|
Related Reading 
|
Editor's note: In this first of a two-part series of excerpts from Chapter 7 of Using Samba, 2nd Edition, learn how to work with name resolution using WINS. And be sure to check back here next week for Part 2 on "Browsing."
Name resolution is critical to Samba's operation because names are used to find the servers that share files or printers. Browsing takes the task of finding servers to a new level of sophistication by allowing a user to delve down into a hierarchy of networks, domains, hosts, and services offered by each server.
While name resolution and browsing are not difficult to configure, some complexity is introduced by the variety of available name-resolution systems. Historically, Unix and other TCP/IP users have moved from a flat hosts file to the Domain Name System, with the Network Information System being another popular choice. Meanwhile, Microsoft has moved from a broadcasting system to a simple, LAN-only name server called WINS and ultimately to DNS.
The reason for going over that history is that all previous systems of name resolution are still in use today! Finding a host is so crucial to networking that sites want robust (if limited) name-resolution systems to fall back on in case the main system fails. Browsing is also complicated by the frequent need to show hosts in other subnets. This chapter shows you how to configure your network to handle name resolution any way you want.
Some of the differences between Unix and Microsoft networking implementations are the result of fundamental design goals. Unix networking was originally designed largely to implement a relatively formal group of systems that were assumed to be small in number, well-maintained, and highly available, that have static IP addresses, and that wouldn't physically move around from place to place. Bringing a new server online was a labor-intensive task, but it did not have to be performed frequently. In contrast, Windows networking was originally developed as a peer-to-peer collection of small personal computers on a single subnet, having no centrally or hierarchically organized structure.
SMB networking is dynamic. Computers are allowed to leave the network at any time, sometimes without warning, and also to join or rejoin the network at any time. Furthermore, any user in a Windows network can add a new shared resource to the network or remove a resource that he had previously added. The change in the network's configuration is handled automatically by the rest of the network without requiring a system administrator to take any action.
TCP/IP networks identify systems by IP addresses and always associate these addresses with more human-readable text names. In Microsoft's earliest networking implementations (for MS-DOS and Windows for Workgroups), the translation of names to network addresses was carried out in a manner that was very simple, yet very inefficient. When a system on the network needed an IP address corresponding to a name, it broadcasted the name to every other system on the network and waited for the system that owned the name to respond with its IP address.
The main problem with performing name resolution using broadcast packets is poor performance of the network as a whole, including CPU time consumed by each host on the network, which has to accept every broadcast packet and decide whether to respond to it. Also, broadcast packets usually aren't forwarded by routers, limiting name resolution to the local subnet. Microsoft's solution was to add WINS (Windows Internet Name Service) support to Windows NT so that the computers on the network can perform a direct query of the WINS server instead of using broadcast packets.
Modern Windows clients use a variety of methods for translating hostnames into IP addresses. The exact method varies depending on the version of Windows the client is running, how the client is configured (i.e., whether DNS server and/or WINS server IP addresses are provided), and whether the application software is accessing the network through Microsoft's Winsock or TCP/IP API. In general, Windows uses some combination of the following methods:
Looking up the name in its cache of recently resolved names
Querying DNS servers
Using the DNS Hosts file
Querying WINS servers
Using the WINS LMHOSTS file
Performing broadcast name resolution
The first method is pretty much self-explanatory. A hostname is checked against a cache of hostnames that have been recently resolved to IP addresses. This helps to save time and network bandwidth for resolving names that are used frequently.
When a Windows system is configured with the IP address of at least one DNS server, it can use DNS to resolve fully qualified domain names, such as those for sites on the Internet. The DNS servers can be either Windows NT/2000 or Unix systems. You can learn more about DNS and DNS server configuration in the O'Reilly book DNS and BIND.
In this chapter, we focus mainly on name resolution using WINS, which is supported by Samba with the nmbd daemon.
There are two types of interaction between a WINS client and a server: the client keeps its own NetBIOS name[1] registered with the server and queries the server to get the IP address corresponding to the NetBIOS name of another system.
When a WINS client joins the network, it registers its NetBIOS name with the WINS server, which stores it along with the client's IP address in the WINS database. This entry is marked active. The client is then expected to renew the registration of its name periodically (typically, every four days) to inform the server that it is still using the name. This period is called the time to live, or TTL. When the client leaves the network by being shut down gracefully, it informs the server, and the server marks the client's entry in its database as released.
When a client leaves the network without telling the WINS server to release its name, the server waits until after it fails to receive the expected registration renewal from the client and then marks the entry as released.
In either case, the released name is available for use by other clients joining the network. It might persist in the released state in the WINS database, and if it is not reregistered, the entry will eventually be deleted.
