WINS server dies (or the PDC at all)? |> we have a PDC/BDC samba setup. | | Name resolution for servers outside the | local subnet fails. | |> it would be a mess if the BDC could not be asked |> for logons because WINS of PDC fails, when PDC is down!!! | | That's what happens in my case, the BDC is useless | because the machine hosting the WINS service crashed. Right. We dont't do wins replication right now. But if people really want WINS replication, we can do it. There's been a few patches and metze has made amazing progress with it in the Samba 4 tree. It's more an issue of developer resources. Nothing is impossible in software :-) cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com "There's an anonymous coward in all of us." --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDjdIQIR7qMdg1EfYRAhTtAKDdacd7EkbJwoLov9E0v81MVR/z8gCdFRcn wogtcB9axEydEsCQHQbvNEY= =j5Mb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Wed, Nov 30, 2005 at 04:15:51PM +0100, Michael Gasch wrote: > so what really happens when WINS server dies (or the PDC at all)? > we have a PDC/BDC samba setup. Name resolution for servers outside the local subnet fails. > it would be a mess if the BDC could not be asked for logons because WINS > of PDC fails, when PDC is down!!! That's what happens in my case, the BDC is useless because the machine hosting the WINS service crashed. > should i install a seperate samba box just for WINS? You will have the same single point of failure in WINS, just in another machine. > WINS can really help much in a win-network but i don?t like the idea of > messing up the network if it fails :( The workstation fallback tends to be broadcast name resolution, which helps if you have a domain controller in the same subnet. But name resolution for machines outside your local subnet will fail without wins. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
so what really happens when WINS server dies (or the PDC at all)? we have a PDC/BDC samba setup. it would be a mess if the BDC could not be asked for logons because WINS of PDC fails, when PDC is down!!! should i install a seperate samba box just for WINS? WINS can really help much in a win-network but i don´t like the idea of messing up the network if it fails :( thx for any comments on this Andreas Hasenack wrote: Em Quinta 24 Novembro 2005 18:17, Andreas Hasenack escreveu: Everybody encourages Samba admins to enable WINS whenever possible, and I agree that it helps a lot to solve these networks' problems. It's so good that, when it fails, it's a disaster. How are people coping with the samba limitation of not being able to replicate the WINS database and thus its inability to have more than one WINS server in a domain? Nobody else? :( -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Mon, 2005-11-28 at 08:18 -0200, Andreas Hasenack wrote: > Em Segunda 28 Novembro 2005 01:24, Marcus White escreveu: > > Are you replicating the LDAP database to each network? > > I am. Is there some sort of ldap backend for wins? ;) The idea was actually tossed about for a moment a few years back, but the semantics (particularly in the single-master openldap modal most deploy samba with) just were not right. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
Em Segunda 28 Novembro 2005 01:24, Marcus White escreveu: > Are you replicating the LDAP database to each network? I am. Is there some sort of ldap backend for wins? ;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
Marcus White schrieb: On Sat, 2005-11-26 at 09:29 +0100, Tomasz Chmielewski wrote: John H Terpstra schrieb: On Friday 25 November 2005 17:41, Andreas Hasenack wrote: Em Sexta 25 Novembro 2005 21:45, John H Terpstra escreveu: With all due respect, I belive that your alarm and concern is a little excessive. What sort of response are you looking for? What are you hoping to achieve from your request? The point is not how often the wins service (or its machine) fails, but what happens to the rest of the network when it does. Considering netbios name resolution is not just about mapping name->IP, but also about locating services (who is the logon server? who is the domain master browser?), a single wins makes the windows network, which is already fragile, even more so. I've seen a wins server fail (kernel panic), and it wasn't pretty to the rest of the network. That failure was not the fault of the WINS server. Certainly the kernel panic wasn't the fault of Samba running WINS, but the consequences point us to the limitations of Samba. Even a single network disruption between WINS/PDC and the rest of your network can cause trouble