Difference between revisions of "OpenWRT WINS with Samba"

Wiki.TerraBase.info
Jump to navigation Jump to search
Line 35: Line 35:


======Static Mappings for WINS (Static Entries for Host Names and IP Addresses) - Not to be confused with LMHOSTS File======
======Static Mappings for WINS (Static Entries for Host Names and IP Addresses) - Not to be confused with LMHOSTS File======
As with everything in life (and OpenWRT), the solution isn't a simple 1, 2, 3 thing.  The first item worth mentioning is that configuring an LMHOSTS file on an OpenWRT router will only work with name resolution queries run from the OpenWRT router.  It will not be used when answering WINS queries from clients.
As with everything in life (and OpenWRT), the solution isn't a simple 1, 2, 3 thing.  The first item worth mentioning is that configuring an LMHOSTS file on an OpenWRT router will only work with name resolution queries run from the OpenWRT router.  The LMHOSTS file will not be used when answering WINS queries from clients.


Adding Static Mappings is easy using the below method (and also useless, because the settings will disappear when the router is restarted). It assumes Samba 4 is being used, but will also work with Samba 3 if minor changes are made to the commands;
Adding Static Mappings is easy using the below method (and also useless, because the settings will disappear when the router is restarted). It assumes Samba 4 is being used, but will also work with Samba 3 if minor changes are made to the commands;
Line 46: Line 46:
A better way to add Static Mappings that persist beyond router restarts is this;
A better way to add Static Mappings that persist beyond router restarts is this;


*Create and save a file with entries in the below format in /etc/samba/: nano /etc/samba/samba.static (it can be any name, but make sure it's the same configured in the below script)
*Create and save a file named samba.static with entries in the below format in the /etc/samba/ directory: nano /etc/samba/samba.static (it can be any name, but make sure it's the same configured in the below script) (use whatever file editor you want, VI, etc.)
**Put this line at the top of the file: VERSION 1 0
**Put this line at the top of the file: VERSION 1 0
**Enter subsequent entries on each line in this format: "NAME#TYPE" TTL ADDRESS+ FLAGS (see wins.dat format explanation further down)
**Enter subsequent entries on each line in this format: "NAME#TYPE" TTL ADDRESS+ FLAGS (see wins.dat format explanation further down)
Line 52: Line 52:
*Add the below commands to the OpenWRT Startup Scripts (via LuCI GUI: System, Startup, Local Startup Tab).  The comments can be eliminated and are only included to describe what each command does;
*Add the below commands to the OpenWRT Startup Scripts (via LuCI GUI: System, Startup, Local Startup Tab).  The comments can be eliminated and are only included to describe what each command does;
<syntaxhighlight lang="text">
<syntaxhighlight lang="text">
### Adds Static Mapping for WINS from /etc/samba/samba.static file to /tmp/lib/samba/wins.dat file
######## Adds Static Mapping for WINS from /etc/samba/samba.static file to /tmp/lib/samba/wins.dat file ########


###### There is no need to stop or start the Samba Service because the OpenWRT StartUp Script (rc.d) has a start position of 95 and the Samba4 Service has a start position of 98, so the SMB service isn't even started when this script runs.  The samba4 stop and start lines were put in to note this because according to Samba documentation, the samba service must be stopped to modify the wins.dat file with static entries.
###### There is no need to stop or start the Samba Service because the OpenWRT StartUp Script (rc.d) has a start position of 95 and the Samba4 Service has a start position of 98, so the SMB service isn't even started when this script runs.  The samba4 stop and start lines were put in to note this because according to Samba documentation, the samba service must be stopped to modify the wins.dat file with static entries.
Line 69: Line 69:


