Post #53,288
9/25/02 8:30:16 PM
|
Just use the client utilities
nmblookup (manual WINS queries) and smbclient do not require that you run the Samba daemons. And (AFAIK) they also don't need the Samba configuration file.
|
Post #53,305
9/26/02 9:10:21 AM
9/26/02 9:27:11 AM
|
How do I use it without running the SAMBA daemons?
Looking through the MAN page for smbclient, it only talks about using it as a standalone app. How do I tell my system to use this if a DNS lookup fails?
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
Edited by drewk
Sept. 26, 2002, 09:27:11 AM EDT
|
Post #53,334
9/26/02 11:36:02 AM
|
Short and quick answer... AND the other one....
Short answer No. You do have to run'em.
No, it is not something that currently helps with your situation. I believe that yours and Scott's are one in the same issue. Run samba, have it report to YOUR wins server on-site... it should be fine and dandy from there on.
I have worked it out, and played around with "NoExchange" >:^} on WindozeOhOh Server... Enabled Spamming rules and "reverse lookup" and actually IF your machine *IS* registered with the "WINS" service on your network... it should be able to connect and sendmail too... ;)
Now, I used a combo of W2K being an AD and SAMBA providing WINS (as I didna have anothe Spare machine) with the W2K being aware of the WINS (as it reported to it also... ;) it then was able to veriify the client and things progressed... Yes, I know, but SAMBA does more than just "SHARE" it also does all the "Browsing Election and Polling and other dirty stuff" M$ networking STILL relies on. So the long answer is NO, you can't get by WITHOUT the SMBD and NMBD running, it makes it part of the "GANG"...
W2KS-SP3, RedHat7.3 pathced to 09052002, Stock Samba, Exchange 200? can't remember they all look the same to me, Laptop running Evolution and sendmail on RH72.
greg - Grand-Master Artist in IT,
curley95@attbi.com -- [link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!!!]
Your friendly Homeland Security Officer reminds:
Hold Thumbprint to Screen for 5 seconds, we'll take the imprint, or
Just continue to type on your keyboard, and we'll just sample your DNA.
|
Post #53,344
9/26/02 12:14:25 PM
9/26/02 12:18:39 PM
|
Makes sense __________________ but wait!
That you'd have to have a daemon running to always capture the requests. So I need to set up Samba, have that look for the WINS server, and then all my requests get routed through the local Samba server for name resolution?
[Edit]
According to [link|http://linux.corel.com/support/html/9318.htm|this page] this should work with the smbclient. Hmm, more reading to do.
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
Edited by drewk
Sept. 26, 2002, 12:18:39 PM EDT
|
Post #53,355
9/26/02 1:04:04 PM
|
Makes sense also...
I forgot about the smbclient configuration...
But, it still does not give you the browser participation stuff you'd need if you have a WINS server on-site...
you'd have to include the HOSTNAME and WORKGROUP on every command line ... or get it proper in smb.conf
[link|http://us1.samba.org/samba/docs/man/smbclient.1.html|Here is MAN for smbclient] dunna look like I'd like it... but it should work... Only problem if the Server tries to verify you hostname to "make sure" then you are screwed... Back to SAMBA daemons then...
Just as a sidenote, I have tried various configs, as you well know... best thing I know of is to define a mount point on your Linux box in /etc/fstab ... make it user mountable and NOT mounted at boot... That way you can mount it anytime you want... as a user... I've always run SMBD and NMBD... just to spite some people... ;)
Dunno... yer call.. obviously...
greg - Grand-Master Artist in IT,
curley95@attbi.com -- [link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!!!]
Your friendly Homeland Security Officer reminds:
Hold Thumbprint to Screen for 5 seconds, we'll take the imprint, or
Just continue to type on your keyboard, and we'll just sample your DNA.
