www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

[Janus / twin Alix2] #3 Windows neighborhood with Samba

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
PatrickB



Joined: 03 Nov 2012
Posts: 46

PostPosted: Sun Jun 14, 2015 9:00 am    Post subject: [Janus / twin Alix2] #3 Windows neighborhood with Samba Reply with quote

Hello.

Today I give you my solution for having a reliable "Windows neighborhood" on my LAN, in the context of twin LAN Masters.

At first please notice that I only use part of the NetBios features: my machines usually share a single folder named "Export" but for the whole LAN and in read-only mode, this point for safety. They may also share printers...
But this is their local business. On a small LAN I don't need more.

Then all I want from the Samba on the LAN Master is to be the "Browse Master" and take the role as fast as possible. It will not share User accounts and permissions.

The hard point is to have 2 potential LAN Masters, and to make the backup unit take the role only when the prime is down. Without precautions they would either not switch, or they would fight all the time, and actually one unit is even able to fight against itself Evil or Very Mad

Since the LAN Master is also the DNS server for the LAN, Samba uses it for name resolution and only completes with broadcast if needed.

Finally the LAN Masters also have a shared folder, temporarily writable, it helps for setup.

Setup Samba

I use the package samba2 from the NSLU2 feed I recommended in my previous post:
http://www.zeroshell.org/forum/viewtopic.php?t=5005

Code:
root@janus2> ipkg list samba*
samba2 - 2.2.12-4 - Lightweight Samba suite provides file and print services to SMB/CIFS clients.
Successfully terminated.

root@janus2> ipkg install samba2
Installing samba2 (2.2.12-4) to root...
Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/stable/samba2_2.2.12-4_i686.ipk
package samba2 suggests installing xinetd
package samba2 suggests installing cups
Configuring samba2
Installing 'swat 901/tcp' to /etc/services ...
Please edit config (/opt/etc/samba/smb.conf).
After verify your smb.conf file with command testparm,
modify and execute /opt/etc/init.d/S80samba to activate the samba.
Test Samba daemons with smbclient -L localhost -N

WWW admin and reading documentation is possible if xinetd is installed.
Change user to 'admin' in /opt/etc/xinetd.d/swat
Point your browser to eg. http://192.168.1.1:901/ to access SWAT server.
Successfully terminated.


I did not install xinetd and cups.

Configure Samba

Here is my SMB.conf working for both units, with only 2 lines to adjust on the backup unit.
It is verbosely commented.

It works very fine: as expected the role "Browse Master" moves from prime to backup only, the prime takes it back very quickly when back on the LAN, and from the PC's the "neighborhood" is always restored very fast. Smile

At the end I provide the Windows commands to see the state...

Code:

###########################################################
# smb.conf
# ========
# Samba configuration file for Janus1 & Janus2.
###########################################################

# Context:
# -------
# Janus1 & Janus2 are the prime and backup LAN masters for MyWorkGroup's LAN.
# The main goal is to let Janus1 be the Browse Master for the LAN, then
# Janus2 must be able to replace it asap and automatically in case of failure.
# The complete configuration of Janus2 should be cloned from Janus1, with
# minimal adjustments, ideally automated.

[global]

# LAN settings:
# ------------

workgroup = MYWORKGROUP
# C-type network: 192.168.xxx.

# The "server string" is pure pollution: the device name gets replicated with parenthesis.
server string =

# Interface binding is critical: Janus1 & Janus2 are routers (several interfaces)
# and the active one is also the gateway (192.168.xxx.1). With no precautions, they
# could compete on WAN side and even the active one against itself ! This leads to
# a mess with 2 Browse Masters then finally the "Windows Neighborhood" empty :-(
# => Bind the administrative IP only: .11 for Janus1, .12 for Janus2.
#
interfaces = 192.168.xxx.11/24
bind interfaces only = yes

# Security considerations:
# Janus1 & Janus2 only manage the "Windows Neighborhood", not a global sharing policy.
# Both have a single share, temporarily active for administrative purpose, most often empty.
# No need to bother with password files synchronization for that, guest access suffices.
#
hosts allow = 192.168.xxx.   127.
host deny = all
security = share