More information on WINS can be found in the Microsoft white paper Windows Internet Naming Service (WINS) Architecture and Capacity Planning. It can be downloaded from the Microsoft web site at http://www.microsoft.com.
In Chapter 3 of Using Samba, 2nd Edition, we cover how to configure Windows systems to use the LMHOSTS file as an alternative to the WINS server for name resolution. Samba also can use an LMHOSTS file, which by default is /usr/local/samba/lib/lmhosts. Samba's lmhosts is the same format as the Windows version. A simple lmhosts file might look like this:
172.16.1.1 toltec
172.16.1.6 mayaThe names on the right side of the entries are NetBIOS names, so you can assign resource types to them and add additional entries for computers:
172.16.1.1 toltec#20
172.16.1.1 metran#1b
172.16.1.6 maya#20Here, we've made toltec the primary domain controller of the METRAN domain on the second line. This line starts with toltec's IP address, followed by the name metran and the resource type <1B>. The other lines are entries for toltec and maya as standard workstations.
If you wish to place an lmhosts file somewhere other than the default location, you will need to notify the nmbd process upon startup using the -H option, followed by the name of your lmhosts file, as follows:
# nmbd -H /etc/samba/lmhosts -D
Various daemons and tools in the Samba suite need to perform name resolution. You can define the order in which the programs try each name-resolution method through the name resolve order parameter, like this:
[global]
name resolve order = wins lmhosts hosts bcastThe string used to define the parameter can take up to four values:
lmhostsUses the Samba server's local lmhosts file
hostsUses the standard Unix name-resolution methods, which can be /etc/hosts, DNS, NIS, or a combination, depending on how the local system is configured
winsUses the WINS server
bcastUses the broadcast method
The order in which they are specified is the order in which name resolution will be attempted. In our example, Samba will attempt to use its WINS server first for name resolution, followed by the lmhosts file on the local system. Next, the hosts value tells it to use Unix name-resolution methods. The word hosts can be misleading; it covers not only the /etc/hosts file, but also the use of DNS or NIS (as configured on the Unix host). Finally, if those three do not work, it will perform a broadcast name resolution.
You can set up Samba as a WINS server by setting the wins support parameter in the configuration file, like this:
[global]
wins support = yesBelieve it or not, that's all you need to do! The wins support option turns Samba into a WINS server. For most installations, Samba's default configuration is sufficient.
WARNING: Remember, Samba cannot communicate with Windows WINS servers. If you are using Samba as your WINS server, you must make sure not to allow any Windows systems or other Samba servers on your network to be configured as WINS servers. If you do, their WINS databases will not synchronize, resulting in inconsistent name resolution.
A Samba WINS server can check with the system's DNS server if a requested host cannot be found in its WINS database. With a typical Linux system, for example, you can find the IP address of the DNS server by searching the /etc/resolv.conf file. In it, you might see an entry such as the following:
nameserver 127.0.0.1
nameserver 172.16.1.192This tells us that the Linux system is configured to use a DNS server located at 172.16.1.192. (The 127.0.0.1 is the localhost address and is never a valid DNS server address.)
Now it is a simple matter of using the dns proxy option to tell Samba to use the DNS server:
[global]
dns proxy = yesTIP: Although this allows Windows clients to resolve fully qualified Internet domain names through the Samba WINS server, it will work only for domain names that fit within the 15-character limitation of NetBIOS names. For this reason, we recommend you use dns proxy only to act as a supplement to your WINS server, rather than as a replacement for a DNS server.
|
You can configure Samba to use a WINS server somewhere else on the network by simply providing it with the IP address of the WINS server. This is done with the global wins server configuration option, as shown here:
[global]
wins server = 172.16.1.1With this option enabled, Samba will direct all WINS requests to the server located at 172.16.1.1. Note that because the request is directed at a single machine, we don't have to worry about any of the problems inherent in broadcasting. However, Samba will not necessarily use the WINS server before other forms of name resolution. The order in which Samba attempts various name-resolution techniques is given with the name resolve order configuration option, which we discussed earlier.
The wins support and the wins server parameters are mutually exclusive; you cannot simultaneously offer Samba as the WINS server and use another system as the server! Typically, one Samba server is set up as the WINS server using wins support, and all other Samba servers are configured with the wins server parameter pointing to the Samba WINS server.
If you have a Samba server on a subnet that doesn't have a WINS server, and the Samba server has been configured with a WINS server on another subnet, you can tell the Samba server to forward any name-resolution requests with the wins proxy option:
[global]
wins server = 172.16.200.12
wins proxy = yesUse this only in situations where the WINS server resides on another subnet. Otherwise, the broadcast will reach the WINS server regardless of any proxying.
