Problem with Windows Network Neighborhood and Linux
Hi ! I run a small heterogeneous network of Linux boxes and Windows computer with a SuSE 8 Pro box which serves as central gateway, DNS and mail server and firewall. For a few days now, I have noticed that my users had trouble using the Windows Network Neighborhood. It would not show which other machines were available. The situation deteriorated until now, I get an error message saying that I cannot access the Neighborhood at all. The funny thing is, if I use Windows to search for a specific computer, it will find it and I can access the computer´s shared directories. I used my Linux gateway to check the other machines, they are physically available, they can be pinged and the DNS name resolution works fine. My other Linux boxes don´t seem to have any problems at all. Also, neither the Windows machines nor the Linux boxes have trouble with other network applications like mail or internet access. There have been no major hardware or configuration changes for several weeks now, thus I am sure this is no hardware problem but instead network-related. Any suggestions what my problem might be and how to solve it ? Thanks, Jörg
It seems like you have the general network configured correctly, however, keep in mind that Network Neighborhood doesn't rely on DNS. It relies on WINS, an lmhosts file, or NetBIOS broadcasting, depending on how the client is configured. Do you have WINS setup on the network? I always install a WINS server (which resolves NetBIOS names to addresses) even on a small network. The broadcast traffic alone is a good enough reason to do so.
Hi !
I run a small heterogeneous network of Linux boxes and Windows computer with a SuSE 8 Pro box which serves as central gateway, DNS and mail server and firewall. For a few days now, I have noticed that my users had trouble using the Windows Network Neighborhood. It would not show which other machines were available. The situation deteriorated until now, I get an error message saying that I cannot access the Neighborhood at all. The funny thing is, if I use Windows to search for a specific computer, it will find it and I can access the computer´s shared directories. I used my Linux gateway to check the other machines, they are physically available, they can be pinged and the DNS name resolution works fine. My other Linux boxes don´t seem to have any problems at all. Also, neither the Windows machines nor the Linux boxes have trouble with other network applications like mail or internet access. There have been no major hardware or configuration changes for several weeks now, thus I am sure this is no hardware problem but instead network-related.
Any suggestions what my problem might be and how to solve it ?
Thanks,
Jörg
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
@suse@tremor.com : I haven´t changed anything in the configuration of the network, so how come I suddenly have these problems. I don´t believe I caught a virus because my network sits behind two very restrictive firewalls and AV-systems, also virus-generated traffic should lead to problems in all network applications, not just in Neighborhood Browsing, I think. Greets, Jörg
While you may have not changed configuration, has the volume of traffic to the shares increased? If you are using hubs, do you see more collisions now than before? If you are relying on broadcasting of network shares, rather than a registration database, any of these items can cause these broadcasts to be unheard.
@suse@tremor.com : I haven´t changed anything in the configuration of the network, so how come I suddenly have these problems. I don´t believe I caught a virus because my network sits behind two very restrictive firewalls and AV-systems, also virus-generated traffic should lead to problems in all network applications, not just in Neighborhood Browsing, I think. Greets,
Jörg
Hi, don't look like a virus to me. But on the other hand I don't really believe you "haven't changed anything" will be true either. As far as I remember Windows is using a set of name resolution possibilities like: .../etc/hosts lmhosts WINS Browser Master Broadcast So you should think about any changes done before the problem occurs. IMO even a reboot of the Master Browser might be a difference, already. So which Windows machines do you have? Can you resolve the names at the Windows Boxes using nbtstat ... can you ping other machines using ping <netbios name> There is something else where you might find some valuable information. The System Event log of your windows boxes, check esp. for Browser entries. Finally you should trace during opening the Network Neighborhood at one machine and check for the NBNS and BROWSER protocol too. What's going on there? Any Firewall installed at one of the Windows boxes, any MS Sec. updates installed recently? best regards Robert
-----Ursprüngliche Nachricht----- Von: suse@tremor.com [mailto:suse@tremor.com] Gesendet: Donnerstag, 22. Juli 2004 20:18 An: suse-security@suse.com Betreff: Re: [suse-security] Problem with Windows Network Neighborhood and Linux
While you may have not changed configuration, has the volume of traffic to the shares increased? If you are using hubs, do you see more collisions now than before? If you are relying on broadcasting of network shares, rather than a registration database, any of these items can cause these broadcasts to be unheard.
