[opensuse] openSUSE 11, Windows AD and WINS
I have joined a Windows Active Directory and all works fine. Except one thing: I am unable to resolve network addresses that are in WINS but not DNS. (Why such a situation exists is a mystery over which I have no control - I must simply deal with it). In the Samba Server config in YAST, I can select that the WINS server should be set via DHCP. Well, the machine does not boot via DHCP. So, how should I arrange this? Is there any possible conflict with the AD stuff if I add a wins server to /etc/samba/smb.conf? Will that even be used by the resolver? My /etc/nsswitch.conf file looks like this (set up by YAST): passwd: compat winbind group: compat winbind hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files nis publickey: files bootparams: files automount: files nis aliases: files I see that hosts does not refer to wins or winbind. Is there a winbind option for this as well? Is that something that can be enabled via YAST? I have been trying to stick to using YAST on this machine and not fiddle with files. But, of course, I do try to keep track of what YAST is doing to files... -- Roger Oberholtzer OPQ Systems / Ramböll RST Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden Office: Int +46 8-615 60 20 Mobile: Int +46 70-815 1696 And remember: It is RSofT and there is always something under construction. It is like talking about large city with all constructions finished. Not impossible, but very unlikely. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 07 November 2008 09:17:27 Roger Oberholtzer wrote:
I have joined a Windows Active Directory and all works fine. Except one thing: I am unable to resolve network addresses that are in WINS but not DNS. (Why such a situation exists is a mystery over which I have no control - I must simply deal with it). In the Samba Server config in YAST, I can select that the WINS server should be set via DHCP. Well, the machine does not boot via DHCP. So, how should I arrange this? Is there any possible conflict with the AD stuff if I add a wins server to /etc/samba/smb.conf? Will that even be used by the resolver? My /etc/nsswitch.conf file looks like this (set up by YAST):
Hello Roger, Have you tried simply adding the IP address of the WINS server to /etc/samba/smb.conf? Like so: wins server = w.x.y.z. This should fix the problem resolving wins hosts, imho. HTH, Joop ------------------------------------------------------------ Dit bericht is gescand op virussen en andere gevaarlijke inhoud door MailScanner en lijkt schoon te zijn. Mailscanner door http://www.prosolit.nl Professional Solutions fot IT -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Joop Beris wrote:
On Friday 07 November 2008 09:17:27 Roger Oberholtzer wrote:
I have joined a Windows Active Directory and all works fine. Except one thing: I am unable to resolve network addresses that are in WINS but not DNS. (Why such a situation exists is a mystery over which I have no control - I must simply deal with it). In the Samba Server config in YAST, I can select that the WINS server should be set via DHCP. Well, the machine does not boot via DHCP. So, how should I arrange this? Is there any possible conflict with the AD stuff if I add a wins server to /etc/samba/smb.conf? Will that even be used by the resolver? My /etc/nsswitch.conf file looks like this (set up by YAST):
Hello Roger,
Have you tried simply adding the IP address of the WINS server to /etc/samba/smb.conf? Like so:
wins server = w.x.y.z.
This should fix the problem resolving wins hosts, imho.
HTH,
Joop
Roger, I think Joop hit the nail on the head. What you want to do is make sure the "wins support" option is _NOT_ set and that "wins server" _IS_ set to the IP of your primary wins server: # wins support = yes wins server = 192.168.6.17 Samba can act as either a wins server or a wins client, but not both. What you are trying to accomplish is to have your samba box obtain a copy of the netbios/lanman "browse list" from the master browser on your subnet. Also make sure you are not setting your samba box as the domain or local master: 03:05 ecstasy~> grep master /etc/samba/smb.conf # set local master to no if you don't want Samba to become a master # local master = yes # OS Level determines the precedence of this server in master browser # domain master = yes # preferred master = yes Set your "os level" to something less than (I can't remember the exact number, but I believe it is) 62 so that you insure it doesn't win an election and become the master browser. The following works fine: os level = 57 Also, if you are going to be eyeball deep in samba for a while, head over to www.samba.org. They have great documentation as well as a very helpful mailing list. For configuration, I wouldn't rely solely on yast, just use a text editor and open /etc/samba/smb.conf and edit the file directly. Yast is OK, but it is just yet another setup tool ;-) -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 2008-11-07 at 03:16 -0600, David C. Rankin wrote:
Joop Beris wrote:
On Friday 07 November 2008 09:17:27 Roger Oberholtzer wrote:
I have joined a Windows Active Directory and all works fine. Except one thing: I am unable to resolve network addresses that are in WINS but not DNS. (Why such a situation exists is a mystery over which I have no control - I must simply deal with it). In the Samba Server config in YAST, I can select that the WINS server should be set via DHCP. Well, the machine does not boot via DHCP. So, how should I arrange this? Is there any possible conflict with the AD stuff if I add a wins server to /etc/samba/smb.conf? Will that even be used by the resolver? My /etc/nsswitch.conf file looks like this (set up by YAST):
Hello Roger,
Have you tried simply adding the IP address of the WINS server to /etc/samba/smb.conf? Like so:
wins server = w.x.y.z.
