# Samba Master Browser Problem

## sorrodos

I have two (2) Linux machines running on a network inside my house. They are both using Samba 3.0.2a. One is running Mandrake 10 and I have set it up to be the local and domain master browser for the network. The other machine is running Gentoo. There are a few other machines on the network that run WinXP. All machines belong to the same workgroup.

My problem is that the the Gentoo machine never appears in Network Neighborhood for the Windows machines, and never appears in the specifed workgroup in LinNeighborhood or smb4k. In fact, the Gentoo machine never appears on its own, regardless of how the network is searched. I can configure smb4k to scan the entire network for machines, or tell it to simply query the master browser for a list of machines on the network. Smb4k does see the Mandrake machine to be the workgroup master and I have checked nmbd logs to verify that it is acting as the master browser. So, the Gentoo machine does not appear on its own, but I search for the it by netbios name in smb4k, it then appears with the correct workgroup name in brackets. I can then add it to the workgroup list, but it only remains there so long as smb4k continues to run.

This isn't a big problem, as I can still type \\sauron into Explorer on the Windows machines and view the shares and can search for it in smb4k, but I would like to get it working correctly in case I would ever need to know how to do this for some other network I may work on in the future.

Thanks!

----------

## sak102010

Can you post your smb.conf for both of the machines for us to look at?

My first guess would be to look at whether you have some kind of election conflict going on.  The parameters you really want to look at are...

```

os level = 65

```

This determines what chances your particular samba server will win an election.  The higher the number, the more likely the samba server will act as the master browser for the network.

```

preferred master = yes

domain master = yes

```

These are also good for the master browser, but should be set differently for a domain member, i.e. your other linux box on the network.

----------

## sorrodos

I am pretty sure I have the election settings configured correctly.  On the Mandrake machine I want to be acting as master browser, I have the os level set to 50, as well as domain master and preferred master set to yes.  I also have it configured with a yes for local master.  

On the Gentoo machine, I have domain and local master set to no, and the os level set to 33.  Preferred master is also set to no.

The workgroup computers shown in Network Neighborhood as well as LinNeighborhood/smb4k include the master browser and the windows machines.  I just can't figure out why my Gentoo box won't appear.

Here is the smb.conf of the Mandrake box, the master browser.

#======================= Global Settings =====================================

[global]

# 1. Server Naming Options:

# workgroup = NT-Domain-Name or Workgroup-Name

  workgroup = MIDDLEEARTH

# netbios name is the name you will see in "Network Neighbourhood",

# but defaults to your hostname

  netbios name = PIPPIN

# server string is the equivalent of the NT Description field

   server string = HP Mandrake Box

# Message command is run by samba when a "popup" message is sent to it.

# The example below is for use with LinPopUp:

   message command = /usr/bin/linpopup "%f" "%m" %s; rm %s

# 2. Printing Options:

# CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK

# (as cups is now used in linux-mandrake 7.2 by default)

# if you want to automatically load your printer list rather

# than setting them up individually then you'll need this

   printcap name = cups

   load printers = yes

# It should not be necessary to spell out the print system type unless

# yours is non-standard. Currently supported print systems include:

# bsd, sysv, plp, lprng, aix, hpux, qnx, cups

   printing = cups

# Samba 2.2 supports the Windows NT-style point-and-print feature. To

# use this, you need to be able to upload print drivers to the samba

# server. The printer admins (or root) may install drivers onto samba.

# Note that this feature uses the print$ share, so you will need to 

# enable it below.

# printer admin = @<group> <user>

   printer admin = @adm

# This should work well for winbind:

;   printer admin = @"Domain Admins"

# 3. Logging Options:

# this tells Samba to use a separate log file for each machine

# that connects

   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).

   max log size = 50

# Set the log (verbosity) level (0 <= log level <= 10)

; log level = 3

# 4. Security and Domain Membership Options:

# This option is important for security. It allows you to restrict

# connections to machines which are on your local network. The

# following example restricts access to two C class networks and

# the "loopback" interface. For more examples of the syntax see

# the smb.conf man page. Do not enable this if (tcp/ip) name resolution does

# not work for all the hosts in your network.

;   hosts allow = 192.168.1. 192.168.2. 127.

# Uncomment this if you want a guest account, you must add this to /etc/passwd

# otherwise the user "nobody" is used

  guest account = pcguest

# Allow users to map to guest:

  map to guest = bad password

# Security mode. Most people will want user level security. See

# security_level.txt for details.

   security = user

# Use password server option only with security = server or security = domain

# When using security = domain, you should use password server = *

;   password server = <NT-Server-Name>

;   password server = *

# Password Level allows matching of _n_ characters of the password for

# all combinations of upper and lower case.

;  password level = 8

;  username level = 8

# You may wish to use password encryption. Please read

# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.

# Do not enable this option unless you have read those documents

# Encrypted passwords are required for any use of samba in a Windows NT domain

# The smbpasswd file is only required by a server doing authentication, thus

# members of a domain do not need one.

  encrypt passwords = yes

  smb passwd file = /etc/samba/smbpasswd

# The following are needed to allow password changing from Windows to

# also update the Linux system password.

# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.