@suse@tremor.com : I haven´t changed anything in the configuration of the network, so how come I suddenly have these problems. I don´t believe I caught a virus because my network sits behind two very restrictive firewalls and AV-systems, also virus-generated traffic should lead to problems in all network applications, not just in Neighborhood Browsing, I think. Greets,
Jörg
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Webmaster@draconet.org wrote:
Hi,
don't look like a virus to me. But on the other hand I don't really believe you "haven't changed anything" will be true either. As far as I remember Windows is using a set of name resolution possibilities like:
.../etc/hosts lmhosts WINS Browser Master Broadcast
So you should think about any changes done before the problem occurs. IMO even a reboot of the Master Browser might be a difference, already. So which Windows machines do you have? Can you resolve the names at the Windows Boxes using nbtstat ... can you ping other machines using ping <netbios name>
There is something else where you might find some valuable information. The System Event log of your windows boxes, check esp. for Browser entries. Finally you should trace during opening the Network Neighborhood at one machine and check for the NBNS and BROWSER protocol too. What's going on there?
Any Firewall installed at one of the Windows boxes, any MS Sec. updates installed recently?
best regards Robert
-----Ursprüngliche Nachricht----- Von: suse@tremor.com [mailto:suse@tremor.com] Gesendet: Donnerstag, 22. Juli 2004 20:18 An: suse-security@suse.com Betreff: Re: [suse-security] Problem with Windows Network Neighborhood and Linux
While you may have not changed configuration, has the volume of traffic to the shares increased? If you are using hubs, do you see more collisions now than before? If you are relying on broadcasting of network shares, rather than a registration database, any of these items can cause these broadcasts to be unheard.
@suse@tremor.com : I haven´t changed anything in the
configuration of the
network, so how come I suddenly have these problems. I don´t believe I caught a virus because my network sits behind two very restrictive firewalls and AV-systems, also virus-generated traffic should lead to problems in all network applications, not just in Neighborhood Browsing, I think. Greets,
Jörg
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Another idea: any updates (maybe automated) on your Windows boxes or on your linux boxes (samba, samba-client) were installed? Does anybody remember the problems with changing passwords on an samba server after microsoft introduced its patch KB828743 (i think it was this number) in may. I also hadn't changed any configuration files, but my colleagues couldn't change their passwords anymore. ;-) just my two euro cents guido
1 )Yes, there was an automated Windows-Update for XP at the beginning of this week. However, if this was responsible for my network problems, shouldn´t there be an uproar because others have the same kind of trouble ? I don´t believe my setup is that rare. There are Personal Firewalls installed on most computers, but there hasn´t been any change during the last few weeks. 2) I don´t know that much about Windows Networking, I kinda inherited this network, which means I am a little out of my depth. I always thought that Windows used my Linux-based DNS to do name resolution (which works fine, btw). So, what exactly is a Master Browser and how do I find out which of my machines is it ? 3) From my Windows PC, I can ping other Windows boxes both by IP and name. nbtstat -r yields only a few of my machines. 4) I captured the network traffic coming from my machine when opening the Neighborhood. What is it supposed to look like ? Does anybody know a good how-to on the net where I can find info on Windows Networking ? Thanks for the help, Jörg
remote wrote:
1 )Yes, there was an automated Windows-Update for XP at the beginning of this week. However, if this was responsible for my network problems, shouldn´t there be an uproar because others have the same kind of trouble ? I don´t believe my setup is that rare. There are Personal Firewalls installed on most computers, but there hasn´t been any change during the last few weeks.
Probably, one of the machines with Personal Firewall has become the browse master. It only takes one (re)boot to change the browse master.
2) I don´t know that much about Windows Networking, I kinda inherited this network, which means I am a little out of my depth. I always thought that Windows used my Linux-based DNS to do name resolution (which works fine, btw). So, what exactly is a Master Browser and how do I find out which of my machines is it ?
Search the internet for "browse master"... (e.g. http://www.duxcw.com/faq/network/bm.htm).
3) From my Windows PC, I can ping other Windows boxes both by IP and name.
ping can use either DNS names or WINS names, if it is using DNS names this says nothing about windows networking.
4) I captured the network traffic coming from my machine when opening the Neighborhood. What is it supposed to look like ? Does anybody know a good how-to on the net where I can find info on Windows Networking ?