similar to WINS/PDC kernel panicking. To prevent such cases, where networks are separate (i.e. in different cities) but use a single user database (in LDAP), I just set up PDCs instead of BDCs (they don't see each other via netbios anyway), and each of them is acting as a WINS server. I find it much more resistent to such failures. -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba Are you replicating the LDAP database to each network? yes. -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Saturday 26 November 2005 01:29, Tomasz Chmielewski wrote: > John H Terpstra schrieb: > > On Friday 25 November 2005 17:41, Andreas Hasenack wrote: > >>Em Sexta 25 Novembro 2005 21:45, John H Terpstra escreveu: > >>>With all due respect, I belive that your alarm and concern is a little > >>>excessive. > >>> > >>>What sort of response are you looking for? What are you hoping to > >>> achieve from > >>>your request? > >> > >>The point is not how often the wins service (or its machine) fails, but > >>what happens to the rest of the network when it does. Considering netbios > >>name resolution is not just about mapping name->IP, but also about > >> locating services (who is the logon server? who is the domain master > >> browser?), a single wins makes the windows network, which is already > >> fragile, even more so. > >>I've seen a wins server fail (kernel panic), and it wasn't pretty to the > >>rest of the network. > > > > That failure was not the fault of the WINS server. > > Certainly the kernel panic wasn't the fault of Samba running WINS, but > the consequences point us to the limitations of Samba. Ah, but we all have limitations. Remember, to err is human but to really stuff things up requires a computer. > Even a single network disruption between WINS/PDC and the rest of your > network can cause trouble similar to WINS/PDC kernel panicking. A wedged kernel is bad news! Mucho bad news! :-) > To prevent such cases, where networks are separate (i.e. in different > cities) but use a single user database (in LDAP), I just set up PDCs > instead of BDCs (they don't see each other via netbios anyway), and each > of them is acting as a WINS server. > I find it much more resistent to such failures. Ah, so you followed my example in chapter 6 of "Samba-3 by Example". It was added to the documentation because it works so well for the one company I know of that used it. Just make absolutely certain that the all PDCs run the same version of Samba. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Sat, 2005-11-26 at 09:29 +0100, Tomasz Chmielewski wrote: > John H Terpstra schrieb: > > On Friday 25 November 2005 17:41, Andreas Hasenack wrote: > > > >>Em Sexta 25 Novembro 2005 21:45, John H Terpstra escreveu: > >> > >>>With all due respect, I belive that your alarm and concern is a little > >>>excessive. > >>> > >>>What sort of response are you looking for? What are you hoping to achieve > >>>from > >>>your request? > >> > >>The point is not how often the wins service (or its machine) fails, but > >>what happens to the rest of the network when it does. Considering netbios > >>name resolution is not just about mapping name->IP, but also about locating > >>services (who is the logon server? who is the domain master browser?), a > >>single wins makes the windows network, which is already fragile, even more > >>so. > >>I've seen a wins server fail (kernel panic), and it wasn't pretty to the > >>rest of the network. > > > > > > That failure was not the fault of the WINS server. > > Certainly the kernel panic wasn't the fault of Samba running WINS, but > the consequences point us to the limitations of Samba. > > Even a single network disruption between WINS/PDC and the rest of your > network can cause trouble similar to WINS/PDC kernel panicking. > > To prevent such cases, where networks are separate (i.e. in different > cities) but use a single user database (in LDAP), I just set up PDCs > instead of BDCs (they don't see each other via netbios anyway), and each > of them is acting as a WINS server. > I find it much more resistent to such failures. > > -- > Tomek > http://wpkg.org > WPKG - software deployment and upgrades with Samba Are you replicating the LDAP database to each network? -- Marcus White <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Sat, 2005-11-26 at 09:29 +0100, Tomasz Chmielewski wrote: > To prevent such cases, where networks are separate (i.e. in different > cities) but use a single user database (in LDAP), I just set up PDCs > instead of BDCs (they don't see each other via netbios anyway), and each > of them is acting as a WINS server. > I find it much more resistent to such failures. One of the nice things about this setup is that with 'dns proxy = yes', you can still have access to the same fileservers (because they are in DNS), but the netbios space is separate for PDC/BDC etc. I use this to separate my (less trusted) wireless network from the main LAN. The wireless gateway is a DC and WINS server. Were a malicious laptop to spoof the DC, corrupt WINS etc, it cannot disrupt the main LAN. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