# NOTE2: You do NOT need these to allow workstations to change only

#        the encrypted SMB passwords. They allow the Unix password

#        to be kept in sync with the SMB password.

;  unix password sync = Yes

# You either need to setup a passwd program and passwd chat, or

# enable pam password change

;  pam password change = yes

;  passwd program = /usr/bin/passwd %u

;  passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \

;*passwd:*all*authentication*tokens*updated*successfully*

# Unix users can map to different SMB User names

;  username map = /etc/samba/smbusers

# Using the following line enables you to customise your configuration

# on a per machine basis. The %m gets replaced with the netbios name

# of the machine that is connecting

;   include = /etc/samba/smb.conf.%m

# Options for using winbind. Winbind allows you to do all account and

# authentication from a Windows or samba domain controller, creating

# accounts on the fly, and maintaining a mapping of Windows RIDs to unix uid's 

# and gid's. winbind uid and winbind gid are the only required parameters.

#

# winbind uid is the range of uid's winbind can use when mapping RIDs to uid's

;  winbind uid = 10000-20000

#

# winbind gid is the range of uid's winbind can use when mapping RIDs to gid's

;  winbind gid = 10000-20000

#

# winbind separator is the character a user must use between their domain

# name and username, defaults to "\"

;  winbind separator = +

#

# winbind use default domain allows you to have winbind return usernames

# in the form user instead of DOMAIN+user for the domain listed in the

# workgroup parameter.

;  winbind use default domain = yes

#

# template homedir determines the home directory for winbind users, with 

# %D expanding to their domain name and %U expanding to their username:

;  template homedir = /home/%D/%U

# When using winbind, you may want to have samba create home directories

# on the fly for authenticated users. Ensure that /etc/pam.d/samba is

# using 'service=system-auth-winbind' in pam_stack modules, and then

# enable obedience of pam restrictions below:

;  obey pam restrictions = yes

#

# template shell determines the shell users authenticated by winbind get

;  template shell = /bin/bash

# 5. Browser Control and Networking Options:

# Most people will find that this option gives better performance.

# See speed.txt and the manual pages for details

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces

# If you have multiple network interfaces then you must list them

# here. See the man page for details.

;   interfaces = 192.168.12.2/24 192.168.13.2/24 

# Configure remote browse list synchronisation here

#  request announcement to, or browse list sync from:

#       a specific host or from / to a whole subnet (see below)

;   remote browse sync = 192.168.3.25 192.168.5.255

# Cause this host to announce itself to local subnets here

;   remote announce = 192.168.1.255 192.168.2.44

# set local master to no if you don't want Samba to become a master

# browser on your network. Otherwise the normal election rules apply

   local master = yes

# OS Level determines the precedence of this server in master browser

# elections. The default value should be reasonable

   os level = 50

# Domain Master specifies Samba to be the Domain Master Browser. This

# allows Samba to collate browse lists between subnets. Don't use this

# if you already have a Windows NT domain controller doing this job

   domain master = yes 

# Preferred Master causes Samba to force a local browser election on startup

# and gives it a slightly higher chance of winning the election

   preferred master = yes

# 6. Domain Control Options:

# Enable this if you want Samba to be a domain logon server for 

# Windows95 workstations or Primary Domain Controller for WinNT and Win2k

;   domain logons = yes

# if you enable domain logons then you may want a per-machine or

# per user logon script

# run a specific logon batch file per workstation (machine)

;   logon script = %m.bat

# run a specific logon batch file per username

;   logon script = %U.bat

# Where to store roaming profiles for WinNT and Win2k

#        %L substitutes for this servers netbios name, %U is username

#        You must uncomment the [Profiles] share below

;   logon path = \\%L\Profiles\%U

# Where to store roaming profiles for Win9x. Be careful with this as it also

# impacts where Win2k finds it's /HOME share

; logon home = \\%L\%U\.profile

# The add user script is used by a domain member to add local user accounts

# that have been authenticated by the domain controller, or when adding

# users via the Windows NT Tools (ie User Manager for Domains).

# Scripts for file (passwd, smbpasswd) backend:

; add user script = /usr/sbin/useradd -s /bin/false '%u'

; delete user script = /usr/sbin/userdel '%s'

; add user to group script = /usr/bin/gpasswd -a '%u' '%g'

; delete user from group script = /usr/bin/gpasswd -d '%u' '%g'

; set primary group script = /usr/sbin/usermod -g '%g' '%u'

; add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}'

; delete group script = /usr/sbin/groupdel '%g'

# Scripts for LDAP backend (assumes nss_ldap is in use on the domain controller,

# and needs configuration in smbldap_conf.pm

; add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u'

; delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u'

; add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m '%u' '%g'

; delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl -x '%u' '%g'

; set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g '%g' '%u'

; add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' && /usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print $2}'

; delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g'

