Help - Search - Members - Calendar
Full Version: Samba And Routed Networks
Linuxhelp > Support > Technical Support
I recently set up a Linux box as a firewall/server between my main computer and the University network. I've managed to get all the services working, except for Samba.

The University network is, on the eth0 device. My internal network, currently containing a single WinXP system, is on the eth1 device. The server's IP is on the University network, and on the internal network. The Windows XP computer's IP is Both computers are part of workgroup 'ShivaNet'.
I've set up NAT on the server successfully, with the following rules:
* Incoming traffic is accepted from either net.
* Outgoing traffic is accepted to either net.
* Connections to the internal net initiated externally are rejected, unless they're on port 555 (DC++ port).
* Connections to the external net initiated internally are accepted.

The actual problem is that my WinXP system can see the server and itself in 'Windows Network', and it can see the workgroups in the University network under 'Windows Network', but it can't see any of the computers in those workgroups.
The server is running Debian Linux (not sure exactly which version, but it's the testing/unstable build and I installed it from the Internet about a month ago). The version string returned by 'smbd -V' is 'Version 3.0.2a-Debian'.


log file = /var/log/samba/log.%m
passwd chat = *EntersnewsUNIXspassword:* %nn *RetypesnewsUNIXspassword:* %nn
obey pam restrictions = yes
lm announce = no
follow symlinks = no
username map = /etc/samba/
domain logons = yes
domain master = yes
wins server = yes
time server = yes
hosts allow = 137.222., 192.168.1.
encrypt passwords = yes
passdb backend = tdbsam guest
passwd program = /usr/bin/passwd %u
dns proxy = no
netbios name = Shiva
server string = Shiva server (Samba/Debian)
invalid users = root
default = global
workgroup = ShivaNet
os level = 20
auto services = homes
security = user
syslog = 0
panic action = /usr/share/samba/panic-action %d
max log size = 1000
browseable = yes

comment = Home Directories
guest ok = no
browseable = no
valid users = descenterace
writable = yes
create mask = 0740
directory mask = 0750

(If anyone's wondering about the computer/network names: I'm a Descent/FreeSpace fan.)

The University network as a whole is, so I've allowed connections from the entirety of that class B subnet.

Is it possible to configure Samba for this particular scenario, or will I have to use Apache to create a workaround?
Not possible, huh? Ah well, I'll mount the WinXP system's shared folders on the server, then use Apache to provide access to them. Putting together a PHP front end will give me something to do.
I think the problem is one of Multiple homed Domain Controllers / Master Browsers.

NetBIOS network machines will maintain a seperate browse list of each segment ... and you probably only see the computers that are on your network segment because of this.;EN-US;191611
I think I understand... My Linux server is keeping the browse lists for the two networks seperate, so the WinXP machine only gets the list for the internal network.

The thought occurs that the Linux machine is actually not the PDC for my internal network. WinNT-based systems, like WinXP, have an OS level of 30 or more, so the WinXP system is currently the PDC for the network. If so, then since it's a singlehomed system the problem does not lie with multihoming.

Just checked the registry, and it seems that WinXP Home Edition does not by default take part in the PDC election. So yeah, the Linux system is the PDC and you're right: it's a multihoming problem. MaintainServerList is set to 'Auto', and IsDomainMaster is set to 'FALSE'. Changing the latter to 'TRUE' should do it, right? The MSKB article apparently doesn't apply to WinXP, so I'm just going to tweak the Registry until it works...
But the Linux machine can be a browser and mantain a browse list ... and that browse list would be for only the internal network.

WinXP home isn't good on the network ... it may or may not work to have the WinXP maintain a browse list as well.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2018 Invision Power Services, Inc.