*"NAME#TYPE" TTL ADDRESS+ FLAGS
*"NAME#TYPE" TTL ADDRESS+ FLAGS
**NAME = NetBIOS name
**The quotes ( " " ) around NAME#TYPE are supposed to be there like that.  Yes, it looks weird, but that's the format.
**NAME = NetBIOS name of computer
**TYPE = NetBIOS Type (00 = Workstation or Domain Name, 01 = Messenger (Workstation), 20 = File Server, etc.)
**TYPE = NetBIOS Type (00 = Workstation or Domain Name, 01 = Messenger (Workstation), 20 = File Server, etc.)
**TTL = Time To Live in seconds, (Using a time of 0 (zero) ensures the entry will not be deleted by the Samba / NMBD service)
**TTL = Time To Live in seconds, (Using a time of 0 (zero) ensures the entry will not be deleted by the Samba / NMBD service)
**ADDRESS+ = One, possibly more addresses for the Computer / Entity
**ADDRESS+ = One, possibly more addresses for the Computer / Entity.  Only one is usually necessary for a computer or server, and testing wasn't done on this setting with multiple IP Addresses.
**FLAGS = NetBIOS Flags (from The NetBIOS flags may be interpreted as additive hexadecimal values: 00 - Broadcast node registration, 20 - Peer node registration, 40 - Meta node registration, 60 - Hybrid node registration, 02 - Permanent name, 04 - Active name, 80 - Group name. The 'R' indicates this is a registration record. Thus 66R means: Hybrid node active and permanent NetBIOS name. These values may be found in the <code>nameserv.h</code> header file from the Samba source code repository. These are the values for the NB flags.
**FLAGS = NetBIOS Flags (...from one of the below credited websites: The NetBIOS flags may be interpreted as additive hexadecimal values: 00 - Broadcast node registration, 20 - Peer node registration, 40 - Meta node registration, 60 - Hybrid node registration, 02 - Permanent name, 04 - Active name, 80 - Group name. The 'R' indicates this is a registration record. Thus 66R means: Hybrid node active and permanent NetBIOS name. These values may be found in the <code>nameserv.h</code> header file from the Samba source code repository. These are the values for the NB flags.
***64R = Hybrid Node Registration AND Active Name AND registered
***64R = Hybrid Node Registration AND Active Name AND a "registration record"
*Example: "BUBBA#00" 0 192.168.1.88 64R
*Example: "BUBBA#00" 0 192.168.1.88 64R


Line 84: Line 85:
*https://www.samba.org/~ab/output/htmldocs/Samba3-HOWTO/NetworkBrowsing.html
*https://www.samba.org/~ab/output/htmldocs/Samba3-HOWTO/NetworkBrowsing.html


'''Other Thoughts on Static Mappings for WINS'''


'''...and the diatribe written about the journey for the above solution (no need to read this for the Solution / How to configure Static Mappings for WINS;'''
While WINS might be old, it is still needed in many instances. For example, software that uses or was configured to use share names like "SERVER". How will that resolve to an IP Address?  Broadcast?  Yes, eventually. Unless Windows is configured to use DNS first (which it is by default) and there's a DNS server that resolves non-fully qualified host names to it's WAN IP Address by default (as BIND / NAMED does on OpenWRT and other versions of Linux installations).  In cases as just described, a name like "SERVER" that is expected to resolve to a local IP Address, is instead resolved to a useless and inaccurate WAN IP Address.  So WINS is still useful.  Even if it is being used as a backstop for other poorly configured software.  So be aware and understand what WINS can still be useful for.


The best tip came from here (scroll down to Static WINS Entries): https://www.samba.org/~ab/output/htmldocs/Samba3-HOWTO/NetworkBrowsing.html (scroll down to Static WINS Entries).  Tragically it was also buried in Google and Bing searches at an impossible to find depth.  One suggestion for that website might be to use Microsoft's term: "static mappings".  After all the entire WINS thing was created by Microsoft.  While WINS might be old, it is still needed in many instances.  For example, a vendor that uses share names like "SERVER".  How will that resolve to an IP Address?  Broadcast?  Sure...  Unless Windows is configured to use DNS first (which it is by default) and there's a DNS server that resolves non-fully qualified host names to it's WAN IP Address by default (as BIND / NAMED does on OpenWRT and other versions of Linux installations).  In cases like that, a name like "SERVER" that is expected to resolve to a local IP Address is resolved to a useless and inaccurate WAN IP Address.  So WINS is useful.  Just understand what it is useful for.
The best tip (although incomplete) came from here (scroll down to Static WINS Entries): https://www.samba.org/~ab/output/htmldocs/Samba3-HOWTO/NetworkBrowsing.html.  Tragically it was also buried in Google and Bing searches at an impossible to find depth.  One suggestion for that website might be to use Microsoft's term: "static mappings" so it can be closer to the top in search results.  After all the entire WINS thing was created by Microsoft.   
 
First things first: The LMHOSTS file is used ''only'' the local computer / server (IE, the OpenWRT / LinkSys device that is acting as the WINS / NMBD (The component of Samba that equates to WINS) Server).  The LMHOSTS File and its entries are ''not'' used in resolving names to IP Addresses for clients of the WINS Server.  That duty is held by two files: wins.dat and browse.dat.  And no one seems to want anyone to find those files (IE, I dare anyone to find documentation, besides here that notes the location of both of these files.