# The add machine script is use by a samba server configured as a domain

# controller to add local machine accounts when adding machines to the domain.

# The script must work from the command line when replacing the macros,

# or the operation will fail. Check that groups exist if forcing a group.

# Script for domain controller for adding machines:

; add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u

# Script for domain controller with LDAP backend for adding machines (please

# configure in /etc/samba/smbldap_conf.pm first):

; add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false %u

# Domain groups:

# Domain groups are now configured by using the 'net groupmap' tool

# Samba Password Database configuration:

# Samba now has runtime-configurable password database backends. Multiple

# passdb backends may be used, but users will only be added to the first one

# Default:

; passdb backend = smbpasswd guest

# TDB backen with fallback to smbpasswd and guest

; passdb backend = tdbsam smbpasswd guest

# LDAP with fallback to smbpasswd guest

# Enable SSL by using an ldaps url, or enable tls with 'ldap ssl' below.

; passdb backend = ldapsam:ldaps://ldap.mydomain.com smbpasswd guest

# Use the samba2 LDAP schema:

; passdb backend = ldapsam_compat:ldaps://ldap.mydomain.com smbpasswd guest

# Idmap settings:

# Idmap backend to use:

; idmap backend = ldap:ldap://ldap.mydomain.com

# This is a range of unix user-id's that samba will map non-unix RIDs to,

# such as when using Winbind

; idmap uid = 10000-20000

; idmap gid = 10000-20000

# LDAP configuration for Domain Controlling:

# The account (dn) that samba uses to access the LDAP server

# This account needs to have write access to the LDAP tree

# You will need to give samba the password for this dn, by 

# running 'smbpasswd -w mypassword'

; ldap admin dn = cn=root,dc=mydomain,dc=com

; ldap ssl = start_tls

# start_tls should run on 389, but samba defaults incorrectly to 636

; ldap port = 389

; ldap suffix = dc=mydomain,dc=com

# Seperate suffixes are available for machines, users, groups, and idmap, if 

# ldap suffix appears first, it is appended to the specific suffix.

# Example for a unix-ish directory layout:

; ldap machine suffix = ou=Hosts

; ldap user suffix = ou=People

; ldap group suffix = ou=Group

; ldap idmap suffix = ou=Idmap

# Example for AD-ish layout:

; ldap machine suffix = cn=Computers

; ldap user suffix = cn=Users

; ldap group suffix = cn=Groups

; ldap idmap suffix = cn=Idmap

# 7. Name Resolution Options:

# All NetBIOS names must be resolved to IP Addresses

# 'Name Resolve Order' allows the named resolution mechanism to be specified

# the default order is "host lmhosts wins bcast". "host" means use the unix

# system gethostbyname() function call that will use either /etc/hosts OR

# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf

# and the /etc/resolv.conf file. "host" therefore is system configuration

# dependant. This parameter is most often of use to prevent DNS lookups

# in order to resolve NetBIOS names to IP Addresses. Use with care!

# The example below excludes use of name resolution for machines that are NOT

# on the local network segment

# - OR - are not deliberately to be known via lmhosts or via WINS.

; name resolve order = wins lmhosts bcast

# Windows Internet Name Serving Support Section:

# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server

#   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client

#       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both

;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on

# behalf of a non WINS capable client, for this to work there must be

# at least one  WINS Server on the network. The default is NO.

#   wins proxy = no

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names

# via DNS nslookups. The built-in default for versions 1.9.17 is yes,

# this has been changed in version 1.9.18 to no.

   dns proxy = no 

# 8. File Naming Options:

# Case Preservation can be handy - system default is _no_

# NOTE: These can be set on a per share basis

;  preserve case = no

;  short preserve case = no

# Default case is normally upper case for all DOS files

;  default case = lower

# Be very careful with case sensitivity - it can break things!

;  case sensitive = no

# Enabling internationalization:

# you can match a Windows code page with a UNIX character set.

# Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),

# 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian),

# 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul),

# 950 (Trad. Chin.).

# UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),

# ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)

# This is an example for french users:

;   dos charset = 850

;   unix charset = ISO8859-1

#============================ Share Definitions ==============================

[homes]

   comment = Home Directories

   browseable = no

   writable = yes

# You can enable VFS recycle bin on a per share basis:

# Uncomment the next 2 lines (make sure you create a

# .recycle folder in the base of the share and ensure

# all users will have write access to it. See

# examples/VFS/recycle/REAME in samba-doc for details

;   vfs object = /usr/lib/samba/vfs/recycle.so

# Un-comment the following and create the netlogon directory for Domain Logons

; [netlogon]

;   comment = Network Logon Service

;   path = /var/lib/samba/netlogon

;   guest ok = yes

;   writable = no

#Uncomment the following 2 lines if you would like your login scripts to

#be created dynamically by ntlogon (check that you have it in the correct

#location (the default of the ntlogon rpm available in contribs)

;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon

;root postexec = rm -f /var/lib/samba/netlogon/%U.bat

# Un-comment the following to provide a specific roving profile share

# the default is to use the user's home directory

;[Profiles]

;    path = /var/lib/samba/profiles

;    browseable = no

;    guest ok = yes

# This script can be enabled to create profile directories on the fly

# You may want to turn off guest acces if you enable this, as it

# hasn't been thoroughly tested.

;root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \

;                then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi

# NOTE: If you have a CUPS print system there is no need to 

# specifically define each individual printer.

# You must configure the samba printers with the appropriate Windows

# drivers on your Windows clients or upload the printer driver to the

# server from Windows (NT/2000/XP). On the Samba server no filtering is

# done. If you wish that the server provides the driver and the clients

# send PostScript ("Generic PostScript Printer" under Windows), you have

# to use 'printcap name = cups' or swap the 'print command' line below 

# with the commented one. Note that print commands only work if not using 

# 'printing=cups'

[printers]

   comment = All Printers

   path = /var/spool/samba

   browseable = no

# to allow user 'guest account' to print.

   guest ok = yes

   writable = no

   printable = yes

   create mode = 0700

# =====================================

# print command: see above for details.

# =====================================

   print command = lpr-cups -P %p -o raw %s -r   # using client side printer drivers.