|
Post #53,359
9/26/02 1:26:11 PM
|
Not what I'm trying to do
best thing I know of is to define a mount point on your Linux box in /etc/fstab ... make it user mountable and NOT mounted at boot... I'm using [link|http://www.hubbe.net/~hubbe/x2vnc.html|x2vnc] to run my Windows box (and it's monitor) with the keyboard and mouse attached to my Linux box.[0] Problem is, to connect to the Windows box I need to tell x2vnc what to connect to. For boxes with static IP I can put in the box name (eg: x2vnc bob-win2k:0) and DNS resolves it. Since I'm using DHCP I need to either put in the IP address or figure out how to use the WINS server to resolve the name. It's not a huge problem, but every time my DHCP lease renews I'll have pull the keyboard out from behind the monitor[1] to look up the new IP to reconnect. [0] If you haven't used x2vnc it lets you set up a multi-headed system and drive it from one keyboard and mouse. A coworker has a system at home with a Linux box driving a Mac and a Windows box. Three displays, and you can copy and paste among them all. Schweet. [1] Win2K still needs a keyboard and mouse connected or it won't boot properly. Well, it'll boot without the mouse but then it doesn't enable the service, so x2vnc won't work with it. So the mouse and keyboard are on the desk behind the monitor. ===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #53,489
9/27/02 10:03:20 AM
|
Re: Not what I'm trying to do (argh!)
Drew, you're trying to live on a Windows network - why not install the daemons, be a citizen, and be done with it? It's not like an admission of defeat.
-drl
|
Post #53,492
9/27/02 10:11:14 AM
|
I'm not a sysadmin
And I don't want to play one on TV. I know just enough about sysadmin-ing to know that I don't know how to do it right. I don't want to enable any network services I don't absolutely need, because I don't have the experience to do it securely, nor the time to learn how.
If I put something on the network that is listening for SAMBA connections, I'll have to secure it. If there is a way to get what I need only using client tools -- ie: apps that don't provide any network services -- I'd rather do that.
Sure, I could get a copy of Securing Linux and stop doing the work I'm paid for for a week or so. But since the network guy seems to finally be getting around to finding me a static IP, the whole issue is about to become moot.
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #53,501
9/27/02 10:47:28 AM
|
But but but
..you can set up the daemons to do nothing but advertise your WS as a NetBIOS machine - no shares or printers. The swat inetd service lets you configure it with the browser.
If it will help, I'll make up a smb.conf file that will do nothing but make your WS show up in browse lists etc. You'll make no waves at all and incur no risks.
-drl
|
Post #53,504
9/27/02 11:07:14 AM
|
Investigate smbclient
It's a simple ftp-type application that involves no config and no daemons.
Just choose your target, authenticate, and away you go.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #53,534
9/27/02 12:32:47 PM
|
Tried it
I can get smbclient to see my Win2K box just fine. Problem is I need everything else to see the Win2K box. For instance, right now I can't ping the W2K box from the Linux box. smbclient can poll the WINS server to get an IP, but how do I tell my system, "If you don't get an IP from DNS, try WINS through the smbclient"?
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #53,539
9/27/02 12:49:06 PM
|
Re: Tried it
Continuing from the "Suggestions" forum...
You say you don't want to create a security risk, and then put in a fixed IP address. This has to be at least as great a security risk as running smbd and nmbd, no? Security risks happen when exceptions are allowed.
Every NT workstation has two indispensible services "Server" and "Workstation". Guess what these correspond to in the Samba world :) ? The services need to be there to answer NetBIOS name queries (among other things), which can happen any time. You could try just running the nmbd service alone - you can't browse from Linux then but other Windows and Samba boxes will see you.
-drl
|
Post #53,561
9/27/02 2:17:56 PM
|
They don't need to see me
You could try just running the nmbd service alone - you can't browse from Linux then but other Windows and Samba boxes will see you. Nothing else needs to be able to see this box. The corporate standard is Win2K. The only exceptions are: the web server (Linux/Apache), one of the db servers (Linux/MySQL), and four of the five programmers (Linux desktops). Each of us has our own mix of development apps we use, some Linux and some Windows, but all need to have the Win2K boxes so we can run Outlook. So we're all using x2vnc to control our Win2K box from the Linux box. All these systems are inside the firewall, on internal IP ranges. There is no particular reason any other machine needs to be able to see any of our dev boxes. Given all that, how is assigning a static IP to my Linux box as much of a security issue as setting up SAMBA on it? That's not facetious. I already admitted I'm not a sysadmin, so it's entirely possible there's a problem I don't know about. I was just trying to avoid something (running unneccesary network services) that I knew was a problem. PS: The static IP isn't really an exception. All the servers and most of the IT department desktops are already static IPs. The only reason mine isn't is that I set up the Win2K system on a day the network guy was out. I set up DHCP and it worked, so I never knew to ask for a static IP. ===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #53,575
9/27/02 2:47:17 PM
|
Re: They don't need to see me
Well, neither should be a security problem, but as a general rule, security problems are like rust, they show up at the exposed edges. Exceptions eventually produce side effects.
