The Back Story
Just setup a VPN with the office using OpenVPN. So far I'm really happy with OpenVPN, but OpenVPN (or any VPN for that matter) only serves to bring a remote machine into a LAN... the rest of the configuration builds on top of the VPN.
In my case I'm joining a small office network that offers the standard NT services including a PDC for NT domain authentication, WINS, and file sharing. We also have network printers, but as I've recently found out, they are not going through any centralized print server, which may be why we have problems with several client machines inside the LAN being able to print. Oh.. did I mention that the PDC and Window file server isn't running Windows at all, but is actually Samba?
Yup... Trying to get a Linux client to talk to a Linux server using Windows protocols. We truly live in a bizarre world, but I'm not the only one in this situation. This blog post will be the first in a series of HowTo reports on getting stuff working in a sane manner. For reference, as of this righting I'm using SAMBA 3.4.5, and the samba server is running an older 3.0.x series install.
Name Resolution using NORMAL Linux tools
This won't be a revelation for the SAMBA experts out there, but to be blunt, while SAMBA is a very powerful software package, the documentation and interfaces are lacking when it comes to doing anything even remotely complicated. I'm not even talking about a cute GUI, I'm talking about docs missing for simple use cases like: I'm a Linux client querying a WINS server.. how can I get normal programs to use the WINS server for name resolution? I'm not talking about using a specialized utility like nmblookup.. I want it to "just work" for normal programs.
The good news is that I found a partial solution after hunting around. Before beginning, make sure you have at least the client packages for Samba installed. I am using Arch Linux so your paths for config files may vary slightly in different distros.
- First:edit /etc/samba/smb.conf and add IP address of your WINS server. For example: wins server = 172.16.42.1
- Next: update a config file called "nsswitch.conf" I have been using Linux for 10 years and had never messed with this file before, but it basically allows you to tell different name resolution services how to try to resolve names. It goes way beyond the simple task of resolving host names to IP addresses that we address here, but for our purposes the fix is simple. Add an entry for "wins" to the hosts line like so:
hosts: files dns wins
That's it for the basic configuration. The final entry in nsswitch.conf tells the name resolver to use WINS resolution last if files (e.g. /etc/hosts) or a standard DNS query cannot resolve a name. The configuration of the WINS server in smb.conf from step 1 ensures that there is a valid WINS server to query.
What does & does not work
So after the description of tweaking nsswitch.conf above, any program that is setup to use proper name resolution will automagically work with the WINS server in addition to the existing DNS setup! This includes (but is not limited to): ssh, ping, wget, CUPS (specifying a printer with a WINS name), konqueror & dolphin (smb:// protocol). Even a 2-line Python program can use WINS once you do the configuration:
import socket
socket.gethostbyname ("WINS_name_or_DNS_name_it_does_not_matter")
Unfortunately, some utilities and programs do not use /etc/nsswitch.conf properly. Some are network-specific utilities like "host" & nslookup that are specifically designed to use DNS. More notoriously... a certain web browser named after an ignited carnivorous quadruped also fails to resolve names properly. Some browsers that do work properly under Linux include Arora and Chromium if you like a Google-browser experience.
In summary: While Linux does have a very robust and flexible system for using different services to resolve names... not all software on Linux actually wants to do things the easy way. However, for the purposes of the LAN at work, I can now use WINS to resolve names. This is very useful not only to make it easier than typing in dotted-quads, but also because DHCP means those dotted-quads are not necessarily stable, while names are. I've already gotten network shares to mount, and I'm looking forward to getting my home PC setup even better than some of the local machines on our LAN while being secure at the same time.