Samba's name-resolution options are shown in Table 7-1.
Table 7-1: Name-resolution options
| Option | Parameters | Function | Default | Scope |
wins support
|
boolean | If set to yes, allows Samba to act as a WINS server
|
no
|
Global |
wins server
|
string (IP address or DNS name) | Identifies a WINS server for Samba to use for name registration and resolution | None | Global |
wins proxy
|
boolean | Allows Samba to act as a proxy to a WINS server on another subnet | no
|
Global |
wins hook
|
string | Command to run when the WINS database changes | None | Global |
dns proxy
|
boolean | If set to yes, allows a Samba WINS server to search DNS if it cannot find a name in WINS
|
no
|
Global |
name resolve order
|
string | The order of methods used to resolve NetBIOS names | lmhosts hosts wins bcast
|
Global |
max ttl
|
numeric | Maximum TTL in seconds for a requested NetBIOS name | 259200 ( 3 days) |
Global |
max wins ttl
|
numeric | Maximum TTL in seconds for NetBIOS names given out by Samba as a WINS server | 518400
(6 days) |
Global |
min wins ttl
|
numeric | Minimum TTL in seconds for NetBIOS names given out by Samba as a WINS server | 21600
(6 hours) |
Global |
Samba will provide WINS name service to all machines in the network if you set the following in the [global] section of the smb.conf file:
[global]
wins support = yesThe default value is no, which is typically used to allow a Windows NT/2000 server or another Samba server to be the WINS server. If you enable this option, remember that a Samba WINS server currently cannot exchange data with other WINS servers, so do not allow any other WINS servers on the network. When set to yes, this option is mutually exclusive with the wins server parameter.
Samba will use an existing WINS server on the network if you specify the wins server global option in your configuration file. The value of this option is either the IP address or DNS name (not NetBIOS name) of the WINS server. For example:
[global]
wins server = 172.16.220.110or:
[global]
wins server = wins.metran.cxFor this option to work, the wins support option must be set to no (the default). Otherwise, Samba will report an error. You can specify only one WINS server using this option.
This option allows Samba to act as a proxy to another WINS server, and thus relay name registration and resolution requests from itself to the real WINS server, often outside the current subnet. The WINS server can be indicated through the wins server option. The proxy will then return the WINS response back to the client. You can enable this option by specifying the following in the [global] section:
[global]
wins proxy = yesThis option allows you to run a script or other program whenever the WINS database is modified. One application might be to set up another Samba server to act as a backup for another Samba WINS server. This is done by having the wins hook script call rsync to synchronize the WINS databases (/usr/local/samba/var/locks/wins.dat) on the two systems whenever an entry is added or deleted. The script would be specified in the Samba configuration file like this:
[global]
wins hook = /usr/local/bin/sync_winsIf you want the DNS to be used if a NetBIOS name isn't found in WINS, you can set the following option:
[global]
dns proxy = yesThis will permit nmbd to query the server's standard DNS. You might wish to deactivate this option if you do not have a permanent connection to your DNS server. This option should not be used in place of a DNS server on your network; it is intended for resolving NetBIOS names rather than fully qualified Internet domain names.
The global name resolve order option specifies the order of services that Samba will use in performing name resolution. The default order is to use the lmhosts file, followed by standard Unix name-resolution methods (some combination of /etc/hosts, DNS, and NIS), then to query a WINS server, and finally to use broadcasting to determine the address of a NetBIOS name. You can override this option by specifying something like the following:
[global]
name resolve order = lmhosts wins hosts bcastThis causes resolution to use the lmhosts file first, followed by a query to a WINS server, the /etc/hosts file, and finally broadcasting. You need not use all four options. This option is covered in more detail in the section "Setting Up Samba as a WINS Server," earlier in this chapter.
This option is used when Samba is not acting as a WINS server but is using another system on the network for its WINS server. It sets the maximum T T L for NetBIOS names registered by the Samba server with the WINS server. You should never need to alter this value.
This option is used when Samba is providing WINS name service, and it sets the maximum T T L for NetBIOS names registered with Samba. You should never need to change this value from its default.
This option is used when Samba is providing WINS name service, and it sets the minimum T T L for NetBIOS names registered with Samba. You should never need to alter this value from its default.
Check back here next week for Part 2 of this excerpt, which will cover browsing in Samba.
1. As we explained in Chapter 1, a system can register under more than one NetBIOS name. We use the singular here only to keep our explanation simple.
Return to ONLamp.com.
Copyright © 2007 O'Reilly Media, Inc.