Internal WINS Server

keetawat · Jun 14, 2011, 1:16 AM

Thank you vey for every reply. I will create samba for some linux box and point to it via dhcp.

johnpoz · Jun 14, 2011, 3:10 AM

Still curious why you think you need this? Browsing is pointless and a complete waste of time, rarely works the way its suppose to even on 1 segment ;) What you don't know the names of your computers? Are you just looking for away to resolve netbios names since you can not broadcast for them across segments?

I can understand resolving netbios names, browsing to the computers via workgroup names, etc.. I just don't get ;)

You would be better off using dns to resolve your computer names, pfsense for sure can do that for you!

keetawat · Jun 14, 2011, 3:56 AM

Thank you johnpoz how to make DNS to resolve NetBIOS name. Thank you.

johnpoz · Jun 14, 2011, 4:06 AM

Well to be fair its not really resolving the actual netbios name, but it will resolve the FQDN and your hostname 999/1000 times is the same as your netbios name. So for example my boxes p4-28g for example resolves as p4-28g.local.lan

Under your dhcp server on your pfsense box

check the "Enable registration of DHCP client names in DNS."

If you setup with a search domain of your domain handing out in your dhcp scope then all machines will search that domain for any host name you put in and return the FQDN.. So for example

C:>ping p4-28g

Pinging p4-28g.local.lan [192.168.1.4] with 32 bytes of data:
Reply from 192.168.1.4: bytes=32 time<1ms TTL=64
Reply from 192.168.1.4: bytes=32 time<1ms TTL=64

keetawat · Jun 14, 2011, 4:35 AM

Thank you johnpoz for the good idea, I will test with your idea and let you know.

keetawat · Jun 14, 2011, 4:40 AM

Dear johnpoz ,

Your idea is very good and helpeful for me but now I have to ping hostname.domain only cannot ping only hostname.
What is the reason and the solution for this case?
Thank you.

Gloom · Jun 14, 2011, 9:52 AM

Basically you need wins for simple unc paths to work eg \pc1234\someshare with only DNS it becomes \pc1234.mydomain.com\someshare WINs also prevents you accidental giving two workstations the same name, DNS will allow it.
A lot of the earlier Micro$oft services such as Exchange 2003, SQL200 and it's free counterparts all expect wins. Bloody awful protocol but Bill does so like proprietary protocols for vendor lock in.

As has already been suggested a Samba 3 server will sort this for you. The DNS solution will not always work correctly if you use short UNC paths.

johnpoz · Jun 14, 2011, 1:06 PM

You need to setup your search domain, so that your machine will look in that domain.

example

C:\Windows\System32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : quad-w7
Primary Dns Suffix . . . . . . . : local.lan
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : local.lan

Im trying to understand this statement though, could you explain further makes no sense to me.

"The DNS solution will not always work correctly if you use short UNC paths."

Gloom · Jun 14, 2011, 1:51 PM

If you don't have a WINS server you will find that however you setup your DNS paths such as \pc1234\someshare will fail some of the time and the only way to guarantee it works is to use \pc1234.mydomain.com\someshare.

It will allow things such as ping pc1234 as it just appends the listed search domains to the host name although you will see traffic trying to find things like pc1234.com as it works it's way down the list.

johnpoz · Jun 14, 2011, 4:11 PM

"you will see traffic trying to find things like pc1234.com as it works"

That will only happen if pc1234 does not exist in your search domain, but since it does on your domain which would be the first search you would not see traffic for pc1234.com ;)

And I don't agree that \pc1234 would fail some of the time - either they would fail all of the time.. Why would thy fail only part of the time?

Just sniff your traffic to see what happens.. Any windows box over 2k would be able to use direct host smb, would it not - which is dns based. So as long as you have a search string setup then you would find your boxes via dns and then connect to the share on 445

so I disabled netbios over tcp, on my box other it would just broadcast for the names first and since im currently only on one segment would not be a valid test.

So I turned it off, then cleared both netbios cache and dns cache, fired up wireshark and then run \p4-28g and connects just fine.. From the sniff you clearly see the dns resolution happen to the FQDN

There are many ways to skin a cat, and sure running a wins server to allow for file sharing across segments for name resolution, but it is not the only way.

http://support.microsoft.com/kb/204279
Direct hosting of SMB over TCP/IP

I am not saying that you might not still need to run or want to run wins or some other NBNS, some legacy type software might still require it, etc. But in general just because you have multiple segments does not mean you can not just access \computername - all that you need to work out is name resolution.

you will notice my queries go over ipv6, but that just because I am using ipv6 on that client so it likes ipv6 over ipv4, but as you see the returned address is ipv4 address, since that client does not have ipv6 enabled.