/tmp/lib/samba/wins.dat (AKA /var/lib/samba/wins.dat)
/tmp/lib/samba/wins.dat (AKA /var/lib/samba/wins.dat)

Revision as of 12:30, 20 August 2021

Invaluable Information from here: https://www.samba.org/samba/docs/using_samba/ch07.html (NOTE: This entire page is marked as "this is old information and might be incorrect", however, WINS is old too, and as it turns out, all of the information in regards to WINS is still accurate)

Samba Related Information


Samba Information

OpenWRT Samba is configured to look for the lmhosts file (all lower case) here: /etc/samba/lmhosts (it was verified by looking in the log files for where it loads the file)

To configure logging, add the following directives (minus comments) to the /etc/samba/smb.conf file in the [glolbal] section;

# The below is the default location
log file = /tmp/log/samba/samba.log
log level = 3
# Per log file, the below has been deprecated
# syslog = 1

Information from above was referenced from here: https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server

Top Tips

Do NOT set the log level higher than 3 or it will just fill up with gibberish

Do NOT attempt to read the log file via a text editor through a Samba shared directory, or the log file will fill with recursive gibberish (IE, use nano or vi)

Best to not use these directives; client min protocol = SMB2, client max protocol = SMB3 (If SMB1 or SMB2 are needed, switch to Samba 3)

When configuring the Hostname in the LuCI GUI, System, System, General Settings Tab, use ONLY the host name, not the "fully qualified host name" (IE use OpenWRT, do not use OpenWRT.WhatEverDomain.WhatEverComOrLocalOrLanEtc)

Commands Related to WINS for Samba

nmblookup is the command that can be used to check information within the Samba WINS database.

Examples;

  • nmblookup WhatEverNameOfHost will display the IP Address information for that host.
  • nmblookup -S WhatEverWorkGroupName will display all the records*

* This webpage notes that there are various ways to display all of the records: https://superuser.com/questions/1492010/finding-all-samba-shares-in-local-network

Static Mappings for WINS (Static Entries for Host Names and IP Addresses) - Not to be confused with LMHOSTS File

As with everything in life (and OpenWRT), the solution isn't a simple 1, 2, 3 thing. The first item worth mentioning is that configuring an LMHOSTS file on an OpenWRT router will only work with name resolution queries run from the OpenWRT router. The LMHOSTS file will not be used when answering WINS queries from clients.

Adding Static Mappings is easy using the below method (and also useless, because the settings will disappear when the router is restarted). It assumes Samba 4 is being used, but will also work with Samba 3 if minor changes are made to the commands;

  • Stop the Samba Service (this also stops the NMBD service): service samba4 stop
  • Add an entry to the /var/lib/samba/wins.dat file using the following format (see wins.dat format explanation further down)
    • "NAME#TYPE" TTL ADDRESS+ FLAGS
  • Start the NMBD Service: service samba4 start

A better way to add Static Mappings that persist beyond router restarts is this;

  • Create and save a file named samba.static with entries in the below format in the /etc/samba/ directory: nano /etc/samba/samba.static (it can be any name, but make sure it's the same configured in the below script) (use whatever file editor you want, VI, etc.)
    • Put this line at the top of the file: VERSION 1 0
    • Enter subsequent entries on each line in this format: "NAME#TYPE" TTL ADDRESS+ FLAGS (see wins.dat format explanation further down)
  • Add the below commands to the OpenWRT Startup Scripts (via LuCI GUI: System, Startup, Local Startup Tab). The comments can be eliminated and are only included to describe what each command does;
######## Adds Static Mapping for WINS from /etc/samba/samba.static file to /tmp/lib/samba/wins.dat file ########

###### There is no need to stop or start the Samba Service because the OpenWRT StartUp Script (rc.d) has a start position of 95 and the Samba4 Service has a start position of 98, so the SMB service isn't even started when this script runs.  The samba4 stop and start lines were put in to note this because according to Samba documentation, the samba service must be stopped to modify the wins.dat file with static entries.
# /etc/init.d/samba4 stop

###### The samba directory and wins.dat file do not yet exist when these commands run during the startup process, so create them and make sure the permission are correct (the permissions should be correct, but explicitly make sure with the chmod command).
mkdir /tmp/lib/samba
touch /tmp/lib/samba/wins.dat
chmod 644 /tmp/lib/samba/wins.dat

###### Append Static Mappings (that the Microsoft term) for WINS in the samba.static file into the /tmp/lib/samba/wins.dat file that is dynamically updated by the SAMBA / NMBD Service, and also created if it doesn't already exist.  And as noted, wins.dat file will be deleted when the router is restarted).
cat /etc/samba/samba.static >> /tmp/lib/samba/wins.dat