But from what I could tell, you wanted your Linux box to be registered with WINS, I assume so you can resolve its IP by name from the Windows world. That means the Windows network has to "see" you over NetBIOS by registering you in WINS. So just run nmbd alone and I think you'll be OK.
-drl
|
Post #53,595
9/27/02 4:02:48 PM
|
Your looking at it backwards
I'm not trying to see the Linux box from the Windows box. I'm trying to see the Windows box from the Linux box. I don't care if nothing can see the Linux box. So it doesn't need to register with the WINS server. It needs to be able to read from the WINS server to get the IP of the Windows box.
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #53,596
9/27/02 4:17:54 PM
|
Re: Your looking at it backwards
It's still the same problem - LAN Manager is basically peer-to-peer. You need access to the WINS server to see Windows machines. That's what nmbd does for you. In order to browse, you also need to have smbd running. (Historically, I'd guess that browsing etc. was added when one of the peers got promoted to a "server" and the domain model emerged, and so it runs at the application level. NetBIOS is session level in the OSI model.)
Good link:
[link|http://www.neohapsis.com/resources/wins.htm|http://www.neohapsi...ces/wins.htm]
-drl
|
Post #53,606
9/27/02 4:54:11 PM
|
OK, I'll read it, thanks
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #53,611
9/27/02 6:34:49 PM
|
Absolutely.... Absolutely....
Yeah... what he said...
This is the same problem Scott has... reason it has never been taken care of in DDNS... is because of WINS or AD acting as WINS, and therefore SAMBA doing it's part of the PEER to PEER networking...
Scott and you need, to run the daemons... to let the OTHER windows machine who your machines are... and for your machine to figure out who they are.
greg - Grand-Master Artist in IT,
curley95@attbi.com -- [link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!!!]
Your friendly Homeland Security Officer reminds:
Hold Thumbprint to Screen for 5 seconds, we'll take the imprint, or
Just continue to type on your keyboard, and we'll just sample your DNA.
|
Post #53,592
9/27/02 3:44:28 PM
9/27/02 3:55:28 PM
|
Thoughts...
I didn't think the WINS gave out ip addresses, but I'm definitely not up to speed on WINS.
In any case, - if you have DHCP, allow the DHCP to assign the IP address to the linux box. Get the IP address of the Linux box (ping something) and you can then scp stuff to it and back.
If you can, a static ip is better in my mind - especially as you can get the admin to firewall that IP off so that no one from the outside can see that box. (But it may require permission of getting an IP address.)
SAMBA is an option - but it's a small amount of work to set it up. (But then you have access to printers and everything else. ;-) ) SMBclient is strictly a client service, you don't even need to use DNS. (smbclient -L I think to list shares). (It's okay, but I like scp better.)
Actually, if you're sharing the Win2000 box, you can mount the drives on your Linux box (without starting SAMBA service on your linux box iirc).
|
Post #53,593
9/27/02 3:56:47 PM
|
WINS In 1 Minute
NetBIOS is not routable, but you can encapsulate it in TCP/IP. In order to run LAN Manager on pure TCP/IP, you need a way to resolve NetBIOS names into IP addresses, and that is what WINS does. It's strictly an adhoc solution to the problem of having a NOS that was not written with routing in mind work with a routable protocol.
Also, NetBIOS was LOUD (based on broadcasts) so you need a way of things getting seen without always having to announce themselves. The chattiness of NetBIOS is not an issue on a small network, but imagine 10000 clients constantly broadcasting.
IOW, LAN Manager was a simple NOS created in the infancy of PC nets that lived far longer than it needed to.
-drl
|
Post #53,659
9/28/02 2:24:02 AM
|
NetBIOS /is/ routable.
It's a higher-level protocol that can use any transport including IPX/SPX and TCP/IP.
It's NetBEUI that isn't routable.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #53,779
9/29/02 12:02:43 AM
|
Re: NetBIOS /is/ routable.
