Tried it

Post #53,534 by drewk 9/27/02 12:32:47 PM Reply	Tried it I can get smbclient to see my Win2K box just fine. Problem is I need everything else to see the Win2K box. For instance, right now I can't ping the W2K box from the Linux box. smbclient can poll the WINS server to get an IP, but how do I tell my system, "If you don't get an IP from DNS, try WINS through the smbclient"? === Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link\|http://z.iwethey.org/forums/render/content/show?contentid=38978\|Andrew Grygus]
Post #53,539 by deSitter 9/27/02 12:49:06 PM Reply	Re: Tried it Continuing from the "Suggestions" forum... You say you don't want to create a security risk, and then put in a fixed IP address. This has to be at least as great a security risk as running smbd and nmbd, no? Security risks happen when exceptions are allowed. Every NT workstation has two indispensible services "Server" and "Workstation". Guess what these correspond to in the Samba world :) ? The services need to be there to answer NetBIOS name queries (among other things), which can happen any time. You could try just running the nmbd service alone - you can't browse from Linux then but other Windows and Samba boxes will see you. -drl
Post #53,561 by drewk 9/27/02 2:17:56 PM Reply	They don't need to see me You could try just running the nmbd service alone - you can't browse from Linux then but other Windows and Samba boxes will see you. Nothing else needs to be able to see this box. The corporate standard is Win2K. The only exceptions are: the web server (Linux/Apache), one of the db servers (Linux/MySQL), and four of the five programmers (Linux desktops). Each of us has our own mix of development apps we use, some Linux and some Windows, but all need to have the Win2K boxes so we can run Outlook. So we're all using x2vnc to control our Win2K box from the Linux box. All these systems are inside the firewall, on internal IP ranges. There is no particular reason any other machine needs to be able to see any of our dev boxes. Given all that, how is assigning a static IP to my Linux box as much of a security issue as setting up SAMBA on it? That's not facetious. I already admitted I'm not a sysadmin, so it's entirely possible there's a problem I don't know about. I was just trying to avoid something (running unneccesary network services) that I knew was a problem. PS: The static IP isn't really an exception. All the servers and most of the IT department desktops are already static IPs. The only reason mine isn't is that I set up the Win2K system on a day the network guy was out. I set up DHCP and it worked, so I never knew to ask for a static IP. === Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link\|http://z.iwethey.org/forums/render/content/show?contentid=38978\|Andrew Grygus]
Post #53,575 by deSitter 9/27/02 2:47:17 PM Reply	Re: They don't need to see me Well, neither should be a security problem, but as a general rule, security problems are like rust, they show up at the exposed edges. Exceptions eventually produce side effects. But from what I could tell, you wanted your Linux box to be registered with WINS, I assume so you can resolve its IP by name from the Windows world. That means the Windows network has to "see" you over NetBIOS by registering you in WINS. So just run nmbd alone and I think you'll be OK. -drl
Post #53,595 by drewk 9/27/02 4:02:48 PM Reply	Your looking at it backwards I'm not trying to see the Linux box from the Windows box. I'm trying to see the Windows box from the Linux box. I don't care if nothing can see the Linux box. So it doesn't need to register with the WINS server. It needs to be able to read from the WINS server to get the IP of the Windows box. === Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link\|http://z.iwethey.org/forums/render/content/show?contentid=38978\|Andrew Grygus]
Post #53,596 by deSitter 9/27/02 4:17:54 PM Reply	Re: Your looking at it backwards It's still the same problem - LAN Manager is basically peer-to-peer. You need access to the WINS server to see Windows machines. That's what nmbd does for you. In order to browse, you also need to have smbd running. (Historically, I'd guess that browsing etc. was added when one of the peers got promoted to a "server" and the domain model emerged, and so it runs at the application level. NetBIOS is session level in the OSI model.) Good link: [link\|http://www.neohapsis.com/resources/wins.htm\|http://www.neohapsi...ces/wins.htm] -drl
Post #53,606 by drewk 9/27/02 4:54:11 PM Reply	OK, I'll read it, thanks === Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link\|http://z.iwethey.org/forums/render/content/show?contentid=38978\|Andrew Grygus]