###### /etc/init.d/samba4 start

wins.dat Format Explanation

  • "NAME#TYPE" TTL ADDRESS+ FLAGS
    • The quotes ( " " ) around NAME#TYPE are supposed to be there like that. Yes, it looks weird, but that's the format.
    • NAME = NetBIOS name of computer
    • TYPE = NetBIOS Type (00 = Workstation or Domain Name, 01 = Messenger (Workstation), 20 = File Server, etc.)
    • TTL = Time To Live in seconds, (Using a time of 0 (zero) ensures the entry will not be deleted by the Samba / NMBD service)
    • ADDRESS+ = One, possibly more addresses for the Computer / Entity. Only one is usually necessary for a computer or server, and testing wasn't done on this setting with multiple IP Addresses.
    • FLAGS = NetBIOS Flags (...from one of the below credited websites: The NetBIOS flags may be interpreted as additive hexadecimal values: 00 - Broadcast node registration, 20 - Peer node registration, 40 - Meta node registration, 60 - Hybrid node registration, 02 - Permanent name, 04 - Active name, 80 - Group name. The 'R' indicates this is a registration record. Thus 66R means: Hybrid node active and permanent NetBIOS name. These values may be found in the nameserv.h header file from the Samba source code repository. These are the values for the NB flags.
      • 64R = Hybrid Node Registration AND Active Name AND a "registration record"
  • Example: "BUBBA#00" 0 192.168.1.88 64R

The above information was sourced from these websites;

Other Thoughts on Static Mappings for WINS

While WINS might be old, it is still needed in many instances. For example, software that uses or was configured to use share names like "SERVER". How will that resolve to an IP Address? Broadcast? Yes, eventually. Unless Windows is configured to use DNS first (which it is by default) and there's a DNS server that resolves non-fully qualified host names to it's WAN IP Address by default (as BIND / NAMED does on OpenWRT and other versions of Linux installations). In cases as just described, a name like "SERVER" that is expected to resolve to a local IP Address, is instead resolved to a useless and inaccurate WAN IP Address. So WINS is still useful. Even if it is being used as a backstop for other poorly configured software. So be aware and understand what WINS can still be useful for.

The best tip (although incomplete) came from here (scroll down to Static WINS Entries): https://www.samba.org/~ab/output/htmldocs/Samba3-HOWTO/NetworkBrowsing.html. Tragically it was also buried in Google and Bing searches at an impossible to find depth. One suggestion for that website might be to use Microsoft's term: "static mappings" so it can be closer to the top in search results. After all the entire WINS thing was created by Microsoft.

/tmp/lib/samba/wins.dat (AKA /var/lib/samba/wins.dat)

/tmp/lib/samba/wins.tdb (AKA /var/lib/samba/wins.tdb)

/tmp/cache/samba/browse.dat (AKA /var/cache/samba/browse.dat)

Here's an interesting statement about the wins.dat file from https://wiki.rockstable.it/Samba: "On Samba the dynamically maintained database is stored persistently across reboots in /var/lib/samba/wins.dat, which is written in regular intervals." Keep in mind this was not written about OpenWRT. Does that make a difference? Yes it does. Look at the path OpenWRT stores the wins.dat file (Hint: It begins with /tmp, which means it does not persist across reboots). Is this compensated for with something in the /etc/init.d/samba4 configuration file? Nope. In the /etc/config/samba4 settings? Nope. Solution? Make one up.

In OpenWRT, is it possible to put manual entries in the /var/lib/samba/wins.dat file? Yes. Will the entry exist for more than about 30 seconds? No. So putting static entries into the wins.dat file is pointless. That's for the NMBD Service which responds to broadcast requests for a NetBIOS name.

The format of entries in the /var/lib/samba/wins.dat file are from here: https://www.linuxtopia.org/online_books/network_administration_guides/samba_reference_guide/17_NetworkBrowsing_23.html

