Given that the upstream Samba folks don't support 3.6 anymore, I'm not optimistic about getting this fixed, but I'll put this up here anyway: I'm trying to implement cross-subnet network browsing using Samba, and browse list sync is not happening. It's a cross-subnet Windows Workgroup (called "WORKGROUP") with a WINS server; there's no Windows Domain or Primary Domain Controller. This is on OpenWRT 18.06.1 on 3 LInksys WRT1200AC routers, and replaces 3 tired old Netgear WNR3500L routers that were running DD-WRT and doing the same thing (with Samba version 2).
One router is configured as the OpenVPN (routed, not bridged) server and also as the WINS server and the Samba Domain Master Browser (DMB) for the workgroup. Two other routers are OpenVPN clients and serve as the Local Master Browsers (LMBs) on their subnets (verified using nbtstat), but are not allowed to be the DMB and they are told the IP address of the WINS server in their configurations. The DMB is also its subnet's LMB and shows as the DMB in nbtstat. According to the Samba doc on version 3.2, when a cross-subnet workgroup is configured this way, the DMB is supposed to automatically collect and collate browse lists from the remote LMBs and send a complete browse list back to the remote LMBs.
Direct quote from the Samba3 HOWTO:
" Where a WINS server is used, the DMB registers its IP address with the WINS server using the name of the domain and the NetBIOS name type 1B (e.g., DOMAIN<1B>). All LMBs register their IP addresses with the WINS server, also with the name of the domain and the NetBIOS name type of 1D. The 1B name is unique to one server within the domain security context, and only one 1D name is registered for each network segment. Machines that have registered the 1D name will be authoritive browse list maintainers for the network segment they are on. The DMB is responsible for synchronizing the browse lists it obtains from the LMBs."
So this means I should expect to find some "WORKGROUP<1D> .." entries with the IP addresses for the remote LMBs in /var/lock/wins.dat on the router hosting the WINS server, correct? But no such entries ever occur. Furthermore, the browse lists on each router, at /var/lock/browse.dat, are not empty and contain unique entries for other client computers. So these lists are being created locally, just not synchronized.
I have also used the "remote announce" and "remote browse sync" options in an attempt to force synchronization, but so far all I have seen is the remote routers appear in the browse lists locally; so the "remote announce" appears to work, but there is still no browse list sync occurring. BTW, for these options the arguments have been the IP addresses of every other router remote to the local one.
If anyone has some ideas about how to make this work, I'd very much appreciate it. I will add here that I also serve the /etc and /var directories of each router on the LAN and over the VPN to make my job easier, and these "Samba server" resources do appear in /var/lock/wins.dat on the WINS server. This is confirmation that the VPN tunnel is allowing registration traffic to the WINS server. Also, I had to override the smb.conf.template "interfaces = |INTERFACES|" entry by commenting it out and adding in the line "interfaces = lo br-lan tun0" so that the VPN tunnels were included in the interface list for Samba. This is reflected in /var/etc/smb.conf on each router.
I'll also generally add here that the VPN tunnel traffic flows freely to and from the bridged LAN (br-lan) interface at each router, except for DHCP traffic being blocked. Remote desktop connections (RDP and VNC) and direct share connections work just fine. The only thing that appears to be busted is the browse list collation.
I would like to ask the developers one question: I can see that the procd init script command starts up nmbd with no file options (just '-F'). I take it this means that /var/etc/smb.conf is the default location for the smb.conf file that is baked into the code. Is this correct? If not, the init script might need some work.
One idea I may pursue is creating an lmhosts file on the WINS/DMB router and including the "WORKGROUP<1D>..." entries there to see if that has any positive effect. But Microsoft's documentation on lmhost file creation is very spotty, and I'm not sure that these '1D' entries without corresponding name entries would work. Any lmhosts experts out there?