[mdlug] Network routing and subnetting?

Joseph C. Bender jcbender at bendorius.com
Thu Jan 10 07:10:35 EST 2008 

Rich Clark <rrclark at rrclark.net> wrote:
> On Wed, 9 Jan 2008, Mathew Enders wrote:
> 
>> I have samba PDC running on the primary network that is inaccessible to
>> the machine on the wireless routers.  Machines can not find the domain
>> and shares can not be mapped.
> 
> And there's the kicker. SMB is not a routable protocol, thus you will not 
> see SMB shares on anything but the local network segment that the SMB 
> server is attached to. You may want to reconsider your network drive 
> sharing protocol to something a bit more friendly to segmented broadcast 
> domains.
> 
	It certainly is a routable protocol!  I use it all the time across 
routed subnets.  You may want to reconsider your knowledge on the 
subject, as you're probably thinking SMB over NetBEUI, not SMB/CIFS over 
TCP/IP.  *grin*

	The issue here is a matter of name resolution methods.

	By default, a SMB/CIFS client will broadcast for a server/resource name 
if it cannot find it via WINS or DNS record (since Windows 2000 or so). 
  Obviously, since the clients behind the routers are not in the same 
broadcast domain, they won't find anything if they go looking for it by 
broadcast.

	Therefore, in order for SMB/CIFS to work properly across subnets, you 
need a WINS server to reference by or an internal DNS server and 
reference the shares by fully-qualified domain name (i.e. 
\\file-server.domain.com\sharename ).  "Short" DNS names work (i.e. 
\\file-server\sharename) as long as the clients have the domain as part 
of their DNS search paths.

	With Samba nmbd with WINS server enabled works just fine, and you'll 
have to set your DHCP options appropriately to push WINS and/or the 
correct internal DNS servers at the clients.  Samba has (or at least 
had) some great documentation textfiles on this subject, reading them 
would be highly informative.

	Now, the other issue you may run into is that a lot of the cheap 
wireless router widgets block SMB/CIFS/windows domain stuff going 
outbound by default.  One quick test you can do in order to reach a 
given share is to reference *by IP* the file server and share you're 
attempting to reach (i.e. \\10.1.2.3\sharename).  If that works, login 
via domain credentials and you should be good to go.  If not, you might 
want to check the router rulesets and logs (you *are* logging the 
wireless routers, right?) to see if anything is getting blocked for the 
common SMB/CIFS ports.

HTH




-- 
Joseph Bender
Bendorius Consulting
P: 248-434-5580
F: 248-434-5581
jcbender at bendorius com

More information about the mdlug mailing list