Basically: Client -> Browse Master: "Give me list with resources?" Browse Master -> Client: <list> If there is no response on a query, this is probably because the browse master is blocking queries (or the machine has just gone down and a new browse master has not yet been elected -> get a fixed browse master). Info: just search the net, plenty info to find... Robbert
I captured the traffic going through my PC`s network interface (my machine´s IP is X.Y.Z.41, X.Y.Z.63 is the subdomain broadcast) when I open the Neighborhood : However, it does not communicate with a specific machine, instead it broadcasts : No. Time Source Destination Protocol Info 2 0.695761 X.Y.Z.41 X.Y.Z.63 BROWSER Get Backup List Request Frame 2 (216 bytes on wire, 216 bytes captured) Ethernet II, Src: 00:04:76:8e:3f:64, Dst: ff:ff:ff:ff:ff:ff Internet Protocol, Src Addr: X.Y.Z.41 (X.Y.Z.41), Dst Addr: X.Y.Z.63 (X.Y.Z.63) User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port: netbios-dgm (138) NetBIOS Datagram Service SMB (Server Message Block Protocol) SMB MailSlot Protocol Microsoft Windows Browser Protocol No. Time Source Destination Protocol Info 3 0.695994 X.Y.Z.41 X.Y.Z.63 NBNS Name query NB MyDomain<1b> Frame 3 (92 bytes on wire, 92 bytes captured) Ethernet II, Src: 00:04:76:8e:3f:64, Dst: ff:ff:ff:ff:ff:ff Internet Protocol, Src Addr: X.Y.Z.41 (X.Y.Z.41), Dst Addr: X.Y.Z.63 (X.Y.Z.63) User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137) NetBIOS Name Service This name query goes on for quite some time until my machine requests an election: No. Time Source Destination Protocol Info 15 13.462087 X.Y.Z.41 X.Y.Z.63 BROWSER Browser Election Request Frame 15 (225 bytes on wire, 225 bytes captured) Ethernet II, Src: 00:04:76:8e:3f:64, Dst: ff:ff:ff:ff:ff:ff Internet Protocol, Src Addr: X.Y.Z.41 (X.Y.Z.41), Dst Addr: X.Y.Z.63 (X.Y.Z.63) User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port: netbios-dgm (138) NetBIOS Datagram Service SMB (Server Message Block Protocol) SMB MailSlot Protocol After that, another machine (X.Y.Z.47) seems to request the election of a new Browse Master : o. Time Source Destination Protocol Info 18 13.462986 X.Y.Z.47 X.Y.Z.63 BROWSER Browser Election Request Frame 18 (231 bytes on wire, 231 bytes captured) Ethernet II, Src: 00:10:4b:40:03:1c, Dst: ff:ff:ff:ff:ff:ff Internet Protocol, Src Addr: X.Y.Z.47 (X.Y.Z.47), Dst Addr: X.Y.Z.63 (X.Y.Z.63) User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port: netbios-dgm (138) NetBIOS Datagram Service SMB (Server Message Block Protocol) SMB MailSlot Protocol Microsoft Windows Browser Protocol Funny thing is, 47 is a Linux machine running Samba, so I am not entirely sure why this machine should request a browser election in the first place. After some considerable time, my machine broadcasts information about itself No. Time Source Destination Protocol Info 27 19.550930 X.Y.Z.41 X.Y.Z.63 BROWSER Host Announcement BALIN, Workstation, Server, NT Workstation, Potential Browser Frame 27 (255 bytes on wire, 255 bytes captured) Ethernet II, Src: 00:04:76:8e:3f:64, Dst: ff:ff:ff:ff:ff:ff Internet Protocol, Src Addr: X.Y.Z.41 (X.Y.Z.41), Dst Addr: X.Y.Z.63 (X.Y.Z.63) User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port: netbios-dgm (138) NetBIOS Datagram Service SMB (Server Message Block Protocol) SMB MailSlot Protocol Microsoft Windows Browser Protocol This goes on for some time, until I finally get the error message saying that the Neighborhood is not available. One more thing about the Samba machine : is it normal to request a browser election so often ? Does this piece of info help in any way ? Thanks, Jörg
remote wrote:
For a few days now, I have noticed that my users had trouble using the Windows Network Neighborhood. It would not show which other machines were available. The situation deteriorated until now, I get an error message saying that I cannot access the Neighborhood at all. The funny thing is, if I use Windows to search for a specific computer, it will find it and I can access the computer´s shared directories.
Sounds like your browse master is not working correctly, probably it is blocking requests. Have you recently installed a new windows (XP) machine with the builtlin firewall enabled? If you a linux box running 24/7, install samba on it an make it browse master. Again, watch the firewall settings. smb.conf browser settings: # --- Browser Control Options --- # Please _read_ BROWSING.txt and set the next four parameters according # to your network setup. The defaults are specified below (commented # out.) It's important that you read BROWSING.txt so you don't break # browsing in your network! # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 255 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on # startup and gives it a slightly higher chance of winning the election ; preferred master = yes # --- End of Browser Control Options --- Robbert
participants (5)
-
Guido Tschakert -
remote -
Robbert Eggermont -
suse@tremor.com -
Webmaster@draconet.org