;   print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).

# This share is used for Windows NT-style point-and-print support.

# To be able to install drivers, you need to be either root, or listed

# in the printer admin parameter above. Note that you also need write access

# to the directory and share definition to be able to upload the drivers.

# For more information on this, please see the Printing Support Section of

# /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf 

#

# A special case is using the CUPS Windows Postscript driver, which allows

# all features available via CUPS on the client, by publishing the ppd file

# and the cups driver by using the 'cupsaddsmb' tool. This requires the

# installation of the CUPS driver (http://www.cups.org/windows.php) 

# on the server, but doesn't require you to use Windows at all  :Smile: .

[print$]

   path = /var/lib/samba/printers

   browseable = yes

   write list = @adm root

   guest ok = yes

   inherit permissions = yes

   # Settings suitable for Winbind:

   ; write list = @"Domain Admins" root

   ; force group = +@"Domain Admins"

# A useful application of samba is to make a PDF-generation service

# To streamline this, install windows postscript drivers (preferably colour)

# on the samba server, so that clients can automatically install them.

# Note that this only works if 'printing' is *not* set to 'cups'

[pdf-generator]

   path = /var/tmp

   guest ok = No

   printable = Yes

   comment = PDF Generator (only valid users)

   #print command = /usr/share/samba/scripts/print-pdf file path win_path recipient IP &

   print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I "%J" &

# This one is useful for people to share files

;[tmp]

;   comment = Temporary file space

;   path = /tmp

;   read only = no

;   public = yes

# A publicly accessible directory, but read only, except for people in

# the "staff" group

;[public]

;   comment = Public Stuff

;   path = /home/samba/public

;   public = yes

;   writable = no

;   write list = @staff

# Audited directory through experimental VFS audit.so module:

# Uncomment next line.

;   vfs object = /usr/lib/samba/vfs/audit.so

# Other examples. 

#

# A private printer, usable only by Fred. Spool data will be placed in Fred's

# home directory. Note that fred must have write access to the spool directory,

# wherever it is.

;[fredsprn]

;   comment = Fred's Printer

;   valid users = fred

;   path = /homes/fred

;   printer = freds_printer

;   public = no

;   writable = no

;   printable = yes

# A private directory, usable only by Fred. Note that Fred requires write

# access to the directory.

;[fredsdir]

;   comment = Fred's Service

;   path = /usr/somewhere/private

;   valid users = fred

;   public = no

;   writable = yes

;   printable = no

# a service which has a different directory for each machine that connects

# this allows you to tailor configurations to incoming machines. You could

# also use the %u option to tailor it by user name.

# The %m gets replaced with the machine name that is connecting.

;[pchome]

;  comment = PC Directories

;  path = /usr/pc/%m

;  public = no

;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files

# created in the directory by users will be owned by the default user, so

# any user with access can delete any other user's files. Obviously this

# directory must be writable by the default user. Another user could of course

# be specified, in which case all files would be owned by that user instead.

;[public]

;   path = /usr/somewhere/else/public

;   public = yes

;   only guest = yes

;   writable = yes

;   printable = no

# The following two entries demonstrate how to share a directory so that two

# users can place files there that will be owned by the specific users. In this

# setup, the directory should be writable by both users and should have the

# sticky bit set on it to prevent abuse. Obviously this could be extended to

# as many users as required.

;[myshare]

;   comment = Mary's and Fred's stuff

;   path = /usr/somewhere/shared

;   valid users = mary fred

;   public = no

;   writable = yes

;   printable = no

;   create mask = 0765

[pangborn]

	writeable = yes

	read only = no

	only user = yes

	write list = forrest,@pangborn

	path = /opt/pangborn_share

	comment = Pangborn family share

	user = forrest,@pangborn

====================================

----------

## sorrodos

And here is the smb.conf for the Gentoo machine

#======================= Global Settings =====================================

[global]

# 1. Server Naming Options:

# workgroup = NT-Domain-Name or Workgroup-Name

   workgroup = MIDDLEEARTH

# netbios name is the name you will see in "Network Neighbourhood",

# but defaults to your hostname

  netbios name = SAURON

# server string is the equivalent of the NT Description field

   server string = Forrest's Gentoo Box

# Message command is run by samba when a "popup" message is sent to it.

# The example below is for use with LinPopUp:

   message command = /usr/bin/linpopup "%f" "%m" %s; rm %s

# 2. Printing Options:

# CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK

# (as cups is now used in linux-mandrake 7.2 by default)

# if you want to automatically load your printer list rather

# than setting them up individually then you'll need this

#   printcap name = cups

#   load printers = yes

# It should not be necessary to spell out the print system type unless

# yours is non-standard. Currently supported print systems include:

# bsd, sysv, plp, lprng, aix, hpux, qnx, cups

#   printing = cups

# Samba 2.2 supports the Windows NT-style point-and-print feature. To

# use this, you need to be able to upload print drivers to the samba

# server. The printer admins (or root) may install drivers onto samba.

# Note that this feature uses the print$ share, so you will need to 

# enable it below.

# printer admin = @<group> <user>

#   printer admin = @adm

# This should work well for winbind:

;   printer admin = @"Domain Admins"

# 3. Logging Options:

# this tells Samba to use a separate log file for each machine

# that connects

   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).

   max log size = 50

# Set the log (verbosity) level (0 <= log level <= 10)

; log level = 3

# 4. Security and Domain Membership Options:

# This option is important for security. It allows you to restrict

# connections to machines which are on your local network. The

# following example restricts access to two C class networks and

# the "loopback" interface. For more examples of the syntax see

# the smb.conf man page. Do not enable this if (tcp/ip) name resolution does

# not work for all the hosts in your network.

;   hosts allow = 192.168.1. 192.168.2. 127.