John H Terpstra schrieb: On Friday 25 November 2005 17:41, Andreas Hasenack wrote: Em Sexta 25 Novembro 2005 21:45, John H Terpstra escreveu: With all due respect, I belive that your alarm and concern is a little excessive. What sort of response are you looking for? What are you hoping to achieve from your request? The point is not how often the wins service (or its machine) fails, but what happens to the rest of the network when it does. Considering netbios name resolution is not just about mapping name->IP, but also about locating services (who is the logon server? who is the domain master browser?), a single wins makes the windows network, which is already fragile, even more so. I've seen a wins server fail (kernel panic), and it wasn't pretty to the rest of the network. That failure was not the fault of the WINS server. Certainly the kernel panic wasn't the fault of Samba running WINS, but the consequences point us to the limitations of Samba. Even a single network disruption between WINS/PDC and the rest of your network can cause trouble similar to WINS/PDC kernel panicking. To prevent such cases, where networks are separate (i.e. in different cities) but use a single user database (in LDAP), I just set up PDCs instead of BDCs (they don't see each other via netbios anyway), and each of them is acting as a WINS server. I find it much more resistent to such failures. -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Fri, 2005-11-25 at 16:45 -0700, John H Terpstra wrote: > The largest network I have worked with has 20 remote and local segments with > over 4200 Windows clients over a large WAN. The only time any problem was > experienced with the single WINS server was when a link went down, in which > case the network was off the air anyhow, and the other few times occured when > a netwrok card or a switch went defective. The total lost time over the past > 3 years has been about 4 hours. My experience is similar, with the old P133, RH 7.3 still one of the most reliable machines on the network (after the CPU fan was upgraded 4 years ago). The machine has been running for 5.5 years, I think... I am of course looking forward to the WINS replication functionality in Samba4, but I've had more trouble from my 'rudundent' DNS servers than the little WINS server has ever given me. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] The "single WINS" problem
On Fri, 2005-11-25 at 16:05 +0100, Jeroen van Meeuwen wrote: > You seem to forget that my 'master browsers' are in fact DNS Servers, and > there is no such thing as Netbios querying for logon servers. That is DNS > integrated in Windows 2003. But Samba3 implements NT4 semantics (in the DC area in particular), and as such clients depend on the very much existing thing of NetBIOS queries for logon servers. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Thu, 2005-11-24 at 20:42 -0200, Andreas wrote: > On Thu, Nov 24, 2005 at 10:31:01PM +0100, Jeroen van Meeuwen wrote: > > > So you can't use DNS for that sixteenth field of netbios names (like > > > <1C>, <1B>, etc). Or can you? > > > > Dynamic DNS is a setup primarily for networks with DHCP. Using DHCP, you can > > only have 1 IP lease per physical interface. This IP, along with the > > system's hostname, are registered in DNS, and that's were we resolve the > > names you currently use in a Netbios/WINS environment. > > I understood this part. What I didn't understand is how a DNS server can > answer queries like "DOMAIN<1C>" and "DOMAIN<1B>". It cannot. I typically run a WINS server to handle those names, with names already in DNS, and 'dns proxy = yes' set, so that the 'normal' names are avaialble via WINS also. In Samba4, metze is developing WINS replication testsuites and server functionality, but you will need to ask him about where it is up to. