[Janus / twin Alix2] #3 Windows neighborhood with Samba

Home Page Forums Network Management ZeroShell [Janus / twin Alix2] #3 Windows neighborhood with Samba

This topic contains 1 reply, has 0 voices, and was last updated by  PatrickB 3 years, 9 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #44303

    PatrickB
    Member

    Hello.

    Today I give you my solution for having a reliable “Windows neighborhood” on my LAN, in the context of twin LAN Masters.

    At first please notice that I only use part of the NetBios features: my machines usually share a single folder named “Export” but for the whole LAN and in read-only mode, this point for safety. They may also share printers…
    But this is their local business. On a small LAN I don’t need more.

    Then all I want from the Samba on the LAN Master is to be the “Browse Master” and take the role as fast as possible. It will not share User accounts and permissions.

    The hard point is to have 2 potential LAN Masters, and to make the backup unit take the role only when the prime is down. Without precautions they would either not switch, or they would fight all the time, and actually one unit is even able to fight against itself 👿

    Since the LAN Master is also the DNS server for the LAN, Samba uses it for name resolution and only completes with broadcast if needed.

    Finally the LAN Masters also have a shared folder, temporarily writable, it helps for setup.

    Setup Samba

    I use the package samba2 from the NSLU2 feed I recommended in my previous post:
    https://www.zeroshell.org/forum/viewtopic.php?t=5005

    root@janus2> ipkg list samba*
    samba2 - 2.2.12-4 - Lightweight Samba suite provides file and print services to SMB/CIFS clients.
    Successfully terminated.

    root@janus2> ipkg install samba2
    Installing samba2 (2.2.12-4) to root...
    Downloading http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/stable/samba2_2.2.12-4_i686.ipk
    package samba2 suggests installing xinetd
    package samba2 suggests installing cups
    Configuring samba2
    Installing 'swat 901/tcp' to /etc/services ...
    Please edit config (/opt/etc/samba/smb.conf).
    After verify your smb.conf file with command testparm,
    modify and execute /opt/etc/init.d/S80samba to activate the samba.
    Test Samba daemons with smbclient -L localhost -N

    WWW admin and reading documentation is possible if xinetd is installed.
    Change user to 'admin' in /opt/etc/xinetd.d/swat
    Point your browser to eg. http://192.168.1.1:901/ to access SWAT server.
    Successfully terminated.

    I did not install xinetd and cups.

    Configure Samba

    Here is my SMB.conf working for both units, with only 2 lines to adjust on the backup unit.
    It is verbosely commented.

    It works very fine: as expected the role “Browse Master” moves from prime to backup only, the prime takes it back very quickly when back on the LAN, and from the PC’s the “neighborhood” is always restored very fast. 🙂

    At the end I provide the Windows commands to see the state…


    ###########################################################
    # smb.conf
    # ========
    # Samba configuration file for Janus1 & Janus2.
    ###########################################################

    # Context:
    #
    # Janus1 & Janus2 are the prime and backup LAN masters for MyWorkGroup's LAN.
    # The main goal is to let Janus1 be the Browse Master for the LAN, then
    # Janus2 must be able to replace it asap and automatically in case of failure.
    # The complete configuration of Janus2 should be cloned from Janus1, with
    # minimal adjustments, ideally automated.

    [global]

    # LAN settings:
    #

    workgroup = MYWORKGROUP
    # C-type network: 192.168.xxx.

    # The "server string" is pure pollution: the device name gets replicated with parenthesis.
    server string =

    # Interface binding is critical: Janus1 & Janus2 are routers (several interfaces)
    # and the active one is also the gateway (192.168.xxx.1). With no precautions, they
    # could compete on WAN side and even the active one against itself ! This leads to
    # a mess with 2 Browse Masters then finally the "Windows Neighborhood" empty :-(
    # => Bind the administrative IP only: .11 for Janus1, .12 for Janus2.
    #
    interfaces = 192.168.xxx.11/24
    bind interfaces only = yes

    # Security considerations:
    # Janus1 & Janus2 only manage the "Windows Neighborhood", not a global sharing policy.
    # Both have a single share, temporarily active for administrative purpose, most often empty.
    # No need to bother with password files synchronization for that, guest access suffices.
    #
    hosts allow = 192.168.xxx. 127.
    host deny = all
    security = share