This should fix the problem resolving wins hosts, imho.
HTH,
Joop
Roger,
I think Joop hit the nail on the head. What you want to do is make sure the "wins support" option is _NOT_ set and that "wins server" _IS_ set to the IP of your primary wins server:
# wins support = yes wins server = 192.168.6.17
Samba can act as either a wins server or a wins client, but not both. What you are trying to accomplish is to have your samba box obtain a copy of the netbios/lanman "browse list" from the master browser on your subnet. Also make sure you are not setting your samba box as the domain or local master:
03:05 ecstasy~> grep master /etc/samba/smb.conf # set local master to no if you don't want Samba to become a master # local master = yes # OS Level determines the precedence of this server in master browser # domain master = yes # preferred master = yes
Set your "os level" to something less than (I can't remember the exact number, but I believe it is) 62 so that you insure it doesn't win an election and become the master browser. The following works fine:
os level = 57
Also, if you are going to be eyeball deep in samba for a while, head over to www.samba.org. They have great documentation as well as a very helpful mailing list. For configuration, I wouldn't rely solely on yast, just use a text editor and open /etc/samba/smb.conf and edit the file directly. Yast is OK, but it is just yet another setup tool ;-)
I tried that and see no difference. I restarted winbind, smb and nmb. I should not have to reboot, should I? I want the host names to be generally resolved from Linux applications that use the resolver. Without adding something to /etc/nsswitch.conf, I am confused how that will happen. As it stands, it will use files and dns only. If one edits /etc/nsswitch.conf, is there a server that must be restarted? I would not think so as each app seems to open nsswitch.conf. -- Roger Oberholtzer OPQ Systems / Ramböll RST Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden Office: Int +46 8-615 60 20 Mobile: Int +46 70-815 1696 And remember: It is RSofT and there is always something under construction. It is like talking about large city with all constructions finished. Not impossible, but very unlikely. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 07 November 2008 10:50:45 Roger Oberholtzer wrote:
I tried that and see no difference. I restarted winbind, smb and nmb. I should not have to reboot, should I?
Hi Roger, No, restarting the daemons should be sufficient. Is there something logged in /var/log/samba.log.nmb which could shed light on this? Also, please check out the documentation on the samba site here: http://us6.samba.org/samba/docs/man/Samba-HOWTO- Collection/NetworkBrowsing.html#id2576622 This page explains WINS support in Samba in detail. It also explains the resolve order, which might be causing trouble for you. HTH, Joop ------------------------------------------------------------ Dit bericht is gescand op virussen en andere gevaarlijke inhoud door MailScanner en lijkt schoon te zijn. Mailscanner door http://www.prosolit.nl Professional Solutions fot IT -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 2008-11-07 at 11:26 +0100, Joop Beris wrote:
On Friday 07 November 2008 10:50:45 Roger Oberholtzer wrote:
I tried that and see no difference. I restarted winbind, smb and nmb. I should not have to reboot, should I?
Hi Roger,
No, restarting the daemons should be sufficient. Is there something logged in /var/log/samba.log.nmb which could shed light on this?
Also, please check out the documentation on the samba site here: http://us6.samba.org/samba/docs/man/Samba-HOWTO- Collection/NetworkBrowsing.html#id2576622
This only tells how to set up SAMBA, not nsswitch.conf, which I think is my problem area.
This page explains WINS support in Samba in detail. It also explains the resolve order, which might be causing trouble for you.