# Uncomment this if you want a guest account, you must add this to /etc/passwd

# otherwise the user "nobody" is used

;  guest account = pcguest

# Allow users to map to guest:

  map to guest = bad password

# Security mode. Most people will want user level security. See

# security_level.txt for details.

   security = user

# Use password server option only with security = server or security = domain

# When using security = domain, you should use password server = *

;   password server = <NT-Server-Name>

;   password server = *

# Password Level allows matching of _n_ characters of the password for

# all combinations of upper and lower case.

;  password level = 8

;  username level = 8

# You may wish to use password encryption. Please read

# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.

# Do not enable this option unless you have read those documents

# Encrypted passwords are required for any use of samba in a Windows NT domain

# The smbpasswd file is only required by a server doing authentication, thus

# members of a domain do not need one.

  encrypt passwords = yes

  smb passwd file = /etc/samba/private/smbpasswd

# The following are needed to allow password changing from Windows to

# also update the Linux system password.

# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.

# NOTE2: You do NOT need these to allow workstations to change only

#        the encrypted SMB passwords. They allow the Unix password

#        to be kept in sync with the SMB password.

;  unix password sync = Yes

# You either need to setup a passwd program and passwd chat, or

# enable pam password change

;  pam password change = yes

;  passwd program = /usr/bin/passwd %u

;  passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \

;*passwd:*all*authentication*tokens*updated*successfully*

# Unix users can map to different SMB User names

;  username map = /etc/samba/smbusers

# Using the following line enables you to customise your configuration

# on a per machine basis. The %m gets replaced with the netbios name

# of the machine that is connecting

;   include = /etc/samba/smb.conf.%m

# Options for using winbind. Winbind allows you to do all account and

# authentication from a Windows or samba domain controller, creating

# accounts on the fly, and maintaining a mapping of Windows RIDs to unix uid's 

# and gid's. winbind uid and winbind gid are the only required parameters.

#

# winbind uid is the range of uid's winbind can use when mapping RIDs to uid's

;  winbind uid = 10000-20000

#

# winbind gid is the range of uid's winbind can use when mapping RIDs to gid's

;  winbind gid = 10000-20000

#

# winbind separator is the character a user must use between their domain

# name and username, defaults to "\"

;  winbind separator = +

#

# winbind use default domain allows you to have winbind return usernames

# in the form user instead of DOMAIN+user for the domain listed in the

# workgroup parameter.

;  winbind use default domain = yes

#

# template homedir determines the home directory for winbind users, with 

# %D expanding to their domain name and %U expanding to their username:

;  template homedir = /home/%D/%U

# When using winbind, you may want to have samba create home directories

# on the fly for authenticated users. Ensure that /etc/pam.d/samba is

# using 'service=system-auth-winbind' in pam_stack modules, and then

# enable obedience of pam restrictions below:

;  obey pam restrictions = yes

#

# template shell determines the shell users authenticated by winbind get

;  template shell = /bin/bash

# 5. Browser Control and Networking Options:

# Most people will find that this option gives better performance.

# See speed.txt and the manual pages for details

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces

# If you have multiple network interfaces then you must list them

# here. See the man page for details.

;   interfaces = 192.168.12.2/24 192.168.13.2/24 

# Configure remote browse list synchronisation here

#  request announcement to, or browse list sync from:

#       a specific host or from / to a whole subnet (see below)

;   remote browse sync = 192.168.0.5

# Cause this host to announce itself to local subnets here

;   remote announce = 192.168.1.255 192.168.2.44

# set local master to no if you don't want Samba to become a master

# browser on your network. Otherwise the normal election rules apply

   local master = no

# OS Level determines the precedence of this server in master browser

# elections. The default value should be reasonable

   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This

# allows Samba to collate browse lists between subnets. Don't use this

# if you already have a Windows NT domain controller doing this job

   domain master = no

# Preferred Master causes Samba to force a local browser election on startup

# and gives it a slightly higher chance of winning the election

   preferred master = no

# 6. Domain Control Options:

# Enable this if you want Samba to be a domain logon server for 

# Windows95 workstations or Primary Domain Controller for WinNT and Win2k

;   domain logons = yes

# if you enable domain logons then you may want a per-machine or

# per user logon script

# run a specific logon batch file per workstation (machine)

;   logon script = %m.bat

# run a specific logon batch file per username

;   logon script = %U.bat

# Where to store roaming profiles for WinNT and Win2k

#        %L substitutes for this servers netbios name, %U is username

#        You must uncomment the [Profiles] share below

;   logon path = \\%L\Profiles\%U

# Where to store roaming profiles for Win9x. Be careful with this as it also

# impacts where Win2k finds it's /HOME share

; logon home = \\%L\%U\.profile

# The add user script is used by a domain member to add local user accounts

# that have been authenticated by the domain controller, or when adding

# users via the Windows NT Tools (ie User Manager for Domains).

# Scripts for file (passwd, smbpasswd) backend:

; add user script = /usr/sbin/useradd -s /bin/false '%u'