# NetBios configuration:
# ---------------------

# Samba cannot be both WINS server and client... Another nightmare we can live without.
#
wins support = no

# The active one of Janus1 & Janus2 is the DNS server for the LAN.
# => Rely on it for any name it can resolve. Use NetBios broadcast for the others.
#
dns proxy = yes
nameserver = 127.0.0.1
name resolve order = host bcast

# Browse Master arbitration:
# Only Janus1 & Janus2 are candidate for the role, with priority to Janus1, unless off.
# - all the others stations should not be:
#   - for Unix devices:    local master = no
#   - for Windows devices: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters]
#     => IsDomainMaster = "No", MaintainServerList = "No"
# - the priority to Janus1 only relies on "os level": Janus1 = 255, Janus2 = 210.
# - "preferred master = yes" speeds up the role swithing in case of any change.
# - "domain master" and "browse list" keep implicit (driven by the result of elections).
#
local master = yes
os level = 255
preferred master = yes
; domain master = yes
; browse list = yes

# Optimization and tuning:
# -----------------------

# Usual TCP/IP tuning for small devices:
#
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Logging:
# No need for per-client traces of all the name queries... Use a single log, caped to 50Kb.
# The default "log level = 1" logs quite nothing: perfect. Raise to 3 if something to debug.
# Care of having the log written to the ramdisk to save the flash memory.
#
log file = /var/log/samba.all.log
; log file = /opt/var/log/samba/log.%m
max log size = 50
; log level = 3

# Overrides:
# ---------
# Maybe the better solution to completely freeze the configurations, switching on the hostname ?
# Manual overrides in the meantime:
# - interfaces = 192.168.xxx.11/24 vs 192.168.xxx.12/24
# - os level   = 255               vs 210
#
; include = /etc/samba/smb.conf.%h

#============================ Share Definitions ==============================

[Shared]

   # Be sure to have this path created at boot time, or NMBD will crash
   # Also "chmod o+w" if keeping "writable = yes"
   path = /root/shared
   comment = File exchange
   guest ok = yes
   public = yes
   writable = yes
   printable = no
   browseable = yes

#========================= Debug tools from Windows ==========================

# To be run as Administrator:
# NB: The displays are in the language of the system, here French (I fixed the accents).


# C:\WINDOWS\system32>nbtstat -R
#     Purge et prechargement de la table nom de cache distant NBT termines.


# C:\WINDOWS\system32>net view
#
# Nom de serveur         Remarque
#
# ----------------------------------------------------------------------------
# \\ARISTOTE
# \\JANUS1
# \\JANUS2
# \\JURAN
# \\MARCONI
# \\MASHEY
# \\MORESTIN


# C:\WINDOWS\system32>nbtstat -a janus2
#
# Connexion au reseau local:
# Adresse IP du noeud: [192.168.xxx.50] ID d'etendue: []
#
#     Table de noms NetBIOS des ordinateurs distants
#
#        Nom                Type         Etat
#     ---------------------------------------------
#     JANUS2         <00>  UNIQUE      Inscrit
#     JANUS2         <03>  UNIQUE      Inscrit
#     JANUS2         <20>  UNIQUE      Inscrit
#     MYWORKGROUP    <00>  Groupe      Inscrit
#     MYWORKGROUP    <1E>  Groupe      Inscrit
#
#     Adresse MAC = 00-00-00-00-00-00


# C:\WINDOWS\system32>nbtstat -a janus1
#
# Connexion au reseau local:
# Adresse IP du noeud: [192.168.xxx.50] ID d'etendue: []
#
#     Table de noms NetBIOS des ordinateurs distants
#
#        Nom                Type         Etat
#     ---------------------------------------------
#     JANUS1         <00>  UNIQUE      Inscrit
#     JANUS1         <03>  UNIQUE      Inscrit
#     JANUS1         <20>  UNIQUE      Inscrit
#     ..__MSBROWSE__.<01>  Groupe      Inscrit   <=== Janus1 is Browse Master
#     MYWORKGROUP    <00>  Groupe      Inscrit
#     MYWORKGROUP    <1D>  UNIQUE      Inscrit
#     MYWORKGROUP    <1E>  Groupe      Inscrit
#
#     Adresse MAC = 00-00-00-00-00-00


Hope it can help someone.

Ideas for improvements are welcome.

Best regards.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group