NetBIOS is to NetBEUI as TCP is to IP, as transport is to network (protocol), so you are correct to make the distinction, but NetBIOS/NetBEUI is never routable because there is no room in the packet for addresses - that's why it uses broadcasting, as opposed to TCP/IP, which uses multicasting. Multicasting relies on a list of addresses which can be compared at the hardware level, while broadcasting relies on the operating system to decide what to do with a packet. So broadcast packets are not targeted, that is, there is no address information in them, while multicast packets contain address information that can be compared against a list held by the NIC hardware.
-drl
|
Post #53,785
9/29/02 1:50:02 AM
|
Er, no.
TCP/IP uses broadcasts - simply send your packet to x.x.x.255, for a Class C example.
We route NetBIOS across distinct networks to enable NT4 boxes to participate in SMB browsing. The only caveat is that you must disable the Computer Browser service on the box doing the routing, or else use a dedicated router. (The reason being that on a multihomed box, if the Browser service is running, it won't propagate NetBIOS browse traffic across interfaces.)
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #53,817
9/29/02 10:29:33 AM
|
Re: Er, no.
Well, it's terminology at some point - the key issue is address information in a packet.
Are you saying you have a separate NetBIOS protocol installed on some machines, or some all NetBIOS programs? If so then the routers are intelligently converting it to NBT or something like that and sending that among themselves. There's extra information supplied by the router. This is no different in principle than using NBT on the client.
-drl
|
Post #53,617
9/27/02 8:58:19 PM
|
Unless I'm missing something... try nmblookup
First off, my apologies if I am missing something. I can't seem to raise more than 24 kbps out of Verizon, so even zIwethey is wait...wait...wait... But from the [link|http://software.oit.pdx.edu/cgi-bin/hman-net?ManSection=1&ManTopic=nmblookup|nmblookup] man page: nmblookup is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries. The options allow the name queries to be directed at a particular IP broadcast area or to a particular machine. All queries are done over UDP. If all goes well, "nmblookup w2k_box_name" should retrieve the IP address. [I recall from past experiments that you may have to specify the WINS server with the -U option]
|
Post #53,688
9/28/02 8:33:57 AM
|
Hmmmm... Dern it "looked" right past this...
Shoot! BANG! I'm dead... will(should) work for Drew, but not for Scott.
greg - Grand-Master Artist in IT,
curley95@attbi.com -- [link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!!!]
Your friendly Homeland Security Officer reminds:
Hold Thumbprint to Screen for 5 seconds, we'll take the imprint, or
Just continue to type on your keyboard, and we'll just sample your DNA.
|
Post #53,923
9/30/02 9:51:36 AM
|
Yup, that gets it
So apparently I have everything running I need running. All that's left is ... how do I tell my system to use nmblookup when a straight DNS lookup doesn't resolve? ie: I try 'ping dkime-win2k' and it returns 'unknown host'. What next? Off to read the above thread and see if there are any new ideas.
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #53,983
9/30/02 1:53:21 PM
|
You might try
lwresd - a daemon for ligthweight resolvers
And tell it to "cache" the info from nmblookup... it might work
Of course if your could get resolv+ to use nmblookups itself... it wouldn't be a bad thing...
greg - Grand-Master Artist in IT,
curley95@attbi.com -- [link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!!!]
Your friendly Homeland Security Officer reminds:
Hold Thumbprint to Screen for 5 seconds, we'll take the imprint, or
Just continue to type on your keyboard, and we'll just sample your DNA.
|
Post #54,030
9/30/02 5:25:31 PM
|
I will
Tomorrow. Just got out of a four-hour meeting.
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #54,130
9/30/02 10:54:19 PM
|
Re: I will
All I am saying here is that there MAY be functionality I have pieced together...
It was a HUGE swag... but I am guessing from the Docs I was able to dig up... well it was a bit wishy washy and YMMV.
If I can finger it out b4 you do... maybe we get it to work for you...
BTW, those 4 hour meeting SURE are promoters of efficency...
greg - Grand-Master Artist in IT,
curley95@attbi.com -- [link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!!!]
Your friendly Homeland Security Officer reminds:
Hold Thumbprint to Screen for 5 seconds, we'll take the imprint, or
Just continue to type on your keyboard, and we'll just sample your DNA.
|
Post #53,354
9/26/02 1:03:30 PM
|
Re: Short and quick answer... AND the other one....
AFAIK the only way to avoid it would be a pure W2k network in native mode. Otherwise, Windows is still NetBIOS and so must you be.
-drl
|