Setting up SAMBA is step two, I would imagine. If nsswitch.conf does not say to use SAMBA (winbind?) then SAMBA will not be consulted, making SAMBA's config irrelevant at that point. Isn't that correct? So, I am trying to see how to get Linux apps that resolve addresses to be told to also consult with SAMBA (winbind). I think this is the part I do not have. This is what I have in my /etc/nsswitch.conf: hosts: files mdns4_minimal [NOTFOUND=return] dns I'm not running mdns4, so the list is really 'files dns'. -- Roger Oberholtzer OPQ Systems / Ramböll RST Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden Office: Int +46 8-615 60 20 Mobile: Int +46 70-815 1696 And remember: It is RSofT and there is always something under construction. It is like talking about large city with all constructions finished. Not impossible, but very unlikely. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Roger Oberholtzer wrote:
On Fri, 2008-11-07 at 03:16 -0600, David C. Rankin wrote:
Joop Beris wrote:
On Friday 07 November 2008 09:17:27 Roger Oberholtzer wrote:
I have joined a Windows Active Directory and all works fine. Except one thing: I am unable to resolve network addresses that are in WINS but not DNS. (Why such a situation exists is a mystery over which I have no control - I must simply deal with it). In the Samba Server config in YAST, I can select that the WINS server should be set via DHCP. Well, the machine does not boot via DHCP. So, how should I arrange this? Is there any possible conflict with the AD stuff if I add a wins server to /etc/samba/smb.conf? Will that even be used by the resolver? My /etc/nsswitch.conf file looks like this (set up by YAST): Hello Roger,
Have you tried simply adding the IP address of the WINS server to /etc/samba/smb.conf? Like so:
wins server = w.x.y.z.
This should fix the problem resolving wins hosts, imho.
HTH,
Joop
Roger,
I think Joop hit the nail on the head. What you want to do is make sure the "wins support" option is _NOT_ set and that "wins server" _IS_ set to the IP of your primary wins server:
# wins support = yes wins server = 192.168.6.17
Samba can act as either a wins server or a wins client, but not both. What you are trying to accomplish is to have your samba box obtain a copy of the netbios/lanman "browse list" from the master browser on your subnet. Also make sure you are not setting your samba box as the domain or local master:
03:05 ecstasy~> grep master /etc/samba/smb.conf # set local master to no if you don't want Samba to become a master # local master = yes # OS Level determines the precedence of this server in master browser # domain master = yes # preferred master = yes
Set your "os level" to something less than (I can't remember the exact number, but I believe it is) 62 so that you insure it doesn't win an election and become the master browser. The following works fine:
os level = 57
Also, if you are going to be eyeball deep in samba for a while, head over to www.samba.org. They have great documentation as well as a very helpful mailing list. For configuration, I wouldn't rely solely on yast, just use a text editor and open /etc/samba/smb.conf and edit the file directly. Yast is OK, but it is just yet another setup tool ;-)
I tried that and see no difference. I restarted winbind, smb and nmb. I should not have to reboot, should I?
YES YOU DO! The browse list is not flushed unless you reboot. You can start and stop the daemons all day long and still never get a new browse list. Second, the precise details of why normal election loss doesn't change the browse list in all cases escapes me now, but IIRC it has to do with conflicting IPs preventing normal updating (too many 192.168.0.[xxx] duplicates) This usually bites laptop users the worst. They close their laptop at home and then get to work and pester the hell out of tech support because their network doesn't work. Tech support goes nut because they can't figure it out either. The whole time the problem is the browse list -- which is the browse list they got from the subnet they were connected to the last time they booted their computer.
I want the host names to be generally resolved from Linux applications that use the resolver. Without adding something to /etc/nsswitch.conf, I am confused how that will happen. As it stands, it will use files and dns only. If one edits /etc/nsswitch.conf, is there a server that must be restarted? I would not think so as each app seems to open nsswitch.conf.
I have to admit, I have never made friends with nsswitch.conf, BIND DNS and samba wins has always taken care of all my needs. -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, Nov 07, 2008 at 09:17:27AM +0100, Roger Oberholtzer wrote:
I have joined a Windows Active Directory and all works fine. Except one thing: I am unable to resolve network addresses that are in WINS but not DNS. (Why such a situation exists is a mystery over which I have no control - I must simply deal with it). In the Samba Server config in YAST, I can select that the WINS server should be set via DHCP. Well, the machine does not boot via DHCP. So, how should I arrange this?
Set your wins server in smb.conf manually. wins server = 192.9.200.1 192.168.2.61 See smb.conf man page for more WINS options.
Is there any possible conflict with the AD stuff if I add a wins server to /etc/samba/smb.conf? Will that even be used by the resolver? My /etc/nsswitch.conf file looks like this (set up by YAST):
Then hosts have to be resolved by wins too. Therefore the samba-client package includes libnss_wins.
passwd: compat winbind group: compat winbind
hosts: files mdns4_minimal [NOTFOUND=return] dns
Add wins at the end of this line. IIRC we recently had a discussion to support this from inside YaST too. Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
On Fri, 2008-11-07 at 12:26 +0100, Lars Müller wrote:
Add wins at the end of this line. IIRC we recently had a discussion to support this from inside YaST too.