Post #53,611 by folkert 9/27/02 6:34:49 PM Reply	Absolutely.... Absolutely.... Yeah... what he said... This is the same problem Scott has... reason it has never been taken care of in DDNS... is because of WINS or AD acting as WINS, and therefore SAMBA doing it's part of the PEER to PEER networking... Scott and you need, to run the daemons... to let the OTHER windows machine who your machines are... and for your machine to figure out who they are. `greg - Grand-Master Artist in IT, curley95@attbi.com -- [link\|http://www.iwethey.org/ed_curry/\|REMEMBER ED CURRY!!!] Your friendly Homeland Security Officer reminds: Hold Thumbprint to Screen for 5 seconds, we'll take the imprint, or Just continue to type on your keyboard, and we'll just sample your DNA.`
Post #53,592 by Simon_Jester 9/27/02 3:44:28 PM 9/27/02 3:55:28 PM Reply	Thoughts... I didn't think the WINS gave out ip addresses, but I'm definitely not up to speed on WINS. In any case, - if you have DHCP, allow the DHCP to assign the IP address to the linux box. Get the IP address of the Linux box (ping something) and you can then scp stuff to it and back. If you can, a static ip is better in my mind - especially as you can get the admin to firewall that IP off so that no one from the outside can see that box. (But it may require permission of getting an IP address.) SAMBA is an option - but it's a small amount of work to set it up. (But then you have access to printers and everything else. ;-) ) SMBclient is strictly a client service, you don't even need to use DNS. (smbclient -L I think to list shares). (It's okay, but I like scp better.) Actually, if you're sharing the Win2000 box, you can mount the drives on your Linux box (without starting SAMBA service on your linux box iirc). Edited by Simon_Jester Sept. 27, 2002, 03:55:28 PM EDT Expand All History
Post #53,593 by deSitter 9/27/02 3:56:47 PM Reply	WINS In 1 Minute NetBIOS is not routable, but you can encapsulate it in TCP/IP. In order to run LAN Manager on pure TCP/IP, you need a way to resolve NetBIOS names into IP addresses, and that is what WINS does. It's strictly an adhoc solution to the problem of having a NOS that was not written with routing in mind work with a routable protocol. Also, NetBIOS was LOUD (based on broadcasts) so you need a way of things getting seen without always having to announce themselves. The chattiness of NetBIOS is not an issue on a small network, but imagine 10000 clients constantly broadcasting. IOW, LAN Manager was a simple NOS created in the infancy of PC nets that lived far longer than it needed to. -drl
Post #53,659 by pwhysall 9/28/02 2:24:02 AM Reply	NetBIOS /is/ routable. It's a higher-level protocol that can use any transport including IPX/SPX and TCP/IP. It's NetBEUI that isn't routable. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #53,779 by deSitter 9/29/02 12:02:43 AM Reply	Re: NetBIOS /is/ routable. NetBIOS is to NetBEUI as TCP is to IP, as transport is to network (protocol), so you are correct to make the distinction, but NetBIOS/NetBEUI is never routable because there is no room in the packet for addresses - that's why it uses broadcasting, as opposed to TCP/IP, which uses multicasting. Multicasting relies on a list of addresses which can be compared at the hardware level, while broadcasting relies on the operating system to decide what to do with a packet. So broadcast packets are not targeted, that is, there is no address information in them, while multicast packets contain address information that can be compared against a list held by the NIC hardware. -drl
Post #53,785 by pwhysall 9/29/02 1:50:02 AM Reply	Er, no. TCP/IP uses broadcasts - simply send your packet to x.x.x.255, for a Class C example. We route NetBIOS across distinct networks to enable NT4 boxes to participate in SMB browsing. The only caveat is that you must disable the Computer Browser service on the box doing the routing, or else use a dedicated router. (The reason being that on a multihomed box, if the Browser service is running, it won't propagate NetBIOS browse traffic across interfaces.) Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #53,817 by deSitter 9/29/02 10:29:33 AM Reply	Re: Er, no. Well, it's terminology at some point - the key issue is address information in a packet. Are you saying you have a separate NetBIOS protocol installed on some machines, or some all NetBIOS programs? If so then the routers are intelligently converting it to NBT or something like that and sending that among themselves. There's extra information supplied by the router. This is no different in principle than using NBT on the client. -drl

Welcome to IWETHEY!