The questions and answers given in this section are designed to highlight important aspects of Microsoft Windows networking.
What is the significance of the MIDEARTH< 1b > type query?
This is a broadcast announcement by which the Windows machine is attempting to locate a Domain Master Browser (DMB) in the event that it might exist on the network. Refer to TOSHARG2, Chapter 9, Section 9.7, "Technical Overview of Browsing," for details regarding the function of the DMB and its role in network browsing.
What is the significance of the MIDEARTH< 1d > type name registration?
This name registration records the machine IP addresses of the LMBs. Network clients can query this name type to obtain a list of browser servers from the master browser.
The LMB is responsible for monitoring all host announcements on the local network and for collating the information contained within them. Using this information, it can provide answers to other Windows network clients that request information such as:
The list of machines known to the LMB (i.e., the browse list)
The IP addresses of all domain controllers known for the domain
The IP addresses of LMBs
The IP address of the DMB (if one exists)
The IP address of the LMB on the local segment
What is the role and significance of the < 01 >< 02 > __MSBROWSE__ < 02 >< 01 > name registration?
This name is registered by the browse master to broadcast and receive domain announcements. Its scope is limited to the local network segment, or subnet. By querying this name type, master browsers on networks that have multiple domains can find the names of master browsers for each domain.
What is the significance of the MIDEARTH< 1e > type name registration?
This name is registered by all browse masters in a domain or workgroup. The registration name type is known as the Browser Election Service. Master browsers register themselves with this name type so that DMBs can locate them to perform cross-subnet browse list updates. This name type is also used to initiate elections for Master Browsers.
What is the significance of the guest account in smb.conf?
This parameter specifies the default UNIX account to which MS Windows networking NULL session connections are mapped. The default name for the UNIX account used for this mapping is called nobody. If the UNIX/Linux system that is hosting Samba does not have a nobody account and an alternate mapping has not been specified, network browsing will not work at all.
It should be noted that the guest account is essential to Samba operation. Either the operating system must have an account called nobody or there must be an entry in the smb.conf file with a valid UNIX account, such as guest account = ftp.
Is it possible to reduce network broadcast activity with Samba-3?
Yes, there are two ways to do this. The first involves use of WINS (See TOSHARG2, Chapter 9, Section 9.5, "WINS The Windows Inter-networking Name Server"); the alternate method involves disabling the use of NetBIOS over TCP/IP. This second method requires a correctly configured DNS server (see TOSHARG2, Chapter 9, Section 9.3, "Discussion").
The use of WINS reduces network broadcast traffic. The reduction is greatest when all network clients are configured to operate in Hybrid Mode. This can be effected through use of DHCP to set the NetBIOS node type to type 8 for all network clients. Additionally, it is beneficial to configure Samba to use name resolve order = wins host cast.
Use of SMB without NetBIOS is possible only on Windows 200x/XP Professional clients and servers, as well as with Samba-3.
Can I just use plain-text passwords with Samba?
Yes, you can configure Samba to use plain-text passwords, though this does create a few problems.
First, the use of /etc/passwd-based plain-text passwords requires that registry modifications be made on all MS Windows client machines to enable plain-text passwords support. This significantly diminishes the security of MS Windows client operation. Many network administrators are bitterly opposed to doing this.
Second, Microsoft has not maintained plain-text password support since the default setting was made disabling this. When network connections are dropped by the client, it is not possible to re-establish the connection automatically. Users need to log off and then log on again. Plain-text password support may interfere with recent enhancements that are part of the Microsoft move toward a more secure computing environment.
Samba-3 supports Microsoft encrypted passwords. Be advised not to reintroduce plain-text password handling. Just create user accounts by running smbpasswd -a 'username'
It is not possible to add a user to the passdb backend database unless there is a UNIX system account for that user. On systems that run winbindd to access the Samba PDC/BDC to provide Windows user and group accounts, the idmap uid, idmap gid ranges set in the smb.conf file provide the local UID/GIDs needed for local identity management purposes.
What parameter in the smb.conf file is used to enable the use of encrypted passwords?
The parameter in the smb.conf file that controls this behavior is known as encrypt passwords. The default setting for this in Samba-3 is Yes (Enabled).
Is it necessary to specify encrypt passwords = Yes when Samba-3 is configured as a domain member?
No. This is the default behavior.
Is it necessary to specify a guest account when Samba-3 is configured as a domain member server?
Yes. This is a local function on the server. The default setting is to use the UNIX account nobody. If this account does not exist on the UNIX server, then it is necessary to provide a guest account = an_account, where an_account is a valid local UNIX user account.