  • "NAME#TYPE" TTL ADDRESS+ FLAGS
    • NAME = NetBIOS name
    • TYPE = NetBIOS Type (from https://www.techrepublic.com/article/how-netbios-name-resolution-really-works/, scroll down about half way and https://flylib.com/books/en/2.221.1/windows_internet_name_service_wins_.html): 00 = Workstation or Domain Name, 01 = Messenger (Workstation), 20 = File Server, etc.
    • TTL = Time To Live (in seconds), NOTE: Using a time of 0 (zero) makes the entry equivalent to a static entry.
    • ADDRESS+ = One, possibly more addresses for the Computer / Entity
    • FLAGS = NetBIOS Flags (from https://www.samba.org/~ab/output/htmldocs/Samba3-HOWTO/NetworkBrowsing.html): The NetBIOS flags may be interpreted as additive hexadecimal values: 00 - Broadcast node registration, 20 - Peer node registration, 40 - Meta node registration, 60 - Hybrid node registration, 02 - Permanent name, 04 - Active name, 80 - Group name. The 'R' indicates this is a registration record. Thus 66R means: Hybrid node active and permanent NetBIOS name. These values may be found in the nameserv.h header file from the Samba source code repository. These are the values for the NB flags.
      • 64R = Hybrid Node Registration AND Active Name AND registered

Wait! What about the /tmp/lib/samba/wins.tdb file? According to this (even though it refers to Samba 3, it applies to Samba 4): https://www.samba.org/samba/docs/old/Samba3-HOWTO/tdb.html, the wins.tdb file is used for "permanent storage" (IE static WINS entries). Can it be edited (in a useful manner)? No, because it is a binary file, not a text file. How is information input into it? Using the NET command? We'll see.

How about the TDBTOOL (It's like the MySQL Command, in that it opens it's own small interpreter environment)? More information here: https://www.samba.org/samba/docs/3.2/man-html/tdbtool.8.html Nope, that's a big rabbit hole that won't help.

Ahhh! Here's the answer, with the best tip coming from this site: https://samba.samba.narkive.com/UPIyT5mM/samba-as-a-wins-server But alone that isn't enough as the static entries need to be made so they can persist across router reboots.

  • Stop the NMBD Service (Hint: the SMB service starts and stops the NMBD service in OpenWRT): service samba4 stop (assuming Samba 4 is being used, which it should be, but plain samba, AKA Samba 3 should work the same.)
  • Add an entry to the /var/lib/samba/wins.dat file (...remembering that it will not persist across router reboots, see below to solve that issue)
  • Start the NMBD Service: service samba4 start
  • Add the below to the OpenWRT Startup Scripts (via LuCI GUI: System, Startup, Local Startup Tab;
### Adds Static Mapping for WINS from /etc/samba/samba.static
### Don't forget to put static entries in the above noted file in the correct format

###### There is no need to stop or start the Samba Service because the OpenWRT StartUp Script (rc.d) has a start position of 95 and the Samba4 Service has a start position of 98, so the SMB service isn't even started when this script runs.  The samba4 stop and start lines were put in to emphasize this because according to Samba documentation, the samba service must be stopped to modify the wins.dat file with static entries.
###### /etc/init.d/samba4 stop
###### The samba directory and wins.dat file do not exist when this script runs, so create them and make sure the permission are correct (they should be, but make sure with the chmod command).
mkdir /tmp/lib/samba
touch /tmp/lib/samba/wins.dat
chmod 644 /tmp/lib/samba/wins.dat
###### Put any static mappings (that the Microsoft term) for WINS in the samba.static file
cat /etc/samba/samba.static >> /tmp/lib/samba/wins.dat
###### /etc/init.d/samba4 start


Recommendation for Windows Hosts that are Multihomed (IE, have more than one network interface)

For some odd reason, if only one interface is configured with WINS server information, it reports the IP Address of all the network interfaces on the Windows machine to the WINS Server. IE, all the other network interfaces can have a blank / empty entry for WINS server, but that one network interface configured with a WINS server will report all of the IP Addresses associated with all of the other network interface. To prevent this, configure a different WINS server for each interface OR "Disable NetBIOS over TCP/IP" (oddly, this does not disable the ability of one to access shared folders, incoming or outgoing, on the network interface in question as it seems NetBEUI is the acronym that encompasses that functionality). This even includes PPTP VPN Connections and probably OpenVPN connections too.

Deprecated Configuration Directives from Samba3 to Samba4

There are several configuration directives that have been removed / deprecated from Samba 4. They include "announce as", "announce version", along with some others.

Other Information
  • If there is no Windows Domain Controller within a subnet, the following configuration is recommended for the /etc/dhcpd;
# This configures Samba to enable WINS support
wins support = yes
# The following settings will make the WINS functionality of Samba the main "Browser" for a subnet
# If using with a Windows Domain infrastructure, probably best to research a bit more before doing the following;
local master = yes
os level = 255
preferred master = yes
domain master = yes
  • The netbios name = |NAME| directive in Services, Network Share, Edit Template Tab in the OpenWRT GUI configures SAMBA with the name defined in the System, System, Hostname Field.

Remaining Items to Document