; delete user script = /usr/sbin/userdel '%s'

; add user to group script = /usr/bin/gpasswd -a '%u' '%g'

; delete user from group script = /usr/bin/gpasswd -d '%u' '%g'

; set primary group script = /usr/sbin/usermod -g '%g' '%u'

; add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}'

; delete group script = /usr/sbin/groupdel '%g'

# Scripts for LDAP backend (assumes nss_ldap is in use on the domain controller,

# and needs configuration in smbldap_conf.pm

; add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u'

; delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u'

; add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m '%u' '%g'

; delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl -x '%u' '%g'

; set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g '%g' '%u'

; add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' && /usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print $2}'

; delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g'

# The add machine script is use by a samba server configured as a domain

# controller to add local machine accounts when adding machines to the domain.

# The script must work from the command line when replacing the macros,

# or the operation will fail. Check that groups exist if forcing a group.

# Script for domain controller for adding machines:

; add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u

# Script for domain controller with LDAP backend for adding machines (please

# configure in /etc/samba/smbldap_conf.pm first):

; add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false %u

# Domain groups:

# Domain groups are now configured by using the 'net groupmap' tool

# Samba Password Database configuration:

# Samba now has runtime-configurable password database backends. Multiple

# passdb backends may be used, but users will only be added to the first one

# Default:

; passdb backend = smbpasswd guest

# TDB backen with fallback to smbpasswd and guest

; passdb backend = tdbsam smbpasswd guest

# LDAP with fallback to smbpasswd guest

# Enable SSL by using an ldaps url, or enable tls with 'ldap ssl' below.

; passdb backend = ldapsam:ldaps://ldap.mydomain.com smbpasswd guest

# Use the samba2 LDAP schema:

; passdb backend = ldapsam_compat:ldaps://ldap.mydomain.com smbpasswd guest

# Idmap settings:

# Idmap backend to use:

; idmap backend = ldap:ldap://ldap.mydomain.com

# This is a range of unix user-id's that samba will map non-unix RIDs to,

# such as when using Winbind

; idmap uid = 10000-20000

; idmap gid = 10000-20000

# LDAP configuration for Domain Controlling:

# The account (dn) that samba uses to access the LDAP server

# This account needs to have write access to the LDAP tree

# You will need to give samba the password for this dn, by 

# running 'smbpasswd -w mypassword'

; ldap admin dn = cn=root,dc=mydomain,dc=com

; ldap ssl = start_tls

# start_tls should run on 389, but samba defaults incorrectly to 636

; ldap port = 389

; ldap suffix = dc=mydomain,dc=com

# Seperate suffixes are available for machines, users, groups, and idmap, if 

# ldap suffix appears first, it is appended to the specific suffix.

# Example for a unix-ish directory layout:

; ldap machine suffix = ou=Hosts

; ldap user suffix = ou=People

; ldap group suffix = ou=Group

; ldap idmap suffix = ou=Idmap

# Example for AD-ish layout:

; ldap machine suffix = cn=Computers

; ldap user suffix = cn=Users

; ldap group suffix = cn=Groups

; ldap idmap suffix = cn=Idmap

# 7. Name Resolution Options:

# All NetBIOS names must be resolved to IP Addresses

# 'Name Resolve Order' allows the named resolution mechanism to be specified

# the default order is "host lmhosts wins bcast". "host" means use the unix

# system gethostbyname() function call that will use either /etc/hosts OR

# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf

# and the /etc/resolv.conf file. "host" therefore is system configuration

# dependant. This parameter is most often of use to prevent DNS lookups

# in order to resolve NetBIOS names to IP Addresses. Use with care!

# The example below excludes use of name resolution for machines that are NOT

# on the local network segment

# - OR - are not deliberately to be known via lmhosts or via WINS.

; name resolve order = wins lmhosts bcast

# Windows Internet Name Serving Support Section:

# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server

;   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client

#       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both

;   wins server = 192.168.0.5

# WINS Proxy - Tells Samba to answer name resolution queries on

# behalf of a non WINS capable client, for this to work there must be

# at least one  WINS Server on the network. The default is NO.

;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names

# via DNS nslookups. The built-in default for versions 1.9.17 is yes,

# this has been changed in version 1.9.18 to no.

   dns proxy = no 

# 8. File Naming Options:

# Case Preservation can be handy - system default is _no_

# NOTE: These can be set on a per share basis

;  preserve case = no

;  short preserve case = no

# Default case is normally upper case for all DOS files

;  default case = lower

# Be very careful with case sensitivity - it can break things!

;  case sensitive = no

# Enabling internationalization:

# you can match a Windows code page with a UNIX character set.

# Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),

# 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian),

# 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul),

# 950 (Trad. Chin.).

# UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),

# ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)

# This is an example for french users:

;   dos charset = 850

;   unix charset = ISO8859-1

#============================ Share Definitions ==============================

[homes]

   comment = Home Directories

   browseable = no

   writable = yes

# You can enable VFS recycle bin on a per share basis:

# Uncomment the next 2 lines (make sure you create a

# .recycle folder in the base of the share and ensure

# all users will have write access to it. See

# examples/VFS/recycle/REAME in samba-doc for details

;   vfs object = /usr/lib/samba/vfs/recycle.so

# Un-comment the following and create the netlogon directory for Domain Logons

; [netlogon]

