DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th March 2009
Bruco Bruco is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Kalamazoo, MI, USA
Posts: 61
Default NetBIOS name resolution from FreeBSD?

So, I'm banging my head against this and the answer may be simple, but I'm not stumbling into it.

I have a FreeBSD 6.3 box that does some monitoring, arpwatch, ntop, etc. at work.

I'd like this box to be able to resolve NetBIOS names - we have a number of thin clients and other devices that do not register with DNS. From a Windows machine with NetBIOS over TCP/IP enable I'm able to ping these things by name. I want to be able to do the same with the FreeBSD box.

I assume I need nmbd for this. So I installed samba. I'm running nmbd by itself right now, as I don't need any file shares or anything. I let it run overnight, in fact. And still, I can't ping any nodes by NetBIOS name.

Here's what I believe is the relevant section of smb.conf:

Code:
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
   wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#	Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one	WINS Server on the network. The default is NO.
;   wins proxy = no

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
   dns proxy = no
Now, I do have WINS in the environment. So I tried pointing the WINS server setting to a Windows DC running WINS. Then I waited 20 minutes... and still nothing. No pinging of NetBIOS names.

I CAN, however, ping the FreeBSD box by name from Windows clients! But... that's not what I need, unfortunately.

So, what am I missing? Am I incorrect in my understanding of Windows networking? Does nmbd not provide the functionality I'm looking for? Am I likely just missing a simple configuration piece?

(By the way, if this should have gone into ports and packages, please move, and I apologize.)
Reply With Quote
  #2   (View Single Post)  
Old 4th March 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

For many years, even before Windows networking exisited, resolving symbolic names to their numerical IP address is done according to settings in the "/etc/resolv.conf" file.

This file only handles settings for the Domain Namy System (DNS) and is used in the C resolver library. Programs like ping are use this library whenever they have to resolve a symbolic name into an IP address. NETBIOS name lookups are not handled by that library at all.

A younger addition to name resolutions is the "/etc/nsswitch.conf" file. The name stands for NameServerSwitch.conf. It allows more ways to resolve names, e.g. NIS. Unfortunately for you NETBIOS is not one of them

You can do NETBIOS lookups from the command line:
Code:
$ nmblookup hercules
querying hercules on 192.168.222.255
192.168.222.20 hercules<00>
You would have to write a small script to extract the found IP address and then pass it to ping.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 6th March 2009
Bruco Bruco is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Kalamazoo, MI, USA
Posts: 61
Default

Thanks for the education! It's rather depressing though - I was hoping to get arpwatch to be able to resolve NetBIOS names. When devices are plugged into the network I get an email with the IP and MAC of course, and then if I'm suspicious I can track down the physical port they are plugged into. If the name is in DNS it's part of the email, but if not there's no name listed. Sometimes a name would help me realize more quickly what the device might be!

Yeah, yeah, I know, I can just do a nmblookup myself when I get an email from arpwatch - but what fun is that?

Maybe I can script it somehow...
Reply With Quote
  #4   (View Single Post)  
Old 6th March 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

Can you paste a sample of an email sent out by arpwatch? That way we can give a helping hand to script it
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #5   (View Single Post)  
Old 6th March 2009
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 696
Default

Alternatively, there's the draconian approach of disabling dynamic IP allocation on the network. IOW, nothing get an IP until you manually enter the MAC address into the DHCP config.

We moved to this to get a better grip on what's allowed on our networks. No more "bring device from home, plug into network, and away you go".

But, that's not always applicable to every network layout/setup.
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote
  #6   (View Single Post)  
Old 6th March 2009
Bruco Bruco is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Kalamazoo, MI, USA
Posts: 61
Default

This is what one of the emails from arpwatch looks like. In this example the device plugged in was an HP thin client. Those do broadcast a NetBIOS name, but do not register in DNS:

Code:
            hostname: <unknown>
          ip address: 192.168.3.8
    ethernet address: 0:f:20:d9:5b:23
     ethernet vendor: Hewlett Packard
           timestamp: Monday, March 2, 2009 15:42:03 -0500
If a name exists in DNS, arpwatch will include it in that email. Not if it's just a NetBIOS name, though. If I could cram that nmblookup into what arpwatch does somehow it would probably do the trick!

(And yes, you are probably noticing that weird MAC address - I think arpwatch has problems with 0 as the first character in each set. Not a big deal.)

phoenix - Yeah, you are right. And I could do MAC filtering on my Cisco switches too. But I don't think they want me to be that exclusive... yet. So for the time being I can content myself with knowing whenever a new device plugs into the network!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Resolution problem.. PCBSD3000 FreeBSD General 5 13th April 2009 07:56 PM
Change consolle resolution unixbsd OpenBSD General 7 16th March 2009 01:08 PM
resolution too high!!! =| ? what? seadog109 Other BSD and UNIX/UNIX-like 19 18th October 2008 04:25 AM
FVWM/X11 Resolution Issue? m4rc OpenBSD General 8 3rd July 2008 02:45 PM
Changing resolution Cloud General software and network 3 27th June 2008 06:03 PM


All times are GMT. The time now is 06:43 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick