John H Terpstra wrote: >OK - I'll try to answer this. > >Originally Windows networking used only NetBIOS over TCP/IP. > >Browsing uses a complex interaction of name registration and resolution >involving UDP ports 137 and 138. Port 137 is the NetBIOS Name Server port, >but it is also used to handle all browsing operations. Browsing is the >ability to locate domains and machines over the network. > >A NetBIOS machine name must be resolved to its IP address. This can be done >using WINS using NetBIOS unicast requeries over unicast UDP, or via NetBIOS >broadcasts over UDP broadcast using port 137. > >File and print sharing operations under NetBIOS over TCP/IP are performed over >TCP port 139. Both ends of the NetBIOS over TCP/IP connection must know each >others NetBIOS name. Name resolution is vital to NetBIOS over TCP/IP >operation - WINS is your friend because it adds reliability and reduces >network UDP traffic. > >Windows 2000 introduces ADS! > >Enter Windows 2000 with ADS, and the ability to disable NetBIOS over TCP/IP. >In its place Windows 200X uses DNS, Kerberos, LDAP, and Raw SMB over TCP/IP. >The DNS, Kerberos and LDAP services run over the standard well-known ports. >Raw SMB over TCP/IP uses TCP port 445. > >On Windows 200X clients, when NetBIOS over TCP/IP is disabled, and an attempt >is made to join a domain, the client automatically tries to use the >combination of DNS, Kerberos, LDAP and TCP port 445 services with the >expectation that Microsoft Active Directory is being used. In order to remain >backwards compatible, TCP port 139 can also be used. > >The mechanisms behind TCP ports 139 and 445 are very different. A connection >made on port 445 must be able to resolve the fully qualified hostname using >the protocols expected within ADS. That is, via DNS using SRV records as well >as A records. Additionally, the client will try to use Kerberos information >to contact the DNS server and the LDAP server. It expects to find SMB >information in the Kerberos PAC (a data blob inside the Kerberos ticket that >is unique to ADS's implementation). > >With ADS browsing involves DNS, LDAP and Raw SMB traffic over ports 445 and >139. The client expects all the information that it wold obtain if it were a >member of an ADS domain. > >Samba-3 supports port 445 and all operations necessary to be an ADS domain >member server. It can not be an ADS server, and it can not be an ADS domain >controller. That functionality is being added in the Samba-4 project. > >What this means is, that if you disable NetBIOS over TCP/IP on your clients >and on Samba-3, you will not be able to browse the network. Additionally, >Samba can NOT be a domain controller. It can be a stand-alone server without >NetBIOS over TCP/IP. > >Samba-3 can be a file and print server for Windows clients that have NetBIOS >disabled - but some things may break. > >In short, NetBIOS-less SMB implies ADS. Samba-3 is not an ADS server. Ergo, NO >ADS for all practical purposes means DOES NOT WORK. > > >
Thx for the awnser, so no real solution until samba 4. Greets Julius -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