;   comment = Network Logon Service

;   path = /var/lib/samba/netlogon

;   guest ok = yes

;   writable = no

#Uncomment the following 2 lines if you would like your login scripts to

#be created dynamically by ntlogon (check that you have it in the correct

#location (the default of the ntlogon rpm available in contribs)

;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon

;root postexec = rm -f /var/lib/samba/netlogon/%U.bat

# Un-comment the following to provide a specific roving profile share

# the default is to use the user's home directory

;[Profiles]

;    path = /var/lib/samba/profiles

;    browseable = no

;    guest ok = yes

# This script can be enabled to create profile directories on the fly

# You may want to turn off guest acces if you enable this, as it

# hasn't been thoroughly tested.

;root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \

;                then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi

# NOTE: If you have a CUPS print system there is no need to 

# specifically define each individual printer.

# You must configure the samba printers with the appropriate Windows

# drivers on your Windows clients or upload the printer driver to the

# server from Windows (NT/2000/XP). On the Samba server no filtering is

# done. If you wish that the server provides the driver and the clients

# send PostScript ("Generic PostScript Printer" under Windows), you have

# to use 'printcap name = cups' or swap the 'print command' line below 

# with the commented one. Note that print commands only work if not using 

# 'printing=cups'

[printers]

   comment = All Printers

   path = /var/spool/samba

   browseable = no

# to allow user 'guest account' to print.

   guest ok = yes

   writable = no

   printable = yes

   create mode = 0700

# =====================================

# print command: see above for details.

# =====================================

   print command = lpr-cups -P %p -o raw %s -r   # using client side printer drivers.

;   print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).

# This share is used for Windows NT-style point-and-print support.

# To be able to install drivers, you need to be either root, or listed

# in the printer admin parameter above. Note that you also need write access

# to the directory and share definition to be able to upload the drivers.

# For more information on this, please see the Printing Support Section of

# /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf 

#

# A special case is using the CUPS Windows Postscript driver, which allows

# all features available via CUPS on the client, by publishing the ppd file

# and the cups driver by using the 'cupsaddsmb' tool. This requires the

# installation of the CUPS driver (http://www.cups.org/windows.php) 

# on the server, but doesn't require you to use Windows at all  :Smile: .

[print$]

   path = /var/lib/samba/printers

   browseable = yes

   write list = @adm root

   guest ok = yes

   inherit permissions = yes

   # Settings suitable for Winbind:

   ; write list = @"Domain Admins" root

   ; force group = +@"Domain Admins"

# A useful application of samba is to make a PDF-generation service

# To streamline this, install windows postscript drivers (preferably colour)

# on the samba server, so that clients can automatically install them.

# Note that this only works if 'printing' is *not* set to 'cups'

[pdf-generator]

   path = /var/tmp

   guest ok = No

   printable = Yes

   comment = PDF Generator (only valid users)

   #print command = /usr/share/samba/scripts/print-pdf file path win_path recipient IP &

   print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I "%J" &

# This one is useful for people to share files

;[tmp]

;   comment = Temporary file space

;   path = /tmp

;   read only = no

;   public = yes

# A publicly accessible directory, but read only, except for people in

# the "staff" group

;[public]

;   comment = Public Stuff

;   path = /home/samba/public

;   public = yes

;   writable = no

;   write list = @staff

# Audited directory through experimental VFS audit.so module:

# Uncomment next line.

;   vfs object = /usr/lib/samba/vfs/audit.so

# Other examples. 

#

# A private printer, usable only by Fred. Spool data will be placed in Fred's

# home directory. Note that fred must have write access to the spool directory,

# wherever it is.

;[fredsprn]

;   comment = Fred's Printer

;   valid users = fred

;   path = /homes/fred

;   printer = freds_printer

;   public = no

;   writable = no

;   printable = yes

# A private directory, usable only by Fred. Note that Fred requires write

# access to the directory.

;[fredsdir]

;   comment = Fred's Service

;   path = /usr/somewhere/private

;   valid users = fred

;   public = no

;   writable = yes

;   printable = no

# a service which has a different directory for each machine that connects

# this allows you to tailor configurations to incoming machines. You could

# also use the %u option to tailor it by user name.

# The %m gets replaced with the machine name that is connecting.

;[pchome]

;  comment = PC Directories

;  path = /usr/pc/%m

;  public = no

;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files

# created in the directory by users will be owned by the default user, so

# any user with access can delete any other user's files. Obviously this

# directory must be writable by the default user. Another user could of course

# be specified, in which case all files would be owned by that user instead.

;[public]

;   path = /usr/somewhere/else/public

;   public = yes

;   only guest = yes

;   writable = yes

;   printable = no

# The following two entries demonstrate how to share a directory so that two

# users can place files there that will be owned by the specific users. In this

# setup, the directory should be writable by both users and should have the

# sticky bit set on it to prevent abuse. Obviously this could be extended to

# as many users as required.

;[myshare]

;   comment = Mary's and Fred's stuff

;   path = /usr/somewhere/shared

;   valid users = mary fred

;   public = no

;   writable = yes

;   printable = no

;   create mask = 0765

[ElfProject]

    path = /home/forrest/Documents/Pictures/The Elf Project

    comment = Remote access and other misc. files

    only user = yes

    user = forrest

    public = no

    writeable = yes

    printable = no

    write list = forrest

[Music]

    path = /mnt/win_d/mp3

    comment = Forrest's mp3 collection

    only user = yes

    user = forrest sawyer landon lauren chad

    public = no

    writeable = yes

    write list = forrest

----------

## sak102010

You're right, the elections stuff looks like it should be working fine.