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Friday 25 November 2005 17:41, Andreas Hasenack wrote: > Em Sexta 25 Novembro 2005 21:45, John H Terpstra escreveu: > > With all due respect, I belive that your alarm and concern is a little > > excessive. > > > > What sort of response are you looking for? What are you hoping to achieve > > from > > your request? > > The point is not how often the wins service (or its machine) fails, but > what happens to the rest of the network when it does. Considering netbios > name resolution is not just about mapping name->IP, but also about locating > services (who is the logon server? who is the domain master browser?), a > single wins makes the windows network, which is already fragile, even more > so. > I've seen a wins server fail (kernel panic), and it wasn't pretty to the > rest of the network. That failure was not the fault of the WINS server. The simple fact is that there is NO mechanism for resolving the service information via DNS, except when running ADS - something that Samba-3 does not do. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
Em Sexta 25 Novembro 2005 21:45, John H Terpstra escreveu: > With all due respect, I belive that your alarm and concern is a little > excessive. > > What sort of response are you looking for? What are you hoping to achieve > from > your request? The point is not how often the wins service (or its machine) fails, but what happens to the rest of the network when it does. Considering netbios name resolution is not just about mapping name->IP, but also about locating services (who is the logon server? who is the domain master browser?), a single wins makes the windows network, which is already fragile, even more so. I've seen a wins server fail (kernel panic), and it wasn't pretty to the rest of the network. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Friday 25 November 2005 15:00, Andreas Hasenack wrote: > Em Quinta 24 Novembro 2005 18:17, Andreas Hasenack escreveu: > > Everybody encourages Samba admins to enable WINS whenever possible, and > > I agree that it helps a lot to solve these networks' problems. It's so > > good that, when it fails, it's a disaster. > > > > How are people coping with the samba limitation of not being able to > > replicate the WINS database and thus its inability to have more than one > > WINS server in a domain? > > Nobody else? :( Andreas, I have documented the fundamentals of network browsing and the importance of NetBIOS name resolution in the book "The Official Samba-3 HOWTO and Reference Guide". Where Samba-3 is a member of a Windows Active Directory domain it is possible to use just DNS based name resolution, but when Samba-3 provides the domain control technology it is necessary to use NetBIOS over TCP/IP. In that case, if the network is multi-segmented the choice to not use WINS is really a bad decision. WINS adds stability and cross-segment network operation. Sure, this can be done in other ways, but all alternatives require a lot more management and overhead, and are generally less reliable in practice. How often does WINS fail? That is the vital question. In my experience a Samba WINS server is considerably more reliable and dependable than a Windows NT4 WINS server. Your experience may vary. The largest network I have worked with has 20 remote and local segments with over 4200 Windows clients over a large WAN. The only time any problem was experienced with the single WINS server was when a link went down, in which case the network was off the air anyhow, and the other few times occured when a netwrok card or a switch went defective. The total lost time over the past 3 years has been about 4 hours. In chapter 6 of my book "Samba-3 by Example, second edition" I have documented work-around methods that can be used in ultra-large global networks. Windows networks are by their nature somewhat fragile, and therefore must be planed and implemented carefully. DNS is not capable of substituting for WINS where NetBIOS over TCP/IP is used. With all due respect, I belive that your alarm and concern is a little excessive. What sort of response are you looking for? What are you hoping to achieve from your request? - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
Em Quinta 24 Novembro 2005 18:17, Andreas Hasenack escreveu: > Everybody encourages Samba admins to enable WINS whenever possible, and > I agree that it helps a lot to solve these networks' problems. It's so > good that, when it fails, it's a disaster. > > How are people coping with the samba limitation of not being able to > replicate the WINS database and thus its inability to have more than one > WINS server in a domain? Nobody else? :( -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] The "single WINS" problem