    # NetBios configuration:
    #

    # Samba cannot be both WINS server and client... Another nightmare we can live without.
    #
    wins support = no

    # The active one of Janus1 & Janus2 is the DNS server for the LAN.
    # => Rely on it for any name it can resolve. Use NetBios broadcast for the others.
    #
    dns proxy = yes
    nameserver = 127.0.0.1
    name resolve order = host bcast

    # Browse Master arbitration:
    # Only Janus1 & Janus2 are candidate for the role, with priority to Janus1, unless off.
    # - all the others stations should not be:
    # - for Unix devices: local master = no
    # - for Windows devices: [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesBrowserParameters]
    # => IsDomainMaster = "No", MaintainServerList = "No"
    # - the priority to Janus1 only relies on "os level": Janus1 = 255, Janus2 = 210.
    # - "preferred master = yes" speeds up the role swithing in case of any change.
    # - "domain master" and "browse list" keep implicit (driven by the result of elections).
    #
    local master = yes
    os level = 255
    preferred master = yes
    ; domain master = yes
    ; browse list = yes

    # Optimization and tuning:
    #

    # Usual TCP/IP tuning for small devices:
    #
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

    # Logging:
    # No need for per-client traces of all the name queries... Use a single log, caped to 50Kb.
    # The default "log level = 1" logs quite nothing: perfect. Raise to 3 if something to debug.
    # Care of having the log written to the ramdisk to save the flash memory.
    #
    log file = /var/log/samba.all.log
    ; log file = /opt/var/log/samba/log.%m
    max log size = 50
    ; log level = 3

    # Overrides:
    #
    # Maybe the better solution to completely freeze the configurations, switching on the hostname ?
    # Manual overrides in the meantime:
    # - interfaces = 192.168.xxx.11/24 vs 192.168.xxx.12/24
    # - os level = 255 vs 210
    #
    ; include = /etc/samba/smb.conf.%h

    #============================ Share Definitions ==============================

    [Shared]

    # Be sure to have this path created at boot time, or NMBD will crash
    # Also "chmod o+w" if keeping "writable = yes"
    path = /root/shared
    comment = File exchange
    guest ok = yes
    public = yes
    writable = yes
    printable = no
    browseable = yes

    #========================= Debug tools from Windows ==========================

    # To be run as Administrator:
    # NB: The displays are in the language of the system, here French (I fixed the accents).


    # C:WINDOWSsystem32>nbtstat -R
    # Purge et prechargement de la table nom de cache distant NBT termines.


    # C:WINDOWSsystem32>net view
    #
    # Nom de serveur Remarque
    #
    #
    # \ARISTOTE
    # \JANUS1
    # \JANUS2
    # \JURAN
    # \MARCONI
    # \MASHEY
    # \MORESTIN


    # C:WINDOWSsystem32>nbtstat -a janus2
    #
    # Connexion au reseau local:
    # Adresse IP du noeud: [192.168.xxx.50] ID d'etendue: []
    #
    # Table de noms NetBIOS des ordinateurs distants
    #
    # Nom Type Etat
    #
    # JANUS2 <00> UNIQUE Inscrit
    # JANUS2 <03> UNIQUE Inscrit
    # JANUS2 <20> UNIQUE Inscrit
    # MYWORKGROUP <00> Groupe Inscrit
    # MYWORKGROUP <1E> Groupe Inscrit
    #
    # Adresse MAC = 00-00-00-00-00-00


    # C:WINDOWSsystem32>nbtstat -a janus1
    #
    # Connexion au reseau local:
    # Adresse IP du noeud: [192.168.xxx.50] ID d'etendue: []
    #
    # Table de noms NetBIOS des ordinateurs distants
    #
    # Nom Type Etat
    #
    # JANUS1 <00> UNIQUE Inscrit
    # JANUS1 <03> UNIQUE Inscrit
    # JANUS1 <20> UNIQUE Inscrit
    # ..__MSBROWSE__.<01> Groupe Inscrit < === Janus1 is Browse Master
    # MYWORKGROUP <00> Groupe Inscrit
    # MYWORKGROUP <1D> UNIQUE Inscrit
    # MYWORKGROUP <1E> Groupe Inscrit
    #
    # Adresse MAC = 00-00-00-00-00-00

    Hope it can help someone.

    Ideas for improvements are welcome.

    Best regards.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.