What have you tried in the way of name resolution?  Have you tried enabling wins on pippin, and then pointing sauron to pippin as its wins server?  You'd probably want to try and set pippin as the wins server on one of the windows workstations to see what happens there too.

Also, what result do you get if you put sauron in the hosts file on one of the windows boxes?  Can you browse to it then?

----------

## nobspangle

Having a wins server is always a good idea where smb is being used as it cuts down on broadcasts and makes browsing windows networks much quicker.

Just add

```
wins support = yes
```

to the master browser and 

```
wins server = address.of.master.browser
```

 to the gentoo box. If your windows clients get there address from dhcp add 

```
option netbios-name-servers address.of.master.browser
```

in the dhcp scope.

----------

## sorrodos

Okay, I'm glad I got the election stuff set up right... I figured I did because I checked the log.nmbd for pippin and didn't see any problems election-wise there.

I did try enabling wins once before, and I don't think it worked... but it was when I was pretty frustrated with all this and trying numerous things, so maybe I missed it.  I'll try it again.

If I make pippin the wins server, do the master browser settings need to change at all?  I wouldn't think so, but just want to make sure.

What is this hosts file for the Windows machines and where is located?  I've never heard of it before.  I know that somehow the Windows machines are resolving the name sauron somehow, because I can view sauron's shares by entering \\sauron in Explorer.  For pippin, I do have sauron in the /etc/hosts file since I'm not running a dns server on the LAN, but I have no idea how the Windows machines are resolving the name.

Also, nobspangle, the windows machines do get their IPs from a wireless access point/router that runs dhcp, but the dhcp server has been configured to give them the same addresses each time.  Where would I put that netbios-name-servers option?

----------

## nobspangle

windows machines use broadcasts to resolve names in the absence of a wins server or entries in the hosts file, it's crap and works only most of the time.

the hosts file on a winNT/2k/xp machine is in 

%windir%\system32\drivers\etc

there is also a file called lmhosts which is for netbios names.

----------

## sak102010

 *sorrodos wrote:*   

> 
> 
> If I make pippin the wins server, do the master browser settings need to change at all?  I wouldn't think so, but just want to make sure.
> 
> 

 

You can leave your master browser settings just the way they are for trying out wins.  

 *sorrodos wrote:*   

> 
> 
> What is this hosts file for the Windows machines and where is located?  I've never heard of it before.  I know that somehow the Windows machines are resolving the name sauron somehow, because I can view sauron's shares by entering \\sauron in Explorer.  For pippin, I do have sauron in the /etc/hosts file since I'm not running a dns server on the LAN, but I have no idea how the Windows machines are resolving the name.

 

The hosts file is an old fallback.  It's been around since before there were DNS servers.  People used to just update their hosts file when a new machine was added to the network.  Nobspangle's location is right.  You can also just do a "find file" on your Windows box and it'll reveal itself for you.  Essentially, it's the same thing as your /etc/hosts file on your linux box.  Just different linebreaks.

My guess is that once you put your linux boxen into the hosts files on your WinXP machines, they'll show up in Windows explorer just fine.  The wins attempt should do the same thing, but is more of a longshot.

 *sorrodos wrote:*   

> 
> 
> Also, nobspangle, the windows machines do get their IPs from a wireless access point/router that runs dhcp, but the dhcp server has been configured to give them the same addresses each time.  Where would I put that netbios-name-servers option?

 

That's a tough one if it's a shelf bought router.  Otherwise, in your typical dhcpd server it'd go in your dhcpd.conf file.  If you can get shell access into your router, maybe you can edit it by hand.

----------

## sorrodos

I figured the hosts file on Windows machines would do the same thing as /etc/hosts, just didn't know where it was.  I think its kinda funny how its in a directory named etc like on Unix/Linux/BSD boxes  :Smile: 

Anyhow, I changed pippin to run wins, pointed the smb.conf on sauron to use pippin as wins (I entered the IP address of pippin in win server = ) and I'm still not getting anything.  When I run smb4k on either pippin or sauron, I only see pippin and the currently running Windows machines in the browse list for the workgroup.  

So even if I add sauron to the hosts file of the Windows machines, and then sauron appears in Network Neighborhood I haven't fixed my problem completely because it doesn't appear in the workgroup lists for the Linux machines...I do have sauron in the /etc/hosts file on both such machines.  I wonder if there is a bug in the nmbd component of the rpm/version of Samba I'm running on the Mandrake box, or even if there is one in the Gentoo 3.0.2a ebuild.  

I think I will try making the Gentoo box a wins server and the Mandrake box a wins client for awhile to see if things work then.  I'll post back when I get a chance to do that.

----------

## nobspangle

You could also try adding the IP addresses to the /etc/samba/lmhosts file

----------