It would make sense. After all the work to set up letting a machine join the AD, it seems odd to leave this undone. Granted they are really different things. But still, it would make sense that if YaST is doing part of the work, it should do the rest. Or, as a minimum, in the info panel to the left, tell which obvious things are not being done. That is always the trick with using auto setups like YaST (but not at all exclusive to YaST): knowing how much they did and how much they did not do. All the time saved in letting them set up something that is tricky is often then lost trying to figure out which things they did not do. -- Roger Oberholtzer OPQ Systems / Ramböll RST Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden Office: Int +46 8-615 60 20 Mobile: Int +46 70-815 1696 And remember: It is RSofT and there is always something under construction. It is like talking about large city with all constructions finished. Not impossible, but very unlikely. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, Nov 10, 2008 at 08:28:11AM +0100, Roger Oberholtzer wrote:
On Fri, 2008-11-07 at 12:26 +0100, Lars Müller wrote:
Add wins at the end of this line. IIRC we recently had a discussion to support this from inside YaST too.
It would make sense. After all the work to set up letting a machine join the AD, it seems odd to leave this undone.
Microsoft Windows Active Directory heavily relies on DNS. WINS is still available but the default name resoloution mechanism is DNS since ages even for Microsoft. Using a split DNS <-> WINS name scope might result in strange(tm) issues.
Granted they are really different things. But still, it would make sense that if YaST is doing part of the work, it should do the rest.
100% coverage isn't possible. You know the very simple 80:20 rule? You need 80% of your time to implement the remaining 20% of 100% coverage.
Or, as a minimum, in the info panel to the left, tell which obvious things are not being done. That is always the trick with using auto setups like YaST (but not at all exclusive to YaST):
This is valid critic! Such hints would be nice. Maybe with the opportunity to search the Support DataBase (SDB) straight from inside YaST.
knowing how much they did and how much they did not do. All the time saved in letting them set up something that is tricky is often then lost trying to figure out which things they did not do.
Please keep your special setup in mind. A split DNS and WINS data base isn't what the majority of MS AD setups use. Unfortunately in this case you're part of the 20%. ;) I might be completely wrong with my numbers. But that's my experience with customer setups till now. Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
On Mon, 2008-11-10 at 13:11 +0100, Lars Müller wrote:
On Mon, Nov 10, 2008 at 08:28:11AM +0100, Roger Oberholtzer wrote:
On Fri, 2008-11-07 at 12:26 +0100, Lars Müller wrote:
Add wins at the end of this line. IIRC we recently had a discussion to support this from inside YaST too.
It would make sense. After all the work to set up letting a machine join the AD, it seems odd to leave this undone.
Microsoft Windows Active Directory heavily relies on DNS.
WINS is still available but the default name resoloution mechanism is DNS since ages even for Microsoft.
Using a split DNS <-> WINS name scope might result in strange(tm) issues.
You're preaching to the choir here. Oddly, our IT guys still have a mixed setup. I do not know if it is because they also have Netware in the mix. But there are some things that can only be resolved in one or the other of the systems. As 99.999999999999% of the folk use a centrally administered Windows XP machine, they don't see the issue. Us poor standards guys (e.g., DNS users) encounter the oddities.
Granted they are really different things. But still, it would make sense that if YaST is doing part of the work, it should do the rest.
100% coverage isn't possible. You know the very simple 80:20 rule? You need 80% of your time to implement the remaining 20% of 100% coverage.
Of course. But I would imagine that adding more and more of these things with each subsequent release is way YaST development is led, no? Of course, if it is used by a minority of the users, it will always be a low priority item.
Or, as a minimum, in the info panel to the left, tell which obvious things are not being done. That is always the trick with using auto setups like YaST (but not at all exclusive to YaST):
This is valid critic! Such hints would be nice. Maybe with the opportunity to search the Support DataBase (SDB) straight from inside YaST.
knowing how much they did and how much they did not do. All the time saved in letting them set up something that is tricky is often then lost trying to figure out which things they did not do.
Please keep your special setup in mind. A split DNS and WINS data base isn't what the majority of MS AD setups use. Unfortunately in this case you're part of the 20%. ;)
I cannot say what the numbers are either. But I bet there are more with a mixed setup than you would think. Our IT department manages systems for over 5000 people. Having only one system for name resolution would, indeed, make sense. But where is the job security in that approach :) -- Roger Oberholtzer OPQ Systems / Ramböll RST Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden Office: Int +46 8-615 60 20 Mobile: Int +46 70-815 1696 And remember: It is RSofT and there is always something under construction. It is like talking about large city with all constructions finished. Not impossible, but very unlikely. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
David C. Rankin -
Joop Beris -
Lars Müller -
Roger Oberholtzer