You seem to forget that my 'master browsers' are in fact DNS Servers, and there is no such thing as Netbios querying for logon servers. That is DNS integrated in Windows 2003. Kind regards, Jeroen van Meeuwen -- kanarip > -Original Message- > From: [EMAIL PROTECTED] [mailto:samba- > [EMAIL PROTECTED] On Behalf Of Andreas > Hasenack > Sent: Friday, November 25, 2005 11:44 > To: samba@lists.samba.org > Subject: Re: [Samba] The "single WINS" problem > > On Fri, Nov 25, 2005 at 11:11:50AM +0100, Jeroen van Meeuwen wrote: > > I don't understand what you mean with "DOMAIN<1B>" or "DOMAIN<1C>"... > Does > > It means finding the Domain Master Browser (PDC) and all the logon > servers (1C) for DOMAIN. It is done with a netbios query, but since you > don't use netbios I was wondering how these netbios specific attributes > (1C, 1B, 00, 20, etc) are stored in DNS. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Fri, Nov 25, 2005 at 11:11:50AM +0100, Jeroen van Meeuwen wrote: > I don't understand what you mean with "DOMAIN<1B>" or "DOMAIN<1C>"... Does It means finding the Domain Master Browser (PDC) and all the logon servers (1C) for DOMAIN. It is done with a netbios query, but since you don't use netbios I was wondering how these netbios specific attributes (1C, 1B, 00, 20, etc) are stored in DNS. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] The "single WINS" problem
I don't understand what you mean with "DOMAIN<1B>" or "DOMAIN<1C>"... Does it concern, for example, machine 1B in domain DOMAIN? If it is, you're still in the Netbios context, which I don't use... My queries are alike 1B.DOMAIN. Please clarify for I find it a very interesting issue... Kind regards, Jeroen van Meeuwen -- kanarip > -Original Message- > From: [EMAIL PROTECTED] [mailto:samba- > [EMAIL PROTECTED] On Behalf Of Andreas > Sent: Thursday, November 24, 2005 23:43 > To: samba@lists.samba.org > Subject: Re: [Samba] The "single WINS" problem > > On Thu, Nov 24, 2005 at 10:31:01PM +0100, Jeroen van Meeuwen wrote: > > > So you can't use DNS for that sixteenth field of netbios names (like > > > <1C>, <1B>, etc). Or can you? > > > > Dynamic DNS is a setup primarily for networks with DHCP. Using DHCP, you can > > only have 1 IP lease per physical interface. This IP, along with the > > system's hostname, are registered in DNS, and that's were we resolve the > > names you currently use in a Netbios/WINS environment. > > I understood this part. What I didn't understand is how a DNS server can > answer queries like "DOMAIN<1C>" and "DOMAIN<1B>". > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Thu, Nov 24, 2005 at 10:31:01PM +0100, Jeroen van Meeuwen wrote: > > So you can't use DNS for that sixteenth field of netbios names (like > > <1C>, <1B>, etc). Or can you? > > Dynamic DNS is a setup primarily for networks with DHCP. Using DHCP, you can > only have 1 IP lease per physical interface. This IP, along with the > system's hostname, are registered in DNS, and that's were we resolve the > names you currently use in a Netbios/WINS environment. I understood this part. What I didn't understand is how a DNS server can answer queries like "DOMAIN<1C>" and "DOMAIN<1B>". -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] The "single WINS" problem
> > On Thu, Nov 24, 2005 at 10:04:10PM +0100, Jeroen van Meeuwen wrote: > > The Netbios names that are set in smbd/nmbd, are already registered with DNS > > when the network comes up (Dynamic DNS). This will only work properly if you > > have one single Netbios name per machine (Or run several instances on a > > multi-homed box). > > So you can't use DNS for that sixteenth field of netbios names (like > <1C>, <1B>, etc). Or can you? Dynamic DNS is a setup primarily for networks with DHCP. Using DHCP, you can only have 1 IP lease per physical interface. This IP, along with the system's hostname, are registered in DNS, and that's were we resolve the names you currently use in a Netbios/WINS environment. What I said, though, is not entirely true. I could of course add interfaces with different MAC addresses, which would be considered spoofing, and thus lease more IP's and register more DNS records. Or I create interface aliases with static IPs and configure a static IN A record. I could also use a multi-homed box with several NICs, thus lease more IPs, thus registering more DNS records. In all these setups, I also could run several instances of smbd/nmbd, each bound to one interface (or one IP, if you will). Kind regards, Jeroen van Meeuwen -- kanarip -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Thu, Nov 24, 2005 at 10:04:10PM +0100, Jeroen van Meeuwen wrote: > The Netbios names that are set in smbd/nmbd, are already registered with DNS > when the network comes up (Dynamic DNS). This will only work properly if you > have one single Netbios name per machine (Or run several instances on a > multi-homed box). So you can't use DNS for that sixteenth field of netbios names (like <1C>, <1B>, etc). Or can you? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] The "single WINS" problem
> Subject: Re: [Samba] The "single WINS" problem > > On Thu, Nov 24, 2005 at 09:38:29PM +0100, Jeroen van Meeuwen wrote: > > > > > Subject: [Samba] The "single WINS" problem > > > > > > Everybody encourages Samba admins to enable WINS whenever possible, > and > > > I agree that it helps a lot to solve these networks' problems. It's so > > > good that, when it fails, it's a disaster. > > > > > > How are people coping with the samba limitation of not being able to > > > replicate the WINS database and thus its inability to have more than one > > > WINS server in a domain? > > > > > > > I'm in a hybrid environment using both linux and Windows, and I prefer not > > Who is the PDC? Linux or Windows? > In fact, there is no real PDC, but I understand what you mean. My two Windows 2003 boxes are Domain Controllers, DNS runs on a bind-9.3.1 linux box. > > to use WINS. It would mess up the DDNS environment I currently have set up, > > since at some point Windows still gives WINS a higher priority over DNS. > > Linux, of course, doesn't really care ;) > > So you use DNS for netbios name resolution? Or have you configured samba > to not use netbios? Is it a single network (i.e., broadcast name > resolution works)? The Netbios names that are set in smbd/nmbd, are already registered with DNS when the network comes up (Dynamic DNS). This will only work properly if you have one single Netbios name per machine (Or run several instances on a multi-homed box). Windows boxes (NT 5.1 and later) are used to primarily look up 'simple hostnames' (hostnames without a DNS suffix, whether in a Netbios context or not), suffixed with the system DNS Domain suffix (list), or connection specific domain suffix (set by, for example, DHCP). I find that Windows is 'confused' as soon as I also provide a WINS server (but hey, didn't I expect at least one undocumented feature??). Kind regards, Jeroen van Meeuwen -- kanarip -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The "single WINS" problem
On Thu, Nov 24, 2005 at 09:38:29PM +0100, Jeroen van Meeuwen wrote: > > > Subject: [Samba] The "single WINS" problem > > > > Everybody encourages Samba admins to enable WINS whenever possible, and > > I agree that it helps a lot to solve these networks' problems. It's so > > good that, when it fails, it's a disaster. > > > > How are people coping with the samba limitation of not being able to > > replicate the WINS database and thus its inability to have more than one > > WINS server in a domain? > > > > I'm in a hybrid environment using both linux and Windows, and I prefer not Who is the PDC? Linux or Windows? > to use WINS. It would mess up the DDNS environment I currently have set up, > since at some point Windows still gives WINS a higher priority over DNS. > Linux, of course, doesn't really care ;) So you use DNS for netbios name resolution? Or have you configured samba to not use netbios? Is it a single network (i.e., broadcast name resolution works)? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] The "single WINS" problem
> Subject: [Samba] The "single WINS" problem > > Everybody encourages Samba admins to enable WINS whenever possible, and > I agree that it helps a lot to solve these networks' problems. It's so > good that, when it fails, it's a disaster. > > How are people coping with the samba limitation of not being able to > replicate the WINS database and thus its inability to have more than one > WINS server in a domain? > I'm in a hybrid environment using both linux and Windows, and I prefer not to use WINS. It would mess up the DDNS environment I currently have set up, since at some point Windows still gives WINS a higher priority over DNS. Linux, of course, doesn't really care ;) Kind regards, Jeroen van Meeuwen -- kanarip -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] The "single WINS" problem
Everybody encourages Samba admins to enable WINS whenever possible, and I agree that it helps a lot to solve these networks' problems. It's so good that, when it fails, it's a disaster. How are people coping with the samba limitation of not being able to replicate the WINS database and thus its inability to have more than one WINS server in a domain? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba